[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Sep 2020 23:20:46 +0200
From: Lasse Ibsen <lasse.w.ibsen@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: rar2john multiple rar file parts
Hey all, sorry for the late reply. We just had a death in close family and
another terminally ill, so life is a party!
I have run tests on .rar files i have made under known conditions. As it
stands for now, I can (as expected) find the password just fine with a
single file. With multiple files I have no luck, no matter whether I do. I
have put all the hashes in the same file, and john does recognize them as
different salts but cannot find the right pass. As said previously, the
hashes from each file are different. WinRar obviously knows what part of
the hashes to use, but do we have anyway of finding out?
Den ons. 23. sep. 2020 kl. 09.32 skrev Solar Designer <solar@...nwall.com>:
> Hi Lasse,
>
> > > On 2020-09-18 00:52, Lasse Ibsen wrote:
> > > >Hey, very simple question. How do I use rar2john with multiple parts
> to a
> > > >rar file? eg. test.part01.rar.. test.part99.rar ? When ever i use
> rar2john
> > > >on a single file i get the right hash, but when i use it on parts i
> don't.
>
> Can you give this another try and provide more detail on how that
> archive was generated (what tool, what options), how exactly rar2john
> fails on its parts, and what version of JtR you're using?
>
> You might want to also create a test archive with a known password, and
> try rar2john on its parts. This way, you would know exactly how the
> archive was generated and whether rar2john works on that right or not.
>
> We're now tracking the issue you reported here:
>
> https://github.com/openwall/john/issues/4346
>
> but without further information from you we can't do much about it.
>
> oayz writes that rar2john just works on archive parts, so perhaps
> there's something different in your case. Note that oayz uses a version
> slightly newer than our 1.9.0-jumbo-1 release, although I doubt that
> difference matters in this case (I'm not aware of a relevant change).
>
> The only post-release change to rar2john itself is this:
>
> commit 4ef1ef28f91034cebce396f81456c540f00355ab
> Author: magnum <john.magnum@...hmail.com>
> Date: Mon Feb 3 11:56:37 2020 +0100
>
> Strip ':' from login fields produced by *2john tools. Closes #4200
>
> Anyway, you can get a recent automatic build for Windows by clicking
> through the "Download Windows Build" badge in our README.md here:
>
> https://github.com/openwall/john
>
> Alexander
>
> On Sat, Sep 19, 2020 at 04:50:46AM +0000, oayz wrote:
> > I see no problems. Using command line RAR under Windows 7:
> > RAR 3.61 Copyright (c) 1993-2006 Alexander Roshal 14 Sep 2006
> > as
> > > rar a -v1000 -hpMyPass rarfile filesdir\*.*
> >
> >
> > getting 60 rar parts 977kb each
> > using rar2john.exe from
> > John the Ripper 1.9.0-jumbo-1+bleeding-e1362a0 2019-10-25 13:27:48 +0200
> OMP [cygwin 64-bit x86_64 SSE2 AC]
> >
> >
> > as:
> > > rar2john.exe rarfile.part01.rar > rar2john.exe rarfile.part10.rar
> > > rar2john.exe rarfile.part60.rar
> >
> >
> > getting
> >
> rarfile.part01.rar:$RAR3$*0*f04f0dd9963bd69b*8a9f6b99a352470292ee23cc67260141:0::::
> rarfile.part01.rar
> >
> rarfilepart10.rar:$RAR3$*0*8b5d156b052880a6*cf7d0c69a98b33ea8f83c85034583fc8:0::::
> rarfile.part10.rar
> >
> rarfile.part60.rar:$RAR3$*0*d3335c13768340f7*e4d207ae3ec581ac39dd0e4c03a81492:0::::
> rarfile.part60.rar
> >
> >
> > As you can see any of rar parts work, hashes are different
> > I've heard there is older RAR (older than mine?!) which uses different
> naming scheme:
> > rarfile.rarrarfile.r01
> > rarfile.r60
> >
> >
> > Also there is WinRar and WinZip which may work differently that command
> line RAR.
> >
> >
> > Hope this helps.
> > Thanks!/oa
>
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
