kimci86
commented
3 weeks ago Hi, It might be difficult, involving some tedious manual work, but it may be possible. The tricky part is to get correct compressed data to run a known plaintext attack with bkcrack.
I would suggest the following steps:
- make a clear archive with the other files you have from the same smartphone camera, ideally with the same compression tool and settings that were used for the encrypted archive. If those settings are unknown, try to get similar compression ratio.
- dump the deflate streams from the clear archive (e.g. with hex editor)
- inspect the deflate streams structure with infgen
- try to see some recurring pattern among the different deflate streams
Because the compression ratio is close to 1, chances are you will find that some parts are embedded in the deflate streams as stored block (i.e. without compression). If that is the case, using that knowledge would be the least difficult way forward. Otherwise guessing compressed data might be too hard.
Let me know if that answers your question and if you need more help about this. You can post or email me some files if you want me to give it a try when I get some time. I like challenges :)
Hi,
i have to retrieve the following files of a ZIP file:
The weird ASCII Letter is a german "ö". Is it possible to retrieve / delete the password? I know the model of the smartphone camera, that shot the photos and do even have other photos from this camera. Maybe that does help, to get the 12 Bytes? I checked a other image of that camera with a hex editor. The model is in there.
Is there a way for me, or do i have to fall back to dictionary?