Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

HX updated (DOSX)

posted by Rugxulo(R) Homepage, Usono, 25.11.2012, 07:09

> > Well, here's a potential simple workaround: change "PE" text signature
> to
> > "PX".
>
> Ok, thanks for the hint! However, to encrypt the whole package is probably
> more fool-proved. It's not totally comfortable, but IMO DOS users should be
> used to - and enjoy - uncomfortable weather.

:no:


mkdir -p /tmp/blah && cd /tmp/blah
wget http://oldhome.schmorp.de/marc/data/fcrackzip-1.0.tar.gz
tar xzf fcrackzip*gz && configure && make
wget http://www.japheth.de/Download/HX/HXRT217.zip
fcrackzip -b -c a -v -l 1-8 HXRT217.zip


BTW, I cheated somewhat as I already knew the password was all lowercase and length 8 or less. So apparently in less than 10 minutes, it's already told me "possible pw found:" correctly (though keeps running). My previous attempt was apparently expecting more fancy passwords as it's still running (single core) 37 hours later! :lol: (John the Ripper - Jumbo, after zip2john prepares it). I didn't try old fzc from Sac.Sk (DOS!) because I was hoping the other would be better / faster. fcrackzip says it's portable and free unlike fzc (encrypted, asm-only). There's an old article (from 1995?) called kocher-pkzip-attack.txt (link broken in official Info-Zip FAQ) that says PKZIP encryption is fairly weak and shouldn't be relied upon. Especially nowadays with much faster computers, better compilers, multiple cores, SIMD, and things like Amazon EC2.

I really only did this to prove a point: ZIP passwords aren't infallible. Though I don't think "cracking" a .ZIP is justified (legal, moral, etc.) in 99% of cases. Hope this doesn't offend anyone! :confused:

 

Complete thread:

Back to the forum
Board view  Mix view
15186 Postings in 1365 Threads, 250 registered users, 20 users online (1 registered, 19 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum