Attack on .7z stored in a .zip file

kimci86 / bkcrack

Crack legacy zip encryption with Biham and Kocher's known plaintext attack.

zlib License

1.69k stars 163 forks source link

Attack on .7z stored in a .zip file #111

Closed VujkePG closed 1 year ago

VujkePG commented 1 year ago

Hi,

I have a 4GB zip file, with 20 files in "ZipCrypto Deflate" method, and a single "ZipCrypto Store" file - a large .7z archive (Size 2.132.596.623, Packed Size 2.132.596.635)

I've compared a number of .7z files in HxD Hex editor, and every single one has 19 identical bytes (sparse), which in theory should make this attack viable:

bkcrack -C archive.zip -c folder/store.7z -x 0 377abcaf271c0004 -x 10 00000000 -x 15 00000000000000

However, no luck. Any suggestions on what am I doing wrong, or maybe an alternative approach?

kimci86 commented 1 year ago

Hi,

After looking at some 7z files, I believe you meant to pass hexadecimal offsets after -x parameters. By default, the offset is parsed as a decimal value. Either pass decimal offsets or add 0x prefix to pass hexadecimal offsets.

Try this:

bkcrack -C archive.zip -c folder/store.7z -x 0 377abcaf271c0004 -x 0x10 00000000 -x 0x15 00000000000000

VujkePG commented 1 year ago

Worked like a charm! Thank you so much