Reading Time: 3 minutes
Its not very common, but sometimes it happens you have to crack some downloaded file from thepiratebay.com or some other big torrent tracker. An example scenario would be downloading a huge words dictionary (a rainbow tables) dictionary etc., which was protected by the author with a password and zipped.
Fortunately Mark Lehmann developed a software called fcrackzip which is capable of brute forcing zip protected file passwords straight on UNIX like operating systems (GNU/Linux, FreeBSD).
fcrackzip is available from package repositories on Debian and Ubuntu Linuces to install via apt:
linux:~# apt-get install frackzip
fcrackzip is also available on FreeBSD via the ports tree and can be installed with:
freebsd# cd /usr/ports/security/fcrackzip
freebsd# make install cleam
On Debian it's worthy to have a quick look on the README file:
linux:~# cat /usr/share/doc/fcrackzip/READMESee fcrackzip.txt (which is derived from the manpage), or fcrackzip.html
There is a web page with more information at
A sample password-protected .zip file is included as "noradi.zip". It's
password has 6 lower case characters, and fcrackzip will find it (and a
number of false positives) with
fcrackzip -b -c a -p aaaaaa ./noradi.zip
which will take between one and thirty minutes on typical machines.
To find out which of these passwords is the right one either try them out
or use the –use-unzip option.
Cracking the noradi.zip password protected sample file on my dual core 1.8 ghz box with 2gb, it took 30 seconds.
linux:~# time fcrackzip -u -b -c a -p aaaaaa noradi.zip
PASSWORD FOUND!!!!: pw == noradi
Of course the sample set password for noradi.zip is pretty trivial and with more complex passwords, sometimes cracking the password can take up to 30 minutes or an hour and it all depends on the specific case, but at least now we the free software users have a new tool in the growing arsenal of free software programs 😉
Here are the options passed on to the above fcrackzip command:
-u – Try to decompress with the detected possible archive passwords using unzip (This is necessery to precisely find the archive password, otherwise it will just print out a number of possible matching archive passwords and you have to try each of the passwords one by one. Note that this option depends on a working unzip version installed.)
-c a – include all charsets to be tried with the generated passwords
-b – Select brute force mode – Tries all possible combinations of letters specified
-p aaaaaa – init-password string (Look up for a password between the password length 6 characters long)
FCrackZip is partly written in assembler and thus is generally works fast, to reduce the CPU load fcrackzip will put on the processor its also capable of using external words dictionary file by passing it the option:
-D – The file should be in a format one word per line and be preliminary alphabetically sorted with let's say sort
Also fcrackzip supports parallel file brute force, for example if you have 10 zip files protected with passwords it can paralelly try to brute force the pwds.
As of time of writting frackzip reached version 1.0 and seems to be pretty stable. Happy cracking.
Just to make sure fcrackzip's source is not lost somewhere in the line in the long future to come, I've created a fcrackzip download mirror here