Cracking Encrypted RAR Files Analysis

How to Crack an Encrypted RAR File?

Trying to bypass or remove the password? Sorry, any methods claiming to do so are most likely scams.

Currently, the only way to crack an encrypted RAR file is through brute force.

About Brute Force Cracking

Passwords are never stored in plain text — what is stored and used for verification is a hash generated from the plain text password.

Using specific algorithms, a plain text string can be converted into a fixed-length hash value, which is typically irreversible, making it impossible to recover the plain text from the hash.

Here is a simple example. The following are some plain text passwords:

abcd
andy2020
1234
+ouHfgeoY8+/M7wtzzgj

After being encrypted using SHA256, they become:

88d4266fd4e6338d13b845fcf289579d209c897823b9217da3e161936f031589
0285c86bb5f5b7e7828b18328bd0fe79da92b9f3cc89f296392a4fbeac6bd748
03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4
774eb56fda08df64bf8006e53fd69f8a82e615cfa61bc17fb1ef2fd4d9984e1a

Just by looking at the fixed-length encrypted ciphertext, it is impossible to tell the complexity of the plain text password.

To crack these fixed-length hashes, brute force is the only option.

Strong vs Weak Passwords

Before attempting brute force, let's do a simple mathematical calculation.

Each character can come from the following sets:

As a result, the difficulty of cracking a password increases exponentially with its length. If the password includes Chinese, Japanese, Arabic, or other languages, you can forget about it — it would take longer than the next big bang to crack.

So, What Are the Methods?

• Social Engineering: The most effective way to crack a password is to target the person who set it.
• Cloud Cracking: If you want to attempt to crack a strong password, unfortunately, it's nearly impossible. However, you can try your luck on cloud cracking websites (usually paid) that have more powerful computing resources and possibly useful decryption libraries.
• Local Cracking: This is the main focus of this article. There are many software tools available to crack RAR files.

Local Cracking Software

• BandZip
• PassFab for RAR
• TrueCrack
• ..........

However, these are either paid software or outdated, and their effectiveness is far behind that of current mainstream open-source cracking tools like hashcat.

hashcat supports CUDA computation and is the fastest and most advanced password cracking tool in the world. It has an active community, detailed documentation, and timely updates.

Below is a brief introduction to how to use this toolchain to crack an encrypted RAR file.

john + hashcat

hashcat is used to crack hashes. So how do we find the hash of an encrypted RAR file?

For this, we use a small tool provided by john called rar2john, which extracts the password hash from a RAR file.

Download hashcat: https://hashcat.net/hashcat/

Download john: https://www.openwall.com/john/

rar2john

The following process is done on a Windows 10 platform:

Download the john release and find run\rar2john.exe.

Execute this on an encrypted RAR file (password: abcd):

.\rar2john.exe "D:\Users\Desktop\1.rar"

The program will extract the hash and output the following:

D:\Users\Desktop\1.rar:$rar5$16$36fe9da24ec2f10020ba8a989370c697$15$7d2ce8243b92cc889393233fdba54896$8$72203c88592c67e4

Crack Start!

Copy the hash obtained from rar2john and execute:

.\hashcat.exe -m 13000 -a 3 '$rar5$16$36fe9da24ec2f10020ba8a989370c697$15$7d2ce8243b92cc889393233fdba54896$8$72203c88592c67e4' ?a?a?a?a

This initiates a mask attack for RAR5 to find a 4-character random password.

Note that in Bash and Powershell, the `$` symbol represents a variable, so it must be enclosed in single quotes to be used correctly.

Check the Current Status:

Notice that a 4-character password brute-force attack requires trying 81,450,625 times. With the performance of my GPU, it will take about 2 hours to crack.

From this, we can infer:

• 5-character random: 8 days
• 6-character random: 25 months
• 7-character random: 198 years
• 8-character random: 18.6 centuries

If there are clues about the password to narrow the random range, it will save a lot of time.

And this is the worst-case scenario; who knows, maybe you’ll get lucky?

For instance, I cracked the password "abcd" — which was expected to take 2 hours — in just 14 minutes...

How to Strengthen Your Password?

Having discussed cracking, let's talk about countermeasures.

A popular solution today is to randomly generate strong passwords and use password managers (e.g., Bitwarden, 1Password, etc.). Based on this approach, I don’t know the passwords for the hundreds of websites I have accounts on (even if I'm kidnapped, it won’t help).

Here is a simple way to generate a random password:

openssl rand -base64 16 # Generates a 16-character random password

Additionally:

It is important to note that some local encryption software (e.g., WD Security) may be nearly impossible to crack.

If you forget the password, no one — not even a god — can help you...