2

I made a dictionary attack on encrypted zip files, using the zipfile library. When I started using BIG dictionaries sometimes I got false positive results, i.e. password could be "wool" and "12630" was considered correct. In that case the decrypted file contained gibberish obviously.

It's not a bug in my code, but in the way the zipfile library checks to see if the provided password is correct. I've managed to decrease the false positives by checking the size of the decrypted file and if it's equal to 0 consider it false and keep searching. But my problem remains, because when the file contains gibberish it's size > 0. So my question is, is there any way I can determine in Python if a file has be decrypted correctly or if it contains gibberish?

PS. Yes I know decrypting zip files with zipfile is slow, but as I said earlier I do this in order to get a grip of Python.

Here is my code:

import zipfile
import os



zfile=raw_input("Please input zip's file name\n")
diction=raw_input("Please input dictionary\n")
found = False
zipf = zipfile.ZipFile( zfile, 'r' )
f = open(diction, 'r')

for line in f:
    pswd = line
    pswd = pswd[:-1]
    zipf.setpassword(pswd)   
    try:
        zipf.extractall()
        if (os.path.getsize(zfile[:-4]) != 0):
            found = True 
            break
    except RuntimeError:
        continue
    except Exception:
        continue
zipf.close()

This is a bug report i submited in python's bug tracker. As you can see they don't consider it a "bug" of the library, that's why I'm asking for alternatives of checking if the file decrypted correctly.

PS. For anyone that cares, in the link provided above, they told me that it's a problem of the zip file format and that there is nothing that can be done. So I guess, question is kind of answered.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Erethon
  • 123
  • 1
  • 9
  • 2
    If you're affirming that the python zipfile has a bug i think you have to report this to the python bug tracker . – mouad Jan 12 '11 at 16:14
  • 1
    I already have and what Nathan pasted is their reply. Kind of reminds of "it's not a bug, it's a feature". That's why I'm asking for ways to check if the decrypted file is corrupted or not. – Erethon Jan 12 '11 at 16:27
  • Are there cases when incorrect password doesn't produce an Exception? – jfs Jan 12 '11 at 17:49
  • Yes there are, my main problem atm is not the Exception since that's being caught. My problem is that there are incorrect passwords that dont produce and exception and "decrypt" the file (obviously it fails to decrypt it). I wanna find a way to either stop this from happening, or a way to ignore those passwords. – Erethon Jan 12 '11 at 18:26

1 Answers1

3

From this zipfile bug report

The password-checking scheme uses a one-byte check against the zip header for consistency. So there is a (near) 1/256 chance of false positives, that is of bad passwords mistakenly detected as good; then the ZipFile class proceeds with unarchiving and that's where things fail (because the "decrypted" stream is really junk).

Dharman
  • 30,962
  • 25
  • 85
  • 135
Nathan
  • 4,545
  • 6
  • 32
  • 49
  • 1
    That is my code and my bug report, maybe I should have included it in the first place. I've done a bit of changes to the code, will update my question asap. – Erethon Jan 12 '11 at 16:20
  • That's quite strange. It sounds like a bug that an exception is not thrown in some cases. Either that or they specifically do no want zipfile to be used for brute force zipfile password attacks. – Nathan Jan 14 '11 at 15:17
  • Yes it is strange. In python 3.1 they have changed a little the way zipfile checks if the password is correct, but the problem remains. Guess for some strange reason they want it that way. :/ – Erethon Jan 15 '11 at 10:09