RAR 2.0 support
#1
Exclamation 
I couldnt find a pass for my old (1996) rar file but i knew it was simple. I suspected JTR generated bad hash so i made an experiment.

I downloaded winrar2.0 and winrar3.0. I compressed the same simple txt file with the same password - with 2.0 and 3.0.

JTR gave me different hashes for both rar files. 
-for 3.0 gave me hash with random salt
-for 2.0 gave me hash with "0000000000000000" salt.

Both hashes had the same valid syntax - due to hash types list.

I could crack 3.0 hash in JTR and hashcat.
I couldn't crack 2.0 hash in JTR and hashcat.

I suspect JTR gave me bad hash. Magnum! Can u help me?
It's a 20 minutes for u to make a change to rar2john Wink

Here is a quick image with comparison of both rar files and their hashes.
[Image: rar2-0-rar3-0.png]
Reply
#2
you know this is the hashcat forum, not john the ripper right?

how about opening a bug request on JtR github?
Reply
#3
Snoopy. My case is also about hashcat and could be used to improve hashcat (for example for improving logic for rar hash analyzing alghoritm). U know that people using hashcat for rar cracking take hashes from JTR? U know that ppl use this tools together? Before posting i tried to search google for my case. This post will be very helpfull for people trying to crack some old rar2.0 passwords.
Reply