Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 23 Sep 2020 09:31:56 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: rar2john multiple rar file parts

Hi Lasse,

> > On 2020-09-18 00:52, Lasse Ibsen wrote:
> > >Hey, very simple question. How do I use rar2john with multiple parts to a
> > >rar file? eg. test.part01.rar.. test.part99.rar ? When ever i use rar2john
> > >on a single file i get the right hash, but when i use it on parts i don't.

Can you give this another try and provide more detail on how that
archive was generated (what tool, what options), how exactly rar2john
fails on its parts, and what version of JtR you're using?

You might want to also create a test archive with a known password, and
try rar2john on its parts.  This way, you would know exactly how the
archive was generated and whether rar2john works on that right or not.

We're now tracking the issue you reported here:

https://github.com/openwall/john/issues/4346

but without further information from you we can't do much about it.

oayz writes that rar2john just works on archive parts, so perhaps
there's something different in your case.  Note that oayz uses a version
slightly newer than our 1.9.0-jumbo-1 release, although I doubt that
difference matters in this case (I'm not aware of a relevant change).

The only post-release change to rar2john itself is this:

commit 4ef1ef28f91034cebce396f81456c540f00355ab
Author: magnum <john.magnum@...hmail.com>
Date:   Mon Feb 3 11:56:37 2020 +0100

    Strip ':' from login fields produced by *2john tools.  Closes #4200

Anyway, you can get a recent automatic build for Windows by clicking
through the "Download Windows Build" badge in our README.md here:

https://github.com/openwall/john
 
Alexander

On Sat, Sep 19, 2020 at 04:50:46AM +0000, oayz wrote:
>  I see no problems. Using command line RAR under Windows 7:
> RAR 3.61   Copyright (c) 1993-2006 Alexander Roshal   14 Sep 2006
> as
> > rar a -v1000 -hpMyPass rarfile filesdir\*.*
> 
> 
> getting 60 rar parts 977kb each
> using rar2john.exe from
> John the Ripper 1.9.0-jumbo-1+bleeding-e1362a0 2019-10-25 13:27:48 +0200 OMP [cygwin 64-bit x86_64 SSE2 AC]
> 
> 
> as:
>  > rar2john.exe rarfile.part01.rar > rar2john.exe rarfile.part10.rar 
> > rar2john.exe rarfile.part60.rar 
> 
> 
> getting
>  rarfile.part01.rar:$RAR3$*0*f04f0dd9963bd69b*8a9f6b99a352470292ee23cc67260141:0:::: rarfile.part01.rar
>  rarfilepart10.rar:$RAR3$*0*8b5d156b052880a6*cf7d0c69a98b33ea8f83c85034583fc8:0:::: rarfile.part10.rar
>  rarfile.part60.rar:$RAR3$*0*d3335c13768340f7*e4d207ae3ec581ac39dd0e4c03a81492:0:::: rarfile.part60.rar
> 
> 
> As you can see any of rar parts work, hashes are different
> I've heard there is older RAR (older than mine?!) which uses different naming scheme:
>  rarfile.rarrarfile.r01
> rarfile.r60
> 
> 
> Also there is WinRar and WinZip which may work differently that command line RAR.
> 
> 
> Hope this helps.
> Thanks!/oa

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.