4.6million character hash rar file
#1
So i have a rar file, don't know the password, i'm not sure on the password or how many characters. 

I used john the ripper to get the hash being RAR3 [SHA1 256/256 AVX2 8X AES]

And the hash is about 4.6million characters, i am new to hashcat so im not sure if this means it uncrackable but i assume it relatively is. 

My main question is it crackable/bruteforce and what would be the best way of going to crack it if it is.
Reply
#2
also im not even able to run the command on cmd to even attempt cracking since the whole hash cant be posted in cmd
Reply
#3
First of all, it would always make sense to post the hash type that you are trying to crack, also see https://hashcat.net/wiki/example_hashes .
latest beta version of hashcat (https://hashcat.net/beta/) supports these types:
Code:
12500 | RAR3-hp                                          | Archives
23700 | RAR3-p (Uncompressed)                            | Archives
23800 | RAR3-p (Compressed)                              | Archives

The general data limit (and it is actually a more global/general hash line length limit) is about 320 KiB raw or around 640 KiB (in hexadecimal)... so with signature etc it's slightly below 1 MB hash line length.

This is a limitation that affects basically all hash types and has several reasons (especially the memory allocation, but also catches problems with wrong input etc).

almost 5 MiB is a lot of data and hashcat doesn't support lines within hash files that are that long. Normally, compressed data is quite small and often (depending on hash type, algo etc) you have the possibility to chose the smallest files (like in 7-Zip, PKZIP etc).
You also need to keep in mind that whenever a key is computed the whole data needs to be loaded / tested, so a very huge input is not very good in general (there are of course exceptions, because some decompression libraries are able to decide already from the first couple of bytes if the decrypted data is malformed and therefore the decryption key is wrong).
There is little that we can do here... there were some users that have some success story with patching hashcat to increase the limit (slightly) for 7-Zip and winzip, but this should be only done by advanced users and only makes sense in very exceptional cases.

Please let us know what type of hash you have, the -m hash type and start (for instance $RAR3$*1*) of the hash, would be enough to understand which type of hashes you are trying to crack. Thx
Reply
#4
(10-02-2020, 02:52 PM)philsmd Wrote: First of all, it would always make sense to post the hash type that you are trying to crack, also see https://hashcat.net/wiki/example_hashes .

latest beta version of hashcat (https://hashcat.net/beta/) supports these types:

Code:
12500 | RAR3-hp                                          | Archives

23700 | RAR3-p (Uncompressed)                            | Archives

23800 | RAR3-p (Compressed)                              | Archives


Please let us know what type of hash you have, the -m hash type and start (for instance $RAR3$*1*) of the hash, would be enough to understand which type of hashes you are trying to crack. Thx


Hi,

I have a RAR hash with this shape:

file1.rar:$RAR3$*x*xxxxxxxxxxxxxxxx*xxxxxxxxx*xx*xx*x*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*xx:x::aaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaa

Using the new beta, what part should I use?

$RAR3$*x*xxxxxxxxxxxxxxxx*xxxxxxxxx*xx*xx*x*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*xx:x::    ?


I also have the following questions:
When using HASHCAT with incremental Brute Force

hashcat -a 3 -m [hashtype] -i --increment-min=4 targethashes.list ?a?a?a?a?a?a

how can I use it with chinese, german, russian (among others) charsets?

And is there a way to continue the search when stopping and restarting again? A kind of "progress" file?

Thanks in advance.
Reply
#5
(12-01-2020, 05:52 PM)Alf71 Wrote: file1.rar:$RAR3$*x*xxxxxxxxxxxxxxxx*xxxxxxxxx*xx*xx*x*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*xx:x::aaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaa

We asked you for the beginning of the hash, including after $RAR3$...
$RAR3$*0 = files encrypted with rar -hp (both file data and headers), mode 12500
$RAR3$*1 = files encrypted with rar -p (only data), mode 23700 or 23800

Given https://hashcat.net/wiki/doku.php?id=example_hashes you'll see that a hash must start with "$RAR3$" and ends before "::". Filenames are useless.

?a = lower+upper+digits+symbols.
If you want to add (odd) characters like german, please have a look at the folder hashcat/charset/standard/German which includes characters like ÄÖÜßäöü. Just add this file (.hcchr) to your commandline; see https://hashcat.net/wiki/doku.php?id=mask_attack to get help.
Reply
#6
(12-01-2020, 06:43 PM)Mem5 Wrote: We asked you for the beginning of the hash, including after $RAR3$...
$RAR3$*0 = files encrypted with rar -hp (both file data and headers), mode 12500
$RAR3$*1 = files encrypted with rar -p (only data), mode 23700 or 23800

Given https://hashcat.net/wiki/doku.php?id=example_hashes  you'll see that a hash must start with "$RAR3$" and ends before "::". Filenames are useless.

?a = lower+upper+digits+symbols.
If you want to add (odd) characters like german, please have a look at the folder hashcat/charset/standard/German which includes characters like ÄÖÜßäöü. Just add this file (.hcchr) to your commandline; see https://hashcat.net/wiki/doku.php?id=mask_attack to get help.

Thanks. I think Hashcat do not have Chinese in the charset folder.
Reply