Description
What is expected from file when using -p file without -P plain.zip?
The examples mention either -C encrypted.zip -c cipher -P plain.zip -p plain or -c cipherfile -p plainfile. I tried using a mix of them, as in -C encrypted.zip -c cipher -p plainfile - where (in my mind but perhaps not in bkcrack's) cipher was a file within encrypted.zip while plainfile was a plain file in my pwd simply containing the plaintext as-is - and that was accepted but it didn't work at all.
If that is supposed to work, it doesn't seem to, might be a bug.
If it's not supposed to work at all without -P, it should bail with some informative error. I got confusing errors such as Data error: plaintext offset is too large. or Data error: ciphertext is smaller than plaintext.. With some combination of options (I think adding -t to the mix) I got it to run but it could not find the keys (these were all test runs with staged data - it should have).
Perhaps it is supposed to work, but only if plainfile is extracted (eg. with dd) from an unencrypted archive? I did try to add my plainfile to a dummy, unencrypted zip file and then use -P dummy.zip -p plainfile and that did work just fine. If this is it, maybe just document it better.
Example of what not worked:
$ echo "Test data alpha bravo charlie echo delta fox golf hotel" > test.txt
$ rm -f test.zip && zip -e test.zip test.txt
Enter password: (I entered 'magnum' here)
Verify password:
adding: test.txt (deflated 2%)
$ ./bkcrack -C test.zip -c test.txt -p test.txt
bkcrack 1.3.0 - 2021-08-16
Data error: plaintext offset is too large.
Here's what worked fine:
$ echo "Test data alpha bravo charlie echo delta fox golf hotel india juliet" > test.txt
$ rm -f test.zip && zip -e test.zip test.txt
Enter password:
Verify password:
adding: test.txt (deflated 10%)
$ rm -f plain.zip && zip plain.zip test.txt
adding: test.txt (deflated 10%)
$ ./bkcrack -C test.zip -c test.txt -P plain.zip -p test.txt
bkcrack 1.3.0 - 2021-08-16
[19:49:10] Z reduction using 54 bytes of known plaintext
100.0 % (54 / 54)
[19:49:10] Attack on 150507 Z values at index 7
Keys: a5025690 1257b418 cee8bad2
4.7 % (7030 / 150507)
[19:49:17] Keys
a5025690 1257b418 cee8bad2
I could use those keys to crack the actual password eg. with hashcat.