Page 1 of 1

ZIP password lost

Posted: 08 Sep 2021, 07:01
by FranchescoRaMo
We have a client that makes the backup's with cobian backup 11, which was configured to make them in a password-protected zip file. The disk of the computer where the cobian was installed has damaged, and according to the hard disk recovery companies the information is not accessible because it is badly scratched. The client has the zip files of the backups but does not remember the password he entered, since he set it in 2015. We can prove that the client is the rightful owner of the data. The password is likely to be a maximum of 12 characters a-z, A-Z, 0-9 and @ since the customer has some indication of it but has tried several of them and has not succeeded.

Unfortunately zip2john cannot extract the hash from the archive, because zip2john is based on 7-zip and does not properly recognize zip files created with Cobian Backup (winzip). I have been investigating the functionality of John ripper (zip2john) and the problem is in the format of the zip file, since for 7-zip the file has an unexpected end. The Cobian website says: Cobian Backup creates zip files that are 100% compatible with the latest version of Winzip. The included decompressor should also handle these files without problems. Other archivers may or may not support all new extensions so you may get errors like "Archive corrupted" or "Unexpected end of the archive"

Please can you tell us how to get the hash?

Re: ZIP password lost

Posted: 17 Sep 2021, 00:14
by cobian
The point with a password is that, nobody who doesn't knows it, can open the archive. So there is not much we can do I guess, but try some brute force method.