23

I'm running Mac OS X 10.6.2 and have been handed a couple of old files that need to be extracted. Old backups or finances or bills I believe. They are RAR files, and password protected. Is there a way to extract the hash from these files so I can feed it into John The Ripper or Cain and Abel?

Edit

I have downloaded cRARk, but unfortunately nothing I have (SimplyRAR, RAR Expander, The Unarchiver) will extract it without a password. Can someone verify that I'm crazy and there is no password on the Mac version?

Chindraba
  • 1,963
  • 1
  • 11
  • 25
Josh K
  • 12,747
  • 7
  • 41
  • 58
  • oddly enough, unrar & 7z on linux extract a bunch of files from the crark RAR, *then* prompt for a password. the included README file indicates the password is on purpose, to allow testing the utility: "You also may test the cracker on this archive. Run: `crark -pcrackme.def crark31.rar`" – quack quixote Feb 22 '10 at 05:54
  • ... so it sounds like you need a better RAR extraction utility, that will extract the unprotected files before prompting for the password. :) – quack quixote Feb 22 '10 at 05:56
  • tried unrarx? http://www.unrarx.com/ – o0'. Feb 24 '10 at 10:28
  • 3
    I just d/l'd crark33 for OSX, and the rar password is crark33. Guess i'm a good guesser :-) – Carl Witthoft Oct 09 '12 at 21:44

1 Answers1

33

You can bypass the hash extraction altogether and use cRARk instead. cRARk is a freeware command-line RAR password cracking utility available for Windows, Mac and Linux. It is also designed to work with CUDA so you may want to take advantage of that if you have a powerful GPU.

One caveat is that it will take very long to crack an archive if you know nothing about the password, and it is > 6 characters in length. If you do know a small detail about the password, such as the approximate number of characters, it allows you to input that as a switch to dramatically shorten cracking time. Even though cRARk is one of the fastest RAR crackers out there using extremely optimized MMX & SSE code, this holds true for any brute force application. When cracking longer passwords, it will take a substantially longer amount of time due to the myriad of possibilities to try.

Here's a sample run of cracking the password 'john':

C:\>crark.exe -c -l4 -g4 Chap7.rar
     cRARk 3.2d (CUDA enabled) Freeware
    Copyright 1995-2001, 2006-09 by P. Semjanov,
         http://www.crark.net
     portions (c) 1993-2005 Eugene Roshal
 (c) PSW-soft Password Cracking Library PCL v. 2.0d by P. Semjanov


Testing archive Chap7.rar : version 2.9
Testing     Chap7.rtf
Choosing best crypto functions.................................................
Chosen: ASM  (Prescott/AMD), SSE2 (P4/Core 2) (-f1114)
Ticks per password expected = 40438280, theoretical = 27000000, CPU rate = 0.67

Processing line 56 of password definition file...
Testing 4-chars passwords ...
ckdk
Passwords tested = 42000 (time = 3:45.00, rate = 186 p/s)
elka
Passwords tested = 78000 (time = 6:58.99, rate = 186 p/s)
john - CRC OK
In hex (PCL style): \6A \6F \68 \6E
Passwords tested = 167844 (time = 15:02.38, rate = 186 p/s)
Total     tested = 167844, slow tests = 20914

Not too shabby ;)

John T
  • 163,373
  • 27
  • 341
  • 348
  • +1 better than my answer and missed the osx tag – William Hilsum Feb 19 '10 at 19:58
  • I'll give it a try. Was kinda hoping I'd get an answer before putting the bounty on. :) – Josh K Feb 20 '10 at 05:40
  • @Josh sorry about that! This was my first time seeing the question, adding the bounty bumped it to the top of the page. – John T Feb 20 '10 at 05:56
  • @John: Hey, no problems. I get an answer, though it doesn't look like the added rep will leave a mark on you. – Josh K Feb 20 '10 at 07:38
  • 1
    @Josh when using cRARk it comes with a 'crackme' file. You can extract everything else in the file just fine. The crackme is for you to test the program. – John T Feb 20 '10 at 14:36
  • 2
    Does anyone know the syntax for doing it on the Mac? I can't work it out... Thanks! – Joe Mar 05 '11 at 10:23
  • 1
    For Mac is something like "./crark-hp -c -l4 -g4 ../YOURFILE.rar" – rafa.ferreira Dec 12 '19 at 10:54
  • @Johnt what's password of downloaded file from `crack.net`? when i try to un-compress archive, that try to getting password – DolDurma Jan 18 '21 at 15:02