Have a ZIP file that you can’t get into because it has a password on it? If you forgot the password, the only option you have is to try and recover the password using third-party utilities. Depending on which program created the ZIP file (7-Zip, WinZip, etc.) and what type of encryption was used, your chances of recovering the password will vary.
In this article, I’m going to mention a couple of tools that I’ve used to recover a ZIP password on some test files that I created. Hopefully, you’ll be able to access your ZIP file by cracking the password using one of these tools.
It’s worth noting that if the ZIP file is encrypted using AES 128-bit or 256-bit encryption, your only option will be a brute force attack. If the password is very long, you’ll need a really powerful computer to process as many passwords per second as possible.
Elcomsoft Archive Password Recovery
In my opinion, Elcomsoft Archive Password Recovery is the best choice for recovering a password from an encrypted ZIP, RAR, ACE or ARJ archive. The software comes in two flavors: Standard and Pro. The Standard version is $49.99 and the Pro version is $99.
The main difference between the two versions is that the Pro version supports WinZip archives that use enhanced AES encryption and guarantees WinZip recovery with some limitations (must be WinZip 8.0 or earlier and the archive has to have at least 5 files). In addition, it has an additional method of recovery called Password from keys that can be used in addition to brute-force, dictionary and plain-text attacks.
What I like about this program is the number of different methods you can use to recover the password and the different options you have for each method. The toughest situation is when you have a password and you don’t know the length or what kind of characters are included. In these types of situations, you should start with the faster methods before moving on to attacks that will take much longer.
Once you download and install the software, you’ll see the main interface as shown above. To get started, click the Open button and choose your archive file. By default, the Type of Attack is set to Brute-force and the options that are checked include all capital and all lowercase letters.
Before you click Start, you should go ahead and click on the Benchmark button, which will check the type of encryption on the file and give you an estimate of how long it will take using the current options.
As you can see, it will take about 11 minutes to recover a password that was encrypted using AES 256-bit and by only looking at lowercase and uppercase letters with a maximum password length of only 4 characters. If you choose All Printable characters, the time went up to 2.5 hours in my case. Again, this is only for a short four-character password. The time goes up exponentially as the password gets longer.
If you’re not sure how long the password is, click on the Length tab and increase the maximum password length to something higher. The trial version only works up to four characters.
Obviously, if you have no idea what the password is, checking All Printable and then increasing the length to 10 or higher will guarantee you more success, but it might also take way too long. I suggest starting with only letters up to a higher character count and if that doesn’t work, then add All digits and All special symbols one at a time.
Before you start with a brute-force attack, it might be worth trying a dictionary attack first as that will take less time. Choose Dictionary from the drop-down and then click on the Dictionary tab.
The program comes with a small, but decent dictionary already built-in. The nice thing is that you can download bigger dictionaries online and use them in the program if you want. Of course, this won’t work if someone used a complex password, but it’s worth a shot since it’s much faster.
Another thing to note is that the whole archive can be decrypted if you happen to have one of the files that are inside the archive. This probably won’t be the case most of the time, but if you do happen to have at least one file that you know is inside the archive, you can use the Plain Text attack to decrypt the entire archive.
Also, if you happen to know the length of the password and anything else about it, you can use the Mask attack. For example, if you know the password starts with x and is 7 characters long, you would enter x?????? into the Mask box on the Range tab.
Overall, this is an excellent program and definitely worth the cost if you need to get into a ZIP or other archive file. On my test file with a short four-character passcode and 256-bit AES encryption, it worked flawlessly and got me the password in just a few minutes.
The main thing is to run the program on the fastest computer you have around. The more passwords than can be tried per second, the faster you’ll break into the file.
Passware Zip Key
The other good program that I recommend is Passware Zip Key. The program is only $39, which is a bit cheaper than Elcomsoft. They also have a demo version, but it only runs each attack for one minute, so you really can’t test to see if it works, even on a short password.
However, I purchased it so that I could test it and it worked fine. It’s very similar to Elcomsoft in terms of the attacks, etc. Once you install it, click on Recover File Password and then you’ll see the options below.
You can choose Run Wizard, which will let you pick from different options if you happen to know anything about the password. This is good if you know the password only contains letters, etc.
If you click on Use Predefined Settings, it will start with some simple attacks and then automatically move on to more complex attacks. If you click on the Attacks tab at the bottom, you will be able to see all the attacks that will be tried.
Some attacks will take longer than others, again depending on the password length and encryption type. Brute force is the slowest method, so that’s why the programs tries other methods in-between.
Lastly, you can choose Advanced: Customized Settings and basically configure everything manually like how the Elcomsoft program is setup by default.
You choose an attack from the list and then click the left arrow button to add it to the queue. You can add several attacks and they will run one after the other. In my case, I choose a brute force attack with a four-character password that contains letters, numbers and symbols. It didn’t take long for Zip Key to crack my test file, which is the same one I used for testing Elcomsoft.
If you plan to purchase Zip Key, please do it using this purchase link. The price is the same, but I get a small cut for recommending the program instead of the company getting all the money. Thanks!
There are a lot of other programs out there for cracking ZIP files, but these are the two that I really liked in terms of ease of use, features and actual ability to recover the password. If you have used something else, feel free to let us know in the comments. Enjoy!