🔐 CTF Writeup: ZipCrypto Password Recovery with bkcrack
📦 Challenge Overview
We got our hands on a password-protected ZIP archive named important.zip, which contains the following files:
alien.svgimportant_document.pdfsecret.txt
Our objective is to decrypt the contents or recover the original password in order to access the flag hidden within one of these entries.
🧾 Step 1: Inspecting the Archive Structure
First, we enumerate the files inside the archive to understand what we’re dealing with:
unzip -l important.zip
Output:
Archive: important.zip
Length Date Time Name
--------- ---------- ----- ----
545 05-14-2025 02:31 alien.svg
18810 05-14-2025 01:48 important_document.pdf
354 05-15-2025 20:45 secret.txt
--------- -------
19709 3 files
The file alien.svg stands out as the smallest and is a strong candidate for a known-plaintext attack.
🧠 Step 2: Selecting a Known Plaintext Target
This archive is encrypted using ZipCrypto, which is susceptible to a known-plaintext attack. To proceed, we need a sequence of plaintext bytes that align with the beginning of an encrypted file.
Why alien.svg?
SVG files almost universally start with a standardized XML declaration:
<?xml version="1.0" encoding="UTF-8"?>
This predictable header makes alien.svg an excellent candidate for constructing known plaintext.
✍️ Step 3: Crafting plain.txt
To perform the attack, we need a plaintext file that contains a snippet matching the start of the alien.svg. Since we don’t have the original file, we generate the beginning manually based on known SVG/XML structure.
We include the first 13 bytes, which meets the requirement of at least 12 known bytes, with 8 contiguous.
echo -n '<?xml version="1.0" %' > plain.txt
🧨 Step 4: Launching the Attack with bkcrack
With the crafted plaintext in place, we invoke bkcrack to recover the internal encryption keys:
bkcrack -C important.zip -c alien.svg -p plain.txt
Output:
bkcrack 1.7.1 - 2024-12-21
[21:56:02] Z reduction using 13 bytes of known plaintext
100.0 % (13 / 13)
[21:56:03] Attack on 549123 Z values at index 6
Keys: aecfb215 d758b203 a40cae44
49.8 % (273379 / 549123)
Found a solution. Stopping.
You may resume the attack with the option: --continue-attack 273379
[22:01:54] Keys
aecfb215 d758b203 a40cae44
Success — we’ve recovered the internal keys used to encrypt the archive.
🗝 Step 5: Decrypting with Recovered Keys
With the internal keys in hand, we can now decrypt individual entries, such as secret.txt, without knowing the original password:
bkcrack -C important.zip -c secret.txt -k aecfb215 d758b203 a40cae44 -d secret_decrypted.txt
🔒 Step 6: Repackaging with a New Password
To lock things down (or replace the password with one of our choosing), we generate a new encrypted archive:
bkcrack -C important.zip -k aecfb215 d758b203 a40cae44 -U important_relocked.zip newpass2025