+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: RAR 2.0 support (/thread-11802.html)
RAR 2.0 support - Gawrion - 02-02-2024
I couldnt find a pass for my old (1996) rar file but i knew it was simple. I suspected JTR generated bad hash so i made an experiment.
I downloaded winrar2.0 and winrar3.0. I compressed the same simple txt file with the same password - with 2.0 and 3.0.
JTR gave me different hashes for both rar files.
-for 3.0 gave me hash with random salt
-for 2.0 gave me hash with "0000000000000000" salt.
Both hashes had the same valid syntax - due to hash types list.
I could crack 3.0 hash in JTR and hashcat.
I couldn't crack 2.0 hash in JTR and hashcat.
I suspect JTR gave me bad hash. Magnum! Can u help me?
It's a 20 minutes for u to make a change to rar2john
Here is a quick image with comparison of both rar files and their hashes.
![[Image: rar2-0-rar3-0.png]](https://i.postimg.cc/NMhG6MH2/rar2-0-rar3-0.png)
RE: RAR 2.0 support - Snoopy - 02-02-2024
you know this is the hashcat forum, not john the ripper right?
how about opening a bug request on JtR github?
RE: RAR 2.0 support - Gawrion - 02-05-2024
Snoopy. My case is also about hashcat and could be used to improve hashcat (for example for improving logic for rar hash analyzing alghoritm). U know that people using hashcat for rar cracking take hashes from JTR? U know that ppl use this tools together? Before posting i tried to search google for my case. This post will be very helpfull for people trying to crack some old rar2.0 passwords.
RE: RAR 2.0 support - raummusik - 04-27-2025
Good point , also forgot a password from several 2.x archives initially generated 20 years ago - wondered about the extracted 16x0 salt .
another discussion of the same behaviour if someone else runs into this :
https://hashcat.net/forum/thread-6635.html
and there we go : https://github.com/openwall/john/issues/5271
Regards
ben
RE: RAR 2.0 support - raummusik - 04-28-2025
(04-27-2025, 11:34 PM)raummusik Wrote: Good point , also forgot a password from several 2.x archives initially generated 20 years ago - wondered about the extracted 16x0 salt .
another discussion of the same behaviour if someone else runs into this :
https://hashcat.net/forum/thread-6635.html
and there we go : https://github.com/openwall/john/issues/5271
Regards
ben
need to correct my previous assumption that my old .rar files having 2.x format, the contents inside are from 2005 when i already used newer winrar 3.x versions.
RE: RAR 2.0 support - raummusik - 05-05-2025
(02-02-2024, 05:50 AM)Gawrion Wrote: JTR gave me different hashes for both rar files.
-for 3.0 gave me hash with random salt
-for 2.0 gave me hash with "0000000000000000" salt.
Both hashes had the same valid syntax - due to hash types list.
I could crack 3.0 hash in JTR and hashcat.
I couldn't crack 2.0 hash in JTR and hashcat.
If someone else runs into 3.0 (not 2.0) archive files but with 16x0 salt - it was possible to crack with hashcat + suitable wordlist in my case - just forgot my cheap password from 10-15 years ago ;-)