Advanced ZIP Password Recovery 2.2
==========================================
(c) 1999 Elcom Ltd (V.Katalov, A.Malyshev)
Contents
--------
Description
Requirements
Usage
Known bugs and limitations
Tips & tricks
Future enhancements
Registration
Technical support
Where to get the latest version
Ombudsman statement
Description
-----------
This program (Advanced ZIP Password Recovery, or simply AZPR)
can be used to recover your lost password for ZIP archive. At
the moment, there is no known method to extract the password
from the compressed file; so, the only available methods are
"brute force" and dictionary-based attacks.
Well, there are a lot of programs like this around, but
all of them have their own "pros" and "cons". Here is a brief
list of AZPR advantages:
- The program has a convenient GUI (Windows user interface).
- The program is very fast: up to 20 million passwords per
minute (on Pentium-200/MMX).
- The program can work with archives containg one encrypted
file only.
- All compression methods are supported.
- Self-extracting archives are supported.
- The program is customizable: you can set the password length
(or length range), the character set to be used to generate
the passwords, and a couple of other options.
- You can select the custom character set for brute-force attack
non-english characters are supported).
- Dictionary-based attack is available.
- The maximum password length is not limited (in registered
version).
- No special virtual memory requirements.
- You can interrupt the program at any time, and start from the
same point later.
- The program can work in the background, using CPU only when it
is in idle state.
The next versions will have much more useful features, of
course.
Requirements
------------
- Windows 95 (any version), or Windows 98, or Windows NT 4.0 running
on Pentium CPU
- 4 megabytes RAM (plus some additional memory, if the
ZIP archive contains "stored" files)
- less than 1 megabyte of hard disk space
- patience...
Usage
-----
The program is a windows application and have powerful
graphical user interface (GUI). You can run this program
from "Advanced ZIP Password Recovery" group created by
the installation program.
You have to select the following:
ZIP password-encrypted file
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Just the name of ZIP archive you'd like to get the password
for. Use the "Browse" button to pick it from the list.
Password length
~~~~~~~~~~~~~~~
Maximum and minimum length of the password to verify.
Type of attack
~~~~~~~~~~~~~~
Brute-force or dictionary attack. You can select both of those;
if the dictionary attack (which is much faster and executed first)
fails - brute-force attack will be performed.
Brute-force range options
~~~~~~~~~~~~~~~~~~~~~~~~~
Instructs the program what characters have been used in
the password), if you have this information. You can choose
from all capital letters, all small letters, all digits, all
special symbols and the space; or just all printable (includes
all of the above). The special characters are:
!@#$%^&*()_+-=<>,./?[]{}~:;`"\'|
Alternatively, you can define your own charset. Just mark the
"Custom charset" checkbox and click on "Define" button (on the
toolbar). In the input window enter all chars of your password
range; for example: if you remember that your password was
entered in the bottom keyboard row ("zxcv...") - your password
range should be "zxcvbnm,./" (or in caps: "ZXCVBNM<>?"). You can
also define the both of these: "zxcvbnm,./ZXCVBNM<>?". In
addition, you can load and save custom charsets, or combine them
using the "Add charset from file..." button.
Just a note about "Convert to OEM encoding" option in the "User
Defined Charset" option. Be sure to select it if the password
contain any non-english characters, and the archive has been
created by DOS-based ZIP utility (like PKZIP 2.04g). Otherwise,
the password will not be found.
Start from password
~~~~~~~~~~~~~~~~~~~
This option may help if you know what the first character of
the password is. For example, if you're sure that the small
letters have been used (from 'a' to 'z'), the length is 5, and
the the password definitely starts with 'k', than type 'kaaaa'
here. Please also note, that if you press the "Stop" button
when AZPR is working, the program writes the current password
to this window ("Start from password"). It can be used later
to restart the program from the same point.
