Summary

This post describes the Biham and Kocher plaintext attack on an encrypted ZIP file that uses the ZipCrypto Store encryption method. Also, don’t use the ZipCrypto encryption to send confidential files, use AES256 instead.

Introduction

Let’s imagine the following purely fictional scenario:

  • Due to remote learning, you have to take your exams online.
  • Your high school teacher or university professor hands out the exam file a couple days in advance, so that people with a slow internet connection don’t have a disadvantage.
  • To prevent students from peeking into the exam, they encrypt the ZIP file with a password that is handed out when the test begins.

You might be wondering: Is there any way to bypass this encryption? Just out of curiosity. You can try bruteforcing all possible password combinations, but that may take a long time. However, if the ZIP file is encrypted with the ZipCrypto Store algorithm, you can attempt a known-plaintext attack.

Please note: Attempt this attack only to ZIP archives that you have created yourself. I am not responsible for any damages you cause.

Prerequisites

For the attack, you need:

  • The bkcrack program from its GitHub repository.
  • The encrypted ZIP file with top secret contents.
  • 8-12 bytes of known information about the stored file.
  • A ZIP program. I used 7zip.
  • A hexadecimal editor. I used HxD.

Check that the used encryption method is ZipCrypto Store. In 7zip, open the encrypted ZIP file, right click on the PDF file and click on “Properties”:

Encryption mode of ZIP file

Please note:

  • If AES256 was used to encrypt the file, you can’t use this form of plaintext attack.
  • If ZipCrypto Deflate was used, it is much harder to execute the attack. Due to fhe files being compressed before encrypting, the first bytes of the encrypted file are changed and your plaintext bytes don’t match anymore.

Executing the plaintext attack

After you’ve confirmed that the file was encrypted with ZipCrypto Store, do the following:

  • Create a file to store your plaintext bytes, for example plain.bin
  • Open the PDF files from your lecture in the hex editor.
  • Analyze the first bytes of each PDF file to identify as many matching bytes as you can:
Same PDF Headers

After you identified the plaintext bytes:

  • Insert them into your plaintext file:
PDF Header bytes in plaintext file
  • Copy your plaintext file and encrypted ZIP file to the folder where bkcrack.exe is located
  • Execute the following command in the command line:
bkcrack.exe -C "Encrypted Exam File.zip" -c "Exam File.pdf" -p plain.bin

If the attack was successful, the program outputs three keys that you can use to decrypt the files:

Executing the attack

Decrypt the files with the following command:

bkcrack.exe -C "Encrypted Exam File.zip" \
            -c "Exam File.pdf" \
            -k [Your] [Keys] [Here] \
            -d "Decrypted Exam File.pdf"

And done! You have successfully decrypted the file.

How to prevent this attack

Use AES256 encryption.