How I coped with the password-protected RAR-archive
Greetings
Once the RAR archive came into my hands.
I absolutely knew that in him and I needed it.
BUT, there was one thing but the archive was password-protected .
If you're wondering how I solved this problem, please roll up.
Once upon a time, about 8-10 years ago, I knew exactly what to do. But the years take their toll. Skills that you do not use tend to be forgotten.
And I decided to use a great way to solve the problem: google.
')
Good google I can and look for the right information too. BUT I was just amazed at what I saw. All forums, all sources were full of the fact that they called for to give up this vile, ugly, boring and long venture. And they called to find either a wild hacker or quit.
I should note that I found only two resources in which good advice was given. The first is some kind of pro-hacker forum, and there guys are great, they wrote lines of specific code and an idea how to break the password. Unfortunately, I no longer find that branch in order to quote it, but the idea was not to select a password by going through it, but to selecting it through the HASH function. Dear friends, programmers, do not kick painfully, I’m so far away from IT, I can tell a lie, but then everything seemed so familiar and logical, therefore I could be wrong in the definitions.
The second resource referred to a number of softin, which can pick up a password by iterating over, comparing them among themselves, and their free or paid, strengths or weaknesses.
From my old experience, any RAR archive that I came across, I opened the simplest software with a maximum of a couple of hours. Of course, I will not argue about the complexity of passwords, and also about the power of computers from those times. It is just an experience, that was, not obessutte.
And so, I realized that I would not code, well, I could not already. It is necessary to look for some thread softina. And I set off. After a dozen downloads and attempts to infect my computer with various nasty things, I was already desperate. Spending 15 minutes searching for software is a lot. Ideally, to raise a virtual machine, but it was a pity the time and resources of the laptop.
Only I was ready to surrender, I found a very small archivist. In this archive there was a soft, and to my amazement, a tablet. All this together weighed no more than 2mb.
Having installed it in a minute, having treated, I launched. I saw a simple interface, fed her a file archive, and for starting I set the minimum password requirements. I decided to try to drive out at the first stage only a digital password with a length of one to 8 characters. And putting on the run, I was going to forget about it for a day, but only I wanted to get up and pour tea, as the software blinked and I saw the cherished Success. I already gasped. I looked at the password: 777. :)
Once again, convinced that users do not bother to invent complex passwords.
Separately, I want to note that even though everything turned out so simple for me, it does not mean that everything will always happen so easily.
For example, if I fouled the password on the archive myself, then I would definitely abandon the idea of ​​hacking it. Even if the password is only from numbers and letters of the Latin alphabet, then it is real for a long time: (
In this case, I would have weighed many times, I really need what is in the archive, and if I could not live without it, then rather ...
I will answer with a quote from the post, one of the correct forums:
“Yes, it is possible to patch WinRAR itself with the assembler so that it accepts any password, you can probably also correct the checksum of the files in the archive itself, but the sense of this will be zero.
Not stored in the archive is not a password, not a password hash.
The unzipping principle is simple - when you enter a password, the hash is calculated from it 262,144 times using the SHA1 algorithm, and with the obtained key WinRAR tries to decrypt (via AES) and unzip files (the correct password is not verified here or not). After the files have been decrypted and unzipped, the CRC32 checksum is calculated from them, and this amount is compared with the amount that is written in the archive itself. If these amounts are the same, we receive the decrypted files, and if they do not, then we get a warning that the checksum or password is incorrect. There is no other password validation in RAR - only this is a check of the checksum of the “finished product”.
There is simply nothing to break. Any attempts to break WinRAR itself or the archive will lead to the fact that the files will not be decrypted correctly.
If you look at the unzipping process using Microsoft's “Process Monitor”, you can clearly see how WinRAR creates temporary files in the% Userprofile% \ Temp \ folder. And if the rights of access to prevent erasing files from this folder, you can even see the result of entering the wrong password.
The only way to hack the RAR archive is brute force. If someone offers a different way - do not twist, this is a divorce. "
I agree with the author, only bootforce. I remember back at the institute in the classroom cryptology, I began to respect winRAR in terms of security.
Well, and lastly, do not use this knowledge for the selection of passwords to other archives, with high probability it is prosecuted.
Easy code! ;)
Once the RAR archive came into my hands.
I absolutely knew that in him and I needed it.
BUT, there was one thing but the archive was password-protected .
If you're wondering how I solved this problem, please roll up.
Once upon a time, about 8-10 years ago, I knew exactly what to do. But the years take their toll. Skills that you do not use tend to be forgotten.
And I decided to use a great way to solve the problem: google.
')
Good google I can and look for the right information too. BUT I was just amazed at what I saw. All forums, all sources were full of the fact that they called for to give up this vile, ugly, boring and long venture. And they called to find either a wild hacker or quit.
I should note that I found only two resources in which good advice was given. The first is some kind of pro-hacker forum, and there guys are great, they wrote lines of specific code and an idea how to break the password. Unfortunately, I no longer find that branch in order to quote it, but the idea was not to select a password by going through it, but to selecting it through the HASH function. Dear friends, programmers, do not kick painfully, I’m so far away from IT, I can tell a lie, but then everything seemed so familiar and logical, therefore I could be wrong in the definitions.
The second resource referred to a number of softin, which can pick up a password by iterating over, comparing them among themselves, and their free or paid, strengths or weaknesses.
From my old experience, any RAR archive that I came across, I opened the simplest software with a maximum of a couple of hours. Of course, I will not argue about the complexity of passwords, and also about the power of computers from those times. It is just an experience, that was, not obessutte.
And so, I realized that I would not code, well, I could not already. It is necessary to look for some thread softina. And I set off. After a dozen downloads and attempts to infect my computer with various nasty things, I was already desperate. Spending 15 minutes searching for software is a lot. Ideally, to raise a virtual machine, but it was a pity the time and resources of the laptop.
Only I was ready to surrender, I found a very small archivist. In this archive there was a soft, and to my amazement, a tablet. All this together weighed no more than 2mb.
Having installed it in a minute, having treated, I launched. I saw a simple interface, fed her a file archive, and for starting I set the minimum password requirements. I decided to try to drive out at the first stage only a digital password with a length of one to 8 characters. And putting on the run, I was going to forget about it for a day, but only I wanted to get up and pour tea, as the software blinked and I saw the cherished Success. I already gasped. I looked at the password: 777. :)
Once again, convinced that users do not bother to invent complex passwords.
Separately, I want to note that even though everything turned out so simple for me, it does not mean that everything will always happen so easily.
For example, if I fouled the password on the archive myself, then I would definitely abandon the idea of ​​hacking it. Even if the password is only from numbers and letters of the Latin alphabet, then it is real for a long time: (
In this case, I would have weighed many times, I really need what is in the archive, and if I could not live without it, then rather ...
I will answer with a quote from the post, one of the correct forums:
“Yes, it is possible to patch WinRAR itself with the assembler so that it accepts any password, you can probably also correct the checksum of the files in the archive itself, but the sense of this will be zero.
Not stored in the archive is not a password, not a password hash.
The unzipping principle is simple - when you enter a password, the hash is calculated from it 262,144 times using the SHA1 algorithm, and with the obtained key WinRAR tries to decrypt (via AES) and unzip files (the correct password is not verified here or not). After the files have been decrypted and unzipped, the CRC32 checksum is calculated from them, and this amount is compared with the amount that is written in the archive itself. If these amounts are the same, we receive the decrypted files, and if they do not, then we get a warning that the checksum or password is incorrect. There is no other password validation in RAR - only this is a check of the checksum of the “finished product”.
There is simply nothing to break. Any attempts to break WinRAR itself or the archive will lead to the fact that the files will not be decrypted correctly.
If you look at the unzipping process using Microsoft's “Process Monitor”, you can clearly see how WinRAR creates temporary files in the% Userprofile% \ Temp \ folder. And if the rights of access to prevent erasing files from this folder, you can even see the result of entering the wrong password.
The only way to hack the RAR archive is brute force. If someone offers a different way - do not twist, this is a divorce. "
I agree with the author, only bootforce. I remember back at the institute in the classroom cryptology, I began to respect winRAR in terms of security.
Well, and lastly, do not use this knowledge for the selection of passwords to other archives, with high probability it is prosecuted.
Easy code! ;)
Source: https://habr.com/ru/post/224263/
All Articles