Hi, I want to develop a password cracker tool. For example I forgot a winrar password. I run this tool and How can I understand whether I have found password or not. I mean that where is the winrar password or hash in rar file. It is clear that I can not find winrar password as clear text so where is stored WinRAR password in rar file. I wonder this situation the other file types such as word, excel, power point ext.
How to check this is true password
|
10-09-2014, 03:30 PM
RAR archives do not contain a password hash. Rather, the password supplied by the creator is passed through a password-based key derivation function, which is used to generate an encryption key. The RAR archive is then encrypted using this key.
To validate that you have a correct password, you will need a known plaintext-ciphertext combination. You will pass each password candidate through the key derivation function, and use the resulting key to decrypt the ciphertext. If the decrypted ciphertext matches the known plaintext, then you know you have found the correct password. This is not only true of RAR, but of all "non-hash" formats.
10-09-2014, 03:56 PM
Thank you for your reply. I understand that RAR archives do not contain a password hash. I understand that I must use API to read winrar or word or excel ext. isn't it? (I use c++)
10-10-2014, 08:29 AM
I have examined some password recovery tools but I do not enter any known plaintext. What can you say about this.
10-15-2014, 03:13 AM
In case of RAR there is a CRC of the original file stored in the archive. Instead of looking for known plaintext, you do a CRC of the full decrypted and inflated file and see if it matches. For large files, this is very slow so you want early rejection. Early rejection can be made by decrypting just a block or two and analyzing the Huffman encoding. That is tricky sh!t, believe me.
|
« Next Oldest | Next Newest »
|