第033期 【加密解密】WinZip WinRAR 7-zip VeraCrypt BitLocker哪个才是最强的文件加密软件？最强最弱差距3000倍？不服跑个分！

视频连接

• YouTube
• B站
• 西瓜视频

本期视频内容

本期视频介绍一下常见的加密软件的原理，对这些软件的破解难度做一个跑分测试，排名不代表真正的安全性，仅供娱乐。

相关网站

• John the Ripper password cracker

• hashcat advanced password recovery

• Kali Linux

hashcat跑分命令

1. WinZip

hashcat -b -m 13600

2. WinRAR

hashcat -b -m 13000

3. 7-zip

hashcat -b -m 11600

4. VeraCrypt

hashcat -b -m 13721

5. Bitlocker

hashcat -b -m 22100

使用john提取加密文件hash信息

1. WinZip

zip2john ./tao.zip> zip.hash

得到如下内容

tao.zip/tao.txt:$zip2$0303a8b8ce949eacdbad9ca4baf18d47160b3788d40219489b82ade3e9a9b34dce47258731346df1587368b9300a69083e6b4416484ffd384a36e01722f824e11c38c6d5183e3cc674099ce73a099e34f1108075eb235d1c2e514d4c022b9a214d2dfde9f6d18f7fac0e25335692f0bb834e52a9fc3af3450ab946cac711166ba2be6808c2a81d792945f8fa7524de17b52b84677eca315fff208fa57271afccf2b95aecb140d5842571a51*$/zip2$:tao.txt:tao.zip:./tao.zip

去除头部的 tao.zip/tao.txt: 和尾部的 :tao.txt:tao.zip:./tao.zip

$zip2$0303a8b8ce949eacdbad9ca4baf18d47160b3788d40219489b82ade3e9a9b34dce47258731346df1587368b9300a69083e6b4416484ffd384a36e01722f824e11c38c6d5183e3cc674099ce73a099e34f1108075eb235d1c2e514d4c022b9a214d2dfde9f6d18f7fac0e25335692f0bb834e52a9fc3af3450ab946cac711166ba2be6808c2a81d792945f8fa7524de17b52b84677eca315fff208fa57271afccf2b95aecb140d5842571a51*$/zip2$

2. WinRAR

rar2john ./tao.rar> rar.hash

得到如下内容

tao.rar:$rar5$16$abcf05e3663907b0faa2aa0f78b25822$15$21ba0372cd54c41fe5643b515cc69688$8$e030921031c82e10

去除头部 tao.rar: 即可

3. 7-zip

/usr/share/john/7z2john.pl ./tao.7z > 7z.hash

得到如下内容

tao.7z:$7z$2$19$0$$16$ddb3dd41c1b1c2e37da7f1d61e495444$3468811477$144$142$7c259ec3d101866000133f371d067514b4c7a666fbda087188d2f83ecca9b26e323950c405ad90a8188fbc208351f0d34c493676281965a4368028fa43173c04b61d517f729a40327da08574d778c495cc1c1f9961a2bf74a9afb479098df88437e96053bc97599c80eceb2012d2cf50ffea91a9827841b058d27f5f5dc21f57a9bf17530f00be42e410600a85eee00c$155$00

去除头部的 tao.7z: 即可

4. VeraCrypt

dd if=./tao.hc of=veracrypt.hash bs=1 count=512

5. Bitlocker

bitlocker2john -i tao.vhd > bitlocker.hash

得到如下内容

Encrypted device tao.vhd opened, size 128MB UP Nonce: 609190bff0fdd70103000000 UP MAC: 984d211d747e9bb5a39fe8b377648cee UP VMK: 9c2fe7d7e5b77504d32dca6e76ef429d9b9b63017020aa6855ac7a948de9533df5f7eb5814a76408e89b7fdf

Salt: f286ceb259d919fd578a74739b2735c2 RP Nonce: 609190bff0fdd70106000000 RP MAC: 44e827adb417efe408d46d7c3b136f8a RP VMK: a78768967de3610d6525cfb77cae91a727d12a3e8f6db93af576cead2d01264b06be3d52e7a61f24e8b62401

User Password hash: $bitlocker$0$16$57c9e4d00a62ce8a022ec847b5312a8f$1048576$12$609190bff0fdd70103000000$60$984d211d747e9bb5a39fe8b377648cee9c2fe7d7e5b77504d32dca6e76ef429d9b9b63017020aa6855ac7a948de9533df5f7eb5814a76408e89b7fdf Hash type: User Password with MAC verification (slower solution, no false positives) $bitlocker$1$16$57c9e4d00a62ce8a022ec847b5312a8f$1048576$12$609190bff0fdd70103000000$60$984d211d747e9bb5a39fe8b377648cee9c2fe7d7e5b77504d32dca6e76ef429d9b9b63017020aa6855ac7a948de9533df5f7eb5814a76408e89b7fdf Hash type: Recovery Password fast attack $bitlocker$2$16$f286ceb259d919fd578a74739b2735c2$1048576$12$609190bff0fdd70106000000$60$44e827adb417efe408d46d7c3b136f8aa78768967de3610d6525cfb77cae91a727d12a3e8f6db93af576cead2d01264b06be3d52e7a61f24e8b62401 Hash type: Recovery Password with MAC verification (slower solution, no false positives) $bitlocker$3$16$f286ceb259d919fd578a74739b2735c2$1048576$12$609190bff0fdd70106000000$60$44e827adb417efe408d46d7c3b136f8aa78768967de3610d6525cfb77cae91a727d12a3e8f6db93af576cead2d01264b06be3d52e7a61f24e8b62401

只保留 User Password hash 部分内容

$bitlocker$0$16$57c9e4d00a62ce8a022ec847b5312a8f$1048576$12$609190bff0fdd70103000000$60$984d211d747e9bb5a39fe8b377648cee9c2fe7d7e5b77504d32dca6e76ef429d9b9b63017020aa6855ac7a948de9533df5f7eb5814a76408e89b7fdf

使用hashcat破解各种加密文件命令

1. WinZip

hashcat -m 13600 zip.hash example.dict

2. WinRAR

hashcat -m 13000 rar.hash example.dict

3. 7-zip

hashcat -m 11600 7z.hash example.dict

4. VeraCrypt

hashcat -m 13721 veracrypt.hash example.dict

5. Bitlocker

hashcat -m 22100 bitlocker.hash example.dict

测试用加密文件和字典文件下载

所有测试用加密文件密码 fatpanda

蓝奏云 https://wwe.lanzouw.com/ijhCZy77qti 密码:hhbd

扩展知识

如果zip或者7z压缩包中的文件过大，hashcat可能无法破解，建议使用john破解，参考代码如下

1
2

john --format=zip hash-to-crack.txt --wordlist=./example.dict
john --format=7z hash-to-crack.txt --wordlist=./example.dict

网飞合租：https://d.126126.xyz/5
自用机场：https://d.126126.xyz/3
youtube：https://www.youtube.com/c/ericwang618
哔哩哔哩：https://space.bilibili.com/221010336
Telegram：https://t.me/first_sunlight
个人网站：https://www.126126.xyz
合作邮箱：fs104300@outlook.com