The following is probably the easiest way to retrieve the password used for the archives of some games, in fact it's quite common to find ZIP archives (sometimes with non-zip extensions like pak, dat) and protected by password using the ZipCrypto algorithm.
In this method I will use no debuggers, no breakpoints, no signsrch... nothing that makes you feel a pro

Necessary tools:
QuickBMS http://aluigi.org/quickbms.htmZIP password scanner (script) http://aluigi.org/papers/bms/zip_pwd_scan.bmsexestringz http://aluigi.org/mytoolz.htm#exestringzdumproc http://aluigi.org/mytoolz.htm#dumprocAlternatively you can use:
exestringz ->
strings http://technet.microsoft.com/en-us/sysi ... 97439.aspxdumproc ->
procdump http://technet.microsoft.com/en-us/sysi ... 96900.aspxThe example game for this tutorial is Mini Robot Wars:
http://www.bigfishgames.com/download-ga ... index.htmlLocate the ZIP archive:

This step is not ever necessary but it's a good way to avoid problems with packed/protected executables and games that built the password at runtime.
So, launch the game:

Launch dumproc specifying the name of the executable:
Code:
dumproc mrw.exe dump.dat
Please note that sometimes you may have two processes of the same game, remember to specify the PID of the second one, like in the following case:

In that specific case you had to specify the exact pid of the game, so:
Code:
dumproc 3692 dump.dat
Now use exestringz on the dumped process with the -b option:
Code:
exestringz -b -q 1 dump.dat passwords_list.txt
The alternative command for the "strings" tool is:
Code:
strings dump.dat > passwords_list.txt
Launch the ZIP scanner script against the ZIP archive:
Code:
z:\>quickbms zip_pwd_scanner.bms "C:\Program Files (x86)\Mini Robot Wars\DATA"
QuickBMS generic files extractor and reimporter 0.5.32
by Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
(Jul 19 2014 - 10:03:02)
http://quickbms.aluigi.org
http://twitter.com/luigi_auriemma
- open input file C:\Program Files (x86)\Mini Robot Wars\DATA
- open script zip_pwd_scanner.bms
- set output folder .
offset filesize filename
--------------------------------------
- enter in folder C:\Program Files (x86)\Mini Robot Wars
- open input file C:\Program Files (x86)\Mini Robot Wars\passwords_list.txt
- enter in folder .
- open input file z:\\passwords_list.txt
- SCRIPT's MESSAGE:
the error "incomplete input file number 1" means that no password was found
- SCRIPT's MESSAGE:
FILE: Resource/
- SCRIPT's MESSAGE:
FILE: Resource/Button/
- SCRIPT's MESSAGE:
FILE: Resource/Button/Btn_Adv_Lab_Disable.png
- SCRIPT's MESSAGE:
scanning in progress, please wait patiently...
- SCRIPT's MESSAGE:
Password found:
EC?^!98$$%ab17
- SCRIPT's MESSAGE:
(hex visualization for debugging)
45433f5e21393824242561623137
- 0 files found in 1 seconds
coverage file 0 0% 10982 123799172
coverage file 1 45% 97303 213932
coverage file -1 366600% 39534144 10784
coverage file -2 366600% 39578136 10796
The password has been found:
EC?^!98$$%ab17This is the final recap of the steps:
- launch the game
- dump the process
- dumps the strings in a wordlist file
- crack the zip using the wordlist
That's all.
It's super easy, it requires no skills and works most of the times.