Brute‑Force Decryption of Password‑Protected Zip/Rar Files Using Python

The author received an encrypted zip/rar archive containing valuable photos and demonstrates step‑by‑step how to decrypt it using Python. First, the built‑in zipfile module (no installation required) and the external rarfile library (install via pip) are introduced for basic extraction with extractall .

For a zip file without a password, the simple extraction code is:

<code>import zipfile
with zipfile.ZipFile('test.zip') as zfile:
    zfile.extractall(path='./')
    print('File extracted successfully')
except Exception as e:
    print('Failed!', e)</code>

When a password is required, the password is passed as a byte string:

<code>with zipfile.ZipFile('protected.zip') as zfile:
    zfile.extractall(path='./', pwd=b'1234')
    print('File extracted successfully')
except Exception as e:
    print('Failed!', e)</code>

Chinese filenames may appear garbled after extraction. The fix involves editing the standard library file zipfile.py to re‑encode the filename strings:

<code>fname_str = fname_str.encode('cp437').decode('gbk')
filename = filename.encode('cp437').decode('gbk')</code>

To brute‑force an unknown password, the author first shows a nested‑loop generator that creates all 4‑character combinations from a given character set, then improves it using itertools.permutations :

<code>import itertools
my_pwdstr = 'abcdefghijklmnopqrstuvwxyz0123456789'
for pwd in itertools.permutations(my_pwdstr, 4):
    pwd_str = ''.join(pwd)
    # try extracting with pwd_str
</code>

The final flexible solution defines two functions: ext_file(pwd) to attempt extraction, and get_pwds(chars, length) to generate passwords of any length using itertools.permutations . The main block iterates over generated passwords, prints progress, and stops when extraction succeeds.

<code>def ext_file(pwd):
    try:
        with zipfile.ZipFile('encrypted.zip') as zfile:
            zfile.extractall(path='./', pwd=pwd.encode('utf-8'))
            print('File extracted successfully')
            return True
    except Exception as e:
        print('Failed!', e)
        return False

def get_pwds(chars, length):
    for combo in itertools.permutations(chars, length):
        yield ''.join(combo)

if __name__ == '__main__':
    chars = "abcdefghijklmnopqrstuvwxyz0123456789"
    for pwd in get_pwds(chars, 4):
        print('Testing password:', pwd)
        if ext_file(pwd):
            print('Decryption successful, password is', pwd)
            break
</code>

The article also suggests using password dictionaries, multithreading, or multiprocessing to speed up cracking when the password length or character set is unknown, and shares a real‑world outcome where the password turned out to be a simple pattern (surname initial + numbers).