Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Mar 2017 15:10:47 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Extracting CRC of files from RAR archive

On 2017-03-04 17:13, Юлиан Машаев wrote:
> I want to obtain few bytes from password protected RAR file, knowing all
> other bytes. I tested "brute-force" attack and I obatined 10 bytes(just
> enough for me). Now the problem is that sometimes this RAR file can be
> encrypted both data and file list. E.g. on file without full encryption
> rar2john returns:
> 2017_04_roul.rar:$rar3$**1**de8ad915db6e3d57**69ad6816*(this is
> CRC32)*19424*125278*...
> but when filelist is encrypted:
> 2017_04_roul_n.rar:$rar3$**0*
> *61f78a76817adc3d*5023d65d291834942e414015cca48084
>
> No CRC is returned :(
> Is it possible somehow to obtain it?(there is just one text file, and I
> know most of the data except few bytes)
>
> As far as I remember, CRC is also encrypted in second case, and at opening
> - both CRC and data are decrypted, then CRC of decrypted data is compared
> with decrypted CRC. Seems safe enough, but still, I would like to find some
> methods to extract checksum of the file.

I'm not sure what you are trying to accomplish. For a "rar -hp" archive, 
we decrypt a certain single block of the data and compare it with a 
static known plaintext of (hex) 'c43d7b00400700'. If it matches, we're 
done. How would knowing the CRC of some file in that blob of data make 
it any better? It would still be a known plaintext but a whole lot 
harder to find (if at all possible).

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