Elcomsoft.com » Password Recovery Software » Advanced Archive Password Recovery

 

Guaranteed WinZip attack

 

Previous  Top  Next

This attack is similar to the known-plaintext attack, but does not require to have any files from the archive. However, the archive itself should have at least 5 encrypted files. This attack exploits a vulnerability that existed in legacy versions of WinZip 8.0 and below, or any other ZIP archiver based on the then-current Info-ZIP sources.

 

Please note that only WinZip versions 8.0 and below are vulnerable to this attack because of using a weak random number generator. In version 8.1 released in August 2001, the vulnerability was patched, and this attack is no longer applicable.

 

To use the attack, select the archive, then click Guaranteed WinZip attack from the Type of attack drop-down box, and press Run; no other options are needed. If the archive has been created with some other archiver, or contains less than 5 files, ARCHPR will show an error message.

 

This attack can break about 99.6% of supported ZIP archives created with a vulnerable version of WinZip. In one of 256 cases (0,4% probability), the attack will fail even if the archive was created with a vulnerable version of WinZip. ARCHPR is able identify such archives in advance, and prints a warning message into the log window. You may still try the attack, as the detection is not 100% correct. However, if the first stage of the attack is completed without encryption keys found, you will have to try resort to other attacks.