bkcrack 1.5.0: could not find the keys with the whole plaintext file

[A-Kazak]

Greetings!

Please see a encrypted-plain pair of ZIP archives with a single PDF. Note that CRC32 of the file is the same in both archives.

I experience the following issue:

bkcrack.exe -C encrypted.zip --cipher-index 1 -p plain.zip
bkcrack 1.5.0 - 2022-07-07
[15:16:29] Z reduction using 1048569 bytes of known plaintext
0.6 % (5812 / 1048569)←[1K
[15:16:30] Attack on 137 Z values at index 1043310
100.0 % (137 / 137)[1K
[15:16:31] Could not find the keys.

What could be the issue?
How do I get the correct keys in this case?

Thank you.

encrypted.zip
plain.zip

[A-Kazak]

I have found the solution returning the correct keys:

bkcrack.exe --cipher-zip encrypted.zip --cipher-index 1 --plain-zip plain.zip --plain-index 1
bkcrack 1.5.0 - 2022-07-07
[11:46:39] Z reduction using 1048569 bytes of known plaintext
0.8 % (8111 / 1048569)←[1K
[11:46:41] Attack on 236 Z values at index 1041407
Keys: 699615a8 de21c139 4acb9156
19.9 % (47 / 236)←[1K
[11:46:42] Keys
699615a8 de21c139 4acb9156

The idea is to tell bkcrack explicitly the indices of cipher and plain text files.

[kimci86]

Hello,
As you understood, you had to tell bkcrack to use an entry inside plain.zip as known plaintext and not the file plain.zip itself.

Hopefully, it will become more straightforward in a future version once issue #11 is solved, so that giving the archives to use would be enough and bkcrack could guess that loading the one entry in each archive is the thing to do.

[A-Kazak]

I think that guessing may be messy especially with similar file names inside both archives.
For me the current scheme when a user assigns explicitly where the cipher and plain texts are is quite reasonable.

[kimci86]

Thank you for your feedback.
As far as I understand, your questions have been answered so I close this issue.