CrackMe® Practices for Newbies
PROJECT 5: zipfile.exe

Re: Re: The Ome Bertus thread
Tuesday, 09-Feb-99 18:06:02
    194.178.253.204 writes:

    The zipped file is test.txt and contains:
    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

    Without a password the zip file ends with:
    05 06 00 00 00 00 01 00 01 00 36 00 00 00 2C 00 00 00 00 00
    --
    All password protected zip files ends with:
    05 06 00 00 00 00 01 00 01 00 36 00 00 00 38 00 00 00 00 00

    The bytes are:

    0 mo password: -> 73 74 24 15 00 00
    1 Password: ABCD -> 80 23 15 07 52 EC 13 86 2F A7 C3 A1 6D F2 8D 25 F9 84
    2 Password: ABCDE -> 8A FC 3C CF C9 53 D1 85 5A 95 B0 C7 D1 74 A6 9A 02 D3
    3 Password: ABCDF -> 88 85 23 4C 66 B6 6F 18 03 41 FF 64 45 D5 8A 08 44 15
    4 Password: BBCDF -> 85 1F 64 7E 28 7A 07 62 E6 4F 82 56 FF 2C 2A 86 6F 41

    So the answer to question 1 is no, they are different.

    2.
    No, i have tried other longer passwords and it stays the same. But i tried also
    with another input file: test1.txt witch contains:
    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBB"
    This is showing a simular result the 18 bytes are now 20 bytes. The zip file without
    a password has 8 insteat of 6 bytes in this position. This must mean something.

    3.
    I don't know yet. But i a see the same when i using test1.txt.
    It is the same byte that is different in this situation.

    4.
    No, i am getting messages like missing 192 bytes in zipfile. The number depends on
    the number i have entered. So this is not a CRC but it indicates the length of the zipfile.
    The differece between 38 and 2C is 12 and that is the difference in length using no
    password (6 bytes) and a password (18 bytes).

    Wel, it's getting late in Europe. I take a last beer and give it a next try tomorrow.

    Cheers,

    Ome Bertus




    Ome Bertus


Message thread:

The Ome Bertus thread (Ome Bertus) (09-Feb-99 15:38:20)

Back to main board