compressed package plaintext attack

A total of 1044 characters, expected to take 3 minutes to complete reading.

Role

If we have an encrypted ZIP Compress the package and know some of the contents (such as a file), then we can carry out a known plaintext attack based on these contents, obtain the key of the compressed package (equivalent to a password), and obtain all the files in the compressed package.

Conditions of use

1. Must be ZIP package, other formats are not applicable

2. ZIP has two encryption methods: ZipCrypto and AES256. Applies to ZipCrypto only, not to AES256.

Most of today's compression software uses the more advanced AES256 encryption method and cannot use plaintext attacks. However, 360 compression, good pressure and other software are still using traditional ZipCrypto encryption, which provides the possibility for plaintext attacks.

Principle

Back in 1994, the ZIP encryption algorithm ZipCrypto It has been determined that there is a clear text attack vulnerability. See the paper for details, click here.

Attack

We have an encrypted compressed package with an announcement file known inside:

And his encryption algorithm is ZipCryptoIn line with the attack conditions we just mentioned.

We first construct a plaintext compression package, compress the announcement file into it, and use the same compression method:

Then adopt bkcrack tools to crack, Click here to download .

Select your own system to download. If you cannot access GitHub, Download directly here. .

Decompress the software and throw the two compressed packages into this directory. Open a cmd window in this folder and enter the command:

# 加密.zip 是要攻击的压缩包文件名，公告.txt 是加密压缩包里面已知的文件。# 公告.zip 是刚才我们创建的压缩包，里面包含 公告.txt 这个明文文件。bkcrack -C 加密.zip -c 公告.txt -P 公告.zip -p 公告.txt

# Having a zip archive encrypted.zip with the entry cipher being the ciphertext and plain.zip with the entry plain as the known plaintext, bkcrack can be run like this:
bkcrack -C encrypted.zip -c cipher -P plain.zip -p plain

If there is no problem with the plaintext, the key is successfully obtained. ffe9e9e9 d65f814a f3c468c9.

The next step is to use this key to decompress all files and directly use the key to remove the password of the compressed package:

# 加密.zip 是加密后的压缩包，ffe9e9e9 d65f814a f3c468c9 是刚才跑出来的密钥，解密.zip 是去除密码后的压缩包。bkcrack -C 加密.zip -k ffe9e9e9 d65f814a f3c468c9 -D 解密.zip

At this time, there are more password-free compression packages decrypting. zip under this folder, which can be decompressed directly:

So far, you have cracked the password of a compressed package!!!