Hacking Zip Passwords (C9)

Read or post any tutorial related to file format analysis for modding purposes.
SLIFallen
advanced
Posts: 67
Joined: Tue Sep 28, 2010 4:26 pm
Been thanked: 1 time

Re: Hacking Zip Passwords (C9)

Post by SLIFallen » Tue Mar 01, 2011 1:59 pm

Can this method (or similar) be used to find a straight RAR archive file password?
Every "password unlocker/cracker" app out there seems to simply be a virus or malware ITSELF. :constipated:

Even if anyone knows of a non-infected app that can do this already would be appreciated.

merlinsvk
ultra-veteran
ultra-veteran
Posts: 411
Joined: Mon Oct 27, 2008 12:11 am
Location: Slovakia
Has thanked: 35 times
Been thanked: 117 times

Re: Hacking Zip Passwords (C9)

Post by merlinsvk » Tue Mar 01, 2011 2:05 pm

aluigi wrote:the password of the data.zip in "Akhra - The Treasures" is 2yKJ6KhRJKJ/18J5
found in less than one minute :)
Yeah, I've found it too. Thanks a lot for help and your tools-for-everything :)

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Tue Mar 01, 2011 2:18 pm

@SLIFallen
don't confuse the finding of the password located in the memory of the program that opens the archive with cracking an unknown passowrd.
they are 2 completely different things

merlinsvk
ultra-veteran
ultra-veteran
Posts: 411
Joined: Mon Oct 27, 2008 12:11 am
Location: Slovakia
Has thanked: 35 times
Been thanked: 117 times

Re: Hacking Zip Passwords (C9)

Post by merlinsvk » Sat Mar 05, 2011 10:53 pm

Here's another case: game Aztec Tribe has .zip with password called AztecTribe.dat. I've used signsrch for scanning .exe and all of .dll files there, but non of them contains reference to ZipCrypto. Any ideas? :)

jaden
mega-veteran
mega-veteran
Posts: 209
Joined: Sat Feb 05, 2011 1:41 am
Been thanked: 1 time

Re: Hacking Zip Passwords (C9)

Post by jaden » Sun Mar 06, 2011 3:43 am

a very handy tutorial indeed
Thanks

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Sun Mar 06, 2011 11:36 am

@merlinsvk
the executables of the games on bigfishgames are encrypted with armadillo but in this case the problem was hge.dll compressed with upx.
so after having unpacked hge.dll you can scan it with signsrch without problems :)

anyway the password of Aztec Tribe is {0D8FD1A3-DEBF-4ef2-8A91-CDB0A105F6C0}

merlinsvk
ultra-veteran
ultra-veteran
Posts: 411
Joined: Mon Oct 27, 2008 12:11 am
Location: Slovakia
Has thanked: 35 times
Been thanked: 117 times

Re: Hacking Zip Passwords (C9)

Post by merlinsvk » Sun Mar 06, 2011 12:23 pm

aluigi wrote:@merlinsvk
anyway the password of Aztec Tribe is {0D8FD1A3-DEBF-4ef2-8A91-CDB0A105F6C0}
Oh my God, I was looking at that in HxD, but didn't realize it can be password. I thought it is some key from Windows Registry :D



But thanks for pointing to UPX, I forgot that .exe/.dll can be packed :)
Last edited by merlinsvk on Wed Aug 20, 2014 10:06 am, edited 1 time in total.

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Mon Mar 07, 2011 9:08 am

for anyone interested I remember that I maintain a list of games zip password retrieved by myself and I just updated it yesterday after having downloaded various trials from bigfishgames and other websites (I used some keywords to know the games using passworded zips):
http://aluigi.org/papers.htm#info

Tantal
ultra-n00b
Posts: 2
Joined: Sun Apr 17, 2011 10:38 am

Re: Hacking Zip Passwords (C9)

Post by Tantal » Sun Apr 17, 2011 11:18 am

Hi, I used all that is written here for this game, but can not find anything please help me find the password or another way to full of advise if there is.
Thanks all

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Sun Apr 17, 2011 5:23 pm

the method worked perfectly also in this case but there were 2 problems:
1) the key doesn't contain only alphanumeric chars but also some others, that's why it wasn't quickly visible
2) these other chars are hard to copy&paste in the normal zip programs when they ask for password so you can't use the password

luckily exist QuickBMS and zip.bms just for avoiding these problems :)

so get both:
http://aluigi.org/papers.htm#quickbms
http://aluigi.org/papers/bms/zip.bms

and now:
  • open zip.bms with a text editor (notepad, notepad++ and so on)
  • delete the line containing:

    Code: Select all

    set ZIP_PASSWORD string ""  # put the password here (only ZipCrypto supported at the moment)
  • replace it with the following:

    Code: Select all

    set ZIP_PASSWORD binary "\xed\xe0\xf5\x23\x69\x6e\x63\x6c\x75\x64\x65\x20\x63\x6f\x72\x65\x2f\x66\x69\x6c\x74\x65\x72\x53\x74\x72\x65\x61\x6d\x2e\x68\xc1\xcb\xdf"
  • save the file and use it in quickbms as usual

Tantal
ultra-n00b
Posts: 2
Joined: Sun Apr 17, 2011 10:38 am

Re: Hacking Zip Passwords (C9)

Post by Tantal » Sun Apr 17, 2011 7:00 pm

Thank you so much it really helped me soon plan to upgrade the game and can change the password, could you write like myself find this password?

End when i extract some archives i got this error
Image
can i something do with this ?

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Sun Apr 17, 2011 11:10 pm

the method has been the same described before, the only additional step was selecting the second number in the stack window (right-bottom) and selecting "Follow in dump", so that the password was visible in the dump window (left-bottom).

about that error I have noticed that some files in offices.awa are not password protected and my script was written to decrypt all the files in case ZIP_PASSWORD was set (the reason was simply that usually all the files are encrypted).
I have updated the script so that now only the encrypted files (flag & 1) will use the password.

anyway from the image you pasted I noticed that the file you were trying to unzip is corrupted because the name is clearly wrong.
here I have downloaded the game and that file doesn't exist.

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Sun Apr 17, 2011 11:26 pm

I have forced the update of the game and I have noticed the problem you talk about like "missioPK" and the other files.
it's just a problem of the zip files that contain some garbage.

the reason why zip.bms doesn't handle them correctly it's because it uses an alternative (simpler) method to read them.
there is no solution at the moment.

Relict
ultra-n00b
Posts: 6
Joined: Mon Oct 11, 2010 10:49 pm

Re: Hacking Zip Passwords (C9)

Post by Relict » Sun Apr 24, 2011 4:03 pm

The contents of this post was deleted because of possible forum rules violation.

User avatar
aluigi
VVIP member
VVIP member
Posts: 1925
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 643 times
Contact:

Re: Hacking Zip Passwords (C9)

Post by aluigi » Mon Apr 25, 2011 2:23 pm

the password is HappyMuff69

Post Reply