You have a ZIP with forgotten password. Practical question: do you crack it yourself with free hashcat or pay USD 80 to a service? Answer depends on 4 variables: ZIP encryption type, suspected password length, your hardware, and how much your time costs.
The 2 ZIP encryption types (critical)
Not all ZIPs are equal. Two completely different modes:
| Mode | Intro year | hashcat module | RTX 3090 speed |
|---|---|---|---|
| ZipCrypto (legacy) | 1989 | -m 17200 / -m 17220 | 2.5 billion h/s |
| AES-256 (WinZip 9+) | 2003 | -m 13600 | 50 thousand h/s |
50,000x speed difference. Identifying encryption is critical before starting:
$ unzip -l file.zip # If "Encrypted": ZipCrypto (fast, crackable) # If "AES-256": AES (slow, near-impossible without strong hint) $ zipinfo -v file.zip | grep -i "method\|encryption"
hashcat ZipCrypto recipe (the easy one)
If confirmed ZipCrypto:
# Step 1: extract hash with zip2john (included in John the Ripper) $ zip2john file.zip > hash.txt # Step 2: hashcat dictionary attack $ hashcat -m 17200 -a 0 hash.txt rockyou.txt # Step 3 (if dict didn't find): brute force common charset $ hashcat -m 17200 -a 3 hash.txt ?a?a?a?a?a?a?a?a # ?a = all printable ASCII. 8 chars = 6 quadrillion, ~3 hours RTX 3090
If you have length or charset hint:
# Lowercase + numbers only, exactly 8 chars $ hashcat -m 17200 -a 3 hash.txt ?l?l?l?l?l?l?d?d # 26^6 ร 10^2 = 30 billion, ~12 seconds on RTX 3090 # Word + 4 numbers (typical "puppy2019" password) $ hashcat -m 17200 -a 6 hash.txt rockyou.txt ?d?d?d?d # Combinator mode: each rockyou word + 4 digits
AES-256 โ the bad news
If your ZIP is AES-256 (modern encryption), compute becomes brutal:
| Password | Combinations | RTX 3090 at 50K h/s |
|---|---|---|
| 6 alphanumeric chars | 56 billion | 13 days |
| 8 alphanumeric chars | 218 trillion | 138 years |
| 10 alphanumeric chars | 853 quadrillion | 540,000 years |
AES-256 without hint is mathematically impossible. With strong hint (length + charset + theme) you can drop to months, not years.
When DIY (hashcat) is best
- You have decent NVIDIA GPU (RTX 3060+, ideally RTX 3090/4090)
- ZIP is ZipCrypto, not AES
- You can write terminal commands without panicking
- You have reasonable hint (length, charset)
- File is NOT critical/urgent โ can wait days/weeks
- You can dedicate the PC (no gaming/working while it runs)
Real DIY cost: USD 0 (assuming you already have GPU + electricity ~USD 5/day).
When pro service (USD 80) wins
- No GPU (CPU is 1000x slower, infeasible)
- It's AES-256 ZIP with strong hint (need our 5ร3090 cluster, not 1 home GPU)
- File is urgent (client, work deadline, inheritance)
- Don't want to spend 20-40h learning hashcat + tuning parameters
- Password has complex patterns (mix languages, symbols, Unicode) requiring custom rules
- Want guaranteed "no-find / no-pay" (DIY has no time refund)
Our service: USD 80 if recovered, USD 0 if not. Result in 24-72h average.
Honest numerical comparison
| Case | DIY hashcat | UnlockFile USD 80 |
|---|---|---|
| ZipCrypto, 6 chars, no hint | 5 minutes RTX 3090 | 30 minutes |
| ZipCrypto, 8 chars, alphanum charset | 3-12 hours RTX 3090 | 1-4 hours |
| ZipCrypto, 10 chars with theme hint | 1-3 days dict + rules | 3-8 hours |
| AES-256, 6 chars, no hint | 13 days dedicated RTX 3090 | 1-2 days on cluster |
| AES-256, 8 chars with reasonable hint | 1-3 weeks | 3-7 days |
| AES-256, no hint at all | Impossible | NOT viable, we tell you upfront |
Identify your case in 30 seconds
- Open terminal with ZIP at hand
- Run:
unzip -l file.zip 2>&1 | head -20 - If "x.txt encrypted" โ probably ZipCrypto (fast)
- Run:
zipinfo -v file.zip | grep -A 1 "method" - If "AES-256-encrypted" โ AES (need GPU cluster)
When you know type, email hola@unlockfile.app with that info + any password hint. We tell you within 24h estimate + viability.