If you’ve forgotten your password to a ZIP file, there are a couple of tools you can use to try and recover it. ..
It is important to note that if the ZIP file is encrypted using AES 128-bit or 256-bit encryption, you will only be able to brute force attack it if your password is very long. If your password is even just a few characters long, you will need a really powerful computer to process as many passwords per second as possible.
Password protection on files can be a hassle to crack, but there are a few simple steps you can take to make the process easier. Additionally, be sure to check out my other posts on password protection and cracking passwords. ..
Elcomsoft Archive Password Recovery
Elcomsoft Archive Password Recovery is the best choice for recovering a password from an encrypted ZIP, RAR, ACE or ARJ archive. The software comes in two flavors: Standard and Pro. The Standard version is $49.99 and the Pro version is $99.
The main difference between the two versions is that the Pro version supports WinZip archives that use enhanced AES encryption and guarantees WinZip recovery with some limitations (must be WinZip 8.0 or earlier and the archive has to have at least 5 files). In addition, it has an additional method of recovery called Password from keys that can be used in addition to brute-force, dictionary and plain-text attacks. ..
I like that this password recovery program offers a variety of methods to help you recover your password. The most difficult situation is when you don’t know the length or type of characters in your password. In these cases, I recommend starting with the faster methods and moving on to more time-consuming attacks if necessary. ..
Once you have the software installed, you’ll see the main interface as shown in the image below. To get started, click on the Open button and choose your archive file. By default, the Type of Attack is set to Brute-force and the options that are checked include all capital and all lowercase letters.
Before you start encrypting your files, you should first click on the Benchmark button to check the type of encryption and get an estimate of how long it will take. ..
It will take about 11 minutes to recover a password that was encrypted using AES 256-bit and by only looking at lowercase and uppercase letters with a maximum password length of only 4 characters. If you choose All Printable characters, the time went up to 2.5 hours in my case. Again, this is only for a short four-character password. The time goes up exponentially as the password gets longer.
If you’re not sure how long the password is, click on the Length tab and increase the maximum password length to something higher. The trial version only works up to four characters. ..
If you don’t know the password, it’s best to try and find out and increase the length to 10 or higher. However, if it still doesn’t work, you might want to try using only letters up to a certain character count or adding all digits and special symbols one at a time.
A dictionary attack is a more efficient way to brute-force an account than a simple search. Choose Dictionary from the drop-down and then click on the Dictionary tab.
The program comes with a small, but decent dictionary already built-in. The nice thing is that you can download bigger dictionaries online and use them in the program if you want. Of course, this won’t work if someone used a complex password, but it’s worth a shot since it’s much faster.
The archive can be easily decrypted if you have one of the files inside it. This is most likely not going to happen most of the time, but if you do have at least one file inside the archive, you can use a Plain Text attack to decrypt it.
The Mask attack is a technique used to protect against password attacks. It works by disguising the user’s input as another type of input. For example, if you know the password starts with x and is 7 characters long, you would enter x???? into the Mask box on the Range tab.
Overall, this is an excellent program and definitely worth the cost if you need to get into a ZIP or other archive file. On my test file with a short four-character passcode and 256-bit AES encryption, it worked flawlessly and got me the password in just a few minutes. ..
The goal of this program is to break into any file as quickly as possible. By running it on a fast computer, we can try as many passwords as possible per second and break into the file faster.
Passware Zip Key
Zip Key is a great program that is only $39. It helps you protect your passwords by encrypting them and providing a demo to see if it works on a short trial.
I purchased the software to test it and it worked fine. It is very similar to Elcomsoft in terms of the attacks, etc. Once you install it, click on Recover File Password and then you’ll see the options below.
If you know the password only contains numbers, you can choose Run Number Wizard. This will let you pick from different options if you happen to know anything about the number.
Predefined settings will start with some simple attacks and then automatically move on to more complex attacks. If you click on the Attacks tab at the bottom, you will be able to see all of the attacks that will be tried. ..
Some attacks will take longer than others, again depending on the password length and encryption type. Brute force is the slowest method, so that’s why the programs tries other methods in-between.
Customized Settings can be used to customize how the Elcomsoft program is setup by default.
You can add an attack to the queue by clicking the left arrow button. Once you’ve added an attack, it will run one after the other. In my case, I chose a brute force attack with a four-character password that contains letters, numbers and symbols. It didn’t take long for Zip Key to crack my test file, which is the same one I used for testing Elcomsoft. ..
Zip Key is a great way to keep your files safe and secure. If you’re looking for a way to protect your files, Zip Key is the perfect choice. Use this purchase link to get the best deal on Zip Key.
There are a lot of other programs out there for cracking ZIP files, but these two are the ones I really liked in terms of ease of use, features and actual ability to recover the password. If you have used something else, feel free to let us know in the comments. Enjoy!