Elcomsoft.com » Password Recovery Software » Advanced Archive Password Recovery

 

Known plaintext attack (ZIP)

 

Previous  Top  Next

 

The known plaintext attack enables the decryption of certain types of encrypted ZIP archives without performing a lengthy attack on the original password. The known plaintext attack is only applicable to ZIP archives encrypetd with legacy encryption. ZIP archives encrypted with AES-256 are not vulnerable and therefore susceptible to this attack.

 

To perform the plaintext attack you need to:

 

Find an unencrypted file that also exists in the password-protected archive.

Compress it with the same method and the same ZIP archiver as used in the encrypted archive. This is required because ARCHPR checks file sizes and file checksums. You can, however, use plaintext attack on a partial file; see the description below.

Run ARCHPR, select encrypted archive, then select "plaintext" attack and browse for the archive containing the unencrypted file.

 

After that, ARCHPR will check the files. If a match is found, the attack is started.

 

ARCHPR may or may not be able to retrieve the original password. If the original password cannot be recovered, the tool will display the encryption keys only. In either case, you can use these encryption keys to decrypt the ZIP archive.

 

Partial file

 

Sometimes you may have a different version of a plaintext file than one stored in the encrypted archive. If you believe that the beginning of the plain text file is identical to the beginning of the encrypted one, you may perform a so-called "partial plaintext" attack based on the first N characters of the plaintext file. To do that, make sure to keep only one file in the password-protected archive, and keep only one file in the "plaintext" archive. Run the attack, and ARCHPR will ask to confirm the "partial" attack. Click 'Yes' and select the number of bytes to use as plaintext. It's good idea to start from 1-3Kb and decrease this number if ARCHPR is unable to find the encryption keys.

 

Current version notes

 

1. "Plaintext" file must be at least 12 bytes long.

2. "Plaintext" attack can be saved on the second stage only; after restarting, the first stage will be performed again.

3. No time estimation for the first stage; however, it should not run longer than several minutes.