fcrackzip
Crack password-protected ZIP archives
TLDR
Brute-force a password with a length of 4 to 8 characters, and contains only alphanumeric characters (order matters)
Brute-force a password in verbose mode with a length of 3 characters that only contains lowercase characters, $ and %
Brute-force a password that contains only lowercase and special characters
Brute-force a password containing only digits, starting from the password 12345
Crack a password using a wordlist
Benchmark cracking performance
SYNOPSIS
fcrackzip [OPTIONS] <zipfile>
PARAMETERS
-b, --brute-force
Initiates a brute-force attack, trying all possible character combinations.
-D, --dictionary <file>
Performs a dictionary attack using words from the specified <file>.
-u, --unzip
Uses external unzip for speedup (default and recommended behavior for traditional ZIP encryption).
-c, --charset <charspec>
Specifies the character set to use for brute-force attacks (e.g., 'a:z', 'A:Z', '0:9', 'all').
-l, --length <min-max>
Sets the minimum and maximum password length range (e.g., '3-8').
-p, --pattern <pattern>
Starts the brute-force attack from a specific pattern or prefix.
-L, --last-pattern
Continues a previous brute-force attack from the last pattern tried.
-j, --jobs <N>
Runs N concurrent jobs or threads to speed up the cracking process.
-v, --verbose
Enables verbose output, showing progress and details.
-q, --quiet
Suppresses most output, only showing the password if found.
-o, --output <file>
Writes the found password to the specified <file>.
-s, --slow
Uses a slower but less memory-intensive cracking method.
-C, --check
Checks the integrity of the ZIP file before attempting to crack it.
-t, --temp-dir <dir>
Specifies a temporary directory for intermediate files.
-h, --help
Displays a help message and exits.
-V, --version
Shows version information and exits.
DESCRIPTION
fcrackzip is a dedicated command-line utility designed to recover forgotten or lost passwords from encrypted ZIP archives. It employs both brute-force and dictionary attack methods to systematically guess the correct password. Utilizing techniques like leveraging uncompressed data within the ZIP file (the default behavior) and multi-threading capabilities, it aims to optimize the password recovery process. While effective for ZIP files encrypted with traditional, weaker algorithms, its success rate heavily depends on the password's complexity and length, as well as the computational resources available. It is a valuable tool for legitimate password recovery.
CAVEATS
fcrackzip is primarily designed for cracking ZIP files encrypted with the traditional ZipCrypto algorithm, which is known to be relatively weak. It generally does not support stronger encryption methods like AES-256, commonly used by newer ZIP tools (e.g., 7-Zip, WinZip with modern settings).
Password recovery success depends heavily on the complexity and length of the password, as well as the available computational power. Long or complex passwords can take an impractical amount of time to crack via brute-force. Always use this tool responsibly and only for files you have legitimate rights to access.
<B>ATTACK METHODS</B>
fcrackzip supports two primary attack methods:
Dictionary Attack: Attempts passwords from a provided list of common words or phrases. This is much faster if the password is simple and in the dictionary.
Brute-Force Attack: Systematically tries every possible combination of characters within a defined set and length range. This method guarantees finding the password if enough time and computational power are available, but can be extremely time-consuming for longer or more complex passwords.
<B>PERFORMANCE CONSIDERATIONS</B>
The time required to crack a password is directly proportional to its length and the complexity of its character set. Using the -j
(--jobs
) option with multiple CPU cores can significantly accelerate brute-force attempts. Leveraging the -u
(--unzip
) option (default) is also crucial as it uses external `unzip` to speed up the verification process by exploiting known-plaintext vulnerabilities within ZIP files.
HISTORY
fcrackzip was initially developed by A. L. E. G. O. R. Y. in the early 2000s, specifically targeting the password recovery of ZIP archives utilizing the common, though less secure, ZipCrypto encryption method. Its development aimed to provide an efficient command-line tool for this niche, leveraging techniques to speed up the cracking process where possible. It has remained a go-to utility for legitimate password recovery of older or traditionally encrypted ZIP files due to its specialized nature.