7z Test Cracker

[SMcNeill]

Code: [Select]

_DEFINE P AS STRING
DIM PossibleLetters AS STRING
PossibleLetters = "abc"
$CONSOLE:ONLY
_DEST _CONSOLE


FOR a = 1 TO LEN(PossibleLetters)
    Password = ""
    Password = MID$(PossibleLetters, a, 1)
    FOR b = 1 TO LEN(PossibleLetters)
        Password2 = Password + MID$(PossibleLetters, b, 1)
        FOR c = 1 TO LEN(PossibleLetters)
            Password3 = CHR$(34) + Password2 + MID$(PossibleLetters, c, 1) + CHR$(34)
            C$ = "7za e TestArchive.7z -p" + Password3
            PRINT Password3, C$
            SHELL C$
NEXT c, b, a
I'd suggest downloading the archive below, and extracting it to a RAM drive of minute size to play around with it. 

Instructions:
1) Download
2) Extract to a dedicated directory
3) Run the 7z Test Cracker.exe, and you can see where it brute forces the test archive and breaks the password on it.. (Which, in this case, is simply nothing more than "abc", which allows me to very quickly run through a list of all the possible word/letter combinations.)
4) Try not to OOOOH, as one of the QB64 license TXT files suddenly pops up in the directory chosen.  You've now broken a 7z password!  Yaaaaaay!!

[SMcNeill]

A link to the original topic, which this one was created as a response to:  https://www.qb64.org/forum/index.php?topic=1457.0

And, my original, unfinished code, which led to me making the actual demo above for true testing and proof of concept purposes:

Code: [Select]

_DEFINE P AS STRING
DIM PossibleLetters AS STRING
PossibleLetters = "ABCDEFGHUJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890"

FOR a = 1 TO LEN(PossibleLetters)
    Password = ""
    Password = MID$(PossibleLetters, a, 1)
    FOR b = 1 TO LEN(PossibleLetters)
        Password2 = Password + MID$(PossibleLetters, b, 1)
        FOR c = 1 TO LEN(PossibleLetters)
            Password3 = Password2 + MID$(PossibleLetters, c, 1)
            FOR d = 1 TO LEN(PossibleLetters)
                Password4 = Password3 + MID$(PossibleLetters, d, 1)
                FOR e = 1 TO LEN(PossibleLetters)
                    Password5 = Password4 + MID$(PossibleLetters, e, 1)
                    FOR f = 1 TO LEN(PossibleLetters)
                        Password6 = Password5 + MID$(PossibleLetters, f, 1)
                        FOR g = 1 TO LEN(PossibleLetters)
                            Password7 = Password6 + MID$(PossibleLetters, g, 1)
                            FOR h = 1 TO LEN(PossibleLetters) 'for 8 letters
                                Password8 = _TRIM$(Password7 + MID$(PossibleLetters, h, 1))
                                PRINT Password8
                                SLEEP
NEXT h, g, f, e, d, c, b, a


'Only instead of PRINT, use SHELL _HIDE _DONTWAIT with the command line paramters for 7z

[TempodiBasic]

Gasp! I must have a bad luck

all code is good but I got error "7z is not internal command or batch file"
so I try to put also path of 7z that I have already on my Pc.
And I got the same warning from Os shell....  "C:\Program Files (x86)\7-Zip\7z " is not  an internal or external command, executable file or batch file...."

 

and thinking that I have 7z as default program to open compressed archives!

What can I do to accept 7z.exe as executable file?

[SMcNeill]

Try it with 7za.exe.  It’s the stand alone version of the program.  At least, I think it is, unless I read the description wrong from their website.

[TempodiBasic]

Thanks Steve I have tryed before your integral code, then I have tried some variant of command line of the Shell.

In my folder there is 7z.exe for console  and 7zG.exe but with or without the path I got the same result also if I set to run these files as administrator.

I'll appreciate some other feedback to solve this shell mistery

PS if i cut the first part of shell command "7z  e  " it opens the file in 7z (because it is set as default program for these files) but if I doubleclik on the file showed it popup a dialogbox to get the password from user.

[SMcNeill]

Only thing I can think of is you might need to grab the 32-bit version of the stand-alone 7z.  You can find it in the 3rd download link from their site: https://www.7-zip.org/download.html   (7-Zip Extra: standalone console version, 7z DLL, Plugin for Far Manager)

Just extract and copy the archive (and compiled QB64 test program) into the same folder with the stand-alone version, and you shouldn’t see any of those “...not an executable” messages.

The version I downloaded and zipped up is a 64-bit version, so it might not work on your system, if you’re running under a 32-bit OS.

If that doesn’t work,I’m at a loss as to what the issue might be.

*************************

EDIT:  Looking closer at your screenshot, I imagine the issue is lack of quotes in the shell statement.

C:\Program Files is saying to shell to Drive C:\, and open “Program.exe” with Files as a parameter — which doesn’t exist.

You need quotes in that shell.  “C:\Program Files (x86)\7-Zip\7z” e TestArchive.7z -p”abc”

Add a CHR$(34) before and after the path for the 7z program.

[Ashish]

Hi Steve! I am very thankful you for providing this method. The password of my 7zip file about 10-15 characters long. So, I decided
to have 15 nested loops. Now, I ran the program. But I am facing some issues with this - It lags my system. I don't know why.
So, I decided to close it from Task Manager. Then I've to start the windows again. (Also, it works slower than my expectation.)

[SMcNeill]

If it’s that many digits, you might want to make multiple copies of the file and run various versions on multiple PCs.  For example, if you were looking for a password containing just numbers (“0123456789”), then your desktop might start trying to force it with the first loop starting from “0” to “4”, and your laptop would start trying from “5” to “9” for the first digit — dividing the problem in half.

If you want to share the file, (and the contents aren’t anything you don’t mind others seeing), I’ll run it on my machines here and help divvy up the load for you.  A few others might also help divide up the load and let it run in the background on their machines, and get you to the solution even faster.  ;)

[Ashish]

Again, I'm very thankful to you Steve & every person who is willing to help me.
I will attach the zip file. The code will not please you all.
Also, The thing I remembered is that the password was 10-15 chars long, It contained the numbers, letter & symbols.
And the most important, it contain the word "qb64", either in this way "qB64" or this way "QB64". I really don't remember.

[SMcNeill]

Any idea which letters and symbols you might’ve used?  There’s no need to check from CHR$(0) to CHR$(255), as a lot are control characters (or extended characters like the card symbols, arrows, and various line symbols) and not usually used.  The more you can narrow down the possible letters you’d use, the quicker you can check them all.

After all 100 * 100 symbols is 10,000 combinations.  Compare that to 256 * 256 possible ASCII codes, which is 65,000+ combinations.  (And that’s just the difference in possible 2-digit passwords.  Imagine the difference in how many times you’d have to check a 15 digit password!  100 ^ 15 vs 256 ^ 15)

“ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz 1234567890@#$&*()’%-+=/;:,.€£¥_^[]{}§|~…\<>!?”

Anything you want to add, or hopefully subtract, from that check list of symbols?

[Jack002]

Many years ago I looked at a zip file with a password on it in a hex editor and I saw the password there at the top of the file within the first 15 bytes or so. Not too secure doing that.

[TempodiBasic]

@Steve
Thanks for right suggestion but I get the same results also using CHR$(34) as delimiter of a string with space among letter.
In fact wiki says

In Windows, use additional CHR$(34) quotation marks around folder or file names that contain spaces.

  here http://qb64.org/wiki/SHELL
 
About 32/64bit, I have a 64bit system.


@Ashish
what do you think about this tool? https://www.qb64.org/forum/index.php?topic=1457.msg106556#msg106556

[SW]

10 chars its too long to bruteforce thru console calls...
Need more info what might be in pass i.e. some word(s) and position.

may be better use 7z API (i.e. winapi 7z.dll) ?

[Ashish]

...
“ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz 1234567890@#$&*()’%-+=/;:,.€£¥_^[]{}§|~…\<>!?”

Anything you want to add, or hopefully subtract, from that check list of symbols?

Yes. "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456790!@#$*-+"

@TempodiBasic
I tried that software. But it can only work for the length upto 5 characters.

@SW

Also, The thing I remembered is that the password was 10-15 chars long, It contained the numbers, letter & symbols.
And the most important, it contain the word "qb64", either in this way "qB64" or this way "QB64". I really don't remember.

I thinking a more and more, I think it also contained the word "rocks" or "forever" (can be upper case/lower case or combination).
I can't remember more of it.

[TempodiBasic]

Hi
also I think that the call by Shell is too slow ....

however I don't know how to solve but here you can get more information
https://www.7-zip.org/sdk.html