Table of Contents Hide
ZIP files are a convenient way to store and share your data. You can heavily compress the data using applications such as WinZip and at the same time, use a plaintext password to encrypt Zip files thereby making them a great file format to store low to medium sensitive data. But sometimes it may cause trouble when you forget the password. Like you know, there is no “Forgot Password” button to recover a zip file password. All you can do is try and try again or use a good zip file password recovery software. In this article, you will see different approaches to open a password protected zip file without having the password.
Decrypt ZIP files using Ultimate Zip Cracker (Windows Only)
Steps to recover lost zip password with Ultimate Zip Cracker
- Download & install Ultimate Zip Cracker (UZC)
Go to Ultimate Zip Cracker software website to download the software. You can obtain a fully functional trial copy but there is a limit on the password length it can extract. Once downloaded, install it your computer.
- Open the Zip file in UZC
Launch UZC and click on browse, then choose the zip file and click open to add the password-protected zip to the software.
- Running Dictionary Attack
Dictionary attack can be used when you are sure that the password is an English word.
Select Dictionary Search under Search Method.
Tick all the possible options from the below set of options and finally click start.
- Running Brute-Force Attack
The brute-Force attack tries all possible character combinations while subjected to the character set, string length and other constraints we set.
If the dictionary attack fails, then try the Brute-Force attack. This time, it may take a while to complete.
- Copy the password
Upon successful completion, a pop-up window appears with the password. Copy the password and paste it into the zip file.
However, if it fails, then feel free to try again with different options or try one of the other methods listed below.
Using NSIS to instantly unlock encrypted zip files, really?
There are several tutorials online, claiming to unlock zip passwords instantly using a tool called Nullsoft Scriptable Install System aka NSIS. But whether the claims are true or not is totally a different thing. So here is the truth, NSIS cannot be used to unlock encrypted zip files.
But Nullsoft Installation System (NSIS) does not actually seem to contain a cracker for weak ZIP archives. Why should it? It’s a sofware for building installers, not a cracking tool.Answered by Philipp on StackExchange
Exactly! NSIS is not a password cracker as Philipp points out, but instead, it is used to build installers. NSIS contains a zip to exe builder tool, so you can create a self-extracting zip file using this technique. As demonstrated in other tutorials, the encrypted zip file is converted to exe using this method. When the executable file is run, it always extracts the files from the protected zip except for one thing. The extracted files are always zero KiloBytes! The latest versions of NSIS prevents importing encrypted zip files altogether.
Decrypting Zip Passwords with fcrackzip CLI Utility
fcrackzip is a command-line utility for cracking password-protected zip files. It supports both dictionary attack and brute-force attack plus a number of options to customise. fcrackzip can be executed by running
fcrackzip [options] file
On a Linux computer, frackzip can be installed using apt package.
sudo apt-get install fcrackzip
Install fcrackzip on macOS with homebrew
Launch terminal and if you don’t have HomeBrew installed already, run the following command first before installing fcrackzip.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
brew install fcrackzip
To speed up password recovery, it is important to supply as many known features of the password to the fcrackzip program. You can supply these password features as optional arguments to the fcrackzip program. Here is an example,
fcrackzip archive.zip -b -l 1-5 -c a -u
In my testing, an encrypted zip file with the password “test” was decrypted in few seconds with the above command. Following are the different arguments I used.
archive.zip– name of the encrypted zip file
-b– employ a brute force attack
-l [min-max]– Range of password length
-c– character set to be used. Here
arefers to all lowercase letters.
Learn more about fcrackzip and the full list of options from the Ubuntu man page.
Other Zip Crackers and Resources
Recently, the CEO of Passcovery Suite reached out to me to review their product suite and after some initial testing, I must admit that their software is really super fast. It is available for Windows only, but they make use of your hardware resources very efficiently and to the full extend. On my tests, the software was clocking a speed of over 1M passwords per second and I got my 5 letters password in a minute! I highly recommend anyone who is serious into zip password recovery to look at Passcovery.
- John the Ripper – It is a free password cracking utility that supports multiple file types and is one of the most used password testing and breaking programs. I have already shared the usage of JR in the unlocking RAR password article.
- GPUZipCracker for Mac – A free macOS GUI utility for cracking password-protected zip files. Unfortunately, this program needs to be built first using Apple’s Xcode software.
How long will it take to recover my password?
The time taken to recover your lost zip file password is directly or perhaps exponentially proportional to the length and complexity of the password. Try howsecureismypassword.net to approximate the time required to brute-force a password of given length and character set.
How many years would it take to crack your password? Leave your comments below.
No, you cannot simply bypass the zip password but you may be able to crack or recover it.
Common english word passwords can be recovered in few minutes when performing a dictionary attack. On the other hand, brute-force attacks may take so long to recover the password.
It depends. If you’re cracking your own zip files then it’s completely legal. Trying to hack into others data is not legal by any means.
Just like other CLI password crackers, John the Ripper can also be used to crack and decrypt zip files but no guarantee on the success though.