New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"RAR3-hp" cann't support the RAR volumes #1420

Open
bigbang66 opened this Issue Oct 31, 2017 · 7 comments

Comments

Projects
None yet
3 participants
@bigbang66

bigbang66 commented Oct 31, 2017

"RAR3-hp" cann't support the RAR volumes as the title

@bigbang66

This comment has been minimized.

Show comment
Hide comment
@bigbang66

bigbang66 Oct 31, 2017

the END header of RAR volume whith headers encrypted is 32 bytes, not 16 bytes. After decrypted, it is 0x14 bytes. length of padding bytes is 12 bytes, if they are 00 after decrypted, indicates that get right password.

bigbang66 commented Oct 31, 2017

the END header of RAR volume whith headers encrypted is 32 bytes, not 16 bytes. After decrypted, it is 0x14 bytes. length of padding bytes is 12 bytes, if they are 00 after decrypted, indicates that get right password.

@jsteube

This comment has been minimized.

Show comment
Hide comment
@jsteube

jsteube Nov 3, 2017

Member

Can you please rephrase and in detail what this issue is about, I have no clue.

Member

jsteube commented Nov 3, 2017

Can you please rephrase and in detail what this issue is about, I have no clue.

@bigbang66

This comment has been minimized.

Show comment
Hide comment
@bigbang66

bigbang66 Nov 6, 2017

@jsteube
thanks for your reply

this is part of "interface.c":
` // there's no hash for rar3. the data which is in crypted_pos is some encrypted data and
// if it matches the value \xc4\x3d\x7b\x00\x40\x07\x00 after decrypt we know that we successfully cracked it.

digest[0] = 0xc43d7b00;
digest[1] = 0x40070000;
digest[2] = 0;
digest[3] = 0;

return (PARSER_OK);
}`

when a file is compressed to muti-volumes, if you still matche the value \xc4\x3d\x7b\x00\x40\x07\x00, you will never get the right password.

hashc2

bigbang66 commented Nov 6, 2017

@jsteube
thanks for your reply

this is part of "interface.c":
` // there's no hash for rar3. the data which is in crypted_pos is some encrypted data and
// if it matches the value \xc4\x3d\x7b\x00\x40\x07\x00 after decrypt we know that we successfully cracked it.

digest[0] = 0xc43d7b00;
digest[1] = 0x40070000;
digest[2] = 0;
digest[3] = 0;

return (PARSER_OK);
}`

when a file is compressed to muti-volumes, if you still matche the value \xc4\x3d\x7b\x00\x40\x07\x00, you will never get the right password.

hashc2

@jsteube jsteube added the bug label Nov 6, 2017

@jsteube

This comment has been minimized.

Show comment
Hide comment
@jsteube

jsteube Nov 6, 2017

Member

@magnumripper eventually relevant for jtr as well from rar_common.c

cracked[index] = !memcmp(plain, "\xc4\x3d\x7b\x00\x40\x07\x00", 7);
Member

jsteube commented Nov 6, 2017

@magnumripper eventually relevant for jtr as well from rar_common.c

cracked[index] = !memcmp(plain, "\xc4\x3d\x7b\x00\x40\x07\x00", 7);
@jsteube

This comment has been minimized.

Show comment
Hide comment
@jsteube

jsteube Nov 6, 2017

Member

To fix this, we need to have rar2john to output the second 16 byte encrypted data in case $RAR3$0 is used.

Member

jsteube commented Nov 6, 2017

To fix this, we need to have rar2john to output the second 16 byte encrypted data in case $RAR3$0 is used.

@magnumripper

This comment has been minimized.

Show comment
Hide comment
@magnumripper

magnumripper Nov 6, 2017

Contributor

So we need a fix in rar2john (rar2hashcat) as well as in the crackers?

Contributor

magnumripper commented Nov 6, 2017

So we need a fix in rar2john (rar2hashcat) as well as in the crackers?

@jsteube

This comment has been minimized.

Show comment
Hide comment
@jsteube

jsteube Nov 6, 2017

Member

I think yes, I'll just do both tests

Member

jsteube commented Nov 6, 2017

I think yes, I'll just do both tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment