Download the password-protected archive. How to hack an archive using Advanced Archive Password Recovery. Basic types of attacks

You know the situation when you archive a file with a password, and then realize that you have forgotten it. You're going through everything possible options, and the result is zero. Tens and even hundreds of attempts were unsuccessful. What to do?

Since such situations occur quite often, the idea arose to write an article on how to bypass a password in Winrar. Only effective ways hack archived data - and no amateurism!

What is needed for this?

Of course, the reader will ask the question: is it really possible to hack archived data? Our answer is both yes and no.

  • Why yes? When the archive belongs to you, and you have at least an approximate idea of ​​what is written in the password (number of characters, Russian or English letters), the likelihood of bypass is high.
  • Why not? If we are talking about an archive downloaded from the Internet with a password, and even consisting of 8+ special characters, then no. But why? Modern archivers encrypt archives flawlessly. It was in older versions of Winrar that there were holes that made it possible to almost instantly guess the password for any archive. Today, all this is unlikely to work, so we have to use character enumeration.

There is the following pattern: the more powerful and modern your computer, the higher the likelihood of hacking an archive file.

When we say powerful, we mean modern processor, a charged video card (or better yet, several at once). Selection programs use the power of the video adapter. Therefore, the better the video card, the faster you will be able to guess the password.

The processor is also important. For example, if you have a Core i3 3225, the selection speed will be approximately 250 options per minute. This is far from a record, considering how many powerful processors exist on the market today.

Downloading the hacking utility and unpacking it

Before you tell your friends “I hack archives with my eyes closed,” you need to:

  1. Find a suitable program.
  2. Learn to use it.
  3. Hack at least 2-3 archives.

This is the order in which we will work. And the Crark program will help us with this, which can be downloaded from the link http://www.crark.net

After the utility is downloaded, unpack it.

Subtleties of setting up Crark

  1. Run driver-timeout.reg to add information to the registry. This rule applies to both Windows 7 and more recent versions of the operating system from Microsoft.
  2. When a notification appears that the data has been entered successfully, click “OK” and restart the computer. It is very important to do a reboot, because the information may be entered incorrectly.
  3. Find russian.def, change the file name to password.def.
  4. Open password.def using text editor. A notepad will also work.

It is in this file that the password selection settings are written. The hash sign (#) indicates that the line will be commented out. The line $a * indicates that the password is selected among small English letters. Were there small and large letters in the password-protected archive? The [$a $A] * construction will help you figure out the password.

Surely there were also numbers, right? If yes, write the combination [$a $A $1] * in the opened file. How to open an archive in which the password consisted of large/small letters, numbers, and special characters? That's right - write a new combination [$a $A $1 $!] *

That is, we write down everything unnecessary with the # icon, and customize what we need to suit our needs. The task is simplified when the user remembers at least part of the password. To crack it, the Pass $1 $1 construction is introduced. Calculating only the last two digits will speed up the search.

How to hack an archive correctly?

  • Unpacking the downloaded archive.
  • Run the cRARk GUI.exe file.
  • Even if a security warning appears, click “Run” anyway.
  • Click Set cRARk directory. You must specify the directory where crark was unpacked. In our case, this is the crark50 folder, you can have any other one.
  • Search for the Password Definition File section, which has a drop-down menu. Open it and select Password (the file that we configured earlier).
  • Click Search, specify the path to the password-protected archive.
  • Click Start. Wait for the application to guess the password. We are waiting for the result!
  • When the archive is encrypted, be sure to select CRARK-HP. To receive an encrypted archive, it is important to check the “Encrypt file name” checkbox when setting the password.

We have just looked at how to open an archive file with a password using free application Crark. The utility turned out to be not only powerful, but also quite fast. In many ways, it outperforms paid competitors. The only thing you really have to sacrifice when using the program is free time.

And one last thing. Take the time to fine-tune the utility. This will save you several days of free time that you would have to spend waiting for a complete search.

