How to Open a Passworded Archive and Remove the Password from It?

One of those frequent questions. It constantly arises here and there, in different contexts. So the answer depends on the context and the following:

What type of archive is it: Zip or RAR?
Is the password known or has it been lost?
If the password is lost, what is the easiest way to find it?

Learn how to open a password-protected RAR or ZIP archive and how to remove the password from such an archive.

In this article I am going to tell you (and showcase) how to most effectively handle password-protected archives and how to find lost passwords quickly (as can be in the case of strong protection).

Let's get started.

Opening a Password-Protected Archive
Removing a Password from an Archive
How to Unlock an Archive If the Password is Lost

Opening a Password-Protected Archive

The principles of protection in modern archives are the same: they all use well-proven and established strong password hashing and data encryption algorithms. The contents of an archive are packed, the password is hashed into a key of sufficient length which is then used to encrypt the archive. Opening and decrypting a password-protected archive occur in reverse order, i.e. you enter the password, the archiver computes the key from it, then decrypts the container and unpacks your files. It's simple!

RAR archive with a password

Start WinRAR archiver, select and open your passworded archive with it. When you initiate extraction of the archive's content, the program will prompt you to enter the password:

WinRAR: Interface for Extracting Archive Contents — WinRAR. Interface for extracting archived content

Enter the password and get access to your archived data:

WinRAR: Interface for Requesting Password to Extract a Password-Protected Archive — WinRAR. Requesting a password to unpack the encrypted archive

Now you can proceed to work with the content of the archive as usual. When you close the archiver (or the archive file), WinRAR will encrypt the data again and the next time you open the file, you will need to enter the password again.

Zip archive with a password

All that works the same way for Zip archives as well.

Start, for example, 7-Zip archiver. Just like its commercial alternative WinZip, 7-Zip enables you to create archives with classic encryption (aka ZipCrypto encryption method) or more secure archives with AES-256 encryption. use 7-Zip to locate the folder with your archive and double-click on it. This will open the archive. Start extracting your data from the archive or click on the file just like in the Explorer. The program will prompt you to enter the password:

7-Zip: Four Steps to Accessing a File in an Encrypted ZIP Archive — 7-Zip. Steps to open a file from a password-protected archive

Once you have entered the password, the archiver will unpack, and you will be able to work with your data:

7-Zip: Successfully Opened File from a Secure Archive Opens in Default Program — 7-Zip. A file from a password-protected archive is successfully opened in the default program

Removing a Password from an Archive

If password protection is no longer needed, it is better to remove the password to avoid its loss or other potential issues.

But here's the thing. One does not simply remove a password from an archive. 😜

Indeed, you can't just simply remove the password from the archive ;)

To remove the password from an archive, you can only create a new archive, a copy of the one with the password only without such password protection. In other words, you will need to open the passworded archive (as shown above), extract its contents, and then create a new archive.

Here's how you can do it.

Removing the password from a RAR archive

Select the files or the folder that you have extracted from your password-protected archive.

You don't have to select all of them at once. You can start with any of them so you can add the rest of the files to the archive later.

Click the «Add» button. This will initiate the creation of a new archive (or adding files to an existing archive).

In the pop-up window specify the parameters for the new archive: destination folder, name, format, compression methods, etc. Needless to remind you, you don't need to set a password this time, right? 😉

WinRAR: Interface for Creating RAR Archives and the Steps to Achieve It — WinRAR. Interface for creating a RAR archive

If you want to add files to an existing archive, just select it by clicking on the «Browse…» button.

WinRAR: Instructions on How to Add Files to an Existing RAR Archive — WinRAR. How to add files to an existing RAR archive. A step by step tutorial

That's about it: click the «ОК» button, and the archiver will create an archive without a password, containing the files extracted from the original password-protected archive. Now you can forget about the password. 😜

Removing a password from a Zip archive

Once again, I suggest using 7-Zip to handle Zip archives. It retains the same sequence of removing a password from a Zip archive. First, unpack the passworded archive and then repack it into a new archive without a password.

Similar interface and exactly the same logic 😉

Select the extracted files you need and click the «Add» button.

7-Zip: Interface for Creating a ZIP Archive — 7-Zip. Creating a Zip archive

Specify the archiving parameters (note that the options are mostly the same as in WinRAR).

7-Zip: Interface for Configuring ZIP Archive Parameters During Creation — 7-Zip. Configuring Zip archive parameters

Just Click «ОК» and there you have it – your unlocked Zip archive.

How to Unlock an Archive If the Password is Lost

Well, first, it turned out quite easy to open a password-protected archive and remove the password from it. Everything is intuitively clear and simple.

Admittedly, it's not as simple when the password is lost. 😉

Archivers use impeccably reliable and secure algorithms to protect and encrypt data. These time-proven algorithms have been tested by many. The highly complicated process of generating encryption keys leaves no 'back doors' to use.

When the password for the archive is lost, the only way to regain access to data is to recover the password by trying all possible combinations of characters. This method is known as a brute force attack.

Next.

