digip Posted November 9, 2008 Share Posted November 9, 2008 Wait is the file encrypted. If not would it be theoretically possible to have a program that extracts it ignoring the password? For some reason I doubt it but just maybe... It's not encrypted. If it were encrypted using winRar, as soon as you open the winrar file it would ask for the password, but because you can open the winrar file and see the filename, it means its just password protected and not encrypted. As far as getting just the file itself, good luck. If you can figure out what part is the password and what part is the file, then yeah, you could get just the file or even replace the password, but I think its compressed as one file, meaning a hash of the password is combined with the file into a compressed state, so even though its not encrypted using AES 128 bit key(which also makes a file much larger), I don't see a way to seperate it from the password hash, as I think they are just one long compressed file. If you are able to figure out what part is the password, then you should also be able to change it by copying a password from another rar file that has a known password. I already tried to compare the files in this manner, and it doesn't look like it is that simple, but give it a shot. Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 At some point doesn't winRAR have to compare you password and the actual password in memory. So wouldn't the true password be stored in memory? Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2008 Share Posted November 9, 2008 At some point doesn't winRAR have to compare you password and the actual password in memory. So wouldn't the true password be stored in memory? It might only compare hashes of the password and not care what the original password is but if you know how to read through a memory dump, you may be able to get the password. Im wondering if a debugger could somehow override it then... I know its a long shot, but the source code for winrar's "unrar" is freely available. Just not the code to "rar" a file. http://www.7-zip.org/license.txt So if someone was able to look through and se ehow it hashes the password, someone might be able to write an unrar program to open rar archives that do not use encryption. Just a theory. http://www.rarlab.com/rar/unrarsrc-3.8.5.tar.gz Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 Good idea ;). By the way do you know how to get a memory dump? Where can I download the source code for UnRAR? 7-Zip? Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 7-Zip Code all files related to RAR Uploaded FAILED NOT PERMITTED Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2008 Share Posted November 9, 2008 Good idea ;). By the way do you know how to get a memory dump? Where can I download the source code for UnRAR? 7-Zip? It was in my previous post... http://www.rarlab.com/rar/unrarsrc-3.8.5.tar.gz After looking at the source code, it looks like it salts the password with the rar header. I wonder if it's possible to compile it so that it thinks it has a matching password no matter what a person puts in and overrides the need ror a password. Probably not possibel because the routine to unrar it might need a way to sperate the salted password from the file, so without knowing what the real password is it might just unrar an unreadable file. I've about given up on this for now. If anyone figures out the password, let me know. I'm just curious to see if anyone can figure out the password. BTW, There are multiple unRar source codes. Even an OCX for people using Visual Basic! http://www.rarlab.com/rar_add.htm Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2008 Share Posted November 9, 2008 7-Zip Code all files related to RAR Uploaded FAILED NOT PERMITTED Not sure what you are talking about there, but when I try to open it in 7-zip it prompts me for the password just like it does in winRar... Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 Digip ignore it I was trying to upload the source code. Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 What bothers me is the name of the RAR. Worlds Strongest Dog. Does that have anything to do with it... hmmm Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2008 Share Posted November 9, 2008 What bothers me is the name of the RAR. Worlds Strongest Dog. Does that have anything to do with it... hmmm He said file names were random and had nothing to do with the password. Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 With there being a command line version of WinRAR would it be possible to make a batch script brute forcer. Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 Ok a tried a trial of some software to test the password it is not under three characters or less Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 9, 2008 Share Posted November 9, 2008 Creating a python file that brute forces a rar. Python code so far generates up to 3 letters it also just prints the letters but shouldn't be to hard to use the sys command and use it through rar command line. import sys x = "abcdefghijklmnopqrstuvwxyzz" #TO use CAPS as well just change all the 26 to 52 b = -1 c = 0 r = 0 def CRACK(): Â Â Â Â Â Â Â Â print x[b] def CRACK2(): Â Â Â Â Â Â Â Â print x[c]+x[b] def CRACK3(): Â Â Â Â Â Â Â Â print x[r]+x[c]+x[b] def CSET(): Â Â Â Â Â Â Â Â if b==26: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â c=c+1 while b<25: Â Â Â Â Â Â Â Â b = b+1 Â Â Â Â Â Â Â Â CRACK() b=-1 while c<26: Â Â Â Â Â Â Â Â b = b+1 Â Â Â Â Â Â Â Â if b==26: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â c=c+1 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â b=0 Â Â Â Â Â Â Â Â CRACK2() b=-1 while r<26: Â Â Â Â Â Â Â Â b = b+1 Â Â Â Â Â Â Â Â if b==26: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â c=c+1 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â b=0 Â Â Â Â Â Â Â Â if c==26: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â r=r+1 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â c=0 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â b=0 Â Â Â Â Â Â Â Â CRACK3() #x = input("Pause") #if 1==1: #Â Â Â Â Â Â Â Â sys.quit Quote Link to comment Share on other sites More sharing options...
PLuNK Posted November 10, 2008 Author Share Posted November 10, 2008 Ok uploading a new version, I've tried this version myself (Unlike the previous version) And It works. It's quite harder & requires a analytic mind to complete. If anyone manages to do it then you really shouldn't be on this forum :P http://rapidshare.com/files/162316349/arr_pirate.rar *Updating first post* Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted November 10, 2008 Share Posted November 10, 2008 Can you tell us how long the password is.. and what it contains.. like uppercase. lowercase, numbers, special characters??? Quote Link to comment Share on other sites More sharing options...
PLuNK Posted November 10, 2008 Author Share Posted November 10, 2008 Sorry can't, No hints from myself. Feel free to work as a team/community. Quote Link to comment Share on other sites More sharing options...
digip Posted November 10, 2008 Share Posted November 10, 2008 I've uploaded a new version of the "Can you crack me" I'm not going to provide ANY hints at all regardless. Feel free to help each other out as much as you want. http://rapidshare.com/files/162316349/arr_pirate.rar *SKIP TO THIS POST* *OLD POST BELOW* So did anyone get the first one??? If so, what was the password? Quote Link to comment Share on other sites More sharing options...
digip Posted November 10, 2008 Share Posted November 10, 2008 Ok uploading a new version, I've tried this version myself (Unlike the previous version) And It works. It's quite harder & requires a analytic mind to complete. If anyone manages to do it then you really shouldn't be on this forum :P http://rapidshare.com/files/162316349/arr_pirate.rar *Updating first post* Now that one is encrypted :) Maybe that will make things easier... Quote Link to comment Share on other sites More sharing options...
Deathdefyer2002 Posted November 10, 2008 Share Posted November 10, 2008 I have an RAR cracker going right now.. I'm running Upper case and Lower Case up to 5 characters.. If someone wants to start a different set, maybe we can crack this sooner!! I'm Using Advanced Rar Password recovery. Note: if you have duel core or quad core, you have to run the program either 2 or 4 times to maximize your CPU Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted November 10, 2008 Share Posted November 10, 2008 I am using 10 threads and have gone threw over 10000 passwords.. I havent started using special characters yet but that will have to wait until after class.. Quote Link to comment Share on other sites More sharing options...
X3N Posted November 10, 2008 Share Posted November 10, 2008 Now that one is encrypted :) Maybe that will make things easier... the first one didnt have a password... did it? Quote Link to comment Share on other sites More sharing options...
digip Posted November 10, 2008 Share Posted November 10, 2008 the first one didnt have a password... did it? First one had a password, just not encrypted. The new one is AES encrypted. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted November 10, 2008 Share Posted November 10, 2008 Im just now getting to 4 letter/number combinations starting with b Quote Link to comment Share on other sites More sharing options...
PLuNK Posted November 10, 2008 Author Share Posted November 10, 2008 I personally don't think the password is the hardest part of it.. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted November 10, 2008 Share Posted November 10, 2008 I personally don't think the password is the hardest part of it.. I am just brute forcing it. I have no knowledge about compression in general so I guess i can start reading and looking for an easier way to go about it but I wanted to try my hands at this first. This is really good teaching tool, keep it up. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.