+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Weird behaviour when cracking RAR? (/thread-9020.html)
Weird behaviour when cracking RAR? - noobie90 - 03-07-2020
Hello,
First of all, thanks for this wonderfull piece of software. Ive been playing with it a bit and I am impressed.
However, I ran into some weird behaviour and was wondering if someone might have some insight.
I am cracking a rar file. To do this, I first generated some test files of which I know of course the password.
I noticed some of those were being cracked, some not. So I ran some tests and I noticed that rar files with longer passwords were not being cracked, even though the correct password was in the dictionary file?
I created for now several rar files (I tried attaching them, but is not allowed). The filename is the same as the password:
test.rar --> cracked
longertest.rar --> cracked
evenlongertest.rar --> cracked
evenevenlongertest.rar --> cracked
evenevenevenlongertest.rar --> exhausted
evenevenevenevenlongertest.rar --> exhausted
the process is the same everytime: extract hash with rar2john, than hashcat on extracted hash (I understand hashes need to be removed, so I did):
hashcat -a 0 -m 12500 '$RAR3$*0* REST OF HASH' password.txt
Same password file, which has the passwords (= filenames) of the above test files.
Am I missing something? Is there a maximum password length (if so, why no error is thrown, just exhausted?)?
Can anybody reproduce this maybe?
Many thanks,
RE: Weird behaviour when cracking RAR? - philsmd - 03-07-2020
Do you use --optimized-kernel-enable (or short -O) in your command ?
The maximum password length with -O is 20:
Code:
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 20it would make sense, because as far as I understand the password was "evenevenevenlongertest" that was first rejected.
In hashcat you should also see this rejection in the status prompt:
Code:
Rejected.........: 2/6 (33.33%)you could also try to use the beta version (from https://hashcat.net/beta/ , but in my opinion it would change much here, because the pure kernel already existed with -m 12500 for a long time, i.e. also latest release version had support for pass > 20)
RE: Weird behaviour when cracking RAR? - noobie90 - 03-07-2020
No, Im not using -O or optimized-kernel, the hashcat -a 0 -m 12500 '$RAR3$*0* REST OF HASH' password.txt command is all I use.
And it says Rejected 0/9 (0%), Recoverd 0/1 (0%), Progress 9/9 (100%), so hashcat does not reject the passwords I suppose?
Your comment about "evenevenevenlongertest" that was first rejected, is correct btw.
EDIT: just checked and it says when starting that the maximum password length supported by kernel is 256.
RE: Weird behaviour when cracking RAR? - noobie90 - 03-07-2020
Just compiled the newest version from github and it works now...weird because I was using the 5.1.0 binary?
Anyway, this is solved. Thanks for your help!