1
00:00:00,980 --> 00:00:08,060
In this video, we are going to see how we can crack old zip file passwords with BC crack software.

2
00:00:11,750 --> 00:00:18,650
Old ZIP encryption method did not actually encrypt the files, and used a method called store to save

3
00:00:18,650 --> 00:00:20,630
files inside a zip archive.

4
00:00:20,900 --> 00:00:28,070
Modern tools like WinZip and WinRAR now use modern methods, and you actually have to create this type

5
00:00:28,070 --> 00:00:29,630
of archive manually.

6
00:00:29,630 --> 00:00:35,450
But you may come across an old archive created with this type of method in the wild, for which you

7
00:00:35,450 --> 00:00:36,740
can use this tool.

8
00:00:37,600 --> 00:00:43,690
This is a known plaintext attack, which means you should know how files look like, or know a little

9
00:00:43,690 --> 00:00:45,790
bit of the actual file content.

10
00:00:48,260 --> 00:00:54,140
The known plaintext attack is an attack model for cryptanalysis, where the attacker has access to both

11
00:00:54,140 --> 00:00:58,220
the plaintext and its encrypted version, called ciphertext, as a sample.

12
00:00:58,250 --> 00:01:03,770
By using the advanced analysis method, an attacker can break the encryption and reveal the hidden file

13
00:01:03,770 --> 00:01:04,580
content.

14
00:01:07,370 --> 00:01:11,660
For demonstration purposes, we will be creating a vulnerable archive.

15
00:01:13,020 --> 00:01:15,390
I will be using seven zip software.

16
00:01:15,390 --> 00:01:21,240
So create an archive and ensure that the compression level is set to store, which will result in a

17
00:01:21,240 --> 00:01:22,620
vulnerable archive.

18
00:01:24,750 --> 00:01:27,180
Now let us see how we can break this encryption.

19
00:01:28,650 --> 00:01:29,940
In step one.

20
00:01:29,970 --> 00:01:33,780
Download the BC crack software from GitHub repository.

21
00:01:35,620 --> 00:01:42,010
In step two, copy the archive in the same directory as BCC crack and then use the command bcc crack,

22
00:01:42,010 --> 00:01:46,150
dash L and the archive name to list down the contents of the archive.

23
00:01:46,240 --> 00:01:51,720
Now create a new text file with the content that you know will be present in one of the files.

24
00:01:51,730 --> 00:01:57,010
Normally they can be comments like those found on top of the host file or any config file.

25
00:01:57,040 --> 00:01:57,940
By default.

26
00:02:02,210 --> 00:02:06,320
In step four, use the given command to recover the key.

27
00:02:06,350 --> 00:02:09,830
Here test zip is the encrypted archive.

28
00:02:09,860 --> 00:02:15,080
Test is the file you are targeting and have a plain text of plaintext.

29
00:02:15,110 --> 00:02:20,780
Is the plain text file containing some data that you know will be present in the target cipher file.

30
00:02:23,260 --> 00:02:25,840
This will recover the key of the archive.

31
00:02:29,630 --> 00:02:34,100
Now you can use the recovered key to extract the encrypted file from the archive.

32
00:02:34,130 --> 00:02:34,850
Here.

33
00:02:34,880 --> 00:02:42,080
Decrypt txt is the output file and the dash k flag specifies the recovered key from the previous step.

34
00:02:43,300 --> 00:02:45,880
This will extract our target cipher file.

35
00:02:48,650 --> 00:02:54,560
Now we can also use this key to create a new archive with our own password, and then extract all files

36
00:02:54,560 --> 00:02:55,710
from the archive.

37
00:02:55,730 --> 00:02:59,030
So use the command as shown on the slide.

38
00:03:02,130 --> 00:03:04,650
Now let us see the actual demonstration.

39
00:03:08,590 --> 00:03:15,310
We are on a Windows 10 machine, and here we have two files on the desktop that we want to add to an

40
00:03:15,310 --> 00:03:16,210
archive.

41
00:03:16,750 --> 00:03:25,540
One of the files, test.txt, contains some commands on top of it and represents a typical config file.

