Tips & Tricks
Mathieu Morrissette

Hello everyone! As a certified OSCP security specialist here at Devolutions, I have the privilege of testing the security of our code, and our solutions to ensure that you have the most secure experience when using our products. Besides that, I also work with developers to write safer code, I keep up with trends at security conferences and during breaks, I like to play the Star Wars pinball machines in the break room. As a huge Star Wars fan, the office here at Devolutions makes me feel right at home.

Why You Should Never Use the Native .Zip Crypto in Windows

When working in IT security, there are some questions that keep coming up, and I thought this one deserved to be answered once and for all: Is there any way to crack a password-protected zip file?

I understand how much we all want to be absolutely certain and reassured that our files will not be cracked — not now, not ever! For some time now, the .zip format has provided encryption as an added feature. But the type of encryption it offers depends on the program you use to create and open the zip file.

One of the .zip password protection algorithms is called ZipCrypto. ZipCrypto is supported natively on Windows, but it should never be used because it is completely broken, flawed, and relatively easy to crack. All hackers need to know is 12 bytes of plain text and where it is located in the zip (which can be easily found) in order to quickly decrypt the entire content of the archive. To give you an idea, on most laptops, it would usually takes less than a minute to decrypt the entire content of a zip file.

Exploiting ZipCrypto

Exploiting ZipCrypto through a widely known plain text attack is straightforward and doesn’t require sophisticated technical skills. Although I will walk you through the steps, I am obviously not doing so to help go out and hack someone. I simply want to show you how basic and easy this exploit really is.


Opening the zip file reveals an XML file called SomeXmlFile.xml.

Usually, XML files contain the following header at the beginning:


The procedure itself is quite simple:

  1. Create a file named plain.txt.

  2. Add the following text to plain.txt: <?xml version="1.0" encoding="UTF-8"?>

  3. Zip the file and call it Do not use a password and use the same compression algorithm as the encrypted archive. (If you wish, you can download using the link supplied above, which already has the plain.txt file in it.)

  4. Feed both files to bkcrack using the following command line:

    bkcrack -C -c SomeXmlFile.xml -P -p plain.txt

The final tool output should look like this:

Generated 4194304 Z values.

[11:58:53] Z reduction using 30 bytes of known plaintext

100.0 % (30 / 30)

260948 values remaining.

[11:58:54] Attack on 260948 Z values at index

7 88.3 % (230335 / 260948)

[12:01:52] Keys

c072e51c a36b7996 b6f8d312

Once the keys have been obtained, any files in the zip can be deciphered using the following command line:

bkcrack -C -c Tux_ecb.jpg -k c072e51c a36b7996 b6f8d312 -d Tux_ecb.jpg

This example extracted the Tux_ecb.jpg file. The resulting image should look like this:


Congratulations, you have successfully decrypted the zip file!


We included multiple files in the (MIT License, HTML file), so that you can practice and go off the beaten track!


By now you’re probably wondering: If you should never use ZipCrypto, then what is the alternative? Well, we strongly recommend AES-256, which is the industry standard for zip encryption and has been proven to be quite strong and safe. Unfortunately, Windows does not have native support for this. However, most third-party archivers such as 7Zip, Winrar, and Winzip support it.

Related Posts

Read more Tips & Tricks posts