{"id":13458916,"url":"https://github.com/kimci86/bkcrack","last_synced_at":"2025-05-14T06:11:58.484Z","repository":{"id":41881914,"uuid":"70791926","full_name":"kimci86/bkcrack","owner":"kimci86","description":"Crack legacy zip encryption with Biham and Kocher's known plaintext attack.","archived":false,"fork":false,"pushed_at":"2025-01-26T18:46:42.000Z","size":393,"stargazers_count":1828,"open_issues_count":18,"forks_count":169,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-11T01:41:46.613Z","etag":null,"topics":["attack","ciphertext","crack","cracking","multithread","password","pkzip","plaintext-attack","zip","zipcracker","zipcrypto"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"zlib","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kimci86.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"kimci86"}},"created_at":"2016-10-13T09:41:31.000Z","updated_at":"2025-04-10T09:27:54.000Z","dependencies_parsed_at":"2024-03-07T23:26:33.509Z","dependency_job_id":"d71282a4-dbc8-4642-8e1f-c993e4d1a130","html_url":"https://github.com/kimci86/bkcrack","commit_stats":{"total_commits":243,"total_committers":4,"mean_commits":60.75,"dds":"0.016460905349794275","last_synced_commit":"834278ab625caa219fe59ef09fcf3186c7a3c685"},"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimci86%2Fbkcrack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimci86%2Fbkcrack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimci86%2Fbkcrack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kimci86%2Fbkcrack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kimci86","download_url":"https://codeload.github.com/kimci86/bkcrack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254080115,"owners_count":22011325,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","ciphertext","crack","cracking","multithread","password","pkzip","plaintext-attack","zip","zipcracker","zipcrypto"],"created_at":"2024-07-31T09:00:59.704Z","updated_at":"2025-05-14T06:11:58.434Z","avatar_url":"https://github.com/kimci86.png","language":"C++","funding_links":["https://github.com/sponsors/kimci86"],"categories":["Tool","C++","Specific file formats"],"sub_categories":["Other","ZIP"],"readme":"bkcrack\n=======\n\n[![CI badge](https://github.com/kimci86/bkcrack/actions/workflows/ci.yml/badge.svg)](https://github.com/kimci86/bkcrack/actions/workflows/ci.yml)\n[![coverage badge](https://coveralls.io/repos/github/kimci86/bkcrack/badge.svg)](https://coveralls.io/github/kimci86/bkcrack)\n[![release badge](https://img.shields.io/github/v/release/kimci86/bkcrack)](https://github.com/kimci86/bkcrack/releases)\n[![license badge](https://img.shields.io/github/license/kimci86/bkcrack?color=informational)](license.txt)\n[![GitHub Sponsors badge](https://img.shields.io/github/sponsors/kimci86?color=red)](https://github.com/sponsors/kimci86)\n\nCrack legacy zip encryption with Biham and Kocher's known plaintext attack.\n\nOverview\n--------\n\nA ZIP archive may contain many entries whose content can be compressed and/or encrypted.\nIn particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto.\nThis algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry's content (plaintext) to produce encrypted data (ciphertext).\nThe generator's state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on.\nThis encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper [A known plaintext attack on the PKZIP stream cipher](https://doi.org/10.1007/3-540-60590-8_12).\nGiven ciphertext and 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered.\nThis internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password.\nIt can also be used to bruteforce the password with a complexity of *n\u003csup\u003el-6\u003c/sup\u003e* where *n* is the size of the character set and *l* is the length of the password.\n\n**bkcrack** is a command-line tool which implements this known plaintext attack.\nThe main features are:\n\n- Recover internal state from ciphertext and plaintext.\n- Remove or change a ZIP archive's password using the internal state.\n- Recover the original password from the internal state.\n\nInstall\n-------\n\n### Precompiled packages\n\nYou can get the latest official release on [GitHub](https://github.com/kimci86/bkcrack/releases).\n\nPrecompiled packages for Ubuntu, MacOS and Windows are available for download.\nExtract the downloaded archive wherever you like.\n\nOn Windows, Microsoft runtime libraries are needed for bkcrack to run.\nIf they are not already installed on your system, download and install the latest Microsoft Visual C++ Redistributable package.\n\n### Compile from source\n\nAlternatively, you can compile the project with [CMake](https://cmake.org).\n\nFirst, download the source files or clone the git repository.\nThen, running the following commands in the source tree will create an installation in the `install` folder.