0

In a lesson of Computer Security our teacher showed us how to find out the password of a zip.

I tried his steps at home but now I'm stuck:

  1. Created 2 zip with same file: plain_zip.zip without password and encrypted_zip.zip with a 4 characters psw: 1234
  2. Create another zip with another file: plain_zip_2.zip and encrypted_zip_2.zip.
  3. Show through terminal his header (I don't remember the command line) and see that both: plain_*.zip and encrypted_*.zip has similar lines
  4. Through a XOR operation between encrypted and plain zip find out the password. (He told us that's possible only if the password is 4 characters)

Now someone can tell me if these steps are correct? And moreover, how can see the header of a file? (I tried with: head -n 1 plain_zip.zip without success)

Timmy
  • 693
  • 2
  • 8
  • 26
  • http://stackoverflow.com/questions/5498197/need-a-good-hex-editor-for-linux – Pekka Apr 09 '16 at 09:11
  • @Pekka웃 Ok, I've installed bless... but now, how can I find the password? The XOR doesn't give me my password. Can someone explain the procedure? – Timmy Apr 09 '16 at 09:33
  • What was the archive created with? I thought AES was the standard for this kind of thing, and I don't think AES has any known plaintext attacks. – Bobby Sacamano Oct 05 '16 at 01:39
  • What your teacher is referring to is detailed in section 3.6 of the BIham & Kocher plaintext attack (A Known Plaintext Attack on the PKZIP Stream Cipher). – bookmarc Dec 06 '18 at 19:30

0 Answers0