|
|
Post by ELiTE on Mar 5, 2005 17:57:19 GMT -5
Hi guys, i'm using VCLZip 3.04 Pro, and i'm trying to make a zip files brute forcer. Any way i used a VclUnZip component, and this is the code which i used to make such a thing :
procedure TForm1.Button1Click(Sender: TObject);
var i1,i2,i3,i4,i5 : Char; Pass : String ;
begin
ListBox1.Items.Add('Started Time is : ' + DateTimeToStr(Now)); // Just to catch the time.
StopSearching := False; // a global boolean variable, used to stop the bruteForcing process.
For i1 := 'a' To 'z' Do
For i2 := 'a' To 'z' Do
For i3 := 'a' To 'z' Do
For i4 := 'a' To 'z' Do
For i5 := 'a' To 'z' Do
Begin
Pass := i1 + i2 + i3 + i4 + i5;
UnZipper.Password := Pass; // UnZipper : TVclUnZip
UnZipper.ResetFileIsOK(0);
If UnZipper.FileIsOK[0] Then
Begin
ShowMessage('Password is : ' + Pass);
Break;
End;
End;
ListBox1.Items.Add('End Time is : ' + DateTimeToStr(Now)); // Just to catch the time.
end;
// i assumed that the zip file i'm bruteForcing is having the first file encrypted. Now this code takes a so long long long time to guess a password that consists of just 5 'a' to 'z' letters. (26^5=11,881,376 passwords). Is there any code that may serve me to speed up this idea, or maybe i'm miss using this component. PS. my (2400/533/1024 CPU, 512MB DDR400, intel 865 chipset....) only tries about 1700 Passwords/sec.  whereas "Advanced Archive Password Recovery" can tries up to 8000000 Passwords/sec. Best regards, PD. |
|
|
|
Post by Kevin on Mar 8, 2005 8:01:28 GMT -5
There is a way to cut down on the time somewhat, but it is a little more involved than I can explain right now as I am on my way out the door. I will see if I can provide a decent answer to your question this evening.
Kevin
|
|
|
|
Post by ELiTE on Mar 8, 2005 13:28:27 GMT -5
Thanks man, i'll appreciate it.
|
|
|
|
Post by Kevin on Mar 8, 2005 18:35:22 GMT -5
The code below is partial and incomplete, but you should get the idea. The thing is, the password will match a key, but many passwords will match the key, so you do have to unzip the file in order to see if the password actually works. What the code below can do is help you avoid trying the passwords that don't match the key. DecryptHeaderType and DecryptHeaderByte are in VCLUnZip. If ItemIndex is the index of the file you are trying to unzip...
dh: DecryptHeaderType;
X: String;
dh := VCLUnZip1.DecryptHeader[ItemIndex];
CRCHighByte := HIBYTE(HIWORD( VCLUnZip1.CRC[ItemIndex]));
[Your loop]
X := nextPassword;
DecryptByte := VCLUnZip1.DecryptHeaderByte( X, dh );
If ( DecryptByte = CRCHighByte) then
begin
VCLUnZip1.Password := X;
If (VCLUnZip1.FileIsOK[ItemIndex]) then
begin
Found := True;
break;
end;
end;
[end loop]
Does this make any sense?  Kevin |
|
|
|
Post by ELiTE on Mar 9, 2005 15:58:33 GMT -5
Thank ya man, it really reduced the time, but it still up till now not finding the password.
May be i didn't catch the point, what is the point of (DecryptByte = CRCHighByte) what is the DecryptByte and CRCHighByte?
and what do this means : DecryptByte := VclUnZip1.DecryptHeaderByte(Pass, dh );
maybe i'm asking too much.
this is the code i used, and i tested it on a zip file containing one file passworded 'zzaa', it reached to the end 'zzzz' but didn't get the password.
procedure TForm1.Button1Click(Sender: TObject);
var dh : DecryptHeaderType;
Pass : String;
CRCHighByte, DecryptByte : BYTE;
i1, i2, i3, i4 : Char;
begin
dh := VclUnZip1.DecryptHeader[0]; // First file is encrypted.
CRCHighByte := HIBYTE(HIWORD(VclUnZip1.CRC[0])); // CRC for the first file.
For i1 := 'a' To 'z' Do
For i2 := 'a' To 'z' Do
For i3 := 'a' To 'z' Do
For i4 := 'a' To 'z' Do
Begin
Pass := i1 + i2 + i3 + i4;
DecryptByte := VclUnZip1.DecryptHeaderByte(Pass, dh );
If (DecryptByte = CRCHighByte) then
Begin
VclUnZip1.Password := Pass;
VclUnZip1.ResetFileIsOK(0);
If ( VclUnZip1.FileIsOK[0] ) Then
Begin
ShowMessage('Password is : ' + Pass);
Break;
End; // FileIsOK[0]
End; // DB = CRC
End; // For loop
end;
BTW : i'm using winrar to make the zip file did this make any conflict.
