I got a weird password, but it's the right one. Two of them are unicode characters.

[HiBoy88]

Passwd: "GR1TX3IK鴕髲3m" as type : 47 52 31 54 58 33 49 4b fffffff8 72 fffffff3 ffffff8f 33 6d

[HiBoy88]

I have other compressed files that may be encrypted with similar passwords, but I haven't found anything with the same password length.

[HiBoy88]

[kimci86]

Thank you for reporting this. One issue is that some bytes are shown incorrectly (e.g. fffffff8 should be f8). I will fix that shortly.

Besides that, the behavior looks correct me. You are searching for a password made of alphanumeric characters so this solution is ignored. Would you expect a different behavior?

[HiBoy88]

Two unzip codes!!!

[kimci86]

It is indeed possible that several passwords open a given archive. That is because the number of possible internal password representations in ZipCrypto algorithm is limited to 2^96 whereas there is an infinity of passwords.

I am not sure to understand if you need help. Do you have a problem using bkcrack?

[HiBoy88]

Here’s my attempt, and I don’t understand why only one was successful.

[HiBoy88]

"I obtained two passwords, with the first eight characters consisting of uppercase and lowercase letters and numbers, while the remaining characters may include Unicode, uppercase and lowercase letters, and numbers. I hope to speed up the attack by setting some constraints." Passwd1: "GR1TX3IK鴕髲3m" & "KKigrfzI.琸大i" Passwd2: "BcNZU36N骵u膠" Do you have any good suggestions?

[HiBoy88]

[kimci86]

Let me summarize your problem: You have a bunch password-protected archives. You successfully ran a known-plaintext attack on each archive so you have the internal password representation (keys) for each archive. Now you also want the original password for each archive. You know that all the passwords have the same pattern: 8 bytes of alphanumeric characters + 6 bytes of alphanumeric or GBK-encoded special characters.

Did I understand correctly?

I am wondering if the original passwords really follow that pattern. You might think so because you found some passwords that follow this pattern, but there can be many passwords for the same keys because there are 2^96 keys for an infinity of passwords. Maybe you found some valid password but not the original password. Do you have other information about those files that would explain why the passwords would follow such a pattern?

Another question is: why do you want the passwords? Maybe you can achieve what you want without the passwords. The password is not needed to open the files or edit the content as long as the keys are known.

[HiBoy88]

Because there are still many encrypted compressed files, I don't have the corresponding plaintext files.

[kimci86]

Do you mean other .bfz files, or file entries inside a given .bfz file?

If you want to access other file entries in a given .bfz file, assuming this is actually a zip file in disguise, then you can remove the password. This is assuming the same password was used for each entry in a given .bfz file. For example:

bkcrack -C Common.bfz -k 2e7757db 6cfc8fbe a1e83683 -D Common_without_password.zip

Does that help?

[HiBoy88]

The other .bfz files don't have corresponding plaintext files, so I can't obtain the corresponding keys. Thank you very much for your help. I think there may be no hope for password cracking, and hashcat seems unable to help me with Unicode characters.

[kimci86]

You could try to recover as many passwords as possible for each archive and maybe find some pattern, but it might take an eternity. It seems to me solving this problem with bkcrack is too hard. Anyways, I understand you have no more question about this problem so I close the issue. Thank you for your feedback, it made me notice and fix the small bug with hexadecimal output formatting.