Think we saw 30 year old vulns from poor admins that just used what was laying around. A low tech sysadmin getting paid low dollar at the brick-n-mortar shop setting up a NAS solution on the cheep. The owner still has old windows that’s being used for everything in the store and taxes with no internet (because that’s unsafe right..and if they don’t connect then they are safe from malicious activities), thinks it’s ok to upgrade not knowing the usb he’s using to zip his tax files to is vuln to ..everything. Easy scenario
@@Kattakamyeah but your scenario (while technically plausible) is like saying…the same person did everything perfectly but someone pointed something sharp at him and he would tell them the password; thus bypassing all encryption on the planet…so his perfectly implemented system would be vulnerable to..everything. No difference other than that my scenario will work even when more secure encryption standards are used in the future. Ultimately it’s a moot point.
Actually you can crack copressed archives. You need to know at least one whole file from the archive, like README or LICENCE, and compress it using same method as original archive and then use it as plaintext for tha attack. Also you can apply offsets so you can get 12 bytes from diffrent parts of the file and even use one bonus byte from crc. I wrote detailed post about it on medium some time ago.
Cool video John! I'm currently working on a method that locks the password field of protected archived files like zip 7z Rar. So basically, even if the correct password is uncovered with tools like Hashcat, the password field remains locked. The user needs to provide a BOM-key to reactivate the password box, In order for the initial password to work. I've tested it with only a single_character password, which is quite crazy. For now I've named this method BOMSec which stands for Byte Order Manipulation Security. I am currently not aware of any RE method or tool that is able to crack a randomly manipulated sequence of bytes in a locked archive. Considering that there's no algorithm involved, eliminating the possibility of a distinguishable obfuscation pattern. When all testing is complete I'll provide a link for humans to try and smash the archive examples open. Because AI at this point struggles to comprehend my method and ranks it as _unethical_,.... not kidding. 😂
But if you have the entire known file you could compress it with the same compression as the one in the file and then do a plain text attack. I hope the newer zip standards include a salt with the AES system. PS: if you use AES256 using winzip the resulting file can't be unzipped by windows explorer if that system also does not have winzip.
Since it's a little bit in the same direction. I once had a customer with an excelsheet with macro's, these macro's were password protected with an unknown password. Since office files essentially are compressed folders, i had to unpack it and change 1 byte, repack it and the password is removed. Then i could access the macro's and make changes to it.
Last time I tried to work with zip files in python I was disappointed because it can't deal with AES encryption without libraries. I feel like maybe this sort of thing could work using just the file headers of knon filetypes like mp4. Decrypt by bruteforce until you see a valid header then try the whole file. Maybe certain encryption methods aren't susceptible to that, idk. Just a thought.
I've never used zip archive cuz I know some tricks to unlock it like this one you've showcasing. I liked this one specifically. So I'm using rar archive instead. any cracking method for rar archive ???
Ok so this only works with plaintext or something right? And only KNOWN plaintext. So the hundreds of random mp4s that I uploaded to some sketchy website in a .zip are safe right? Store, but set with a password and encrpt filenames. Though I an seeing people saying that it only works on older zip files, and I zipped them like a month ago so im probably good
i mean you could have made this video like 3 minutes long or maybe 4 mins long, idk why it is 13 mins but yeah, just some feedback. i am sorry but my attention span just drifted off watching this vid. i am just leaving a like and a comment to still support u since i like ur vids :)
I dont understand why It took so many years for someone to actually show a glimpse of how to crack zip/rar password protected files. Since It is possible for more than 10years already xD Its always fake software to "bruteforce" or suggesting to magicaly find the pwd. omg xD
I'm not a haker, but I forgot once password to my zip folder, I literally googled "how to write password breaker in python", I dont know how to code either, but it was right there to download, then i had to learn how to use python. and Then i asked a friend who knows how to use it, to code it for me cuz im an idiot. and it worked!
Delivery format/topic. This is nothing like the malware analysis videos you used to make a while ago. I actually used to binge watch these because they were enjoyable and quite useful. @@_JohnHammond
Awesome tutorial John. This is exactly the kind of thing I would expect to find in a CTF. I’ll add it to the armoury!
This only works for old ZIP-2.0 Encryption, which already won't be used anymore & is only for very old .zip files
Think we saw 30 year old vulns from poor admins that just used what was laying around. A low tech sysadmin getting paid low dollar at the brick-n-mortar shop setting up a NAS solution on the cheep. The owner still has old windows that’s being used for everything in the store and taxes with no internet (because that’s unsafe right..and if they don’t connect then they are safe from malicious activities), thinks it’s ok to upgrade not knowing the usb he’s using to zip his tax files to is vuln to ..everything. Easy scenario
That's literally what he said in the first few minutes
The whole thing is a very convoluted scenario to make this info seem more useful than it really is 🤷🏻♂️
@@Kattakamactually that would be a very unusual scenario considering so many things
@@Kattakamyeah but your scenario (while technically plausible) is like saying…the same person did everything perfectly but someone pointed something sharp at him and he would tell them the password; thus bypassing all encryption on the planet…so his perfectly implemented system would be vulnerable to..everything. No difference other than that my scenario will work even when more secure encryption standards are used in the future. Ultimately it’s a moot point.
So happy I ran into John at RSA! Such a big fan of your work. Keep it up, you’re providing an invaluable service to the community 💪🏻
Actually you can crack copressed archives. You need to know at least one whole file from the archive, like README or LICENCE, and compress it using same method as original archive and then use it as plaintext for tha attack. Also you can apply offsets so you can get 12 bytes from diffrent parts of the file and even use one bonus byte from crc. I wrote detailed post about it on medium some time ago.
link or atleast title of it?