Dictionary options
~~~~~~~~~~~~~~~~~~
Simply select the desired dictionary file. In addition, you can
select an option "Try to capitalize first character" or "Try
to capitalize all characters" -- it may really help if you're
not sure about the register the password has been typed in.
For example, for the word "password" (in dictionary), the
program will also try the "Password" (if the first option is
checked), and the "PASSWORD" (if the second one is checked).
The small, but really effective dictionary is included into
AZPR distribution: "english.dic" (about 27,000 words). Some
other very good ones are available at:
ftp://sable.ox.ac.uk/pub/wordlists/
ftp://ftp.cdrom.com/pub/security/coast/dict/wordlists/
ftp://ftp.cdrom.com/pub/security/coast/dict/dictionaries/
Also, please have a look at our "Password Recovery Software"
page -- you'll find a few dictionaries, wordlists and dictionary
generators there, as well as the links to related sites:
http://www.elcomsoft.com/prs.html
Priority
~~~~~~~~
Backround or high. If you want to start AZPR as a "background"
process, which will work only when CPU is in idle state -- you
have to select "Normal". If you want to increase the performance
-- please select "High", but it will decrease the performance of
all *other* applications running on your computer.
Save and Read setup
~~~~~~~~~~~~~~~~~~~
You can save you current AZPR setup into specified INI-file.
When you press the "Save setup" button, the "Save file" dialog
appears. Just select an INI-file name (e.g. "myarch.ini"), or
select an existing INI-file for overwriting. You can read your
setup later -- simply press a "Read setup" button.
AutoSave
~~~~~~~~
If you'd like AZPR to save its state perodically, please check
the appropriate option, and select the time (in minutes). If
you'll do that, AZPR will create (and update) a restore file
"~azpr.ini" (in the same folder where your archive is located;
similar to one created when using the "Save setup" button), and
even if your computer will stop resonding (or on power fail),
you'll be able to restore breaking the password from the last
saved state. Enabling this option is *strongly* recommended.
Interface options
~~~~~~~~~~~~~~~~~
Just now only one option is there -- "Minimize to tray". If it
is enabled, the program window will disappear from Windows
desktop when pressing the "minimize" button in the top-right
corner of the window (or selecting an appropriate item is system
menu); the small icon will be created in the "tray" area of the
task bar (near the system clock). Just double-click on that icon
to restore the window.
When (if) the password is found, the program shows it, as well
as the number of passwords which have been tested, and the
program speed:
'qwert' is a valid password for this file
Processed 1760765 passwords
time = 22 second(s)
speed = 80034 passwords/second
If all possible passwords (in the given range) have been verified
without success (so the valid one has not been found), the
message is:
Password not found in specified range
Processed 256976 passwords
time = 1 second(s)
speed = 256976 passwords/second
If you stopped your recovery by pressing a "Stop" button - the current
step of brute-force is saved in "Start from" field. Now you can
press a "Start" button again and recovery will be continued from
this step.
Known bugs and limitations
--------------------------
- When the files in archive are "stored" (no compression, just
encryption) -- the performance might be lower than expected
(especially on large files), because decrypting the whole file
is required.
- AZPR may fail to recover the password for multi-volume
archive, or give a message that the archive is corrupted, or
even crash on it.
- If the archive contains two or more encrypted files, the
program assumes that all of them are encrypted with the same
password.
- For some specific archives, AZPR may start to eat memory very
fast (due to some memory leaks which are still there),
resulting the crash after a few minutes.
Tips & tricks
-------------
Files fith different passwords
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you're sure that the files inside ZIP archive have been
encrypted with different passwords, AZPR might not be able to
find the correct password. The workaround is: make a backup
copy of your archive; remove all files from the archive,
keeping only ones which definitely have the same password (may
be, just one file); and run AZPR on the archive you'll get.
When (if) AZPR will find the correct password, create an
another new archive, keeping the next posion of files with the
same password. If *all* the files have different passwords,
you're in trouble -- too much time for recovering them will be
required; but that's the onliest thing you can do.
