0

I have two password protected zip(COmpression method: normal) file with the same content(aaa.txt(blank notepad)) and I opened the zips and this came up. First one's password is: abcd

PK
       Rd¦D              aaa.txtóH¼”„.‚ûÄFPK           PK 
       Rd¦D            $               aaa.txt
         XÐ|ähÏXÐ|ähÏXÐ|ähÏPK      Y   A

and the other one with the password: abcd123

PK
       Rd¦D              aaa.txtÐBk¤Í"ã§GÞIÕPK           PK 
       Rd¦D            $               aaa.txt
         XÐ|ähÏXÐ|ähÏXÐ|ähÏPK      Y   A

Does this óH¼”„.‚ûÄFPK mean abcd and ÐBk¤Í"ã§GÞIÕPK mean abcd123?

I need to know if this is possible because I have a password protected zip file with all my high school pictures there and i forgot the password. I can't even use those software because they always take too much days. Can I convert this texts to the password?

Adi
  • 43,953
  • 16
  • 137
  • 168
Bartolomeo
  • 11
  • 1
  • 1
  • 1
  • 1
    When did you create that .zip file? Did you use strong password or it was a time when you knew little and just used lowercase letters? If so, try bruteforcing it with some program like FZC. In modern computers, weak passwords are easily cracked. – woliveirajr May 06 '14 at 12:43
  • 1
    hey guys thanks for all the replies. I have already recovered the password in 10min by using Advanced Archive Password Recovery's Guaranteed Winzip Recovery. I was really ashamed when I saw the password(KeyLog.txt) because it was the name of the .txt beside the zip. –  May 07 '14 at 04:45

3 Answers3

15

First, there's no standard encoding for non-ASCII letters and several characters are not printable. At the very least you need a hex editor to view the information there. If you want to decipher the data format consult the APPNOTE.TXT.

E.g., if I simply make a zip file of a blank file named aaa.zip and encrypt with password abcd and print the file in ISO-8859-1 encoding, I get:

$ cat new.zip 
PK
        )¦D
           aaa.txtUT    ­khS{mhSux
                                  õÊuPfC³[é­±
                                            PK
        )¦D
           ¤aaa.txtUT­khSux
                           õPKM

If I actually print in hexeditor:

$ objdump -C new.zip
00000000  50 4b 03 04 0a 00 09 00  00 00 29 07 a6 44 00 00  |PK........)..D..|
00000010  00 00 0c 00 00 00 00 00  00 00 07 00 1c 00 61 61  |..............aa|
00000020  61 2e 74 78 74 55 54 09  00 03 ad 6b 68 53 7b 6d  |a.txtUT....khS{m|
00000030  68 53 75 78 0b 00 01 04  f5 01 00 00 04 14 00 00  |hSux............|
00000040  00 ca 75 50 66 43 b3 5b  e9 ad b1 97 9d 50 4b 07  |..uPfC.[.....PK.|
00000050  08 00 00 00 00 0c 00 00  00 00 00 00 00 50 4b 01  |.............PK.|
00000060  02 1e 03 0a 00 09 00 00  00 29 07 a6 44 00 00 00  |.........)..D...|
00000070  00 0c 00 00 00 00 00 00  00 07 00 18 00 00 00 00  |................|
00000080  00 00 00 00 00 a4 81 00  00 00 00 61 61 61 2e 74  |...........aaa.t|
00000090  78 74 55 54 05 00 03 ad  6b 68 53 75 78 0b 00 01  |xtUT....khSux...|
000000a0  04 f5 01 00 00 04 14 00  00 00 50 4b 05 06 00 00  |..........PK....|
000000b0  00 00 01 00 01 00 4d 00  00 00 5d 00 00 00 00 00  |......M...].....|

The left column is the line number in hex, the middle columns contain the data with 16 bytes to a row (one byte is two hex characters), and the right column is the ASCII encoding of the corresponding ASCII character when its printable -- note many are not printable and are represented by a .). As you can see there's a lot of characters that don't appear when you print them in ISO-8859-1.

Second, even though PKZIP encryption is quite weak it still introduces some randomness. E.g., if I delete the zip file and reencrypt the same data into a new zip file of the same name with the same password, I get:

$ hexdump -C new.zip 
00000000  50 4b 03 04 0a 00 09 00  00 00 29 07 a6 44 00 00  |PK........)..D..|
00000010  00 00 0c 00 00 00 00 00  00 00 07 00 1c 00 61 61  |..............aa|
00000020  61 2e 74 78 74 55 54 09  00 03 ad 6b 68 53 56 6f  |a.txtUT....khSVo|
00000030  68 53 75 78 0b 00 01 04  f5 01 00 00 04 14 00 00  |hSux............|
00000040  00 e4 1b 8a 36 3b 3e a9  99 1b 5b 2d 38 50 4b 07  |....6;>...[-8PK.|
00000050  08 00 00 00 00 0c 00 00  00 00 00 00 00 50 4b 01  |.............PK.|
00000060  02 1e 03 0a 00 09 00 00  00 29 07 a6 44 00 00 00  |.........)..D...|
00000070  00 0c 00 00 00 00 00 00  00 07 00 18 00 00 00 00  |................|
00000080  00 00 00 00 00 a4 81 00  00 00 00 61 61 61 2e 74  |...........aaa.t|
00000090  78 74 55 54 05 00 03 ad  6b 68 53 75 78 0b 00 01  |xtUT....khSux...|
000000a0  04 f5 01 00 00 04 14 00  00 00 50 4b 05 06 00 00  |..........PK....|
000000b0  00 00 01 00 01 00 4d 00  00 00 5d 00 00 00 00 00  |......M...].....|

Note the line with 00000020 and 00000040 are different.

dr jimbob
  • 38,936
  • 8
  • 92
  • 162
3

... no that's not the way properly implemented encryption works. There's no simple trick to find the password in the data; knowing the password should let you decode the data though... so it's only by trying many of them that you may decode it.

Legacy encryption was pretty poor though http://kb.winzip.com/kb/entry/79/

pacifist
  • 804
  • 4
  • 8
3

As far as I understand this questions, it is about forgotten ZIP password, not about file format, isn't it?

Therefore, if you would like to find your password I think you should use some brute force tool to crack ZIP password, i.e. Zip Password Cracker or Ultimate ZIP Cracker. These are just examples, you can find plenty of them via Google.

If your password was not very complicated it is possible that you will restore it in quite reasonable time.

Speaking about file format, just like @pacifist said: there is no easy way to localize password within data.

I hope it will help you somehow.

boleslaw.smialy
  • 1,627
  • 2
  • 15
  • 25