@@0xhhhhff I can't paste it here, there were three comments of mine which were deleted so far
@@0xhhhhff google keeper772 medium you should find it, I hope it wont be deleted
Wow! A workaround should be to put archive in an another archive to make sure that attacker do not know a file in an archive.
Well, maybe attacker could use zip header in this case, so not so secure workaround after all...
Cool video John!
I'm currently working on a method that locks the password field of protected archived files like zip 7z Rar.
So basically, even if the correct password is uncovered with tools like Hashcat, the password field remains locked.
The user needs to provide a BOM-key to reactivate the password box, In order for the initial password to work.
I've tested it with only a single_character password, which is quite crazy.
For now I've named this method BOMSec which stands for Byte Order Manipulation Security.
I am currently not aware of any RE method or tool that is able to crack a randomly manipulated sequence of bytes in a locked archive.
Considering that there's no algorithm involved, eliminating the possibility of a distinguishable obfuscation pattern.
When all testing is complete I'll provide a link for humans to try and smash the archive examples open.
Because AI at this point struggles to comprehend my method and ranks it as _unethical_,.... not kidding.
😂
That's really weird that the zip library defaults to "store". Why??
It does not, you misunderstood
But if you have the entire known file you could compress it with the same compression as the one in the file and then do a plain text attack. I hope the newer zip standards include a salt with the AES system. PS: if you use AES256 using winzip the resulting file can't be unzipped by windows explorer if that system also does not have winzip.
Wow! Another workaround should be to put archive in an another archive to make sure that attacker do not know a file in an archive.
Well, maybe attacker could use zip header in this case, so not so secure workaround after all...
Hi John, could you please make a video on how to identify encryption algorithms like AES, cha cha and other during malware reversing.
Since it's a little bit in the same direction. I once had a customer with an excelsheet with macro's, these macro's were password protected with an unknown password. Since office files essentially are compressed folders, i had to unpack it and change 1 byte, repack it and the password is removed. Then i could access the macro's and make changes to it.
Last time I tried to work with zip files in python I was disappointed because it can't deal with AES encryption without libraries.
I feel like maybe this sort of thing could work using just the file headers of knon filetypes like mp4. Decrypt by bruteforce until you see a valid header then try the whole file. Maybe certain encryption methods aren't susceptible to that, idk. Just a thought.
*You never explained mitigation ...how do we protect our passworded files from hackers ?*
Something one of my CS professors used to like to say: you can encrypt your compression, but if you can compress your encrypted files, you failed.
giving a like in the ads... Everybody should know.
😂😂🤣🤣 Shift + Del = you got password for life time
can we track exact location of mobile phone using imei number
Attempt 2: There is an onion url routed to the localhost ip.
Why though? 🤔
what python code you used to create encrypted zip? cause zipfile doesnt support creating archived zip files, it only supports extracting zip with pwd
So how does it work?
Hii John love from India ❤
Zip is a very old format using old security protocols. So of couse people can brite force it.
I've never used zip archive cuz I know some tricks to unlock it like this one you've showcasing. I liked this one specifically. So I'm using rar archive instead. any cracking method for rar archive ???
Peazip mentioned
I might finally be able to recover my first archives of prawn.
Edit: May be not. Gonna have to wait for quantum computers.
The password is "infected", duh. /s
Ok so this only works with plaintext or something right? And only KNOWN plaintext.
So the hundreds of random mp4s that I uploaded to some sketchy website in a .zip are safe right? Store, but set with a password and encrpt filenames.
Though I an seeing people saying that it only works on older zip files, and I zipped them like a month ago so im probably good
You may be fooked
You could theoretically use the MP4 header as a known plaintext
@@ichigonixsun noooooooooooooo
Moar practical technique like this, please! Not necessarily cracking, but any actionable methodologies like this
passworded zip file ? Shift + Del. Problem solved
Nice tutorial John thankyou so much 😘
Awesome, thanks for this amazing tutorial. Are there any tools for .xlsx files?
i mean you could have made this video like 3 minutes long or maybe 4 mins long, idk why it is 13 mins but yeah, just some feedback.
i am sorry but my attention span just drifted off watching this vid.
i am just leaving a like and a comment to still support u since i like ur vids :)
Thats why I use 7-zip
Merci pour la vidéo toujours perspicace
It bugs me that you didn't pay for WinRAR 👀
Is windows 11 safe? I understand it is more difficult 😕
Nah ! It's rubbish go back to windows 95
Nice :D
Why is my comment gone?
Does this exploit work on .7z archives that use the store method?
❤❤
Sir, please tell me how to upload hacking videos. My videos are being removed by TH-cam due to community guidelines
😮 о да
People who came from CTF 😂😂😂😂
I dont understand why It took so many years for someone to actually show a glimpse of how to crack zip/rar password protected files. Since It is possible for more than 10years already xD
Its always fake software to "bruteforce" or suggesting to magicaly find the pwd. omg xD
I'm not a haker, but I forgot once password to my zip folder, I literally googled "how to write password breaker in python", I dont know how to code either, but it was right there to download, then i had to learn how to use python. and Then i asked a friend who knows how to use it, to code it for me cuz im an idiot. and it worked!
har
ZIP is junk
quite obscure video if I'm honest.. not the quality content you used to make back in the day sorry to say.
What's different?
Delivery format/topic. This is nothing like the malware analysis videos you used to make a while ago. I actually used to binge watch these because they were enjoyable and quite useful. @@_JohnHammond
Down vote. Forced ads
Please don't use distracting music in the background. Plain voice is much better.