\n\n```\ncmake -S . -B build -DCMAKE_INSTALL_PREFIX=install\ncmake --build build --config Release\ncmake --build build --config Release --target install\n```\n\n### Third-party packages\n\nbkcrack is available in the package repositories listed below.\nThose packages are provided by external maintainers.\n\n[![Packaging status](https://repology.org/badge/vertical-allrepos/bkcrack.svg)](https://repology.org/project/bkcrack/versions)\n\nUsage\n-----\n\n### List entries\n\nYou can see a list of entry names and metadata in an archive named `archive.zip` like this:\n\n    bkcrack -L archive.zip\n\nEntries using ZipCrypto encryption are vulnerable to a known-plaintext attack.\n\n### Recover internal keys\n\nThe attack requires at least 12 bytes of known plaintext.\nAt least 8 of them must be contiguous.\nThe larger the contiguous known plaintext, the faster the attack.\n\n#### Load data from zip archives\n\nHaving a zip archive `encrypted.zip` with the entry `cipher` being the ciphertext and `plain.zip` with the entry `plain` as the known plaintext, bkcrack can be run like this:\n\n    bkcrack -C encrypted.zip -c cipher -P plain.zip -p plain\n\n#### Load data from files\n\nHaving a file `cipherfile` with the ciphertext (starting with the 12 bytes corresponding to the encryption header) and `plainfile` with the known plaintext, bkcrack can be run like this:\n\n    bkcrack -c cipherfile -p plainfile\n\n#### Offset\n\nIf the plaintext corresponds to a part other than the beginning of the ciphertext, you can specify an offset.\nIt can be negative if the plaintext includes a part of the encryption header.\n\n    bkcrack -c cipherfile -p plainfile -o offset\n\n#### Sparse plaintext\n\nIf you know little contiguous plaintext (between 8 and 11 bytes), but know some bytes at some other known offsets, you can provide this information to reach the requirement of a total of 12 known bytes.\nTo do so, use the `-x` flag followed by an offset and bytes in hexadecimal.\n\n    bkcrack -c cipherfile -p plainfile -x 25 4b4f -x 30 21\n\n### Decipher\n\nIf the attack is successful, the deciphered data associated to the ciphertext used for the attack can be saved:\n\n    bkcrack -c cipherfile -p plainfile -d decipheredfile\n\nIf the keys are known from a previous attack, it is possible to use bkcrack to decipher data:\n\n    bkcrack -c cipherfile -k 12345678 23456789 34567890 -d decipheredfile\n\n#### Decompress\n\nThe deciphered data might be compressed depending on whether compression was used or not when the zip file was created.\nIf deflate compression was used, a Python 3 script provided in the `tools` folder may be used to decompress data.\n\n    python3 tools/inflate.py \u003c decipheredfile \u003e decompressedfile\n\n### Remove password\n\nTo get access to all the entries of the encrypted archive in a single step, you can generate a new archive with the same content but without encryption.\nIt assumes that every entry was originally encrypted with the same password.\n\n    bkcrack -C encrypted.zip -k 12345678 23456789 34567890 -D decrypted.zip\n\n### Change password\n\nIt is also possible to generate a new encrypted archive with the password of your choice:\n\n    bkcrack -C encrypted.zip -k 12345678 23456789 34567890 -U unlocked.zip new_password\n\nYou can also define the new password by its corresponding internal representation.\n\n    bkcrack -C encrypted.zip -k 12345678 23456789 34567890 --change-keys unlocked.zip 581da44e 8e40167f 50c009a0\n\nThose two commands can be used together to change the contents of an encrypted archive without knowing the password but knowing only the internal keys:\nyou can make a copy encrypted with the password of you choice,\nthen edit the copy with an archive manager entering the chosen password when prompted,\nand finally make a copy of the modified archive back with the original encryption keys.\n\n### Recover password\n\nGiven the internal keys, bkcrack can try to find the original password.\nYou can look for a password up to a given length using a given character set:\n\n    bkcrack -k 1ded830c 24454157 7213b8c5 -r 10 ?p\n\nYou can be more specific by specifying a minimal password length:\n\n    bkcrack -k 18f285c6 881f2169 b35d661d -r 11..13 ?p\n\nLearn\n-----\n\nA tutorial is provided in the `example` folder.\n\nFor more information, have a look at the documentation and read the source.\n\nContribute\n----------\n\nDo not hesitate to suggest improvements or submit pull requests on [GitHub](https://github.com/kimci86/bkcrack).\n\nIf you would like to show your support to the project, you are welcome to make a donation or sponsor the project via [Github Sponsors](https://github.com/sponsors/kimci86).\n\nLicense\n-------\n\nThis project is provided under the terms of the [zlib/png license](http://opensource.org/licenses/Zlib).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkimci86%2Fbkcrack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkimci86%2Fbkcrack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkimci86%2Fbkcrack/lists"}