Unable to unzip file

[anon0010]

I have a huge problem. I decrypted the volume and changed the extension to .zip like I always do, but somehow I can't open the file anymore. Can you please help me?

[HACKERALERT]

There are two possibilities I can see:

1. The original file you encrypted was not a zip file or a folder. Are you sure that the original file was a zip file? Could it be a .pdf for example, but you removed it from the output filename and forgot?
2. Try extracting the zip file via 7-Zip or Keka/equivalent. This probably won't make a difference, but worth a try if you are absolutely certain that the original file was a .zip file.

If decrypting it in Picocrypt was successfull and gave no errors, I can tell you with pretty high certainty that it is not an encryption/decryption error because file integrity is checked and any corruption would've been caught by Picocrypt.

[anon0010]

I'm very sure it's a .zip file. I tried with different third-party archivers but none worked. I downloaded a backup that I store in the cloud rather than my USB, but it's the same issue. It's not a pdf file, but a whole folder that I encrypted using Picocrypt.

[HACKERALERT]

1. Did Picocrypt show any errors when decrypting
2. Did you use any advanced features/keyfiles
3. What version of Picocrypt did you use to encrypt?

[anon0010]

1. Did Picocrypt show any errors when decrypting No, no errors.
2. Did you use any advanced features/keyfiles No keyfiles, but probably Paranoid mode, compress files, reed-solomon, deniability.
3. What version of Picocrypt did you use to encrypt? I think the latest. Last time that I modified the volume was around dec of 2023.

[anon0010]

It's saying "can't read header, assuming volume is deniable."

[anon0010]

Then it's decrypting successfully, what I always do is change the extension to .zip and all the time it just unzips it, but now it won't.

[HACKERALERT]

Can you try a random test folder, encrypt it with the same parameters as you did with the broken .zip and decrypt it again to see if it reproduces your current issue?

[anon0010]

Just tried and no issues and I can't reproduce it. I'm 100% sure it's a .zip file. I used it all the time. There can not be something else :/

[HACKERALERT]

I'm sorry but I can't think of anything else to try then. I'll leave this issue open and if anyone has similiar experiences to share or help me debug with, I will be happy to listen.

[anon0010]

I have a huge problem if I can't open this. Please keep me posted if something comes up in your mind. Thanks!

[BigPanda97]

Already tried tools like "DiskInternals ZIP Repair" or "GetData ZIP Repair"?

Maybe the zip was damaged before and can be repaired this way.

[anon0010]

They were compressed using Picocrypt on macOS. Those applications are for Windows AFAIK. Thanks for your reply though. I really appreciate all the help!

[CodeCracker-oss]

@anon0010 What does the other archiving tools you use output as an error? Something similar to the one you posted? Your archive tool states unsupported format, which means its not being recognized as a zip and I assume that tool supports zip.

Can you try using command in terminal like zip -T path/to/file? This would test the archive for corruption. You may or may not need to install it on Mac, not sure as I don't use macOS. If corrupt, adding the -F flag Instead of -T should attempt fixing it.

If this doesn't work, try using hex editor like xxd (command like xxd path/to/file | less) and see if the first 4 bytes are 50 4b 03 04.

[HACKERALERT]

Also worth a try: https://gildas-lormeau.github.io/zip.js/demos/demo-read-file.html

[anon0010]

Thanks for your help.

It's throwing this error: Error: End of central directory not found

As for the hex editor, this is what i see:

[anon0010]

The size of the file is correct. By the way. Not sure if that helps.

[CodeCracker-oss]

@anon0010 It doesn't appear as if the file even has a zip header, which would be why it doesn't recognize it as a zip file.

I've attached a sreenshot of my hex editor when viewing a newly created zip for a test. As you can see It has the correct hex values as mentioned before, with the letters PK to the right. That is standard for zip format.

[HACKERALERT]

@anon0010 Do you have any older copies of your volume? If they decrypt properly, is there something new that you did such as using a different set of advanced features, encrypting/decrypting from different storage locations that could've affected your latest copy?

[anon0010]

The strange thing is that I always unzipped it and zipped it using Picocrypt. How can I resolve this? This is an extremely important file. I created two backups, one in the cloud and one on my usb drive, but both doesn't seem to work.

@HACKERALERT no, i made a backup as redundancy with the hope that if I ever lose the file I can get it from cloud storage.. but they're not working. i tried to fire up a VM with a clean macOS to see if that made a difference as well, i compiled it with your instructions to Silicon chipset instead of using Rosetta (although any changes would be extremely minimal), but nothing works so far and it's really breaking my head.

[anon0010]

@CodeCracker-oss if you know that 50 4b 03 04 is a zip file, could you by any chance know what might be the first 4 bytes of my file? i mean i'm 100% sure it's a zip file, but maybe we can debug it a bit more?

[anon0010]

I got it.

[CodeCracker-oss]

@anon0010 Oh, good job :) Mind If I ask what the issue was?

[anon0010]

I found out that months ago I used zip file to encrypt certain data and I changed it too KeePass database instead, but totally forgot about that. With your info about the 4 bytes, I checked the 4 bytes of my files in Google and found out that it could be Cryptomator or a KeePass database. This reminded me that I changed it to a KeePass database back then. I really thought it was a zip file, but I totally forgot that I changed it. Feels stupid lol! Nevertheless, I want to thank you guys for solving this for me and for all your support! Thanks!

[CodeCracker-oss]

@anon0010 I knew I recognized that header format, just couldn't recall where. I use KeePass as my password manager as well, and as you told me I checked my database header...and there it was. I was originally checking for archive formats, to see if maybe you compressed it manually into a different format or something. Glad its sorted though.

You can close this issue, if its solved.

[anon0010]

Yes thanks a ton @CodeCracker-oss @HACKERALERT !