Decrypting a password-protected 7z file with Delta filter fails

I have made a 7z archive using Delta filter containing a wav file and I have protected it with a password. I am running a terminal in Kali Linux. My problem is that I cannot get the password cracked using 7z2john.pl and john the ripper. If I omit the Delta compression, using only the default compression of 7z, then the cracking succeeds. My question: is it possible to use 7z2john.pl and john the ripper to crack a password-protected 7z file with Delta compression? If it is possible, how can it be done?

Here are the steps to reproduce the problem:

  1. I use the following command to create the archive:

7z a test.7z *.wav -mf=Delta:4 -peasy

I get this output:

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21 p7zip Version 16.02 (locale=fi_FI.utf8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-4460  CPU @ 3.20GHz (306C3),ASM,AES-NI)  Open archive: test.7z -- Path = test.7z Type = 7z Physical Size = 1090 Headers Size = 162 Method = Delta LZMA2:15 7zAES Solid = - Blocks = 1  Scanning the drive: 1 file, 32080 bytes (32 KiB)  Updating archive: test.7z  Items to compress: 1       Files read from disk: 1 Archive size: 1090 bytes (2 KiB) Everything is Ok  
  1. I use 7z2john.pl to generate material for John the Ripper to crack the archive:

/usr/share/john/7z2john.pl test.7z > test.hash

  1. I create a word list file containing only the password I gave to the archive:

echo easy > wordlist.txt

Then I try to decrypt the file:

sudo john test.hash --wordlist=wordlist.txt

I get the following output:

Using default input encoding: UTF-8 Loaded 1 password hash (7z, 7-Zip [SHA256 256/256 AVX2 8x AES]) Cost 1 (iteration count) is 524288 for all loaded hashes Cost 2 (padding size) is 3 for all loaded hashes Cost 3 (compression type) is 2 for all loaded hashes Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status Warning: Only 1 candidate left, minimum 32 needed for performance. 0g 0:00:00:00 DONE (2020-08-15 07:37) 0g/s 5.555p/s 5.555c/s 5.555C/s easy Session completed 
  1. I check if the password has been cracked: sudo john --show test.hash

I get the following output:

0 password hashes cracked, 1 left

So it seems that the decrypting did not succeed. However, I can extract the archive using command 7z e test.7z -peasy so the password should be correct. Also, if I create the archive without specifying the Delta filter using command 7z a test.7z *.wav -peasy. That way, by repeating the steps 1-4 I get the password cracked and am shown the result that the correct password has been found:

$   7z a test.7z *.wav -peasy  7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21 p7zip Version 16.02 (locale=fi_FI.utf8,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i5-4460  CPU @ 3.20GHz (306C3),ASM,AES-NI)  Scanning the drive: 1 file, 32080 bytes (32 KiB)  Creating archive: test.7z  Items to compress: 1       Files read from disk: 1 Archive size: 1058 bytes (2 KiB) Everything is Ok  $   /usr/share/john/7z2john.pl test.7z > test.hash $   echo easy >> wordlist.txt $   sudo john test.hash --wordlist=wordlist.txt Using default input encoding: UTF-8 Loaded 1 password hash (7z, 7-Zip [SHA256 256/256 AVX2 8x AES]) Cost 1 (iteration count) is 524288 for all loaded hashes Cost 2 (padding size) is 11 for all loaded hashes Cost 3 (compression type) is 2 for all loaded hashes Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status Warning: Only 1 candidate left, minimum 32 needed for performance. easy             (test.7z) 1g 0:00:00:00 DONE (2020-08-15 07:49) 5.263g/s 5.263p/s 5.263c/s 5.263C/s easy Use the "--show" option to display all of the cracked passwords reliably Session completed $   sudo john --show test.hash test.7z:easy  1 password hash cracked, 0 left  

C++ simple password-protected console app

I have been reading about passwords and hashing algorithms and what not and decided to write a program.

Overview: The user should be prompted to create a password the first time the program is executed. They should enter a key and confirm it. If they have executed the program previously, then they should just enter the password to gain access.

I determine if the user has run the program by checking if key.txt exists. Is there a more preferred method?

I tried to streamline some code with the two bool functions. Any other suggestions for cleaner or more concise code?

#include <iostream> #include <fstream> #include <string> #include "sha256.h" using namespace std;  bool keyExists() {     bool keyExists = false;     ifstream inFile("key.txt");      if (inFile) {         keyExists = true;     }      return keyExists; }  bool isMatch(string key, string confirmKey) {      bool match = false;     if (key == confirmKey) {         match = true;     }      return match; }  int main() {      if (keyExists()) {         string key;         string storedKey;         cout << "Please enter key: ";         getline(cin, key);          SHA256 sha256;         ifstream inFile("key.txt");         getline(inFile, storedKey);          if (isMatch(sha256(key), storedKey)) {             cout << "Acces Granted!\n";         }         else {             cout << "Access Denied!\n";         }     }      else {         string key;         string confirmKey;          cout << "Please create a key: ";         getline(cin, key);         cout << "Confirm key: ";         getline(cin, confirmKey);          if (isMatch(key, confirmKey)) {              SHA256 sha256;             ofstream outFile("key.txt");             outFile << sha256(key);         }          else {             cout << "Keys do not match!\n";         }     }      return 0; } 

Many thanks to Stephan Brumme for the awesome hashing algorithm code! This was very easy to implement.

Hacking a password-protected .zip file

Hello,

I have a password-protected .zip file which I've lost its password during a system crash (the password was stored in a text file).
The problem is that the password (as I do remember) was a random alphanumeric string with a length of 10+ chars (can't really be exact on this but I'm pretty sure it's 10+), so a brute password hack may take months :(

Is there any efficient way I can crack this password?