kimci86
commented
2 months ago It might be possible if you can guess how deflate compression transformed the data in your encrypted archive. Note that in general it is hard without knowing a large part of the original data.
An important thing to check first is the compression ratio.
You can check packed size and uncompressed size by running bkcrack -L your_archive.zip
Maybe you are in a case where deflate compression didn't actually compress data and results in a stored block. In such a case, you would have: packed size = uncompressed size + 17. (12 bytes for encryption header and 5 bytes for deflate stored block header.) Then it is easy to get compressed data from plain data: simply offset by 5 bytes.
Otherwise, I suggest to inspect deflate data from other examples you have to better understand how your file might be compressed. To do so, you can decipher (without decompressing) files from the examples with passwords you have and check the output of infgen on the deflate data you get. For example:
bkcrack -C example.zip -c file.txt --password "the password" -d file.deflate
infgen -r file.deflateLearning about how deflate compression works will be useful to understand the output.
Let me know if that helps. Feel free to share more information or files if you need further help.
nelolka
I have a question. I have the encrypted (ZipCrypto) and compressed (deflated) zip archive contains one txt file like this:
Is it possible to decrypt archives like this and get the secret code from txt? I have multiple examples with passwords, so I can analyze it.