Last change: 2008-08-04
NEWS: Version 0.2.0 has been released, which includes a new mode to crack cp-mask'ed images.
Hi, this is the start of a my fcrackzip page ;) fcrackzip is a zip password cracker, similar to fzc, zipcrack and others.
It doesn't cost anything, it will run on many architectures, and the source is freely available, so you can customise it to your needs. If you make improvements, don't hesitate to mail them to me, and I will include them in fcrackzip!
One goal of fcrackzip was to provide a free but still fast zipcracker, so that other people can improve and contribute it further, in an open developement style.
Other programs, like fzc, come not only without source, but the executable is even encrypted, so improving it or customizing it is difficult at best. (Maybe the programmers of other crackers don't want that people see how crappy their code actually is? Nobody knows for sure, but I see no other reason for this strange, but common, behaviour)
On my old machine (a pentium-90), the portable C version is 12% slower than fzc, the fastest cracker I could find. Small parts of fcrackzip have been converted to x86 assembly, so it performs a bit faster (around 4%) than fzc now, on the same hardware (note: this is highly os/compiler dependent). Since the author of fzc claims that it is written fully in assembler, further improvements might well be possible. Incidently, on my new P-II machine, fcrackzip is almost twice as fast as fzc ;)
fcrackzip was written in ISO-C, and should run on most platforms, even 64 bit ones (maybe after some tweaking). I'll be glad to hear about portability problems so I can fix them.
fcrackzip will, at some later stage at least, support many more useful operation modes than other crackers. It already supports multiple zip files with multiple files. Remember that the code is only a few hours old!
However, since version 0.2.0 fcrackzip also includes a mode to brute force cpmask'ed images, something no other program (that I know of) can do, so at least there is one feature other crackers don't have.
And you can always implement your own modes.
Also, if you have any remarks, questions, patches, code, bug reports, don't hesitate to send me mail. You can reach me as firstname.lastname@example.org.
in the subject or the body.
- do not crash when user passes a password that is too long (based on a patch by Macarse). - fix an evaluation ordering problem in fgetu* in crack.c version 1.0 Mon Aug 4 08:24:40 CEST 2008 - fix a segfault when the zip cannot be opened, patch by Peter Kortschack. - make use_unzip unstatic. - update to current autoconf/automake. version 0.3 Sun Jan 18 23:35:22 CET 2004 - many compatibility enhancements and bugfixes suggested by Robert Meszaros. - various small bugfixes noted by Jeff LaMarche and Max Alekseyev. - updated to current gcc, autoconf, automake. - added a TARGET_CPU=0 mode, for the C-only version. version 0.2.4 - fixed -v mode for zip cracking and a few minor nits. version 0.2.3 - improved speed of assembly version ever so slightly. More unrolling might result in even better speed on ppro and above(!). - fixed a compiler compaitiblity problem with newer versions of gcc. Always try the --validate option with the method you want to use before you trust fcrackzip! - --help now displays the method number in addition to the name. - applied short options fix from Tomislav Greguric <email@example.com> - fcrackzip now detects extended header format files, treating them corerctly instead of silently not finding any passwords. - first try at a dictionary mode. not fast, but working. version 0.2.2 - portability fixes. - improved cpmask cracking by 16-20% by implementing the simple&effective ideas of Tim Jones <firstname.lastname@example.org>. - applied slightly modified patch by email@example.com. version 0.2.1 - verbose mode for cpmask, fixed verbose mode for zipcrack. - default method is now respected. - great (but non-algorithmic) speedup for cpmask. version 0.2.0 - portability fixes - cpmask support (!). version 0.1.3 - portability fixes version 0.1.2 - fixed the --init-password option - added zipinfo program version 0.1.1 - fixed small configure bug - fixed --length option to accept a single number version 0.1 - implemented multiple methods - accept more types of zipfiles - new --length option for easier searching - new --method option to choose cracking method at runtime version 0.0.5 Wed Aug 12 22:27:44 CEST 1998 - removed USE_LARGE_MTAB. nobody has such a good memory system - more configuration cleanup - max. number of chars/password now 40 - fixed a bug with pentium assembly (reported by Pavel Semjanov) version 0.0.4 Sat Jul 25 03:53:12 CEST 1998 - configure now detects more features itself - increased the speed on ppro by ~60%, pentium code unchanged - removed SYNTHETIC_MULTIPLY support. the next thing to drop is VERY_LARGE_CACHE & LARGE_MULT_TAB - added --use-unzip option. - added more useful help. version 0.0.3 - many bugfixes - added primitive unzip-checking version 0.0.2 - now we are a bit faster than fzc (about 4%) wasn't difficult, though. (this is on a non-MMX pentium!) - benchmarking works (more) reliably - some bugfixes version 0.0.1 - added autoconf && automake
a include all lowercase characters [a-z] A include all uppercase characters [A-Z] 1 include the digits [0-9] ! include [!:$%&/()=?+*~#] : the following characters upto the end of the spe- cification string are included in the character set. This way you can include any character except binary null (at least under unix).
For example, a1:$% selects lowercase characters, digits and the dollar and percent signs.
For each password that is tried, the first twelve bytes of the file are decrypted. Depending on the version of zip used to encrypt the file (more on that later), the first ten or eleven bytes are random, followed by one or two bytes whose values are stored elsewhere in the zip file, i.e. are known beforehand. If these last bytes don't have the correct (known) value, the password is definitely wrong. If the bytes are correct, the password might be correct, but the only method to find out is to unzip the file and compare the uncompressed length and crc's.
Earlier versions of pkzip (1.xx) (and, incidentally, many zip clones for other operating systems!) stored two known bytes. Thus the error rate was roughly 1/2^16 = 0.01%. PKWARE 'improved' (interesting what industry calls improved) the security of their format by only including one byte, so the possibility of false passwords is now raised to 0.4%. Unfortunately, there is no real way to distinguish one byte from two byte formats, so we have to be conservative.
The starting password given by the -p switch determines the length. fcrackzip will not currently increase the password length automatically, unless the -l switch is used.
The cpmask method can only cope with password composed of uppercase letters, so be sure to supply the --charset A or equivalent option, together with a suitable initialization password.
fcrackzip, being written in C and not in assembler, naturally is slower. Measured on a slightly loaded unix (same machine), it's 12 percent slower (the compiler used was pgcc, from http://www.gcc.ml.org/).
To remedy this a bit, I converted small parts of the encryption core to x86 assembler (it will still compile on non x86 machines), and now it's about 4-12 percent faster than fzc (again, the fcrackzip performance was measured under a multitasking os, so there are inevitably some meaurement errors), so there shouldn't be a tempting reason to switch to other programs.
Further improvements are definitely possible: fzc took 4 years to get into shape, while fcrackzip was hacked together in under 10 hours. And not to forget you have the source, while other programs (like fzc), even come as an encrypted .exe file (maybe because their programmers are afraid of other people could having a look at their lack of programming skills? nobody knows...)
Stop/resume facility is missing.
Should be able to distinguish between files with 16 bit stored CRC's and 8 bit stored CRC's.
The benchmark does not work on all systems.
It's still early alpha.
Method "cpmask" only accepts ppms.
Could be faster.
Any questions/hints/critics? Contact the author of this page!