Log in

View Full Version : how to decrypt *.rar file ?


icray
August 4th, 2004, 07:57
it is difficult to decrypt *.rar compressed by winrar because it use crc code.But I have heard someone can decrypt it without passwd .I think maybe they use the winrar bug.And someone can decrypt files compressed by winrar 3.x algorithm ?

Silver
August 4th, 2004, 10:00
Results 1 - 10 of about 4,610 for rar decryption.

naides
August 4th, 2004, 10:31
Quote:
[Originally Posted by icray]it is difficult to decrypt *.rar compressed by winrar because it use crc code.But I have heard someone can decrypt it without passwd .I think maybe they use the winrar bug.And someone can decrypt files compressed by winrar 3.x algorithm ?


RAR uses AES (Advanced Encryption Standard) 128 bits, not CRC, which is something else. So far bruteforce/dictionary attack (and time) are the method of choice for decryption. You may be mistaken with zip encryption, which is weak. Or am I wrong?

Silver
August 4th, 2004, 13:08
naides, I believe you're almost right. Off the top of my head, Winrar 2.x and Winzip 7 used weak encryption that could be broken with some simple "collision work". Don't ask me what, I just seem to remember an app that did it.

Quote from the WinRAR faq:
Quote:
What is the difference between WinZIP and WinRAR encryption?

ZIP format uses a proprietary encryption algorithm.

RAR archives are encrypted by the much stronger AES-128
standard. If you need to encrypt important information,
it is better to select the RAR archive format.


WinZIP 8 and higher use AES as well:

Quote:
AES Encryption Information:
Encryption Specification AE-2.
The AE-2 encryption specification described here involves a minor change to the AE-1 encryption specification covered in the original May, 2003 version of this document. The recent changes to this document are summarized in the Change History section below. Without compromising the basic Zip file format, WinZip Computing has extended the format specification to support AES encryption, and this document fully describes the format extension


So, um, WinRAR FAQ needs updating
Incidentally, this is pretty interesting: http://www.cs.ucsd.edu/users/tkohno/papers/WinZip

cRk
August 4th, 2004, 13:20
gzipped-PostScript .. i downloaded this document and extract it but the document always gets opened with paint shop Pro .. and can't see nothing ... which program should i use for this .ps (postscripts) documents ??

Regards

doug
August 4th, 2004, 13:27
download GhostView + GhostScript

adobe acrobat can probably open it though.

cRk
August 4th, 2004, 13:34
Adobe acrobat reader don't
recognize it or even try to open it .. looking for ghostview...

Regards

icray
August 5th, 2004, 02:40
yeah, i think i make a mistake.And silver, the app you mean is passware? It need at least 5 files to decrypt. Why it need 5 files?

Formal
August 5th, 2004, 03:53
See what Eugene Roshal (the author of WinRAR) says:

Q: I forgot my password, please help me!

A: WinRAR encryption does not have any backdoor. Even if I forget a password to any my archive, I shall not be able to restore it. So please do not ask me to help in this situation.

So, as naides said - bruteforce or dictionary attack. I don't think anyone can do it anoter way and I doubt there is such bug in the encription routine, that allows decryption without password.

Peres
August 5th, 2004, 05:23
Careful with that axe, Eugene...

Silver
August 5th, 2004, 06:57
I don't think it's passware, I really don't remember the name of the app. But the reason it needs 5 files is probably because of whatever collision thing it uses.

Hey, look at me, clutching at random straws...

arash
August 5th, 2004, 12:18
Quote:
[Originally Posted by icray]yeah, i think i make a mistake.And silver, the app you mean is passware? It need at least 5 files to decrypt. Why it need 5 files?

how i can remove rar password?

doug
August 5th, 2004, 12:25
Quote:
[Originally Posted by arash]how i can remove rar password?


are you joking ? did you not read what has just been said?

Innocent
August 5th, 2004, 15:21
Quote:
[Originally Posted by doug]are you joking ? did you not read what has just been said?

Heh, I agree. Learn to search before asking simple questions like that. There are many password crackers out there that you can find with a simple search.

dELTA
August 5th, 2004, 18:26
Quote:
how i can remove rar password?

Oh, for the love of god, not one of those again...

JMI
August 5th, 2004, 19:08
Don't you just delete the ".rar" file?

Regards,

qww
August 14th, 2004, 10:48
it's true

JMI
August 14th, 2004, 13:14
qww:

What the heck are you doing??? This is the second thread you have just posted: "It's ture" in which appears to have NOTHING to do with the Thread.

Regards,

dELTA
August 14th, 2004, 14:03
I thought just the same... Maybe he's trying to climb the ranks quickly by being the ultimate yes-man or something.

Anyway, here's something for you to agree with qww: If you keep doing it you will be banned, ok?

JMI
August 14th, 2004, 15:34
That IS true.

Regards,

Fatty[NegX]
October 5th, 2004, 19:28
There are two most popular RAR PW crackers that I know of, Advanced RAR Password recovery and Passware password recovery suite, which recovers passwords for many types of files. As for RAR the only method for 3.x archives IS brute force, unless you have some of the files that are in the archive. Having some of the files in the archive helps because the program knows that the decrypted result is, and can determine the password from comparing the encrypted with the decrypted, figuring out what algo is used. (I Know this cause I had to use it once)

JMI
October 5th, 2004, 19:35
And "Why" did you feel compelled to share the obvious with us two months after the last post in this thread?

Regards,

adi
January 22nd, 2009, 07:46
I have an encrypted archive and some files contained in it, but I don't know the password. How could I crack the encryption?

arc_
January 22nd, 2009, 07:58
Use one of the tools mentioned in Fatty's post two posts above yours (you clearly only read the second half of it).

adi
January 22nd, 2009, 08:18
Quote:
[Originally Posted by arc_;78856]Use one of the tools mentioned in Fatty's post two posts above yours (you clearly only read the second half of it).


I have already used Advanced RAR Password recovery and Passware...and other brute force software...but unsuccesfully
So, I am interested in using the fact that I have some files which are encrypted in the archive in order to crack it.

arc_
January 22nd, 2009, 10:00
Even with known files you will probably have a hard time recovering a password, especially if it is long and/or not a dictionary word. AES is not some toy encryption... If the password is pretty strong and you're just using your home PC, you can keep on bruteforcing until our sun dies, so to speak . And that's a good thing, otherwise there wouldn't be much point in encrypting an archive at all.

adi
January 22nd, 2009, 10:25
Quote:
[Originally Posted by arc_;78860]Even with known files you will probably have a hard time recovering a password, especially if it is long and/or not a dictionary word. AES is not some toy encryption... If the password is pretty strong and you're just using your home PC, you can keep on bruteforcing until our sun dies, so to speak . And that's a good thing, otherwise there wouldn't be much point in encrypting an archive at all.


I don`t know how strong the password is (nor length nor syntax). But Fatty[NegX] said:
Having some of the files in the archive helps because the program knows that the decrypted result is, and can determine the password from comparing the encrypted with the decrypted, figuring out what algo is used. (I Know this cause I had to use it once)
And I am interested in what he ment by that.

Aimless
January 22nd, 2009, 12:50
ADI.

1. Go to the OLD Fravia site (which woodmann has archived)
2. Find (you'll have to do that work), Quine's essay on Cracking Soundforge plugins.
3. In the first half, he discussed the method of breaking zip (which is not his, btw) files NOT using bruteforce OR dictionary. Read that. Its very basic (obviously, Quine wanted to write an essay on SOUNDFORGE cracking, not winzip cracking). But take it from there.

There is also a paper out somewhere (my memory fails me) on PKUNZIP/PKZIP that explains this method in detail and WHY you need to have 5 files. Search for "Plaintext attack zip" in google.

You may also read:

http://www.woodmann.com/crackz/Tutorials/Zipcrkct.htm

OR

http://www.securiteam.com/tools/5NP0C009PU.html

Never tried it with RAR tho'


Have Phun

adi
January 22nd, 2009, 14:01
I have studied some leads you gave me...but unfortunately I do not think they are suitable to use with Winrar

drizz
January 22nd, 2009, 20:06
1) Try the website address as a password, e.g. if you downloaded the file from http:www.w00dmannwar3z.com try it as a password ( www.w00dmannwar3z.com or w00dmannwar3z ... )
1a) Try searching the website for clues of the password
google:// +(pass|password) site:w00dmannwar3z.com
2) Try searching the web with archive name or file names from archive as query with the usual searching tricks

works 66.6% of time

i did try Advanced RAR Password recovery once ...

to play with Asprotect


adi
January 23rd, 2009, 02:24
Unfortunatelly, the archive I am trying to crack wasn't downloaded from the Net, but created by a friend of mine.
I seem to be among the 33.3% unlucky cases

arc_
January 23rd, 2009, 09:10
If it was created by a friend of yours, why don't you just ask him for the password? Or are you stealing his private data? Or did he forget the password himself and is now sending you out to recover it because he's too lazy to do it

adi
January 23rd, 2009, 09:57
because I am smarter and I have smarter friends
I also add that it's about a v2.9 rar archive (which I understand is a good thing).

disavowed
February 16th, 2009, 17:05
Aimless, this is the paper you were thinking of: http://math.ucr.edu/~mike/zipattacks.pdf