05-04-2017, 06:48 PM
There are "versions" at various levels but for our purposes there's just RAR3 and RAR5 and you'll see it in the tags of rar2hashcat/rar2john output hashes.
In case of RAR3, hashcat only supports cracking archives with header encryption (-hp option to rar). Also, RAR3 uses a UTF-16 encoded password for hashing and because of limited support for that, hashcat can't handle any character outside "Latin-1". This means that eg. Russian letters can't be cracked and there is simply NO workaround, not even ?b?b masks in this case. One day or the other I intend to fix this shortcoming and submit a PR, but it's not a trivial task.
In case of RAR5, a UTF-8 encoded password is used instead so hashcat can handle that. And I believe hashcat can attack any RAR5 archive (not just header encrypted ones).
JtR can handle any RAR3 or RAR5 archive AFAIK and it also supports any Unicode characters.
In case of RAR3, hashcat only supports cracking archives with header encryption (-hp option to rar). Also, RAR3 uses a UTF-16 encoded password for hashing and because of limited support for that, hashcat can't handle any character outside "Latin-1". This means that eg. Russian letters can't be cracked and there is simply NO workaround, not even ?b?b masks in this case. One day or the other I intend to fix this shortcoming and submit a PR, but it's not a trivial task.
In case of RAR5, a UTF-8 encoded password is used instead so hashcat can handle that. And I believe hashcat can attack any RAR5 archive (not just header encrypted ones).
JtR can handle any RAR3 or RAR5 archive AFAIK and it also supports any Unicode characters.