RAR3-p hash with *35 ending won't find password in wordlist #5271
Comments
|
Thanks for reporting. There are some Jumbo-1 post-release fixes for the rar format. Could you please update your If this is not enough to solve the problem, could you create a demo file where problem occurs and share it with us? |
|
I have tried with the build you can see below, but with no success: Version: 1.9.0-jumbo-1+bleeding-15b3b7c25f 2023-04-03 12:44:54 -0300 I can't create a demo file because it is some old RAR file I had and I don't know what program did this, but I can send you the actual file. Where can I do it? |
Let's wait to hear from @magnumripper on this. |
|
I talked with my father in the meantime and he knew how to reproduce such a RAR file. It was created by this: https://winworldpc.com/product/rar/250 If you don't want to mess around with this, I have created a dummy example which I can send you. |
Please post it here (plus the password). |
|
I had to wrap it into a ZIP file to be able to upload it. |
|
Confirmed. [edited] Well this is NOT a rar 3 file so it might be tricky (protracted) to add support for it. RAR 2.50 supports MS-DOS on 16-bit [x86]. |
|
@kovapatrik Can you please add this test file via a pull request to https://github.com/openwall/john-samples? Please also include a text file with the password and info on how the test file was created (similar to what you wrote above). Thank you! |
|
Sure! openwall/john-samples#17 |
At least we (as in rar2john) should detect this and emit a comment about it. Perhaps that all-zero salt is a tell-tale. |
|
I researched this. RAR < 2.9 did not use a salt, so that part is actually correct. However, it also used some other KDF and crypto. Now we could examine the public unrar code and implement it but I won't bother as this is the first time I heard of anyone having such an old archive. |
These have "unknown" KDF and encryption, and no salt. We could work it out by examining public unrar source code, but such archives are so rare I'm not sure we'll ever bother. Closes openwall#5271
These have "unknown" KDF and encryption, and no salt. We could work it out by examining public unrar source code, but such archives are so rare I'm not sure we'll ever bother. Closes openwall#5271
These have "unknown" KDF and encryption, and no salt. We could work it out by examining public unrar source code, but such archives are so rare I'm not sure we'll ever bother. Closes #5271
I have a relatively old RAR file which I know the password for, and placed it in a wordlist, which was passed to john, but john couldn't recover the password for the RAR file.
My hash looks like this:
$RAR3$*1*0000000000000000*12b2c880*22304*61431*1*f9...999*35Used commands:
.\rar2john.exe .\t.rar > thash.\john.exe --wordlist=pass.lst thashI have tried to use john both on Windows and MacOS.
I think I did everything correct, so I don't know why john can't find the correct password in the list.
build-info:
Version: 1.9.0-jumbo-1
Build: cygwin 64-bit x86_64 AVX2 AC OMP
SIMD: AVX2, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
CPU tests: AVX2
CPU fallback binary: john-xop
OMP fallback binary: john-avx2-non-omp
$JOHN is /run/
Format interface version: 14
Max. number of reported tunable costs: 4
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
SINGLE_IDX_MAX: 2147483648
SINGLE_BUF_MAX: 4294967295
Effective limit: Number of salts vs. SingleMaxBufferSize
Max. Markov mode level: 400
Max. Markov mode password length: 30
gcc version: 7.4.0
OpenCL headers version: 2.2
Crypto library: OpenSSL
OpenSSL library version: 01010102f
OpenSSL 1.1.1b 26 Feb 2019
GMP library version: 6.1.2
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's
The text was updated successfully, but these errors were encountered: