PKCRACK - Rust Implementation

A complete Rust implementation of the known-plaintext attack against PkZip encryption, based on the original C implementation by Peter Conrad.

Overview

This tool implements the Biham/Kocher known-plaintext attack against the proprietary PkZip encryption scheme (also known as ZipCrypto). The attack is divided into three main stages:

1. Stage 1: Generate and reduce possible key2 values from known plaintext-ciphertext pairs
2. Stage 2: Reconstruct complete key sequences from reduced candidates
3. Stage 3: Find the original password or decrypt the ZIP file directly

Features

• Complete port of the original C pkcrack functionality
• Modern Rust implementation with memory safety guarantees
• Comprehensive command-line interface
• ZIP file processing capabilities
• Detailed progress reporting
• Automatic report generation
• Cross-platform compatibility (Windows, Linux, macOS)

Installation

Prerequisites

• Rust 1.70 or higher
• Cargo (included with Rust)

Build from source

git clone <repository>
cd pkcrack
cargo build --release

The compiled binary will be available at target/release/pkcrack (or pkcrack.exe on Windows).

Usage

Basic Usage

# Attack encrypted file with known plaintext
pkcrack -c encrypted.zip -p known_plaintext.txt

# Specify custom offset
pkcrack -c encrypted.zip -p known_plaintext.txt -o 12

# Extract files from ZIP archives
pkcrack -C encrypted.zip -c "secret.txt" -P plaintext.zip -p "secret.txt"
pkcrack -C flag.zip -c "key.txt" -P key.zip -p "key.txt"

Command Line Options

Usage: pkcrack.exe [OPTIONS]

Options:
  -c, --ciphertext <CIPHERTEXT>          Ciphertext file
  -p, --plaintext <PLAINTEXT>            Plaintext file
  -C, --ciphertext-zip <CIPHERTEXT_ZIP>  ZIP archive containing ciphertext
  -P, --plaintext-zip <PLAINTEXT_ZIP>    ZIP archive containing plaintext
  -d, --decrypt <OUTPUT_ZIP>             Output decrypted ZIP archive
  -o, --offset <OFFSET>                  Offset of plaintext into ciphertext (may be negative) [default: 12]
  -i, --case-sensitive                   Case-sensitive filename matching in ZIP archives
  -a, --abort                            Abort key searching after first success
  -n, --no-progress                      Disable progress indicator
  -h, --help                             Print help

Examples

Example 1: Basic Attack

# You have an encrypted ZIP file and know part of its contents
pkcrack -c secret.zip -p known_text.txt

# The program will:
# 1. Load both files
# 2. Execute the three-stage attack
# 3. Display results including recovered keys and/or password

Example 2: ZIP Archive Processing

# Extract encrypted file from ZIP and known plaintext from another ZIP
pkcrack -C archive.zip -c "secret.txt" -P known.zip -p "known.txt" -d decrypted.zip

Example 3: Custom Configuration

# Use custom offset and disable progress indicator
pkcrack -c encrypted.dat -p plaintext.dat -o 8 -n -a

Attack Algorithm

The attack works in three stages:

Stage 1: Key Space Reduction

1. Generates initial candidates for key2[n] using mathematical relationships
2. Reduces the candidate space through backward iteration
3. Typically reduces from millions to hundreds of candidates

Stage 2: Key Reconstruction

1. Reconstructs complete key sequences (key0, key1, key2)
2. Uses recursive algorithms to validate key transitions
3. Cross-references against known plaintext-ciphertext pairs

Stage 3: Password/Decryption

Two possible approaches:

• Password Search: Brute-force search for the original password
• Direct Decryption: Use recovered keys to decrypt ZIP file directly

Requirements

• Minimum plaintext length: 13 bytes
• Plaintext must be: Known and contained within the encrypted file
• File format: PkZip encrypted files (ZipCrypto)

Performance

• Memory usage: ~33MB for large key spaces
• Time complexity: Variable based on attack success
• Optimized with precomputed tables for maximum efficiency

Output

The tool provides:

• Recovered encryption keys (key0, key1, key2)
• Original password (if found)
• Detailed attack statistics
• Comprehensive progress reports
• Timestamped attack logs

Security Considerations

This tool is designed for:

• Security research and education
• Password recovery on owned files
• CTF competitions and penetration testing
• Understanding cryptographic vulnerabilities

IMPORTANT: Only use on files you own or have explicit permission to analyze.

Technical Details

Mathematical Foundation

The attack exploits weaknesses in PkZip's key initialization:

1. Key Relationships: key3[n] = plaintext[n] XOR ciphertext[n]
2. Inverse Operations: Uses inverse CRC-32 operations
3. Constraint Satisfaction: Each key imposes constraints on previous keys

Key State Management

The algorithm maintains three 32-bit keys:

• key0: CRC-32 based key
• key1: Mathematical transformation of key0
• key2: CRC-32 based on key1's most significant byte

Implementation Details

• Precomputed lookup tables for performance
• Thread-safe global state management
• Comprehensive error handling
• Memory-efficient data structures

Testing

Run the test suite:

cargo test

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

• Original C implementation by Peter Conrad
• Biham/Kocher cryptographic research
• Rust community for excellent tooling
• Test contributors and security researchers

Disclaimer

This tool is for educational and research purposes only. Users are responsible for ensuring compliance with applicable laws and regulations.