My Progress Wednesday, 10-Feb-99 18:22:45
Hmm. The original question was whether the exe format contained any 'remnants' of the password. I have not been able to find any in the exe file, which appears to be normal. The PK sections at the end of the file can be ripped out, and stuck into their own file. Careful refixing of the offsets in the PK sections can then be used to generate a zip file with no exe section. In plain english: Open the exe file in a hex editor, delete everything until the first PK bit in the last couple of hundred bytes. Then run pkzipfix on the file. You now have a valid zip, with no exe. Still encrypted , and you could run a pwcracker on it if you so wanted (although the key in this case is way out). We are staring at effective 96bit encryption here and even the Kocher-Biham plaintext attack won't help us much. This doesn't actually mean that there are no echoes of the password in the added winzip exe stub though, but I certainly couldn't find any and doubt their existence. I actually ran into the registration scheme of a pw cracker which is most interesting if you want to change the direction of this ? Cronos. Cronos |
My Progress (Cronos) (10-Feb-99 18:22:45) |