How to Open Password Protected Zip File Without Password?

A comprehensive guide on zip password recovery, zip password cracker or whatever you wanna call it! We will explore several genuine methods to find lost zip passwords.

ZIP files are a convenient way to store and share your data. You can heavily compress the data using applications such as WinZip and at the same time, use a plaintext password to encrypt Zip files thereby making them a great file format to store low to medium sensitive data. But sometimes it may cause trouble when you forget the password. Like you know, there is no “Forgot Password” button to recover a zip file password. All you can do is try and try again or use a good zip file password recovery software. In this article, you will see different approaches to open a password protected zip file without having the password.

Decrypt ZIP files using Ultimate Zip Cracker (Windows Only)

Steps to recover lost zip password with Ultimate Zip Cracker

  1. Download & install Ultimate Zip Cracker (UZC)

    Go to Ultimate Zip Cracker software website to download the software. You can obtain a fully functional trial copy but there is a limit on the password length it can extract. Once downloaded, install it your computer.

  2. Open the Zip file in UZC

    Launch UZC and click on browse, then choose the zip file and click open to add the password-protected zip to the software.

  3. Running Dictionary Attack

    Dictionary attack can be used when you are sure that the password is an English word.

    Select Dictionary Search under Search Method.
    Tick all the possible options from the below set of options and finally click start.

  4. Running Brute-Force Attack

    The brute-Force attack tries all possible character combinations while subjected to the character set, string length and other constraints we set.

    If the dictionary attack fails, then try the Brute-Force attack. This time, it may take a while to complete.

  5. Copy the password

    Upon successful completion, a pop-up window appears with the password. Copy the password and paste it into the zip file.

    However, if it fails, then feel free to try again with different options or try one of the other methods listed below.


Using NSIS to instantly unlock encrypted zip files, really?

There are several tutorials online, claiming to unlock zip passwords instantly using a tool called Nullsoft Scriptable Install System aka NSIS. But whether the claims are true or not is totally a different thing. So here is the truth, NSIS cannot be used to unlock encrypted zip files.

But Nullsoft Installation System (NSIS) does not actually seem to contain a cracker for weak ZIP archives. Why should it? It’s a sofware for building installers, not a cracking tool.

Answered by Philipp on StackExchange

Exactly! NSIS is not a password cracker as Philipp points out, but instead, it is used to build installers. NSIS contains a zip to exe builder tool, so you can create a self-extracting zip file using this technique. As demonstrated in other tutorials, the encrypted zip file is converted to exe using this method. When the executable file is run, it always extracts the files from the protected zip except for one thing. The extracted files are always zero KiloBytes! The latest versions of NSIS prevents importing encrypted zip files altogether.


Decrypting Zip Passwords with fcrackzip CLI Utility

Running fcrackzip over an encrypted zip file and the password was recovered in seconds.

fcrackzip is a command-line utility for cracking password-protected zip files. It supports both dictionary attack and brute-force attack plus a number of options to customise. fcrackzip can be executed by running fcrackzip [options] file

On a Linux computer, frackzip can be installed using apt package.

sudo apt-get install fcrackzip

Install fcrackzip on macOS with homebrew

Launch terminal and if you don’t have HomeBrew installed already, run the following command first before installing fcrackzip.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
brew install fcrackzip

To speed up password recovery, it is important to supply as many known features of the password to the fcrackzip program. You can supply these password features as optional arguments to the fcrackzip program. Here is an example,

fcrackzip archive.zip -b -l 1-5 -c a -u 

In my testing, an encrypted zip file with the password “test” was decrypted in few seconds with the above command. Following are the different arguments I used.

  • archive.zip – name of the encrypted zip file
  • -b – employ a brute force attack
  • -l [min-max] – Range of password length
  • -c – character set to be used. Here a refers to all lowercase letters.

Learn more about fcrackzip and the full list of options from the Ubuntu man page.

Other Zip Crackers and Resources

Passcovery Suite

Passcovery Suite recovering a zip password at extremely high speeds on a home PC.

Recently, the CEO of Passcovery Suite reached out to me to review their product suite and after some initial testing, I must admit that their software is really super fast. It is available for Windows only, but they make use of your hardware resources very efficiently and to the full extend. On my tests, the software was clocking a speed of over 1M passwords per second and I got my 5 letters password in a minute! I highly recommend anyone who is serious into zip password recovery to look at Passcovery.

  • John the Ripper – It is a free password cracking utility that supports multiple file types and is one of the most used password testing and breaking programs. I have already shared the usage of JR in the unlocking RAR password article.
  • GPUZipCracker for Mac – A free macOS GUI utility for cracking password-protected zip files. Unfortunately, this program needs to be built first using Apple’s Xcode software.

How long will it take to recover my password?

I’m no genie to wait 188 Quadrillion years for a password! But this time will shorten significantly if you are using large powerful computers or perhaps quantum computers.

The time taken to recover your lost zip file password is directly or perhaps exponentially proportional to the length and complexity of the password. Try howsecureismypassword.net to approximate the time required to brute-force a password of given length and character set.

How many years would it take to crack your password? Leave your comments below.

FAQ

Is there any way to bypass the password of an encrypted zip file?

No, you cannot simply bypass the zip password but you may be able to crack or recover it.

How long will it take to recover my lost zip file password?

Common english word passwords can be recovered in few minutes when performing a dictionary attack. On the other hand, brute-force attacks may take so long to recover the password.

Is password cracking legal?

It depends. If you’re cracking your own zip files then it’s completely legal. Trying to hack into others data is not legal by any means.

Can you recover lost passwords with John the Ripper CLI utility?

Just like other CLI password crackers, John the Ripper can also be used to crack and decrypt zip files but no guarantee on the success though.

Total
1
Shares
6 comments
  1. no one can crack large sized password protected zip files with any program (up to about 1 gig), except a person that know a lot about encryption and decryption, i have about 7 programs, all of which don’t work

Leave a Reply
Related Posts
Total
1
Share