11

How can i recover a zip password on linux using CUDA (GPU). For the past two days i tried using "fcrackzip" but it's too slow

Few months back i saw some application that can use GPU / CUDA and get large performance boost in comparison to CPU.

If brute-force using cuda is not possible, please tell me what's the best application for performing a dictionary attack, and where can i find best (largest) dictionary.

Regards

fixer1234
  • 28,064
marc
  • 309

4 Answers4

7

You can extract the hashes from the .zip and use hashcat to crack with the GPU. To extract the hashes you can use some tool like zip2john from john the ripper.

You can find precompiled binaries from both programs here:

https://hashcat.net/hashcat/

https://www.openwall.com/john/

Example:

./zip2john file.zip > hashes.txt

Then put it in the appropriated input format for hashcat:

https://hashcat.net/wiki/doku.php?id=example_hashes

Finally run hashcat:

./hashcat -a 3 -m 17225 .\hashes.txt

The -m parameter correspondent you can find in the link above also.

Vitor Ramos
  • 71
  • 1
  • 1
2

According to this article using CUDA for brute-force against ZIP is possible, but I haven't found free app so far. The difficulty of using CUDA for ZIP is that the "forced" attempt is not consisting of a single calculation like in brute-forcing hash, but requires reading the zip file and attempting to decrypt it. To utilize CUDA, you will need to virtualize that process - load the zip in the GPU memory, rewrite the decryption method in code executable by the GPU, evaluate the result dynamically.

Please share if you have found any solution yourself.

Iliyan Bobev
  • 121
1

I have been doing this with ZIP and RAR files for a while, just use zip2john or rar2john (as stated on other answer) then run "john --format=zip-opencl" (or rar-opencl) Just add the usual options like dict or brute force and limits. works like charm with my rtx 3060 and cuda 11.4 hope it helps someone.

ERic
  • 11
0

Have you tried a precomputed rainbow table?

Unless your password is long or your zip uses special (ie, salted) pass hashing, this should suffice if you're willing to torrent a huge file.

Here are some places you can download.

btw, downloading an ophcrack rainbow table and exposing how weak our critical webapp's hashing was, got my SW manager to agree to have us non-trivially salt our hashes.

r00fus
  • 250