Token length exception with RAR hash – what am I doing wrong?

[Olek_michdoch]

Hello everyone,
I’m trying to crack my own RAR archive with hashcat, but I always get this error:


Token length exception
No hashes loaded.

I extracted the hash using
rar2john
. The hash starts with:


$RAR3$*1*...

So I’m using:


hashcat -m 12500 hash.txt

But no matter what I do, hashcat always says the token is too long or malformed.
What I already tried:

• Removed the filename from the hash
  
• Removed everything after the hash
  
• Made sure the file contains only one single line
  
• Tried different editors (Notepad, Notepad++, etc.)
  
• Re-extracted the hash multiple times with rar2john
  

Still the same error.
Questions:

• Is there a maximum length for RAR3 hashes in hashcat?
  
• Can a very large archive produce an invalid or unsupported hash?
  
• Is there a specific format that hashcat strictly expects for RAR3 hashes?
  
• Could it be that the hash is incomplete or broken even though rar2john generates it?
  

If someone can explain exactly what causes the “Token length exception” with RAR hashes or what to check, I’d really appreciate it.
Thanks a lot!

[Olek_michdoch]

I also tried mode 23800, because I thought maybe it is a compressed/encrypted container:

hashcat -m 23800 hash.txt


But I get exactly the same result.

[zamgold]

Maybe, hash is too long.

[b8vr]

Rar2john creates a hash like "filename:hash" if I remember correctly.  Make sure to edit out the "filename:" part.

Or if my memory on that is wrong, then it adds the filenames living inside the RAR container at the end of the hash like "hash:filename1:filename2:etc". If that's the case, edit away the filenames at the end.

Then run "hashcat --identify <hash>"