How to break into my own password-protected ZIP file?
June 10, 2013 10:43 AM   Subscribe

A while ago, I backed up a bunch of old cell-phone photos in a big (~800MB) ZIP file. Much later, I find that I inadvertently or forgetfully password-protected it, and now I can't get to all my old photos. I've tried the brute-force, dictionary, and other approaches through applications like this. Am I out of luck?

Things I've tried that haven't worked:
- every variant of every password I could possibly have intentionally used.
- brute-force & dictionary attacks up to 6 or 7 characters upper/lower/number/special.
- I have separate copies of a few of the photos that are also inside the ZIP file, but haven't had any luck with the programs that say I can use those to reverse-engineer access to the file.

I have access to Mac & Windows. Are there other approaches I've missed? I'd be happy to pay a reasonable amount for someone to do this, but it doesn't seem to be a service that's offered out there.
posted by jeffjon to Computers & Internet (9 answers total) 3 users marked this as a favorite
AFAIK, there isn't a known crack to the zip encryption scheme, so you're stuck with continuing the methods you've already tried.

6-7 characters brute force isn't enough. I'd try to crack it up to at least 10, 12-14 is better. Use multiple dictionaries for a dictionary attack, too, just in case. It's worth digging around to find the fastest crack program for this purpose.

Yeah, it'll take a potentially long time, but you aren't in an especially large hurry.
posted by zug at 11:21 AM on June 10, 2013 [1 favorite]

Which version of zip did you use? If you used a recent one with AES256 encryption, you're not going to reverse-engineer the password in this lifetime. Old zip encryption was pretty weak, though.
posted by scruss at 11:22 AM on June 10, 2013 [1 favorite]

Maybe you've tried this, but since it was inadvertently set, possible the password is blank?
posted by kris.reiss at 11:54 AM on June 10, 2013 [1 favorite]

Could it be your current unzipping tool isn't using the right encryption algorithm?
posted by en forme de poire at 12:44 PM on June 10, 2013

What about this?

It uses your GPU as well as CPU to try to crack your zip archives. Classic and AES encryption. I saw it recommended on the hashcat forums (, but I've never used it.
posted by jingzuo at 2:41 PM on June 10, 2013 [3 favorites]

Response by poster: kalessin -- The files are identical down to the last-modified date. No luck.
scruss -- not sure how to find that out; whatever the built-in Windows Vista "compressed folder" was equipped with in 2011.
kris -- tried that just to be sure! No luck there either.
I'll do some more research on those last 2 links & see if I can find any love. Thanks, all!
posted by jeffjon at 3:15 PM on June 10, 2013

scruss -- not sure how to find that out; whatever the built-in Windows Vista "compressed folder" was equipped with in 2011.

Vista removed the feature to encrypt a folder with a password. That was an XP feature. Instead, in Vista, a folder was encrypted with a key associated with your user account. You _will not_ break this with a brute force attack.

Are you opening the folder in explorer with the same account you used to create it?
posted by bfranklin at 4:10 PM on June 10, 2013

You may want to look into Elcomsoft's product. They are very reputable folks (supply software to law enforcement); their stuff is really solid. It looks like their professional version has a guarantee (details are on their page).
posted by el io at 10:26 PM on June 10, 2013

Response by poster: That's good to know, bfranklin; I'll make sure I use the same computer.
Elcomsoft is the one I've tried (see link in my original question), but only in trial mode so far. Time to get serious, I think.
posted by jeffjon at 4:51 AM on June 11, 2013

« Older How do I afford mobility equipment?   |   Movie Filter: Name That Movie! Newer »
This thread is closed to new comments.