Zip and RAR Password Recovery Tools and Tricks That Really Work in 2022
About Zip/RAR archives
Zip is a container file format, called an archive, for compressing and storing many user files in one. It is widely used by archiving programs on various operating systems. On Windows, the file extractor for Zip archives is even built into the operating system. The main advantage of the Zip format is that it’s the most popular type of archive. However, the classic Zip format lacks important features that can be found in other archive formats, such as in RAR, for example.
RAR is a proprietary format used by the WinRAR archiver. The RAR format functions similarly to the Zip format in that both are data containers and are used to compress large numbers of files. However, compared to the classic Zip format, RAR has more advanced features. One of them is stronger password encryption.
How secure is RAR or Zip encryption?
For example, the speed of a brute-force attack on AMD RX6800 GPUs in Passcovery Suite:
- for Classic Zip – 20 086 232 566
- for WinZip AES – 5 842 617
- for RAR3 – 173 320
That is, we can say that the password protection on a RAR archive is ~115 891 times more reliable than the password protection on a Zip archive with classic encryption and ~3 437 times more reliable than the protection on an archive with WinZip AES encryption.
Password encryption of the archive is a necessary feature to restrict access to archived data. And most archiving programs implement it well, both for Zip archives and for RAR. Then, in order to gain access to the data in the encrypted archive, the user must enter the password and decrypt the files.
Let's have a look at some of the best programs for cracking passwords for Zip and RAR archives and learn some useful tricks to reduce cracking time.
Accent ZIP Password Recovery for zip/zipx archives
The Passcovery company’s program has a self-explanatory name and perfectly recovers (or in slang, “cracks”) lost passwords for Zip archives. The program has three ways to find passwords:
- brute force attack
- brute force attack with extended (positional) mask
- dictionary attack
The program supports archives with classic and WinZip AES encryption from various archivers, shows excellent password brute force speed, and implements GPU acceleration on AMD / NVIDIA graphics cards.
Quick start with Accent ZIP Password Recovery
1. Download and install the latest version of AccentZPR. Everything’s straightforward: this is a Windows distribution and the installation procedure is familiar. You don't need to worry about your computer or data security. Passcovery's website and all distributions of the company have a digital certificate, a verified signature, and a "clean" rating on VirusTotal.com.
2. Start the “Zip password cracker” and in it, open the zip/zipx archive that you’ve lost the password to, as you normally would in Windows (through the menu, by clicking on the toolbar, or by pressing Ctrl+O). The Accent ZIP Password Recovery will tell you about the protection it detects:
3. On the next step, you need to select a ready-made script for an automatic search or one of three password attacks:
👊 a brute force attack, when you know nothing about a password. The password attack will go over the entire specified range. Here you can specify the alphabet and character sets for creating a password, limit the length of the password, and set a simple mask (for known parts of the password):
🔥 a brute force attack with an extended (positional) mask, when you know the structure of the password. The password attack will target a smaller set of values. The extended mask will allow you to describe character sets individually for each position of the password:
💣 a dictionary attack, when the password may be a popular phrase. The search is limited to a ready-made list of passwords, also known as the dictionary. In password recovery programs from Passcovery, you can simultaneously connect up to 4 dictionaries:
4. When you’ve selected the type of attack and everything is set up, launch the attack on the forgotten password. Just click “Finish.” The program will begin the password attack and keep you informed about the status of the search, the attack speed, and the amount of time required to check the entire verification range.
The registered version of the program saves the status of the search every five minutes. This convenient feature lets you pause the search at any moment and later pick it up from where you left off. In the demo version, this feature is disabled.
5. Accent ZIP Password Recovery will display the password it finds as a hyperlink. Simply click on it to copy it to your clipboard and open the locked Zip archive.
Accent RAR Password Recovery for RAR/WinRAR archives
Accent RAR Password Recovery is a Windows program for unlocking passwords for RAR archives created in WinRAR 2.90 and higher. The tool has three methods of attacking a forgotten password: brute force, positional mask, and dictionaries. It is professionally optimized for multi-core processors and is accelerated on AMD/NVIDIA graphics cards. All this guarantees the highest possible speed when cracking a reliable and resistant format such as RAR.
Direct, straightforward, and fast, like the autobahn, the password recovery interface consists of the Password Recovery Wizard with several tabs: general information about the protection in the file, the choice of the type of password attack, and the settings of that attack.
To start using the program, there are a few simple steps you need to take:
- Open the password-protected RAR file
- Choose the appropriate (one of the three) password attack
- Select the settings for the attack
- Finally, click “Finish” and start the process
Accent RAR Password Recovery only supports RAR3/RAR5 archives, not Zip archives.