Regrads, PD
|
|
|
|
Post by Kevin on Mar 9, 2005 17:35:12 GMT -5
PD, I just realized that X is not a regular string. It is defined like this:
const
MAX_PASSWORD_LENGTH = 255;
type
TPasswordString = String[MAX_PASSWORD_LENGTH];
var
X: TPasswordString;
I'm not sure if that makes a difference or not off hand (I wouldn't have thought so), but you might give it a try. Oops, something else I left out that you actually had correct in your original code is to be sure to call VCLUnZip1.ResetFileIsOK(ItemIndex); each time you don't find a match. This may have actually been the problem. And you will probably find that it runs a little slower again since not calling this caused the calls to FileIsOK to fail immediately. Kevin Kevin |
|
|
|
Post by ELiTE on Mar 10, 2005 11:19:20 GMT -5
Whatta bad luck, it didn't work too. i found this in "Advanced Archive Recovery Password"'s Help,Could this be of any use.  |
|
|
|
Post by Kevin on Mar 12, 2005 9:37:00 GMT -5
Let me see your code as you currently have it.
Kevin
|
|
|
|
Post by ELiTE on Mar 12, 2005 11:34:00 GMT -5
Here is my code :
procedure TForm1.Button1Click(Sender: TObject);
var dh : DecryptHeaderType;
Pass : TPasswordString;
CRCHighByte, DecryptByte : BYTE;
i1, i2, i3, i4 : Char;
begin
UnZipper.ZipName := 'C:\Test.zip';
UnZipper.ReadZip;
dh := UnZipper.DecryptHeader[0];
CRCHighByte := HIBYTE(HIWORD(UnZipper.CRC[0]));
For i1 := 'a' To 'z' Do
For i2 := 'a' To 'z' Do
For i3 := 'a' To 'z' Do
For i4 := 'a' To 'z' Do
Begin
Pass := i1 + i2 + i3 + i4;
DecryptByte := UnZipper.DecryptHeaderByte(Pass, dh );
If (DecryptByte = CRCHighByte) then
Begin
UnZipper.Password := Pass;
UnZipper.ResetFileIsOK(0);
If ( UnZipper.FileIsOK[0] ) Then
Begin
ShowMessage('Password is : ' + Pass);
Break;
End;
UnZipper.ResetFileIsOK(0);
End;
End;
end;
where TPasswordString is as you defined it, and i tried both 255 and 4 for MAX_PASSWORD_LENGTH and it didn't work too.
and the file C:\Test.zip include one encrypted file with the password "zzzz".
PD.
|
|
|
|
Post by Kevin on Mar 12, 2005 12:13:08 GMT -5
I have to run out right now. I would recommend setting a breakpoint where the password actually gets set to see if the btye compare ever passes. I'd also create an archive with a password that comes sooner than "zzzz" for testing just so it doesn't take so long.  Kevin |
|
|
|
Post by ELiTE on Mar 12, 2005 15:57:24 GMT -5
I have to run out right now. I would recommend setting a breakpoint where the password actually gets set to see if the btye compare ever passes. When it reached the pass='zzzz' the : DecryptByte = 222 CRCHighByte = 24  I'd also create an archive with a password that comes sooner than "zzzz" for testing just so it doesn't take so long. Kevin it takes no time to reach the "zzzz" (1 sec) using the way by comparing DecryptByte and CRCByte. wassup then PD. |
|
|
|
Post by ELiTE on Mar 21, 2005 6:04:31 GMT -5
what do you think man, is the :
DecryptByte := UnZipper.DecryptHeaderByte(Pass, dh );
DecryptByte : BYTE;
Pass : String[255];
dh : DecryptHeaderType;
gets the 12th byte of the decrypted header ?
PD.
|
|
|
|
Post by Kevin on Mar 25, 2005 12:31:07 GMT -5
Sorry, I was out of town. I'll get to the bottom of this today or tomorrow and get back.
Kevin
|
|
|
|
Post by ELiTE on Mar 27, 2005 9:42:41 GMT -5
Still waiting man,  PD. |
|
|
|
Post by Kevin on Mar 27, 2005 11:00:06 GMT -5
Download the following file: www.vclzip.net/prp200.exeThe password, when asked, is: j0-772000mMQ,TvP This is a complete brute force password recovery delphi project. I do not not officially support it, but it works, you can run it, debug it, and it should give you an idea as to how this is done with VCLZip, or just use this one if you'd like. It has options for how many characters you want to test and you can enter any known characters in the password if that is known, etc. The main place to look is in PRPForm.Pas, about line 220 where there is a loop that starts out like: For LVal := MinLVal to SaveLVal do This project is a little more complicated than your example due to the additional options and counters, but you should be able to pick out the same thing going on here. Kevin |
|
