BestHub
Sign in
Information Security 13 min read

Python ZIP Password Cracking Scripts: Encoding Fixes and Single/Multithreaded Brute‑Force Techniques

This article presents Python scripts for cracking ZIP file passwords, explains how to fix Chinese filename encoding issues, and provides single‑threaded, multithreaded, and dictionary‑based brute‑force methods with detailed code examples and usage instructions.

Python Programming Learning Circle
Python Programming Learning Circle
Python Programming Learning Circle
Python ZIP Password Cracking Scripts: Encoding Fixes and Single/Multithreaded Brute‑Force Techniques

The article provides a collection of Python scripts for cracking ZIP file passwords, addressing Chinese filename encoding problems and offering single‑threaded, multithreaded, and dictionary‑based brute‑force approaches.

Encoding fix : To resolve garbled Chinese filenames inside ZIP archives, modify zipfile.py so that when the flag 0x800 is set the filename is decoded as UTF‑8, otherwise decode it as GBK. Example:

<code>if flags & 0x800:
    # UTF-8 file names extension
    filename = filename.decode('utf-8')
else:
    # Historical ZIP filename encoding
    filename = filename.decode('gbk')  # 把cp437修改为gbk
</code>

Another location where the same change is needed uses fheader[_FH_GENERAL_PURPOSE_FLAG_BITS] and fname.decode('utf-8' or 'gbk') :

<code>if fheader[_FH_GENERAL_PURPOSE_FLAG_BITS] & 0x800:
    # UTF-8 filename
    fname_str = fname.decode("utf-8")
else:
    fname_str = fname.decode("gbk")   # 把原来的cp437更改为gbk
</code>

Single‑threaded numeric brute‑force : This script iterates over a numeric password range (default 1–1,000,000) and attempts extraction until the correct password is found.

<code>import zipfile, os, time, sys
os.chdir(r'C:\Users\asuka\Desktop\123')
start_time = time.time()

def get_zipfile():
    for file in os.listdir():
        if file.endswith('.zip'):
            return file

def extract():
    file = get_zipfile()
    zfile = zipfile.ZipFile(file)
    for num in range(1, 1000000):
        try:
            pwd = str(num)
            zfile.extractall(path='.', pwd=pwd.encode('utf-8'))
            print('解压密码是:', pwd)
            print('单线程破解压缩包花了%s秒' % (time.time() - start_time))
            sys.exit(0)
        except Exception:
            pass
if __name__ == "__main__":
    extract()
</code>

Single‑threaded alphanumeric brute‑force : Uses a custom iterator to generate random passwords of variable length.

<code>class MyIter(object):
    word = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    def __init__(self, min_len, max_len):
        self.min_len = min(min_len, max_len)
        self.max_len = max(min_len, max_len)
    def __iter__(self):
        return self
    def __next__(self):
        result_word = ''
        for i in range(0, random.randint(self.min_len, self.max_len)):
            result_word += random.choice(MyIter.word)
        return result_word

def extract():
    start_time = time.time()
    zip_file = zipfile.ZipFile('1.zip', 'r')
    for password in MyIter(password_min, password_max):
        try:
            zip_file.extractall(path='.', pwd=str(password).encode('utf-8'))
            print('压缩密码为:', password)
            print('破解压缩包花了%s秒' % (time.time() - start_time))
            sys.exit(0)
        except Exception:
            pass
</code>

Multithreaded dictionary attack : Reads passwords from a user‑specified text file and launches a thread for each candidate.

<code>def extractfile(zip_file, password):
    try:
        zip_file.extractall(path='.', pwd=str(password).encode('utf-8'))
        print('[+]' + zip_file + ' 解压密码是:', password)
        sys.exit(0)
    except Exception:
        pass

def main(password_file):
    for file in os.listdir():
        if file.endswith('.zip'):
            zip_file = zipfile.ZipFile(file)
            with open(password_file) as pf:
                for line in pf.readlines():
                    password = line.strip('\n')
                    Thread(target=extractfile, args=(zip_file, password)).start()
</code>

Combined 3‑in‑1 script : Supports pure numeric, alphanumeric, and dictionary attacks in a single program, with user prompts for password length ranges, working directory, and dictionary file selection.

<code># (The script includes functions ready_work(), get_zipfile(), MyIter, extract(), password_file_baopo(), run() etc.)
# It guides the user through selecting mode 1 (numeric), mode 2 (alphanumeric), or mode 3 (dictionary) and then executes the corresponding brute‑force routine.
</code>

The article concludes with screenshots of the three operation modes and a link to the original CSDN blog post.

Pythonencodingmultithreadinginformation securityzipBrute Forcepassword cracking
Python Programming Learning Circle
Written by

Python Programming Learning Circle

A global community of Chinese Python developers offering technical articles, columns, original video tutorials, and problem sets. Topics include web full‑stack development, web scraping, data analysis, natural language processing, image processing, machine learning, automated testing, DevOps automation, and big data.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment