rar password recovery

Message

alex.blackbit · Post by **alex.blackbit** » Wed Feb 28, 2007 7:05 pm

hello everybody!

i just visited the openwall website because i was searching for a software to recover a rar password under linux. can it really be true that such things exist for windows plenty, but that there is not one for linux?
is there a reason for that?
and, please... i do not want to start a discussion here about what things that are ethically correct to do. i do not want to steal anybodies property.

kind regards
--alex

Post by **NeddySeagoon** » Wed Feb 28, 2007 11:17 pm

alex.blackbit,

rar is a propriatary archive format, so I suppose nobody uses it on Linux, therefore the need to recover passwords does not exist.
Its very likely that some of the Windows applictions you have found will run under WINE.

dR0PS · Post by **dR0PS** » Thu Mar 01, 2007 12:42 pm

Code: Select all

propriatary archive format

?????

nesl247 · Post by **nesl247** » Thu Mar 01, 2007 1:19 pm

dR0PS wrote:
Code: Select all
propriatary archive format
?????

See http://dictionary.reference.com/search? ... roprietary

erik258 · Post by **erik258** » Thu Mar 01, 2007 3:22 pm

the wikipedia article was pretty interesting:

http://en.wikipedia.org/wiki/RAR

the decompression sources were released on the condition that they not be used to create an encoder compatible with winrar. However, newer versions of the RAR format may not be supported/released/whatever.

did you know this is one of the most efficient archiving formats in use today? It is! the wikipedia article is also surprisingly unix-centric, so i recommend checking it out! Of particularly topical interest is:

Wikipedia wrote: It features strong encryption capabilities. Older versions of the file format used a proprietary algorithm; newer versions use the AES encryption algorithm, which is considered very strong by today's standards. The only known ways to recover an encrypted file are via dictionary or brute force attacks, which are usually infeasible with non-dictionary passphrases starting from 8 characters.

looks like whether it can be decrypted depends on the strength of the password used to encrypt it. If it's a newer archive, i do wonder whether you could use AES decryption crackers, if available, instead of a winrar-oriented password extractor.

alex.blackbit · Post by **alex.blackbit** » Thu Mar 01, 2007 4:26 pm

i have already read the wikipedia article, and yes, it is indeed very interesting.
i just wonder why nobody already wrote a program in the style of john the ripper or maybe even a plugin for john itself to support decrypting such file formats.
i mean this more generally, not really focused on just the rar... there is zip, pdf, some m$ stuff and lots of others that can be password protected and attacked in some way.

as least it should be possible to write such software, right? this is of course nothing that is limited to run on windows in the means of OS architecture.

okay, it is maybe not possible to decrypt long passwords, but if there is no software, even a password of length 2 cannot be decrypted.

i just found it quite strange that i have to add a hdd to my machine, install windows on it (a beta build 2128 of w2k that was free and timebombed) to run a password cracker for such file formats.
i am not a genius when it comes to programming, otherwise i would write such thing on my own...

Cyker · Post by **Cyker** » Thu Mar 01, 2007 9:31 pm

There was a simple script floating around that was basically a universal brute-force cracker - You supplied the command line for executing the decryption/decompression program, and a dictionary file, and it'd feed the dictionary in line by line until it ran out of lines or the file decrypted/decompressed successfully.
Basically a glorified while-do loop.

There was another script for generating a custom dictionary too.

Could probably find it by Google but, frankly, trying to brute-force most modern high-end ciphers is a lesson in deathly patience.

I suspect most Linuxen either write their own bruteforcers, or don't care.
Additinally, RAR is a very rarely used format in Unixland, even 'tho it is currently one of the best archival formats available, because it's not open. (7zip is the only open format that comes close in terms of compression ratio, but it's dog slow and doesn't have RAR's damage-resistance)

Pse · Post by **Pse** » Fri Mar 02, 2007 9:28 am

alex.blackbit wrote:i have already read the wikipedia article, and yes, it is indeed very interesting.
i just wonder why nobody already wrote a program in the style of john the ripper or maybe even a plugin for john itself to support decrypting such file formats.
i mean this more generally, not really focused on just the rar... there is zip, pdf, some m$ stuff and lots of others that can be password protected and attacked in some way.

as least it should be possible to write such software, right? this is of course nothing that is limited to run on windows in the means of OS architecture.

okay, it is maybe not possible to decrypt long passwords, but if there is no software, even a password of length 2 cannot be decrypted.

i just found it quite strange that i have to add a hdd to my machine, install windows on it (a beta build 2128 of w2k that was free and timebombed) to run a password cracker for such file formats.
i am not a genius when it comes to programming, otherwise i would write such thing on my own...

