How to crack AES-128 encryption used in WinRar?
Asked Answered
I

3

9

I'm trying to crack winrar's password using some methods as explained below.

Because rar uses AES-128 encryption, brute-force and dictionary attacks are useless as they would take years.
But, if we convert a password-protected rar file into an SFX archive (I'd prefer to winconsole because GUI takes much memory) that is an EXE format, I'm quite sure that it would be out of protection from winrar's gates.
Even then rar writes the encryption keys to that exe file.

So, if we could use an exe debugger or disassembler, can't we knock out the key that contains the password?
I used w32dasm, olly dbg & pe explorer to modify these exe files.
All I could find are the strings like "Extracting, CRC failed, Encrypted" and some other things. I used several sfx archives as test files (with different passwords) and tried it through disassembly. Those hexadecimal keys are looking quite similar!

So do I need a better disassembler or debugger? OR, someone tell me that if this method is useless and why?

Another question.. Does this following image has any link to winrar encryption? If yes, please explain how.. It would be very helpful. enter image description here

Ion answered 4/8, 2012 at 10:29 Comment(7)
The problem with any sort of useful response to this request is that we cannot be sure that what you are attempting is legal and moral. Lawyers being what they are, they could possibly come after us for assisting you in any way. We wouldn't even be able to say that we are being paid to do it - we would have no defense.Motorbus
@MartinJames well following that logic...for any well known attack that hackers use, we may blame famous computer scientist just for publishing them...the whole crypto world should be punished because they are working with things like that...is that true?Weary
@VictorS. off-topic: philosophy. TBH, I don't care as long there are no lawyers banging on MY door, no process-servers forcing papers on me or TLA's taking an unwelcome interest in my life. I am content with my position on this matter.Motorbus
Came here for the blogpost! haha still nicer than mine but I'm still new here.Laurenlaurena
@Laurenlaurena which blogpost? context please!Spill
@Jonathan I mean, link from the blog post.Laurenlaurena
For the record, the OP may have been referring to an installer that uses the RAR library. In that case, the password would be embedded in the executable.Dasha
M
20

When you create a password-protected SFX it does not store the password. It asks you for it.

You can't just "convert" password-protected content into not-protected content. If that was possible the encryption scheme would be completely worthless.

Molokai answered 4/8, 2012 at 11:7 Comment(4)
i didn't ask like that.. i know that password is a part of decryption key.. the keys related to that file will be compiled in the same sfx module except the password. i mentioned the word "out of protection" for accessing it, bt i didn't mean that as not protectedIon
There must be a misunderstanding. I meant that neither the key nor the password are stored in neither SFX nor rar files. Why would they be stored? This would render encryption useless.Molokai
But in basic logic there must be something stored in those files that would be in use for password comparison...Idk perhaps :DEdrisedrock
@TheBumpaster decryption does not require the correct key. It can be carried out with any key but the data will be garbled. That's why archive files sometimes store a hash of the password or of the decrypted data so that the password can actually be checked (impossible otherwise). WinRar has messed this up and only checks the password by the CRC of the decrypted data.Molokai
W
3

I think the problem is that trying to change the file to an SFX does nothing to decrypt the already encrypted content of the file hence it won't work. The data is already encrypted. Unless the data is NOT encrypted, then you would have to undergo the decryption process to get to your data no matter what you did to the file. No?

Wyatan answered 28/2, 2013 at 4:6 Comment(0)
S
1

It is not easier to attack an SFX file versus a RAR file. A RAR archive consists of your compressed and (optionally) encrypted data. An SFX file is, like RAR, a package of compressed and encrypted data, but it also includes a miniature form of WinRAR that can decrypt the packaged data after the user enters the password.

The SFX file needs your password to decrypt your data; when you enter the wrong password, it's not because it tested your password against one embedded in the file. It means that when it tried to decrypt the data with the supplied password, something went wrong. This is all due to the magic of symmetric-key cryptography: the ciphertext (packaged within the RAR/SFX archive) goes through the AES decryption using the password you entered and the result (plaintext) is exported to whatever location you chose.

In conclusion, you'd have the same luck trying to break an SFX file as you would with RAR archive.

Surcingle answered 3/11, 2013 at 4:45 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.