Open the Advanced Archive Password Recovery archive:

  1. You can open a password-protected archive by brute-forcing the passwords, unless of course you remember the password. Depending on the power of your computer and the password you set (password complexity), it will take time to complete the selection. If the key is light, for example, consists of three characters, then you can open it in 5 minutes; if the password exceeds 6-8 characters, then you can try it for 4 days. But in the end you will still be successful and you will open the archive. Personally, I tried 2 times and they all justified brute-force password cracking.
    2. How to brute force a password?
  2. There are many programs on the Internet for brute-forcing passwords, some paid and some without paid, they are limited in the number of characters in the password. Let’s say they won’t sort through more than 4 characters, paid ones work without restrictions, adding some more useful features. I was going through forgotten password of 12 characters for 4 days, my computer did not turn off while searching. But it doesn’t matter since the computer is powerful, I could perform other operations I needed. I am working with the Advanced Archive Password Recovery program which can be downloaded from the official Elcomsoft website and many others useful programs to select passwords. To be honest, I performed two searches on it and they all ended in success.
    3. Advanced Archive Password Recovery Review:
  3. Let's see how to work with Advanced Archive Password Recovery. After installing the program, the installation is no different from other program installations. After launch, you will see a window with a lot of settings, but don’t be alarmed, I’ll tell you how to set up the work to select a password for the archive:
  4. In the picture above, I have indicated with numbers what settings will be needed to brute force the password. 1.) By clicking on the button you will be asked to select the archive to open. 2.) You can either enter the line in which the path to the archive is written yourself or select the archive as in under number 1. 3.) What method to search for the password (find out) if you want to use brute force, which is much more effective, then use brute-force. 4.) Two tabs on which settings will be made, now we are on one of them. 5.) You can select all of the symbols or numbers that may be present in the archive; the search time depends on this. 6.) You can leave which letters or symbols to start searching with as is if you have no idea what the password might contain. Next, go to the second tab under number 4 labeled Length:
  5. On the Length tab, under the number 2, select the smallest value that can be password characters and the largest number of characters in the password. Click under the number 2 Start, thereby starting the process of selecting a password for the archive.

    6. Download the programs mentioned in the article:

    ARCHPR from the official website.
    ARCHPR from Yandex disk.

  6. The Accent RAR Password Recovery program will help you open a forgotten password for the RAR archive.

    How to quickly open the password for a rar archive that you forgot:

    1. The password for the archive can be opened different ways, let's say brute force passwords is when each number and letter is substituted in different combinations. In this article we will decrypt using the resources of your video card, yes, you heard right, it can also perform calculations and calculations. To do this, we need a program, you can download it from the official website, there are many more programs for opening office documents. But no matter how beautifully it was written, you still have to wait even if you have a super powerful computer.
      2. How to use the program?
    2. It’s as easy as shelling pears to use, everyone knows how to install, click everything in the normal order and follow the instructions of the installer wizard, where to which disk and all that. After the first launch, you have several days to use activated version but don’t rejoice, even though they will give you a few days to use it, it will be cut down. That is, it can only remember passwords that are made up of 3 numbers, but you need 12 numbers, well, everything like that is called a trial version. But the program is worth buying, at least in pairs with different genders!
      3. So how to use it?
    3. After installation, the program must be launched like the others and in the first window you will be asked to select the file that we will decrypt.
    4. Under the number 1, by clicking on the button, you will be asked to select a password-protected archive. I only had one archive for the experiment and I didn’t know the password for it. I could have made the archive itself and protected it with a password, but I didn’t want the test to be really fair.
    5. After a little analysis, the program will show that your archive is password-protected and the following decryption form will be applied to it:
    6. After clicking on the next button at the end of the window, in the next window you will be offered some options on how to decrypt the password, using brute force, using your dictionary, a selection mask, leaving the brute force method as it is, it’s 3x like that. But it is created by default, and if you click the next button at the very bottom, this is the method that will find out your password.
    7. They showed how to decrypt and other settings and now the program will begin decrypting. At the very bottom you will be shown the approximate time to completion and the speed of scanning using the brute force method or another method you choose. All you have to do is wait:
      8. View settings and other program functions:
    8. If you look at the program settings, you will see that the program does not take the resources of the processor itself, as in other programs, but the resources of the video card. This can be seen in the picture below:
    9. Next, you can select your dictionary through which the password will be selected.
    10. Unfortunately, not everything is decided by the program, and a big responsibility falls on your computer, how powerful it is. To be even more precise, how powerful is the video card in your PC. To select passwords in a matter of seconds, you need to do as in the video below:

We often hear that information is very expensive and that it must be protected. Actually, we will not dispute this. Indeed, very often the information stored on a computer or laptop is an order of magnitude, or even more, greater than the cost of the device itself. And what’s scary, as a rule, is not so much the loss of the information itself (for example, due to failure hard drive), how much is the loss of confidentiality, that is, making it public. Therefore, there are a huge number of utilities that allow you to encrypt information - any office application, designed for creating documents, is capable of encrypting them. But the paradox of the situation lies in the fact that for almost every type of password created by one or another application, there are many utilities that allow you to guess these passwords.

Moreover, if previously the creation of such utilities was the domain of hackers, today large companies are engaged in this, and the utilities themselves are sold for a lot of money. It certainly sounds very funny. Where have you seen hacking tools cost money? This is an encroachment on the holy of holies, on the foundations of the Internet itself! After all, there is an agreement, albeit an unspoken one, that all hacker tools are distributed free of charge.

No, we, of course, understand that you can find a corresponding crack for any such utility, but looking for a crack for a program to crack is some kind of madness! However, what are we talking about? What crack? After all, there are fashionable formulations like “password audit” or “recovering forgotten passwords.” Yes, it’s audit and recovery, and not a crack - in this case everything is decent, and the offer to shell out a few hundred bucks for a program for auditing and recovering passwords looks very appropriate. Forgot your password and want to recover it? Here is a program for this. How you will actually use this program is a matter of your conscience. However, it would be wrong to deny that such programs can be useful to forgetful users.

Anyway, enough talking! Programs for selecting passwords (or simply for cracking) exist, and in considerable quantities, and therefore we see our task as considering all the most popular utilities, comparing them with each other and ultimately answering the main question: does What is the point of protecting documents with passwords at all, and if so, what should the passwords be so that they cannot be guessed?

But, before moving on to practical steps, you should understand the fundamental operating principles of utilities that allow you to guess passwords.

General concepts of password protection

I would not like to turn this article into a reference book on methods of cryptographic file protection (especially since this topic is not new), however, in order to clarify specific terms, without which further presentation of the material will be difficult, we still have to talk a little about the basic principles used when protecting files.

So, let's assume that there is a document that needs to be protected from unauthorized viewing or editing. From the user's point of view, the only way To ensure document protection is to set a password. But as for the implementation of password protection, it can be different.

The easiest way is to store the user-set password in the document file itself. In this case, the user will gain access to the document (or to edit it) only if the password he enters matches the set one, which can be easily verified by directly comparing them. However this method password protection does not stand up to criticism - after all, if the password is stored in clear text in the document itself, then nothing prevents it from being retrieved from there. For example, it can be viewed using any HEX editor. However, despite its unreliability, this method of password protection is sometimes used, in particular in MS Office documents (Word, Excel) it is possible to use a document write-protection password, which is stored in the document itself in its pure form (in unicode). It is clear that this protection can be easily bypassed either using specialized utilities or manually.

In order to eliminate the possibility of “snooping” on a password that is stored in the document itself or in a file, a slightly more advanced method of protection is often used using hash functions of passwords. A hash function is a clever one-way transformation technique that computes a unique identifier of a fixed length for an initial block of data of arbitrary length. The peculiarity of the hashing algorithm is that, knowing the hash (the result of the transformation), it is fundamentally impossible to calculate the original data block. If we are talking about the hash function of a password, then this is nothing more than a set of bytes obtained from the password using a certain algorithm. Therefore, knowing the hash function of the password, the password itself cannot be calculated. Actually, the impossibility of decrypting a password using its hash function (implementation of the reverse transformation) is inherent in the concept of one-way (that is, only in one direction) transformation. Moreover, regardless of the length of the password, its hash has a fixed length. There are countless hashing algorithms, and besides, they are easy to come up with on your own.

Using password hashes allows you to verify the correctness of the password without storing it in the document. When using this password protection algorithm, when we password-protect a document, archive, separate file or an entire folder, the program calculates the password hash, which is subsequently saved inside the file. If it is necessary to gain access to a file, the user enters a password and the program calculates its hash function - if it matches the hash function stored in the file, then the password is considered correct and access to the file is allowed.

In Word documents, a password is used to protect the document from being changed (the document can be opened in read-only mode, and the ability to edit it is blocked by password protection). The user-set password to protect the document from being tampered with is hashed and stored in the header of the document itself. The hash length in this case is 32 bits (4 bytes).

