DEV Community

Discussion on: 7zip archives under attack!

Collapse
polyluxus profile image
Martin Schwarzer

It would probably be best to use some other encryption, where you don't have to store away passwords (plural!) in your brain attic. For example, gpg should come to mind naturally, if you're at all concerned with protecting data. And I'd assume you won't forget the password for your key.

If you're using the route with the bash script, you should store the passes to test in an array, as your script breaks passwords with spaces. You also can use the exit status of 7z directly and don't have to subshell any of the processes. I'd imagine something like that:

#!/bin/bash

passwords=('My')
passwords+=('passwords')
passwords+=('may')
passwords+=('contain')
passwords+=('some spaces,')
passwords+=('and')
passwords+=('+~#')
passwords+=('stuff')

archive="$1"

printf '%s' "Start attacking . . ."

for testpass in "${passwords[@]}" ; do
  if 7z t "$archive" -p"$testpass" &> /dev/null ; then
    printf ' .\nPassword is: "%s" \(°^°)/\n' "$testpass"
    exit 0
  else
    printf ' .'
  fi
done
printf ' ( -- ____ -- )\n%s\n' "Sorry, didn't find any appropriate password."
exit 1

Or a bit more universal:

#!/bin/bash
archive="$1"
printf 'Abort with Ctrl-C.\nTesting next: '
read -r testpass
until 7z t "$archive" -p"$testpass" &> /dev/null ; do
  printf 'Testing next: '
  read -r testpass
done
printf "That's it! '%s' \\(°^°)/\\n" "$testpass"
Collapse
dskuratovich profile image
Dmitry Author

That's a point! Thanks for the idea, I think it's good one!
But you know sometimes when that already happened we just have to find a solution!

So for that case it was a solution, but yours is also fine, I will keep that in mind!