Word – How to recover the password of a RAR file on Mac OS X

encryptionhashingpassword-recoverypasswordsrar

I'm running Mac OS X 10.6.2 and have been handed a couple of old files that need to be extracted. Old backups or finances or bills I believe. They are RAR files, and password protected. Is there a way to extract the hash from these files so I can feed it into John The Ripper or Cain and Abel?

Edit

I have downloaded cRARk, but unfortunately nothing I have (SimplyRAR, RAR Expander, The Unarchiver) will extract it without a password. Can someone verify that I'm crazy and there is no password on the Mac version?

Best Answer

You can bypass the hash extraction altogether and use cRARk instead. cRARk is a freeware command-line RAR password cracking utility available for Windows, Mac and Linux. It is also designed to work with CUDA so you may want to take advantage of that if you have a powerful GPU.

One caveat is that it will take very long to crack an archive if you know nothing about the password, and it is > 6 characters in length. If you do know a small detail about the password, such as the approximate number of characters, it allows you to input that as a switch to dramatically shorten cracking time. Even though cRARk is one of the fastest RAR crackers out there using extremely optimized MMX & SSE code, this holds true for any brute force application. When cracking longer passwords, it will take a substantially longer amount of time due to the myriad of possibilities to try.

Here's a sample run of cracking the password 'john':

C:\>crark.exe -c -l4 -g4 Chap7.rar
     cRARk 3.2d (CUDA enabled) Freeware
    Copyright 1995-2001, 2006-09 by P. Semjanov,
         http://www.crark.net
     portions (c) 1993-2005 Eugene Roshal
 (c) PSW-soft Password Cracking Library PCL v. 2.0d by P. Semjanov


Testing archive Chap7.rar : version 2.9
Testing     Chap7.rtf
Choosing best crypto functions.................................................
Chosen: ASM  (Prescott/AMD), SSE2 (P4/Core 2) (-f1114)
Ticks per password expected = 40438280, theoretical = 27000000, CPU rate = 0.67

Processing line 56 of password definition file...
Testing 4-chars passwords ...
ckdk
Passwords tested = 42000 (time = 3:45.00, rate = 186 p/s)
elka
Passwords tested = 78000 (time = 6:58.99, rate = 186 p/s)
john - CRC OK
In hex (PCL style): \6A \6F \68 \6E
Passwords tested = 167844 (time = 15:02.38, rate = 186 p/s)
Total     tested = 167844, slow tests = 20914

Not too shabby ;)