Saturday, November 2, 2013

zipcracker

zipcracker is an application that can find zip-file password using brute force or dictionary attack method.


Source code is available at https://bitbucket.org/mijo_gracanin/zipcracker

Inspiration for doing this app I found in book Violent Python by TJ O'Connor. Example in the book shoved me how easy it is to crack zip-file, using dictionary attack, thanks to zipfile library. Basically, method looks like this:
 from zipfile import ZipFile, zlib  
 z = ZipFile(file)  
 d = open(dictionary)  
 for line in d.readlines():  
   password = line.strip('\n')  
   try:  
     z.extractall(path='', pwd=password)  
     print(password)  
   except zlib.error:  
     pass  

I upgraded the example code from the book with GUI and brute force method. Brute force is easily implemented with itertools library, which contains permutations function. For GUI I used tkinter library, which mostly comes included with Python. I found tkinter good enough for simple applications, but some tasks, like restricting Entry widget to only accepts numbers, can be surprisingly difficult and requires, to quote a poster from StackOverflow, Voodoo code.

Of course Python may not be the best choice for this kind of task, because of speed. TJ O'Connor tried to speed up things a bit by using multithreading, but according to Mark Summerfield's book: Python in Practice, multithreading can even decrease performance because of GIL (Global Interpreter Lock) and he advises writing  code in Cython and using multiprocessing module. It would be interesting to see comparison between this approaches.
Other desirable improvements would be adding support for additional file types like rar and 7z. There is a rarfile library with similar interface like zipfile library available on PyPI, and for 7z there is a pylzma library also on PyPI.