Passcovery Suite for Zip/RAR archives and other popular formats
Passcovery Suite is a professional tool used to recover passwords for different file formats:
- Zip/WinZip and RAR/WinRAR archives
- Microsoft Office, OpenOffice/LibreOffice, Adobe PDF documents
- Apple iOS, BlackBerry OS backup files
- TrueCrypt volumes
- WPA/WPA2 “handshakes”
The program has a unified interface for Passcovery products and features:
- instant recovery of simple Microsoft Office and Adobe PDF passwords
- three types of password attacks: brute force attack, positional mask attack, and dictionary attack
- attack scripts with sequential verification of different ranges
- asm-optimization for password attack speed
- GPU acceleration on AMD/NVIDIA graphics cards
- search status automatically saved
Passcovery Suite is the answer when you can’t open a Zip or RAR archive because you forgot or lost your password. Support for additional formats will save you the hassle of choosing the right tool in the future. The flexible settings for the search range and the tool’s high speed will help you recover your password and regain access to your encrypted data as soon as possible.
Useful tricks to unlock Zip/RAR passwords successfully
Truly complex and strong encryption algorithms are used to protect RAR and WinZIP archives, without backdoors or vulnerabilities. You can recover a password for these archives only by using one of the attack options to find the real password. This is how all programs for recovering passwords work: you set the search range, and they check all the values in it, one by one.
On the web, you can find false information about how to remove a password from an archive just by opening a file in Notepad (In Notepad, Karl! 😂). Just open a file and replace “Ûtà” with “5^3tà’” and “‘IžCO” with “IžCO” and the password will disappear, the data will probably be decrypted, and pink ponies will run around outside under a great big rainbow. No, it’s a sham—it’s all lies. Both in Zip and RAR, it can only be brute force, only hardcore!
So it turns out that the success of cracking a password depends on two factors:
1. skillful manipulation of the verification range – the smaller and more precise it is, the faster the range can be searched
2. the speed of verification – the faster it is, the less time it takes to crack the password
Range manipulation. Positional mask
No matter how fast the password recovery program is, no matter how sophisticated the computer is, checking every possible password in a row would take years, centuries, millennia…
To shorten the search time to something more reasonable, the positional mask can be used. It allows you to set character sets individually for each position of the generated password. This is still a brute force attack, but with a smaller and more precise set of values to check.
For example, if you know, that the password will start with uppercase consonants, there’s no point in checking passwords with different letters in the first positions. After the first letters, there are only lowercase letters. Excellent, we can “cut out” all the other symbols from the set. At the end of the password, there’s either a number or special character. We’ll leave only those. As a result, instead of 75+ trillion passwords to check, there are only 11+ billion. And the brute-force time has been reduced from almost three years to three hours.
A positional mask is a powerful and recommended feature for successful password retrieval.
More detailed examples and instructions on how to implement them can be found here.
Range manipulation. Merging and mutating dictionaries
Fact: people often use words or modifications of words as passwords. Because of this, there are dictionaries made up of common passwords (this for example). Sometimes, a dictionary attack is the only acceptable to try to crack a strong password.
To easily expand the list of passwords for verification in a dictionary with similar clones, Passcovery products have a dictionary merging and mutation feature. This feature allows you to combine up to four dictionaries, compose one common password from their contents, and then change it as you like. There are now more than 20 basic directives for changing your password. Merging them creates an unlimited number of combinations.
For example, if you know that the password is a certain set of words in an unknown order and unknown cases (maybe uppercase, maybe lowercase, maybe at the beginning, maybe not), and some of the letters were also replaced by other characters (0 for o, $ for s, @ for a, etc.). No problem: we compose (or select) the required dictionary (-ies), write a set of rules for merging and mutating the dictionaries, start the search, and bam! we can recover the forgotten Zip / RAR password.
Verification speed. GPU acceleration on AMD/NVIDIA graphics cards
Removing Zip/RAR passwords is remarkably accelerated on AMD and NVIDIA graphics cards.
A strength of modern GPUs is the number of processors capable of simultaneously performing the same type of tasks. By loading graphics cards with the necessary calculations, password recovery programs with support for graphics cards significantly increase the search speed. And they reduce the time for cracking passwords, of course!
You can find out which graphics card is best suited for password recovery tasks here.
The reliability of their data encryption and protection is one of the reasons that Zip and RAR archives are so broadly popular with users all over the world. The other side of this coin, though, is that a lost or forgotten password can be a difficult problem. But the right tool, the correct knowledge about the lost password, and modern equipment give users a good chance of successfully recovering their lost password.
|Author: Denis Gladysh, co-owner, and head of Passcovery – a provider of high-speed GPU-accelerated software solutions
for recovering passwords for popular file formats; author of the first versions of Accent OFFICE Password Recovery, created in 1999.