Brute-force Encrypted Archive

Given a list of potential passwords it is entirely possible to brute-force an encrypted archive.  A recent challenge I encountered involved an encrypted archive with a password that was likely derived from a list of popular restaurant’s in PDF form.  The PDF was a listing you might find on a tourist information website, so it included addresses, ratings, descriptions, etc.  So not just a simple text list.  The names were also properly capitalized and included punctuation (hyphens, apostrophes, etc.) in addition to grammatical articles (the, a/an).

A simple approach would be to simply try these names using your favorite archive program (e.g. 7-Zip).  That get’s boring pretty quick, so let’s script it!

import subprocess
import re
passlist = ["A Place", "The Fine Diner", "Moe's Eatery"] # You get the idea, this could also be put in a text file and read in

passset = set()
for x in passlist:
    passset.add(x)
    passset.add(x.lower())
    passset.add(x.upper())
    passset.add(re.sub('[^a-zA-Z0-9]','',x))

passlist = passset
success = False
for attempt in passlist:
    try:
        print "Trying " + attempt
        subprocess.check_output(r'"C:\Program Files\7-Zip\7z.exe" e -y -p"'+attempt+ r'" -oC:\tmp "C:\tmp\encrypted-archive.zip"')
        success = True
        break
    except subprocess.CalledProcessError as e:
        print "Try again!"

if success:
    print "Success!"
else:
    print "All permutations attempted! Exiting program..."

Nothing groundbreaking here. The first for takes the original list and adds permutations (lower case, upper case, no punctuation or spaces). Then the second for simply invokes the 7z.exe executable with command-line arguments. 7-Zip is well-written and returns an exit code/number that indicates an error. Python handles this by throwing a subprocess.CalledProcessError, which nicely allows my script to test for success.