Do you have a ZIP file that you cannot enter because it has a password? If you’ve forgotten your password, the only option you have is to try to recover your password using third-party utilities. Depending on which program created the ZIP file (7-Zip, WinZip, etc.) and what type of encryption was used, your chances of recovering your password will vary.
In this article, I’m going to mention a couple of tools that I used to recover the ZIP password for some of the test files I created. Hopefully you can access your zip file by cracking your password using one of these tools.
It’s worth noting that if the ZIP file is encrypted using either 128-bit or 256-bit AES encryption, the only option would be a brute force attack. If the password is very long, you will need a really powerful computer to process as many passwords per second as possible.
Also be sure to check out my other posts about opening password protected RAR files, cracking XLS passwords, resetting Windows admin passwords, and resetting BIOS passwords
Elcomsoft Archive Password Recovery.
In my opinion, Elcomsoft Archive Password Recovery. is the best choice for password recovery from encrypted ZIP, RAR, ACE or ARJ archive. The software comes in two flavors: Standard and Pro. The standard version costs $ 49.99 and the Pro version is $ 99.
The main difference between the two versions is that the Pro version supports WinZip archives, which use improved AES encryption, and guarantees WinZip recovery with some limitations (WinZip must be 8.0 or earlier, and the archive must contain at least 5 files). In addition, it has an additional key-based password recovery method that can be used in addition to brute-force attacks, dictionary and plain text attacks.
What I love about this program is the number of different methods you can use to recover your password and the different options you have for each method. The most difficult situation is when you have a password, but you do not know its length and symbols. In these situations, you should start with faster methods before moving on to attacks that will take much longer.
After downloading and installing the software, you will see the main interface as shown above. To get started, click the “Open” button and select the archive file. By default, the Attack Type is set to Brute Force, and the checked parameters include all uppercase and lowercase letters.
Before clicking the “Start” button, you must click the “Benchmark” button, which will check the file encryption type and give you an estimate of how long it will take using the current settings.
As you can see, recovering a password encrypted using the 256-bit AES algorithm, taking into account only upper and lower case letters with a maximum password length of only 4 characters, will take about 11 minutes. If you select All characters for printing, in my case the time increased to 2.5 hours. Again, this is only for a short 4-digit password. Time increases exponentially with increasing password length.
If you don’t know how long the password is, go to the Length tab and increase the maximum password length to more. The trial version supports up to four characters.
Obviously, if you don’t know what the password is, checking All Printable and then increasing the length to 10 or higher will guarantee you more success, but it can also take too long. I suggest starting with letters only up to more characters, and if that doesn’t work, add All numbers and All special characters one at a time.
Before starting a brute force attack, it might be worth trying a dictionary attack first, as it will take less time. Select Dictionary from the drop-down list and select the Dictionary tab.
The program already has a small but decent dictionary. The nice thing is that you can download larger online dictionaries and use them in the program if you like. Of course, this won’t work if someone has used a complex password, but it’s worth a try as it is much faster.
It should also be noted that the entire archive can be decrypted if you have one of the files inside the archive. This is probably not the case in most cases, but if you have at least one file that you know is inside the archive, you can use a plain text attack to decrypt the entire archive.
Also, if you know the length of the password and anything else, you can use a mask attack. For example, if you know that the password starts with x and is 7 characters long, you must enter x ?????? in the “Mask” box on the “Range” tab.
Overall, it’s a great program and definitely worth the money if you need to get a ZIP or other archive file. In my test file, with a short 4-character password and 256-bit AES encryption, it worked flawlessly and got the password in just a few minutes.
The main thing is to run the program on the fastest computer you have. The more passwords you can enter per second, the faster you will crack the file.
Postal pass key
Another good program that I recommend is Passware Zip Key. The program costs only $ 39, which is slightly cheaper than Elcomsoft. They also have a demo version, but it only launches each attack for one minute, so you really can’t check if it works even with a short password.
However, I bought it to test it and it worked fine. It is very similar to Elcomsoft in terms of attacks, etc. Once installed, click on “Recover File Password” and you will see the options below.
You can select the Startup Wizard, which will allow you to choose from various options if you know anything about a password. It is good if you know that the password contains only letters, etc.
If you click Use Predefined Options, it will start with a few simple attacks and then automatically progress to more advanced attacks. If you click on the Attacks tab at the bottom, you can see all the attacks that will be tried.
Some attacks will take longer than others, again depending on the length of the password and the type of encryption. Brute force is the slowest method, so programs try other intermediate methods.
Finally, you can select Advanced: Customized Settings and, in fact, configure everything manually, like the default Elcomsoft program.
You select an attack from the list and then press the left arrow button to add it to the queue. You can add multiple attacks and they will be launched one after the other. In my case, I choose a brute force attack with a four-digit password that contains letters, numbers and symbols. Zip Key quickly cracked my test file that I used to test Elcomsoft.
If you are planning to purchase a Zip Key, please do so using this purchase link. The price is the same, but I get a small discount for recommending the program instead of the company getting all the money. Thanks!
There are many other ZIP file cracking programs out there, but these are two that I really liked in terms of ease of use, features, and the actual ability to recover the password. If you’ve used anything else, let us know in the comments. Enjoy!
–