Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Feb 2013 21:33:55 +0530
From: Dhiru Kholia <>
Subject: Re: RAR Cracking with JtR Jumbo (Files found during forensics)

On Wed, Feb 13, 2013 at 9:16 PM, Nicolas Brulez
<> wrote:
> This is what i got from rar2john:
> $rar3$*0*deaac5fe718c2eb0*ca36e398cc9ea2c54cfd92d378a84fe7
> $rar3$*0*97c9bc9cbc1e00ac*92d09807b3932d3d9ad4fbb80a06c29e
> $rar3$*0*7d1ac6125f295a5a*c48559081a762e1a6db410e21e786881

RAR files corresponding to these hashes were generated using "rar -hp
..." command which means that even the filenames are encrypted.

Even WinRAR cannot strip the SFX module from such RAR SFX files.

Can you share your method / steps for extracting the actual RAR
archive from a WinRAR SFX file in more detail?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.