Page 1 of 3
Cracking RAR archives is something not yet achievable as the format has no known vulnerabilities.Let me correct that, no known vulnerabilities as far as unlocking an encrypted RAR archive without the use of a password goes. In this article we look at password cracking by dictionary attack. Along the way we explore how to turn a single threaded Perl/Tk GUI application into a multi-threaded one.
Beyond the CVE List
While other kinds of vulnerabilities like remote code execution or privilege escalation relating to consuming (Win)RAR applications exist and are well documented at CVE. But there's nothing there relating to the archive format.
Archive formats like ZIP and RAR that support encryption, more or less achieve that by using a user supplied password, possibly in conjunction with other parameters such as a Salt, IV or miscellaneous metadata. This is used to generate an encryption key (through functions like PBKDF2), which initializes the AES encryption algorithm and is subsequently used to encrypt the data. Note that neither the password nor the encryption key are stored inside the archive; instead what gets stored is the checksum of the unencrypted data which upon decryption will be compared against the checksum of the extracted data for verification.
RARv5 goes on storing the 64-bit hashed version of the password which gets checked before the decryption process begins, in attempt to become much more efficient.
The ZIP format then, uses three derived encryption keys which are used for encrypting the data, generating a message authentication hash and a key to be used for quick validation.
So the next best thing in order to unpack an encrypted RAR archive, is to guess the password by either utilizing brute force or the dictionary attack.The latter is the approach taken by the application detailed in this article, which bears the self-revealing name of "Unrar Extract and Recover".
It is the first version of the application, open source and built solely in Perl. Its later incarnation took shape in "Ultimate Extract and Recover", built in C#, which as well as a having a more advanced GUI interface, has more advanced functionality, as summarized here:
(click to expand)
There hasn't been much exploration of the subject of unpacking RAR files from a Perl perspective, as there's no library under CPAN to natively handle it. So this application offered the perfect testbed to try out something that had not been attempted before and along on the way to learn and master the language.
But that's not why we are focusing on the Perl version. however. It is rather because developing in Perl on Windows systems poses unique challenges that do not affect Windows' "native" languages such C#, due to the low level details that must be manually taken care of when using Perl. But, despite the difficulties, as always the case with Perl, it was much more fun!
Therefore at the same time that we shed light on the password cracking aspect and internal workings of the RAR format, we also go through the aspect of coding a complete multi-threaded, hybrid console/GUI application with the Tk toolkit, which calls into the Win32API, recursively handles files and directories, and leverages Win32 primitives such as Kernel events, and all that in Perl.
The full source and binary of the Perl application can be found at its Launchpad repository, while more details, documentation and media coverage on both the the Perl and C# versions can be found on the applications' home page nvglabs.com.
As hyped as "cracking" sounds, that wasn't the real reason behind the design of Unrar, Extract and Recover. Instead it was built to handle this common situation:
"I have forgotten my password, how can I recover it?
I was always finding the operation of choosing a compressed file or files by left clicking on them, then right clicking to extract the contents, choosing an extraction directory, and then having to provide a password (if it was password protected), at least cumbersome. Though there are other ways for doing the same thing, none of them was intuitive and I thought that there could be an easier way where the UI won't get in your way and won't waste so much time.
Nowadays, with time being a commodity and compression becoming an integral part of everybody's computing life, the need for automating repetitive tasks is more pressing than ever.
Thus UE&R was born to help with the repetitive operation of extracting .rar files while saving valuable time. And since I am a fan of 'the keep it simple' principle I gave the application 'fire and forget' functionality. Place your files together, choose an input and output directory and just click 'Go'. Of course this basic functionality is coupled with other convenient options such as to 'Delete extracted files' or 'Map directory to archive name'.
Unrar Extract and Recover
What problems does UE&R solve?
1. Do you compress your files to save storage space? Then, when you want to extract your files are you frustrated by having to go through them one by one?
Use fire-and-forget functionality. Just point to the directory holding the archives and the software will automatically extract each one (optionally into its own subdirectory) with no user intervention. It saves you the time and the dull task of going through the files manually allowing you to use your precious time productively.
2. Do you compress and protect your valuable data/files by using a password?
UE&R frees you from having to remember individual file passwords by keeping a single password depository so letting you choose as many passwords as needed. All you have to do is keep your passwords into one file (password_file.txt), essentially called a pass-wordlist, and when about to extract just feed the program the wordlist; it will check each password one by one against all files until it finds the correct one; then it continues with the extraction as expected.
3. Another use of this software is that of password recovery. Have you forgotten the password of a password protected archive?
UE&R can retrieve the password by using the dictionary approach. Give it a wordlist with your common passwords and it will attempt all words against the archive. Once it retrieves the password it continues with extracting the archive. UE&R cannot guess the password required since it has no brute force functionality. Personally I think that the time the brute force technique takes to break a password renders the effort unworthy. I prefer using a dictionary, despite its limitations of course.
4. A pleasant side effect of its design is that it can be used as an automated file integrity validation tool. When batch processing your files it checks for broken multipart files, files with corrupted headers, CRC errors, etc and logs all errors into a text file; hence it enables you to check that your files are valid without requiring your attention.
The interface indicates most of the facilities.
Extracting a RAR
(Click images to expand)
You can download Unrar Extract and Recover here.