42
00:03:25,540 --> 00:03:31,840
An attacker may guess or know that this file contains this content on top of other content.

43
00:03:32,080 --> 00:03:37,240
The other file contains some garbage data which the attacker does not know about.

44
00:03:37,390 --> 00:03:44,620
To create a vulnerable archive, select these files and from the context menu, select seven zip and

45
00:03:44,620 --> 00:03:46,750
then add to archive option.

46
00:03:47,700 --> 00:03:50,670
Here ensure the compression level is set to store.

47
00:03:52,140 --> 00:03:56,730
The encryption method is set to zip crypto and then set a password.

48
00:03:58,870 --> 00:04:01,850
Click on okay to create the archive.

49
00:04:01,870 --> 00:04:05,080
So we have an archive on the desktop.

50
00:04:07,430 --> 00:04:10,220
Rename it to test zip.

51
00:04:13,010 --> 00:04:17,450
Now open your web browser and search for BK crack.

52
00:04:20,800 --> 00:04:23,560
Open the GitHub page for BK crack.

53
00:04:25,780 --> 00:04:29,980
Scroll down and click the link to go to Pre-compiled packages.

54
00:04:35,660 --> 00:04:40,760
We can use this tool on Linux or on windows as we are using windows.

55
00:04:40,760 --> 00:04:43,460
So download the 64 bit package.

56
00:04:48,580 --> 00:04:50,890
Once downloaded, extract it.

57
00:04:55,230 --> 00:04:59,970
Now copy the target archive from the desktop to BCC crack folder.

58
00:05:05,910 --> 00:05:08,760
Now we need to create a plain text file.

59
00:05:08,760 --> 00:05:11,040
So open a new text document.

60
00:05:13,370 --> 00:05:18,740
And paste the top lines from our actual file that has been encrypted in zip archive.

61
00:05:24,200 --> 00:05:25,760
Save and close the file.

62
00:05:27,820 --> 00:05:30,850
Now we have everything we need to crack the zip archive.

63
00:05:33,570 --> 00:05:36,360
Click on the search icon and open the command prompt.

64
00:05:39,400 --> 00:05:42,880
Change your current working directory to BC crack folder.

65
00:05:47,000 --> 00:05:53,810
Use the command BC cracks and the archive name to list down the contents of the archive.

66
00:05:55,620 --> 00:06:01,470
We can see that the compression method is store, which makes the archive vulnerable to this method.

67
00:06:04,630 --> 00:06:09,670
Now use the command as shown on the screen to recover the key of the archive.

68
00:06:09,700 --> 00:06:15,490
We are specifying the archive name, the cipher text file, and the plain text file.

69
00:06:19,860 --> 00:06:22,170
BC crack will extract the key.

70
00:06:22,200 --> 00:06:29,010
After some time, note that this key is not the same as the password, but it will serve our purpose.

71
00:06:30,550 --> 00:06:37,150
Now, to recover the cipher file against the plain text file, we can use the command as shown on screen

72
00:06:37,150 --> 00:06:38,800
with the extracted key.

73
00:06:42,140 --> 00:06:45,470
Our cipher file will be extracted in the same folder.

74
00:06:46,360 --> 00:06:49,360
And here we can see the full contents of the file.

75
00:06:51,850 --> 00:06:58,510
Now, if we want to get all files from the target archive, we will need to create a new archive with

76
00:06:58,510 --> 00:07:02,170
the extracted key by the command as shown on the screen.

77
00:07:02,200 --> 00:07:05,980
Here we are creating a new archive with a new password.

78
00:07:07,750 --> 00:07:09,910
Our new archive has been created.

79
00:07:10,960 --> 00:07:14,530
So extract it now with the password you specified.

80
00:07:19,380 --> 00:07:23,130
And here we have both the files from the target archive.

81
00:07:23,670 --> 00:07:28,650
In this manner, we can break the old zip encryption algorithm and extract the files.

82
00:07:28,680 --> 00:07:34,020
Therefore, it is recommended that while creating archives, you must ensure that you are using newer

83
00:07:34,020 --> 00:07:34,970
protocols.

84
00:07:34,980 --> 00:07:38,070
I hope you liked this video and thanks for supporting us.