This is a website by Willem van Zyl

I'm a project manager, software developer, Apple evangelist and geek from South Africa. I'm passionate about web and mobile application development, usability, productivity, physics, astronomy, science fiction and fantasy.

If you would like to contact me, message me on Twitter or send me an email.

How to find lost ZIP file passwords with "fcrackzip"

17 Jul 2009

fcrackzip is a free ZIP password cracking utility for Linux and OS X that can be used to recover lost ZIP file passwords through brute force or dictionary attacks.

To install fcrackzip on Linux, you can use use apt-get:

sudo apt-get install fcrackzip

... yum:

sudo yum install fcrackzip

... or a similar repository system.

To install fcrackzip on Mac OS X, first install MacPorts then install fcrackzip through MacPorts:

sudo port install fcrackzip

The default brute force starting length is 5-6 characters, so you might want to specify a minimum and maximum password length when you invoke fcrackzip. To use the utility, switch to the directory containing your encrypted ZIP file and run fcrackzip with the "-b" (use a brute force attack), "-u" (use unzip to weed out wrong passwords), and "-l" (specify password length) arguments:

fcrackzip -b -u -l 1-4 geekology.zip

The software will run for some time depending on the complexity of the ZIP file's password and will display a success message once it finds the correct key (in my test the brute force attack took 1 minute to find the correct result for a 4-letter password):

PASSWORD FOUND!!!!: pw == geek

You can find more information on fcrackzip's usage in its help page ("fcrackzip -h"):

fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann
 You can find more info on
http://www.goof.com/pcg/marc/

USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack

methods compiled in (* = default):

 0: cpmask
 1: zip1
*2: zip2, USE_MULT_TAB
Do you like this? Share it:

Copyright © Geekology 2011. All Rights Reserved.

Hosted by Code. Like. Clockwork.