kimci86
commented
1 year ago Hi, to use bkcrack, you need encrypted data (ciphertext) and a piece of the corresponding data before encryption (plaintext). Here, deflate compression was used on the files before encryption, so you need to find or guess compressed data. Getting correct plaintext when compression was used can be very difficult, but here is what I can suggest:
If you happen to have one of the packed files somewhere else unencrypted, you can try to get the corresponding compressed data by putting it in a ZIP file without encryption. You may have to try several compression levels until you use the same settings that were used to make the archive you try to crack. One simple way to check if settings are likely correct is to check the packed size is the same as the encrypted version minus 12. (Minus 12 because encryption add 12 bytes to compressed data.)
If you do not have one of the packed files unencrypted, you can try to take a bunch of similar files, compress them in a ZIP file and look at the resulting compressed data, hoping to see some pattern. Unfortunately those steps are manual. After this investigation, you may try to use a likely piece of compressed data to run a known-plaintext attack with bkcrack. If not pattern emerges, a known-plaintext attack might be too difficult to do. You can always resort to good old password cracking with john the ripper or hashcat.
I do not really know how to works around bkcrack to crack my password files here. I tried to follow the instructions and find some extra knowledge on the internet but I can't seem to get anything. Can help to guide me here?