Selecting the options
~~~~~~~~~~~~~~~~~~~~~
If you have no idea how long the password is and what
characters it may contain, run the dictionary-based attack
first. If it will fail, try the brute-force with the following
options (character set and password length range):
Charset Length Passwords Time
---------------------------------------------------------------
all printable 1..5 7,820,126,720 3.5 hours
digits, small/capital, space 6 62,523,502,592 29 hours
digits, small letters, space 7 94,931,877,888 43 hours
digits, capital letters, space 7 94,931,877,888 43 hours
small letters, space 8 282,429,521,920 5+ days
capital letters, space 8 282,429,521,920 5+ days
digits, space 8..11 313,821,429,760 6+ days
The third column shows the total number of password combinations
(with the given charset and password length), and the last
column shows the maximum time required for recovering the
password (assuming that the speed is 600,000 passwords per second
-- the real value for Pentium II CPU).
Dictionary-based attacks
~~~~~~~~~~~~~~~~~~~~~~~~
As noted above, dictionary-based attack is *very* effective -- so,
please try it first. Moreover, if you know the "structure" of
the password (for example, the characters at some positions),
it is recommended to create your own dictionary based on the
rules you have. There are a lot of dictionary generators
around there, some ones (developed by 3rd parties) are available
from our "Password Recovery Software" page:
http://www.elcomsoft.com/prs.html
The password generator may also help if you "almost" remember
the password, but probably missed one or two characters, or
typed an extra ones, or just mistaken a little bit -- some
generators allow to "mutate" the word and print/save all
similar ones (as a wordlist/dictionary which can be used with
AZPR).
Future enhancements
-------------------
We know that the program could be improved, and here are some
facilities we're going to implement:
- Ability to select the password mask using regular expressions.
- Selecting particular file (in archive) to crack.
- Running as a service under Windows NT.
- Separate "benchmark" option for estimating the required time
and password reliability.
- Command-line parameters.
- Creating log file.
- "Known plaintext" attack.
- More dictionary attack options (mutations).
- Working on SMP systems (when more than one CPU is available).
- Network Password Recovery.
- Further performance optimizations.
If you have any ideas how the program can be improved, please
don't hesitate to contact us! Your comments are very appreciated.
Registration
------------
This program is distributed as shareware (look at "license.txt"
for details). Being unregistered, it does not allow to set the
maximum password length more thans 5, and select the "try to
capitalize first character" and "try to capitalize all
characters" options for dictionary-based attack.
After you register (look at "order.txt" for details), we'll
send you your personal registration code. You'll just have to
click the "Register" button; the program will open the input
window to enter the registration code; after you do so (you can
use cut'n'paste to avoid typing errors), it will have the full
functionality.
Please note that your registration will be valid for *all* future
versions of AZPR -- i.e., the upgrades (minor and major) are free
for registered users.
Technical support
-----------------
For technical support, please contact us at [email protected].
In the subject of your mail, please write "AZPR x.y" (where x.y
is the version number), followed by "problem", "suggestion" or
whatever else.
Where to get the latest version
-------------------------------
The latest version of AZPR is always available from our web page
at http://www.elcomsoft.com/azpr.html. Other password recovery
products (for ARJ archives, Microsoft Access 95/97 databases,
Microsoft Word/Excel 97 and Windows NT are available from our
server at http://www.elcomsoft.com/prs.html.
Ombudsman statement
-------------------
Elcom Ltd is a member of the Association of Shareware Professionals
(ASP). ASP wants to make sure that the shareware principle works
for you. If you are unable to resolve a shareware-related problem
with an ASP member by contacting the member directly, ASP may be
able to help. The ASP Ombudsman can help you resolve a dispute or
problem with an ASP member, but does not provide technical support
for members' products. Please write to the ASP Ombudsman at 157-F
Love Ave., Greenwood, IN 46142 USA, FAX 317-888-2195, or send email
to [email protected].