Zip File Analysis

Tools

• zipdetails
• 7z

Basic Inspection

7z l <zip_file>

• List files in the archive.

7z l -slt <zip_file>

• List detailed information for each file.
• Shows CRC for each file.
• Shows compression and encryption method for each file.

zipdetails <zip_file>

• Detailed, low-level view of ZIP structure and metadata.

---

Encryption Method = ZipCrypto

• Legacy ZIP encryption (often shown as ZipCrypto or just Zip).
• Vulnerable to a known-plaintext attack.
• Tools like bkcrack typically require at least 12 consecutive known plaintext bytes from an encrypted file.
• More known plaintext usually makes the attack faster and more reliable.

Attack Steps

zip plaintext.zip plaintext.txt

Create a ZIP (plaintext.zip) from a file (plaintext.txt) that contains plaintext known to also appear inside the encrypted ZIP’s target file.

7z l -slt <zip_file>

Check the CRC of the target encrypted file and verify it matches the CRC of the file inside plaintext.zip.

bkcrack -C <encrypted_zip> -c <encrypted_target_filename> -P plaintext.zip -p plaintext.txt

Recover the internal ZipCrypto keys by providing:

• -C → the encrypted ZIP file.
• -c → the name of the encrypted file inside that ZIP.
• -P → the ZIP containing the known-plaintext file.
• -p → the known-plaintext file inside that ZIP.

bkcrack -C <encrypted_zip> -k <key0> <key1> <key2> -U <output_zip> <new_password>

Use the recovered keys (<key0> <key1> <key2>) to:

• Create <output_zip> with a new password <new_password>, or
• Otherwise decrypt/re-encrypt the archive content.