And why not VMware, QEMU, or even, as was previously suggested, WINE? Adding an extra HD and installing W2K for such app seems a bit overkill.

alex.blackbit · Post by **alex.blackbit** » Fri Mar 02, 2007 9:47 am

@Pse:
oh, you are right, that may seem like overkill. i already tried in vmware! but i had very bad performance there. like 2 passwords/sec. i do not know what caused this, but when windows was running native on the machine i had over 20000 words/sec.
@Cyker:
sounds interesting. you do not have that handy? or at least a link?

anyway, i still do not really understand why there is no open-source project in the style of "john the ripper" that tries to crack passwords of certain filetypes on unix-like operating systems. i mean, there is oss for EVERYTHING. just not for that. all the windows crackers are closed source and $$$. the motivation would be clear in my eyes to write such thing in open source. maybe i should try on my own.

thanks for all your answers

Cyker · Post by **Cyker** » Fri Mar 02, 2007 8:17 pm

Alas no... but some creative searching might yield some results.

Frankly, if you're any good at scripting you could probably re-create it quite easily.

As I said, it was basically a glorified while-do loop...

erik258 · Post by **erik258** » Sat Mar 03, 2007 1:12 am

unrar x -p<password> archive.rar will attempt to unarchive archive.rar using password <password>
it also returns 3 if the password's bad, 0 for success. so here's what i did.

for i in `seq 1 100`; do printf "file " >> file; done;
rar a -pcabbage file.rar file
rm file
for i in `cat /usr/share/dict/cracklib-small `; do rar x -p$i file.rar > /dev/null 2>&1;if [ $? -eq 0 ]; then echo "Password was $i."; else printf "$i"; fi; done
it's taking a while to get through the a's but I expect it to say "password was cabbage" when it gets to cabbage which I verified was in the list of words.

now if someone had an idea of how I could make it so that it could gracefully quit when it was done...

i92guboj · Post by **i92guboj** » Sat Mar 03, 2007 1:39 am

erik258 wrote:unrar x -p<password> archive.rar will attempt to unarchive archive.rar using password <password>
it also returns 3 if the password's bad, 0 for success. so here's what i did.

for i in `seq 1 100`; do printf "file " >> file; done;
rar a -pcabbage file.rar file
rm file
for i in `cat /usr/share/dict/cracklib-small `; do rar x -p$i file.rar > /dev/null 2>&1;if [ $? -eq 0 ]; then echo "Password was $i."; else printf "$i"; fi; done
it's taking a while to get through the a's but I expect it to say "password was cabbage" when it gets to cabbage which I verified was in the list of words.

now if someone had an idea of how I could make it so that it could gracefully quit when it was done...

You should be able to use the same status condition, tweaking a bit that same script. Something in the lines of:

Code: Select all

STATUS=1 #any non zero number will do

for i in `cat /usr/share/dict/cracklib-small `
do
  while $STATUS

    rar x -p$i file.rar > /dev/null 2>&1
    STATUS=$?

    if [ $STATUS -eq 0 ]
    then
      echo "Password was $i."
      exit $STATUS
    else
      printf "$i"
    fi
  done
done

exit $STATUS

Not tested, but that's moreless the idea.

viperlin · Post by **viperlin** » Fri Nov 23, 2007 12:53 am

ever find a way in?? or did anybody confirm the above script to work

erik258 · Post by **erik258** » Fri Nov 23, 2007 7:15 am

maybe you should

viperlin · Post by **viperlin** » Tue Nov 27, 2007 3:27 pm

erik258 wrote:maybe you should

or maybe one of them tried, it, found it didnt work and could of saved me whats going to be hours of waiting.....

i figured asking first would be the best idea
but all i got was a useless jib

erik258 · Post by **erik258** » Tue Nov 27, 2007 7:39 pm

or maybe one of them tried, it, found it didnt work and could of saved me whats going to be hours of waiting.....

the hours of waiting is certainly why I wouldn't try it; not enough returns. Besides, all it takes is a little security savvy on the part of the password protector and the password won't be found in the cracklib.

if you want to check to see if the script works, you could always password protect something with a word known to be in the cracklib.