The number of combinations that need to be tested depends on the password length and the sets of characters used to generate those passwords (i.g. uppercase letters, lowercase letters, numbers, special characters). It can be calculated by the formula:

Number of combinations = number of characters ^{password length}

Here are a few examples:

1. A password with a length of 6 characters, consisting only of digits. The total number of combinations to test is: 10 (number of digits from 0 to 9) ^{6 (password length)} = 1 000 000

2. A password with a length of 6 characters, consisting of digits and lowercase Latin letters. In this case, the number of combinations to test is calculated as follows: (26+10) ⁶ = 2 176 782 336

3. A password with a length of 6 characters, where nothing is known about it, and the entire set of characters has to be tested i.e. 26 (lowercase letters) + 26 (uppercase letters) + 10 (digits) + 33 (special characters). The problem to solve becomes significantly more complex: (52+10+33) ⁶ = 735 091 890 625

Oopsy-daisy! Suddenly it is not that simple anymore. The testing process will definitely take some time… 😁

To enjoy efficient recovery of passwords to your archives you will need a program that can do the following:

1. iterate through passwords at the maximum processing speed of your computer

2. cut off a priori futile password variations

Let me introduce a couple of software solutions by Passcovery: Accent RAR Password Recovery for RAR archives and Accent ZIP Password Recovery for Zip archives.

Here's what makes each one an excellent choice:

1. Both programs are optimized for operation with various processor families which ensures invariably high speed of password recovery

2. The programs support GPU acceleration on both AMD and NVIDIA graphics cards (though there may be some limitations ^1,
2)

3. They offer three types of password attacks to choose from:

Brute force attack
Brute force attack with extended mask
Dictionary attack

4. The programs provide advanced search customization options to manipulate the range of possible hits:

Extended (positional) mask to use with the brute force attack
Combining and mutating dictionaries option to use with the dictionary attack

5. These programs allow you to configure and run diverse attack scenarios with varying levels of complexity

In short, these programs have got all it takes to successfully recover lost passwords. 👍 – ★★★★★

The installation packages are compatible with Windows, signed by Passcovery, and absolutely free malware (VirusTotal – 0/93).

Consolidated Antivirus Report for the AccentZPR Distribution on VirusTotal — VirusTotal antivirus report on AccentZPR distribution

You can download, install and start using the programs right away. Now let me guide you through the process of recovering a password for an archive.

	Accent RAR Password Recovery for passwords to RAR archives	Download Windows x64 Version
	Accent ZIP Password Recovery for passwords to Zip archives with classic and AES-256 encryption	Download Windows x64 Version

In my example, I will work with a Zip archive using Accent ZIP Password Recovery. All Passcovery programs have a unified interface, with the only difference being the supported formats. So lost RAR passwords can be recovered in the exactly same way.

1. Start the program and open your password-protected archive. Enjoy the usual navigation in Windows i.e. the menu, taskbar icon, or hotkeys («Ctrl+O»):

Accent ZIP Password Recovery: Main Program Window Interface — Interface of Passcovery Programs. Example: Accent ZIP Password Recovery

2. At this stage the program will define the type of protection enabled and give a rough estimate of the time required to complete a brute force attack:

AccentZPR: Information on the Protection Applied in ZIP Archives — Passcovery software products Information about the enabled file protection

3. At the next stage, you can choose one of the three types of attacks to search for the lost password:

Brute force attack (with a simple mask)
Extended mask attack (with this one you can specify sets of characters for each position in the password)
Dictionary attack (this attack allows you to combine up to four dictionaries and modify them according to your own rules)

AccentZPR: Selection of Predefined Scenarios or One of Three Attacks for Forgotten Passwords — Passcovery software products Selection of a password attack (one of the three available) or a preconfigured scenario

4❶. The most straightforward and penny-plain method, which may take as long as lifetime [life of the Universe? 😜], but definitely a successful one is brute force attack.

Set parameters for password generation, and the program will generate passwords and test them until the right one is found:

AccentZPR: Brute Force Attack Configuration Window — Passcovery software products. Brute force attack (direct search) settings

To use the brute force attack, you can (and it is recommended) to specify the following:

Language alphabet
A set of applicable characters (uppercase and lowercase letters, numbers, special characters); the set can be edited (option «User defined»)
Minimum and maximum password length (you do remember the formula to calculate the range of possible passwords, don't you? 😜)
Simple mask (the unknown parts of the password should be hidden under the «Mask symbol». Then each character from the defined charset will be tested as each masked symbol)

At this point the program will show the estimated number of options to test and the time it will take to go through ALL of them. The processing speed is based on previous password search sessions completed for archives.

AccentZPR: Panel Showing Speed and Time Information for Password Cracking with Current Settings — Passcovery software products. Information window displaying the estimated speed and time required to find the password with current settings

4❷. A more advanced method is brute force attack with an extended (positional) mask.

What if you have an idea of the password structure, its composition and that different sets of characters can be used in different parts of it?

Here's the most primitive example: the password starts with an uppercase letter and ends with two numbers (for example Peace24).

Trying out the full set of characters (uppercase, lowercase, and numbers) in all positions would result in 3 521 614 606 208 generated passwords. However if in the first position you only test uppercase letters, then only numbers in the last two positions, and lowercase letters in the middle part, there would only be 1 188 137 600 options to try.

That is 2 964 times fewer. In other words, it's almost three thousand times faster!

You might not even have time to make a cup of coffee… 😉(see item below)

Unfortunately the mask description window in Passcovery programs cannot boast a very user-friendly interface. But if you figure it out, you can skillfully cut off redundant tests and save a lot of time.

AccentZPR: Positional Mask Configuration Window for Brute Force Attacks on Lost ZIP Passwords — Passcovery software products. Settings of extended (positional) mask

In the Passcovery knowledge base there is an article with how-to's and case studies about the extended mask option. To create a mask for your specific case see the how-to guide and feel free to reach out to the support.

4❸. Dictionary attack is the first method I recommend when nothing is known about the lost password.

There are many different dictionaries available online. They contain lists of popular passwords, passwords from leaks, passwords in different languages, etc. And there is always room for human foolishness (and/or carelessness). So no matter how strong protection may be, there is a chance the password is «1234»… 😁

Accent ZIP Password Recovery for Zip passwords (as well as Accent RAR Password Recovery for RAR passwords) allows you to enable up to three dictionaries and various mutations, defined by the developer.

AccentZPR: Dictionary Selection and Predefined Mutation Connection for Dictionary-Based Attacks — Passcovery Programs. Selection of dictionaries and enabling simple mutations for dictionary attack

What puts Passcovery programs out of the crowd is the possibility to create custom mutations for dictionaries. The feature comes as super handy when you know that the password is a compound phrase consisting of several blocks.

In this case you can set a few rules for combining up to four dictionaries with the desired 'blocks' and their subsequent mutations according to the defined rules. The «Rule Editor» is another great tool that helps visualize the process of merging dictionaries and their mutation.

AccentZPR: Crafting Advanced Rules for Combining and Mutating Dictionaries in the 'Rule Editor' — Passcovery Programs. Creating 'advanced' rules for merging and mutating dictionaries with the help of 'Rule Editor'

At the next step the rules and dictionaries are linked to the configuration of the dictionary attack. Here's a step-by-step how-to guide. Though the presented example is about recovery of an Apple iOS backup password using Passcovery Suite, but the interfaces are identical, remember?)

5. And that's about it. Once all the settings are done, we are good to start the search by clicking «Finish». The program will automatically adjust the processing speed and calculate the attack duration. It's the right time to brew yourself a cup of coffee…

The recovered password will be displayed as an imitation of a hyperlink. Click on it to copy the password to the clipboard.

AccentZPR: Successful Password Recovery and Copying to Clipboard — Passcovery programs. Password successfully recovered and copied to the clipboard

The password has been found, open the password-protected archive and delete the password from it, as recommended above.

Author: Denis Gladysh, co-owner, and head of Passcovery – a provider of high-speed GPU-accelerated software solutions for recovering passwords for popular file formats; author of the first versions of Accent OFFICE Password Recovery, created in 1999.

Three Questions About Archive Password Protection

❶ What are backdoors in security?

Imagine you have purchased a door for your home with an unpickable lock (according to the lock manufacturer). And you always lock your secure door with a super-lock so that no one but you can enter the house. But it turns out the lock has a flaw. Like… ~~one ring to rule them all~~ 😏or a kind of a master key, or there a certain sequence of actions that need to be performed so the door will open, as if unlocked with your key. Such techniques applied to bypass protection are called backdoors. They may be intentionally embedded by the developer or occur accidentally due to errors in the security system. That is, there are two ways to open your door: using brute force (with a gas cutter, saw or hammer drill) or using the Master Key. Gas cutting takes time and effort and it will open the door though leaving it destroyed. Whereas a backdoor allows you to unlock access quickly and without inflicting any damage.

Backdoor: Undocumented Techniques for Bypassing Security — Backdoors are undocumented techniques to bypass protection

❷ What are password dictionaries?

A password dictionary is kind of a book with a large list of words or phrases that people often use as passwords for their online or local accounts. For example, such a list could contain words like 'hello', 'password', '123456' and the like. Hackers can use such lists to try to break into someone's account or access protected information. Therefore, it is important to use complex and unique passwords that are difficult to guess.

Password Dictionary: A File Containing a List of Known Passwords — A password dictionary is a file with a list of popular passwords

❸ What is the difference between 7-Zip and classic zip protection?

7-Zip and the classic zip format are two different ways of compressing and protecting files.

7-Zip:

7-Zip is a more modern and powerful archiver that supports a greater number of compression and encryption algorithms
It provides a higher compression ratio than the classic zip format
7-Zip also supports various encryption methods, including AES-256, which is considered one of the strongest available today

Classic zip format:

Zip is one of the most common archiving formats
It usually offers less efficient file compression compared to 7-Zip
Zip also supports encryption methods, but their security level may not be as high as that of 7-Zip

Overall, 7-Zip provides stronger protection and more efficient file compression than classic zip.

The original defense of 7-Zip and classic zip are two different stories — The original protection of 7-Zip and the classic zip archive are two different stories

de pt