Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-07-2005, 22:18
abccc
 
Posts: n/a
question about winrar passwords

hi , I have learned alot in this forum and I still learnning >> so thank you evryone .... and please execuse my bad english

I forgot a password in a protected rar file... I know there are some software to recover that but they take long time and my question >>>

is it possible to find out a password for a rar or zip document using ollydbg

if yes are there any tutorials in the net about that .. thanks

Last edited by abccc; 04-07-2005 at 22:20.
Reply With Quote
  #2  
Old 04-08-2005, 00:36
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
Hi
This is one of the question that is asked too much.But I should say that attacking
to a rar or any other compressing ways theoricaly has no way except Bruteforce or
dictionary attack(If it developed well such as rar and zip).
Because algorithm is too simple,You add a signature in for example start of file and then
encrypt all the file.When you want to decrypt it,after decoding some blocks of file if the
signature was wrong that means you enter the password wrong and in this way there
is no need for saving password in file and attacking to it is similar to attacking an encryption
algorithm(It is a way that can be used,I didn't know rar or zip algorithms but they should
be similar).

sincerely yours
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #3  
Old 04-08-2005, 08:27
fsheron
 
Posts: n/a
If the password is given by you. Create a possible dictionary and use bruteforce to crack will be helpful.
Reply With Quote
  #4  
Old 04-08-2005, 21:45
abccc
 
Posts: n/a
Hero, fsheron thank you very much for quick response..
Reply With Quote
  #5  
Old 04-17-2005, 02:43
FKMA
 
Posts: n/a
But if your rar version is >= 3.0 , you may get very-very long time to bruteforce because of use a new algorithm in v3.0+
Reply With Quote
  #6  
Old 04-17-2005, 11:51
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
Because Winrar in that version uses powerfull AES algorithm for its password.
But there is no other way except bruteforce or dictionary attacks.

sincerely yours
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #7  
Old 04-17-2005, 20:55
visu
 
Posts: n/a
Just to complement this answer, this is also same for WinZip.
Reply With Quote
  #8  
Old 04-17-2005, 23:46
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
Hi visu
That's right that I heard that WinZip uses AES too,But I don't know why its
best bruteforce password finder can work with too high speed for it.
It can test almost 2 million passwords per second!
Any idea why these two is that deferent?(winrar check almost 700 pps)

sincerely yours
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #9  
Old 04-19-2005, 05:55
amitophia
 
Posts: n/a
2Hero:
The main performance fall not in AES encrypting itself but in generating encryption key. The last one takes long time when using WinRAR.
You can speed up WinRAR breaking by brute-forcing decryption key, not password. But it'll make no sense due to a very big number of possible keys
Reply With Quote
  #10  
Old 04-19-2005, 12:15
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
hi amitophia
I'm not a professional in encryption algorithms,but I know that AES is an symmetric
algothirm,that means the encryption and decryption keys are the same.
What do you mean by:
Quote:
You can speed up WinRAR breaking by brute-forcing decryption key, not password.
You mean that password is deferent by the AES encryption/decryption keys?
(I always think that they should get the AES 128bits key by making a simple
padding from your password.)

sincerely yours
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #11  
Old 04-20-2005, 04:42
amitophia
 
Posts: n/a
2Hero:
You mean that password is deferent by the AES encryption/decryption keys?
No-no. When I said "ecnryption/decryption key" I just meant different roles of the key in apporpriate processes. Sorry for misleading you

by making a simple padding from your password
Actually this "padding" is calcualtion of hash from the password. And it shouldn't be simple to be invulnerable to brute-force attacks. The faster (simpler) hash is calculated, the faster brute-force can be done.

Last edited by amitophia; 04-20-2005 at 04:46.
Reply With Quote
  #12  
Old 04-27-2005, 17:02
swlepus
 
Posts: n/a
it is impossible to recovery files from a winrar v3 password protected file. unless you have a very powerful machine.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sth. about InnoSetup's passwords cnbragon/iPB General Discussion 10 02-10-2006 08:17
Bypassing rar passwords? Rhodium General Discussion 2 11-04-2003 21:34
Encpyted passwords SLIM SLIM General Discussion 5 12-17-2002 23:28


All times are GMT +8. The time now is 23:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )