有一个因为上面有密码而无法进入的ZIP 文件?(ZIP file)如果您忘记了密码,您唯一的选择是尝试使用第三方实用程序恢复密码。根据创建ZIP 文件(ZIP file)的程序(7-Zip、WinZip等)以及使用的加密类型,您恢复密码的机会会有所不同。
在本文中,我将提到几个我用来恢复我创建的一些测试文件的ZIP 密码的工具。(ZIP password)希望(Hopefully)您能够通过使用其中一种工具破解密码来访问您的ZIP 文件。(ZIP file)
值得注意的是,如果ZIP 文件(ZIP file)使用AES 128 位(AES 128-bit)或 256 位加密进行加密,您唯一的选择将是暴力攻击(force attack)。如果密码很长,您将需要一台非常强大的计算机来每秒处理尽可能多的密码。
此外,请务必查看我关于打开受密码(opening password)保护的RAR文件、破解 XLS 密码、重置Windows 管理员(Windows administrator)密码和重置BIOS密码的其他帖子。
Elcomsoft 存档密码恢复
在我看来,Elcomsoft Archive Password Recovery是从加密的ZIP、RAR、ACE 或 ARJ(ACE or ARJ)存档中恢复密码的最佳选择。该软件有两种版本:标准版和专业版(Standard and Pro)。标准版(Standard version)49.99 美元,专业版(Pro version)99 美元。
两个版本的主要区别在于,Pro 版本(Pro version)支持使用增强AES 加密的(AES encryption and guarantees WinZip recovery)WinZip存档,并保证 WinZip 恢复但有一些限制(必须是WinZip 8.0 或更早版本,并且存档必须至少有 5 个文件)。此外,它还有一种额外的恢复方法,称为密码从密钥(Password from keys )中恢复,除了暴力破解、字典和纯文本攻击之外,还可以使用该方法。
我喜欢这个程序的地方在于您可以使用多种不同的方法来恢复密码以及每种方法的不同选项。最困难的情况是当您有密码但您不知道长度或包含哪些字符时。在这些类型的情况下,您应该从更快的方法开始,然后再进行需要更长时间的攻击。
下载并安装软件后,您将看到如上图所示的主界面。要开始,请单击“打开(Open)”按钮并选择您的存档文件。默认情况下,攻击类型( Type of Attack)设置为蛮力( Brute-force),并且选中的选项包括所有大写字母和所有小写字母。
在您点击Start之前,您应该继续并点击Benchmark按钮,它将检查文件的加密类型,并为您估计使用当前选项需要多长时间。
如您所见,恢复使用AES 256 位加密的密码大约需要 11 分钟,并且仅查看最大密码长度(password length)仅为 4 个字符的小写和大写字母。如果您选择所有可打印( All Printable)字符,则在我的情况下时间长达 2.5 小时。同样(Again),这仅适用于一个简短的四字符密码(four-character password)。随着密码变长,时间呈指数增长。
如果您不确定密码有多长,请单击“长度(Length)”选项卡并将最大密码长度(password length)增加到更高的值。试用版(trial version)最多只能使用四个字符。
显然,如果您不知道密码是什么,检查 All Printable然后将长度增加到 10 或更高将保证您获得更多成功,但也可能需要太长时间。我建议只从字符数(character count)最多的字母开始,如果这不起作用(t work),则一次添加一个所有数字(All digits)和所有特殊符号(All special symbols)。
在开始暴力攻击之前,可能值得先尝试字典攻击,因为这将花费更少的时间。从下拉列表中选择字典,然后单击(Dictionary)字典(Dictionary)选项卡。
该程序已经内置了一个小而不错的字典。好处是您可以在线下载更大的词典,并在需要时在程序中使用它们。当然,如果有人使用复杂的密码,这将不起作用,但值得一试,因为它要快得多。
需要注意的另一件事是,如果您碰巧拥有存档中的一个文件,则可以解密整个存档。大多数情况下可能不会出现这种情况,但如果您碰巧至少有一个您知道存档中的文件,您可以使用纯文本攻击(Plain Text attack)来解密整个存档。
此外,如果您碰巧知道密码的长度和其他任何(password and anything)信息,您可以使用掩码(Mask)攻击。例如,如果您知道密码以 x 开头并且长度为 7 个字符,您将输入x?????? 进入范围(Range)选项卡上的掩码(Mask)框。
总体而言,这是一个出色的程序,如果您需要进入ZIP或其他存档文件,绝对物有所值。在我的带有简短四字符密码(four-character passcode)和 256 位AES 加密的(AES encryption)测试文件(test file)中,它完美运行,并在几分钟内为我获取了密码。
最主要的是在您拥有的最快的计算机上运行该程序。每秒可以尝试的密码越多,您破解文件的速度就越快。
密码 Zip Key
我推荐的另一个好程序是Passware Zip Key。该程序只需 39 美元,比Elcomsoft便宜一点。他们也有一个演示版,但每次攻击只运行一分钟,所以你真的无法测试它是否有效,即使是短密码。
但是,我购买了它以便我可以测试它并且它运行良好。它在攻击等方面与Elcomsoft非常相似。安装后,单击“恢复文件密码( Recover File Password)”,然后您将看到以下选项。
您可以选择Run Wizard,如果您碰巧知道有关密码的任何信息,它将让您从不同的选项中进行选择。如果您知道密码仅包含字母等,这很好。
如果您单击Use Predefined Settings,它将从一些简单的攻击开始,然后自动转向更复杂的攻击。如果单击底部的“攻击(Attacks)”选项卡,您将能够看到将要尝试的所有攻击。
有些攻击会比其他攻击花费更长的时间,同样取决于密码长度和加密类型(password length and encryption type)。蛮力(Brute force)是最慢的方法,所以这就是程序尝试其他方法的原因。
最后,您可以选择高级:自定义设置( Advanced: Customized Settings),基本上手动配置所有内容,就像默认情况下设置Elcomsoft 程序一样。(Elcomsoft program)
您从列表中选择攻击,然后单击左箭头按钮将其添加到队列中。您可以添加多个攻击,它们将一个接一个地运行。在我的例子中,我选择了一个暴力攻击(brute force attack),它使用包含字母、数字和符号的四字符密码。Zip Key没过多久就破解了我的测试文件(test file),这与我用于测试Elcomsoft的文件相同。
如果您打算购买Zip Key,请使用此购买链接(purchase link)。价格是一样的,但我因为推荐这个程序而不是公司得到所有的钱而得到了一小部分。谢谢!
还有很多其他用于破解ZIP文件的程序,但就易用性、功能和恢复密码的实际能力而言,这两个是我真正喜欢的。如果您使用过其他东西,请随时在评论中告诉我们。享受!
Unlock Password Protected Zip Files
Have a ZIP file that you can’t get into because it has a password оn it? If you forgot the password, the onlу optiоn you have is to try and recover the pаsѕword using third-partу utilities. Depending on which program creаted the ZIP file (7-Zip, WinZiр, etс.) and what type of encryption was used, your chances of recovering the password will vary.
In this article, I’m going to mention a couple of tools that I’ve used to recover a ZIP password on some test files that I created. Hopefully, you’ll be able to access your ZIP file by cracking the password using one of these tools.
It’s worth noting that if the ZIP file is encrypted using AES 128-bit or 256-bit encryption, your only option will be a brute force attack. If the password is very long, you’ll need a really powerful computer to process as many passwords per second as possible.
Also, be sure to check out my other posts on opening password protected RAR files, cracking XLS passwords, resetting Windows administrator passwords, and resetting BIOS passwords.
Elcomsoft Archive Password Recovery
In my opinion, Elcomsoft Archive Password Recovery is the best choice for recovering a password from an encrypted ZIP, RAR, ACE or ARJ archive. The software comes in two flavors: Standard and Pro. The Standard version is $49.99 and the Pro version is $99.
The main difference between the two versions is that the Pro version supports WinZip archives that use enhanced AES encryption and guarantees WinZip recovery with some limitations (must be WinZip 8.0 or earlier and the archive has to have at least 5 files). In addition, it has an additional method of recovery called Password from keys that can be used in addition to brute-force, dictionary and plain-text attacks.
What I like about this program is the number of different methods you can use to recover the password and the different options you have for each method. The toughest situation is when you have a password and you don’t know the length or what kind of characters are included. In these types of situations, you should start with the faster methods before moving on to attacks that will take much longer.
Once you download and install the software, you’ll see the main interface as shown above. To get started, click the Open button and choose your archive file. By default, the Type of Attack is set to Brute-force and the options that are checked include all capital and all lowercase letters.
Before you click Start, you should go ahead and click on the Benchmark button, which will check the type of encryption on the file and give you an estimate of how long it will take using the current options.
As you can see, it will take about 11 minutes to recover a password that was encrypted using AES 256-bit and by only looking at lowercase and uppercase letters with a maximum password length of only 4 characters. If you choose All Printable characters, the time went up to 2.5 hours in my case. Again, this is only for a short four-character password. The time goes up exponentially as the password gets longer.
If you’re not sure how long the password is, click on the Length tab and increase the maximum password length to something higher. The trial version only works up to four characters.
Obviously, if you have no idea what the password is, checking All Printable and then increasing the length to 10 or higher will guarantee you more success, but it might also take way too long. I suggest starting with only letters up to a higher character count and if that doesn’t work, then add All digits and All special symbols one at a time.
Before you start with a brute-force attack, it might be worth trying a dictionary attack first as that will take less time. Choose Dictionary from the drop-down and then click on the Dictionary tab.
The program comes with a small, but decent dictionary already built-in. The nice thing is that you can download bigger dictionaries online and use them in the program if you want. Of course, this won’t work if someone used a complex password, but it’s worth a shot since it’s much faster.
Another thing to note is that the whole archive can be decrypted if you happen to have one of the files that are inside the archive. This probably won’t be the case most of the time, but if you do happen to have at least one file that you know is inside the archive, you can use the Plain Text attack to decrypt the entire archive.
Also, if you happen to know the length of the password and anything else about it, you can use the Mask attack. For example, if you know the password starts with x and is 7 characters long, you would enter x?????? into the Mask box on the Range tab.
Overall, this is an excellent program and definitely worth the cost if you need to get into a ZIP or other archive file. On my test file with a short four-character passcode and 256-bit AES encryption, it worked flawlessly and got me the password in just a few minutes.
The main thing is to run the program on the fastest computer you have around. The more passwords than can be tried per second, the faster you’ll break into the file.
Passware Zip Key
The other good program that I recommend is Passware Zip Key. The program is only $39, which is a bit cheaper than Elcomsoft. They also have a demo version, but it only runs each attack for one minute, so you really can’t test to see if it works, even on a short password.
However, I purchased it so that I could test it and it worked fine. It’s very similar to Elcomsoft in terms of the attacks, etc. Once you install it, click on Recover File Password and then you’ll see the options below.
You can choose Run Wizard, which will let you pick from different options if you happen to know anything about the password. This is good if you know the password only contains letters, etc.
If you click on Use Predefined Settings, it will start with some simple attacks and then automatically move on to more complex attacks. If you click on the Attacks tab at the bottom, you will be able to see all the attacks that will be tried.
Some attacks will take longer than others, again depending on the password length and encryption type. Brute force is the slowest method, so that’s why the programs tries other methods in-between.
Lastly, you can choose Advanced: Customized Settings and basically configure everything manually like how the Elcomsoft program is setup by default.
You choose an attack from the list and then click the left arrow button to add it to the queue. You can add several attacks and they will run one after the other. In my case, I choose a brute force attack with a four-character password that contains letters, numbers and symbols. It didn’t take long for Zip Key to crack my test file, which is the same one I used for testing Elcomsoft.
If you plan to purchase Zip Key, please do it using this purchase link. The price is the same, but I get a small cut for recommending the program instead of the company getting all the money. Thanks!
There are a lot of other programs out there for cracking ZIP files, but these are the two that I really liked in terms of ease of use, features and actual ability to recover the password. If you have used something else, feel free to let us know in the comments. Enjoy!
