R
RyuShinobi500
Guest
I am trying to bypass a password protected .rar file I have done extensive research on this topic and I was wondering what is the best way of going about this thanks
Is this really something that wants to go under the banner of Linux questions? It is not related to Linux other than I guess you want to use a Linux based OS to do it (most tools do seem to be aimed at Windows mind you, to that end you might be better to suck it up and use (even a VM should not experience much penalty here on a modern computer) that unless you have access to a Linux cluster or something.
Anyway to the best of my knowledge there are no known failures in present incarnations of the rar format. Some of the older stuff might have but that is now going to be seriously vintage and unlikely to be anything you find today. I am not sure what we have for a known plaintext attack these days (if you know the contents of one of the files when decoded then you might be able to take the encrypted version, the plain version and go between the two).
Password cracking then usually amounts to extracting a small file from the archive (usually the aim is for something like a small text file, smaller then meaning less processing to do when testing many things on it which speeds things up vs extracting gigs and doing all the processing on it every time) and trying to decode that -- it knows the hash it should decode as and thus can tell when it has the right password (assuming you have no collisions, which is exceedingly unlikely). The two approaches then being dictionary (list of known terms, and in the case of things like warez a list of known passwords) and brute force (you try every combo of characters you wish to include until you get the right one, maybe limiting the character choice to speed things up, typically though). If you are playing spy against mere mortals then you can steal their computer and the phrase may pop up somewhere on the drive, or you can try notable lines from their favourite book and things like that but we are getting off topic here, though I will note this is where things will typically diverge from free stuff you can download into big boy toys you get to either make or pay for.
Brute force is basically pointless unless you know it is either short (don't know what character counts are viable off the top of my head but less than 10 for standard a-z,A-Z,0-9 and basic things you can get with shift on a keyboard, and more likely 7 or 8) or have some idea of what it is and just need to have something try the obvious instead of 1 then ! and instead of E then 4 and instead of 0 then O type things plus all the various few digit numbers at the end.
Dictionary is going to depend upon the quality of your dictionary, all of which are largely separate to RAR password guessing and instead will be from conventional dictionaries, password leaks, include some of the obvious substitutions, word combinations and the like, and may or may not prioritise different things.
This then means finding something to read the dictionary, which you can probably do with grep and a terminal if you really wanted and still be about as fast as any program you care to use -- open small file, try password, hash small file test, compare to proper hash, repeat for next line in dictionary... is not a particularly exotic thing, might get some benefit if you can find a GPU unrar file and stick the files in question in RAM (even if you make a RAM drive) rather than read from/extract to hard drive (another reason small files are good, assuming you don't have the ridiculous server amounts of RAM).
Anyway to the best of my knowledge there are no known failures in present incarnations of the rar format. Some of the older stuff might have but that is now going to be seriously vintage and unlikely to be anything you find today. I am not sure what we have for a known plaintext attack these days (if you know the contents of one of the files when decoded then you might be able to take the encrypted version, the plain version and go between the two).
Password cracking then usually amounts to extracting a small file from the archive (usually the aim is for something like a small text file, smaller then meaning less processing to do when testing many things on it which speeds things up vs extracting gigs and doing all the processing on it every time) and trying to decode that -- it knows the hash it should decode as and thus can tell when it has the right password (assuming you have no collisions, which is exceedingly unlikely). The two approaches then being dictionary (list of known terms, and in the case of things like warez a list of known passwords) and brute force (you try every combo of characters you wish to include until you get the right one, maybe limiting the character choice to speed things up, typically though). If you are playing spy against mere mortals then you can steal their computer and the phrase may pop up somewhere on the drive, or you can try notable lines from their favourite book and things like that but we are getting off topic here, though I will note this is where things will typically diverge from free stuff you can download into big boy toys you get to either make or pay for.
Brute force is basically pointless unless you know it is either short (don't know what character counts are viable off the top of my head but less than 10 for standard a-z,A-Z,0-9 and basic things you can get with shift on a keyboard, and more likely 7 or 8) or have some idea of what it is and just need to have something try the obvious instead of 1 then ! and instead of E then 4 and instead of 0 then O type things plus all the various few digit numbers at the end.
Dictionary is going to depend upon the quality of your dictionary, all of which are largely separate to RAR password guessing and instead will be from conventional dictionaries, password leaks, include some of the obvious substitutions, word combinations and the like, and may or may not prioritise different things.
This then means finding something to read the dictionary, which you can probably do with grep and a terminal if you really wanted and still be about as fast as any program you care to use -- open small file, try password, hash small file test, compare to proper hash, repeat for next line in dictionary... is not a particularly exotic thing, might get some benefit if you can find a GPU unrar file and stick the files in question in RAM (even if you make a RAM drive) rather than read from/extract to hard drive (another reason small files are good, assuming you don't have the ridiculous server amounts of RAM).
Similar threads
- No one is chatting at the moment.
-
-
@
Sonic Angel Knight:
Or, I also heard that if you use flash memory, it can act as more "RAM" at least windows tell me when I stick a flash drive into it. -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
K3Nv2:
I can think of the design teams process another joystick and no audio or a joystick and mono audio -
-
-
-
-
-
-
-
