Ultra Zip Password Cracker v3.00 (c) 1998-1999 Ivan Golubev
===========================================================


Contents
========

  Description
  Requirements
  Usage
  Template attack
  National languages support
  Performance
  Known bugs and limitations
  Future enhancements
  How to register
  Special thanks
  Technical support
  Where to get the latest version


Description
-----------

Ultra Zip Password Cracker (or UZPC) can be used to crack (or recover)
passwords for .ZIP archive files. There are many programs that are
similar to UZPC, but UZPC has some advantages that others do not:

  - UZPC does complete password checking, i.e. if it finds a password,
    it can be relied on that this is a correct password. Some other
    program can give false passwords, especially if the archive contains
    less than three files.
  - UZPC supports three types of attack: "brute-force", dictionary based
    and a mix of "brute-force" and dictionary based, called a template attack.
  - UZPC is a very fast program. It is highly optimised for speed. On
    a Cyrix PR 233 system its performance is about 600000 password tests per
    second, when the archive contains three or more files. When an archive
    contains less than three files, the program performance degrades depending
    on the archive size.
  - UZPC can works with archives that contain files with different passwords.
  - UZPC has a user friendly GUI.
  - UZPC is customisable: you can set up the minimum and maximum password
    length, define the type of characters used in the password for a
    "brute-force" attack, and you can choose the method of modifying a test
    password from the dictionary file, for a "dictionary based" attack.
  - You can interrupt UZPC at any time and save the current cracking status.
  - UZPC shows you an estimate of the time remaining for a solution.
  - There is multi-lingual National language support, using simple text files.


Requirements
------------

To run this program you need:
  - A computer with running Windows 95/98/NT.
  - About 100 kilobytes of free hard disk space.


Usage
-----

After starting UZPC, select the Task menu, choose New, then select
the ZIP archive file that you want to process. In the next dialog box
select the attack type to be used, and the files in the archive that
are to be attacked, (or select that all files have the same password). 

If you have selected the "brute-force" attack, in the next dialog box
define the characters to use in the password search, and the minimum
and maximum password length. Then press the "Go" button.

If you have selected the "dictionary based" attack, in the next dialog box
enter the dictionary name and choose how to modify passwords found in the
dictionary file. Then press the "Go" button. The program automatically
recognises the line delimiter used in the dictionary file. It may be
DOS <CR/LF> or UNIX <LF> or just a <CR> delimiter.

For the "template attack" see the description below.

The program is now working. It shows the current status. You can see the
current password being tested, the average passwords tested per second,
and the estimated time to reach a solution. The status information is
updating every 5 (by default) seconds. At any moment you can interrupt the
cracking process by selecting the "Task\Stop" menu item. Also at any moment
you can save the current cracking status by selecting the "Task\Save" menu 
item. By default, UZPC will save the current cracking status in a file with an
extension of .pcs, and with the same name as the ZIP archive file being
processed. You can open this file later and continue the cracking process
from the saved position.

If you think that your system is not stable you can use the autosave function.
Select "Options\Setup" and check "autosave every xx minutes". Note that if
you start a new task with autosave "on" then you will be asked for the status
filename when the autosave time comes (if you have not manually saved the
status previously).

Also you can change the time interval between status updates. However, we
recommend that the update time interval be 5 or more seconds; if it is less 
than 5 seconds the speed of execution of the program will decrease by between
5% and 10%.

If you think that UZPC takes up too much space on the task bar you can select 
"Options\Setup\Minimize to tray".

When (if) UZPC find a password it stops working and displays the results.
It shows the ZIP archive filename, files that has been attacked, the
password for those files and the password length. Also UZPC saves the
password in a file with the extension .psw, into the same location
as the ZIP archive.


Template attack
---------------

A "template attack" is a mix of "brute-force" and a dictionary-based attack. It
can greatly assist in the finding of a password if you know something about the
password. The main idea of a template attack is to subdivide the password using 
known information. Each part of a template may be either some character set
with a minimum and maximum length, or some word from a dictionary file. To 
understand how to use a template attack let's take some examples:

I. I remember that the password starts with two digits (but I don't remember
them), then I used from 4 to 6 lower case letters and maybe I used a special 
character at the end.

So I select template attack and describe the template as:
+----------+--------------+------------------------------+
| Position | Repeat Count |    Description               |
|          |  min  |  max |                              |
+----------+-------+------+------------------------------+
|        1 |   2   |   2  |   Digits (0123456789)        |
|        2 |   4   |   6  |   Lower case letters (abc...)|
|        3 |   0   |   1  |   Special symbols (!#$...)   |
+----------+-------+------+------------------------------+
Using this template UZPC starting to generate password from 00aaaa, 00aaab,
00aaac, ..., 00baaa, ..., 12adef$, ..., 21ivan$, ..., up to 99zzzzzz~.
This template will be processed much faster than a "brute-force" attack that 
uses character sets "digits" + "lower case letters" + "special symbols", and
with a minimum length of 6 and a maximum length of 9.

II. Ok, let's look at the standard keyboard layout:
 1 2 3 4 5 6 7 8 9 0 - = \
  q w e r t y u i o p [ ]
   a s d f g h j k l ; '
    z x c v b n m , . /

Consider the case where I remember that the password for a file is, for example,
"golubev".  Suppose I incorrectly typed the password, so that in fact "golubev"
is incorrect. Then, given that word, I know which parts of the keyboard I
originally pressed, (or I've watched how another person typed in a password :-)).
Using that incorrect password I can create the following template:
+----------+--------------+----------------------------+
| Position | Repeat Count |    Description             |
|          |  min  |  max |                            |
+----------+-------+------+----------------------------+
|        1 |   1   |   1  |   rtyfghcvbn               |
|        2 |   1   |   1  |   890iopjkl;               |
|        3 |   1   |   1  |   iopkl;m,./               |
|        4 |   1   |   1  |   678yuighjk               |
|        5 |   1   |   1  |   fghjvbn and space        |
|        6 |   1   |   1  |   234wersdf                |
|        7 |   1   |   1  |   dfgcvb and space         |
+----------+-------+------+----------------------------+
Using this template UZPC can find such passwords as "go;ubev" or "holubwv".

III. Since I am smart enough not to password a file with only a simple word, 
I've used a more complex password, but I've forgotten that password! And,
because I am so smart, the password cannot be recovered by a simple 
dictionary based attack (even using all available modifiers).
However, I know that the password starts with from 2 to 3 digits, 
then I've used some simple word, and maybe I've used a special symbol at the
end. So, first I create a dictionary file of the likely words that I may have
used, (I don't know what word I've used but I try to anticipate it):
=================================================================
ivan
formula-1
f1
formula1
formula_1
password
uzpc
computer
ok
ok computer
radio
head
=================================================================
I have called this dictionary file mydict.txt.

Secondly, I create the following template:
+----------+--------------+-------------------------------------+
| Position | Repeat Count |    Description                      |
|          |  min  |  max |                                     |
+----------+-------+------+-------------------------------------+
|        1 |   2   |   3  |   digits                            |
|        2 |   -   |   -  |   Word from "mydict.txt":           |
|          |       |      |   all upper/lower case combinations |
|        3 |   0   |   1  |   Special symbols                   |
+----------+-------+------+-------------------------------------+

UZPC starts to work and after some time it finds the correct password
"91FoRmuLa-1$". Wow, it's not so good to be too smart :-)


I hope these examples will help you to understand how to use the
"template attack". But if you have some questions feel free to contact us.

One more thing. If you do not know anything about the password _DON'T_
use the "template attack" because it runs at about half the speed of the
"brute-force" attack (but it checks much fewer passwords then does 
the "brute-force" method).


National languages support
--------------------------

UZPC can support national languages. There is a message file named uzpc.lng
in the same directory as the program. You can replace this file with
another that contain messages in your national language.


Performance
-----------

  Here is a small table with testing results. 
+-------------------+-----------------------+--------------------------------+
|    Computer/OS    | Passwords per seconds |       Passwords per seconds    |
|                   | (one file in archive) | (two or more files in archive) |
+-------------------+-----------------------+--------------------------------+
| iP-166 MMX  Win95 |       230 000 (*)     |           410 000 (**)         |
| Cyrix PR233 Win95 |       410 000 (*)     |           690 000 (**)         |
| K6-2-300    WinNT |       690 000 (*)     |         1 570 000 (**)         |
+-------------------+-----------------------+--------------------------------+

(*) in this case speed is highly depend on file size. You can increase this
speed if you are using a very small file (about 1-2K). If the compressed file
is large then speed will be reduced. For example, for a file with an
uncompressed size of 110Kb and compressed size of 17Kb, speed on an Am5x86
system is about 35000 passwords checked per second.

(**) If you are using three or more files this is the real speed. If you are
using two files then speed will reduced depending on file size.


Known bugs and limitations
--------------------------
  - UZPC supports only compression methods 0 (storing) and 8 (deflating)
    (Are you in need of other ones? :-))
  - UZPC cannot open some specific zip archives.


Future enhancements
-------------------
  - Plain text attack type.
  - Speed optimisation.
  - Support local network.
  - Your wishes.


How to register
---------------
Why you should register ....

Because,

  - your support helps the author make this program better.

  - you gain access to all the features of UZPC. Being unregistered, UZPC
    does not support passwords with a length exceeding five characters for
    a brute-force attack. Also, UZPC doesn't support modifiers "All available
    combinations", "Reverse order" and "All available combinations in
    reverse order" for dictionary-based/template attacks.

Once registered you will receive your own registration number. After you
enter it in the Options/Registration dialog box, you will gain access to
all the features of UZPC. Note that the registration number will be valid
for all future updates of UZPC. Registration costs 30 US Dollars.

At this moment there are two ways to register:

1. The fastest way is to use a credit card. You can register UZPC via the
"Register Now" option at :

	https://www.regnow.com/softsell/nph-softsell.cgi?item=1964-1

NOTE : The information you send about your card is in a very secure format.
       No one can read it other than credit card processor program.

2. You can transfer $30 direct to our bank account. If you want to use this 
method, tell us in what country you live and we will send you more detailed
information. But please note, there are taxes for bank transfers. The taxes
can be up to 100%!

If you cannot use either of these ways contact to us, and we'll try to find
another way.

You can contact us via e-mail at m53group@mail.infostar.ru.


Special thanks to
-----------------
	Chris Gregory who edited this file.


Technical support
-----------------
For technical support please contact :

	Ivan Golubev at m53group@mail.infostar.ru
or
 	Denis Gladysh at m53group@www.chat.ru


Where to get the latest version
-------------------------------
The latest version of this program is available from our web pages at :

	http://members.xoom.com/m53group

or the Russian mirror

	http://www.chat.ru/~m53group