Sorry I can't be of more help, but RAR password protection appears to be considered pretty secure.

Cyker · Post by **Cyker** » Tue Nov 27, 2007 8:58 pm

Yeah, there's now known bypass, just brute forcing which will take a long long long time.

If the person was stupid enough to use a common dictionary work then maybe you'd be able to get in, but anything else, forget it.
If you could figure out how to adapt john the ripper or cracklib, those are less reliant on dictionaries, but still no use if you're in a hurry.

Cracking requires either a lot of CPU power or a lot of patience.

The lesson here is that: If you put a password on something important, write it down somewhere where you can find it when you inevitably forget it.
And put this note somewhere a) You can find it again (i.e. not your cesspool of a handbag/drawer/RandomShelf) and b) Where it is not easily accessible by everybody (i.e. don't bloody postit note it to your piking monitor!!)

viperlin · Post by **viperlin** » Wed Nov 28, 2007 12:11 am

well usually i wouldn't bother but to be honest its going to be a simple 4chan related password, its just l*sbian pron..... you can tell im not lying

so im not exactly fussed if it fails, given everything i could think of a go, oh well *deletes*

i92guboj · Post by **i92guboj** » Wed Nov 28, 2007 1:42 pm

If you are looking for some seriours legal cracking (just for entertainment, and I am not speaking about porn) you should learn some assembly, or C, at least.

bash is ok, but is not anything serious when it comes to speed (and I am not talking about drugs, either

). The script above should work, but that doesn't fix the matter that it is useless. Anyway, discussing how to crack porn movies is not a topic for the forum, and it is explicitly forbidden in the rules:

1.- Use common sense...

11.- Illegal activites...such as cracking software, breaking into web sites, etc

http://forums.gentoo.org/viewtopic-t-525.html

viperlin · Post by **viperlin** » Wed Nov 28, 2007 7:36 pm

ah right, i figured it would be under software discussion since johntheripper is in portage...

oh well, *zips mouth*

i92guboj · Post by **i92guboj** » Wed Nov 28, 2007 9:45 pm

viperlin wrote:ah right, i figured it would be under software discussion since johntheripper is in portage...

oh well, *zips mouth*

You were not speaking about "how to use johntheripper", which can be used for lots of -legal- things.

For example, to test the integrity of your own passwords.

Breaking other people's passwords is not legal, and discussion about cracks and the like are not allowed on these forums, as far as I know (I am just another user, not an authority here).

viperlin · Post by **viperlin** » Wed Nov 28, 2007 10:44 pm

i wasn't arguing, merely explaining why thought it would of been fine

your mean

machspeed2200 · Post by **machspeed2200** » Thu Feb 28, 2008 7:50 am

Hey guys!

I know this is an old thread, but I just had to recover a password from a rar archive myself. I want to thank erik258 and i92guboj for the script. I tweaked it a little to work on the rar, and specified a single file to increase performance, rather than the whole archive which was taking 3 minutes a word on the first 3 words. But I ultimately had the password back in less than an hour!

So thank you, thank you, thank you. :

MostAwesomeDude · Post by **MostAwesomeDude** » Thu Feb 28, 2008 9:26 am

If you really need the password to something off 4chan, ask in /rs/; the only reason it's passworded is to keep Rapidshare/Megaupload from doing a scan of the file contents.

Google for "advanced rar password recovery" (or something like that...), it's a Win32 standalone binary that you can run under Wine in order to break RAR passwords. Don't use it to open things you don't have permission to open!

~ C.

alex.blackbit · Post by **alex.blackbit** » Mon Apr 07, 2008 10:15 pm

@machspeed2200: please share your improved script with us.