This method of protection is also not durable. Such protection can be easily bypassed using appropriate utilities. The point is that if the hash length is only 32 bits, then the number of possible hash functions is only 232 = 4,294,967,296, which is not that much. Naturally, several different passwords can correspond to the same hash function, so with such a hash length it is not difficult to choose a suitable password, and it is not at all necessary that it will be exactly the password that was originally set by the user. In addition, using the appropriate utilities, you can change the hash in the document itself to one for which the password is known.

Absolutely the same method of password protection using hash functions is used to protect Excel documents, when the document is protected from modification using a password. True, in Excel documents there are other specific passwords that are set on a workbook or on a separate sheet (protection password against modifying the structure of the workbook, protection password for editing a sheet). The principle of password protection for editing a sheet is approximately the same as for changing a document. The only difference is that in this case the hash length is even smaller - only 16 bits (2 bytes). In this case, there are only 216 = 65,536 different hash options and finding such a password is not difficult. To see for yourself that with such protection there are many different passwords that can be used to remove the protection, try protecting the sheet with the password “test”, and then unprotecting it with the password “zzyw”.

Another type of password protection commonly used is symmetric encryption of the entire contents of a file, which involves using the same secret key to both encrypt and decrypt the data. The secret key itself is calculated based on the password.

The protection algorithm in this case is as follows. Two control sequences are stored in each encrypted document (file). The first of them is an arbitrary random sequence, and the second is a sequence obtained by mixing (hashing) the first control sequence and the encryption key calculated based on the password. That is, the second check sequence is a hash of the first sequence based on the encryption key. When checking a password, the encryption key and the correspondence of the control sequences to one another are determined. Thus, neither the password nor the secret key is explicitly stored in the document itself. The control sequences stored in the document can be removed or even replaced, but this will not allow determining the secret key and, therefore, decrypting the entire document.

This password protection algorithm with encryption is used to implement access (opening) protection Word documents and Excel. When such protection is installed, the document is encrypted using the symmetric RC4 algorithm, and not the password hash is stored in the document, but the encrypted password hash (remember the control sequences).

This protection algorithm is quite strong, and it will no longer be possible to bypass such protection at a glance.

The password length for opening MS Office Word 97-2003 and Excel 97-2003 documents is limited to 16 characters. Let's try to calculate how many possible passwords can exist in this case, taking into account that as a symbol you can use special characters (30 characters), numbers (10 characters), as well as upper and lowercase letters of both English (52 characters) and the localized alphabet ( 66 characters). In total, the number of possible characters is 30 + 10 + 52 + 66 = 158. With a maximum password length of 16 characters, we get 1581 + 1582 +… + 15816 possible combinations. This number is simply huge, and the task of trying all possible passwords in an acceptable time is not no supercomputer can handle it.

However, in this case there is one “but”! The RC4 symmetric encryption algorithm can use keys up to 128 bits long, but export restrictions on cryptographic algorithms do not allow the use of a secret key of this length. Therefore, the key used for RC4 encryption in MS Office documents is only 40 bits long, which significantly reduces the strength of this algorithm.

And if the task of selecting a password by brute-forcing all possible combinations belongs to the class of unsolvable, then it is possible to implement brute-force search of all possible secret keys on a regular PC in an acceptable time. Indeed, with a secret key length of 40 bits, the number of possible secret keys is 2,40 = 1,099,511,627,776. Trying all these combinations on a modern PC will take less than a month.

Exist special utilities(we will consider one of them later), which allow you to select not a password for a document, but a secret key and, accordingly, decrypt the document without knowing its password. This type of key attack is called a keyspace attack.

In addition to a key attack, which is guaranteed to open a document, there are other ways to open password-protected documents. The most common method is password guessing.

Different utilities provide different speeds for trying test passwords; they can also implement different algorithms for generating test passwords (types of attacks). Traditionally, there are three types of password attacks:

  • dictionary attack;
  • brute force attack;
  • mask attack.

Dictionary attack

In a dictionary attack, the utilities use an external dictionary and hashes are sequentially calculated for each word in the dictionary, which are then compared with the password hash. The advantage of this method is that it high speed, and the disadvantage is the high probability of the password not being in the dictionary. To increase the effectiveness of a dictionary attack, some utilities provide the ability to perform additional settings such an attack. In particular, you can add combinations of adjacent keys to the dictionary (such as qwert sequences, etc.), check the repetition of words (for example, useruser), the reverse order of characters in words (for example, resu), concatenation with the reverse order of characters (in particular, userresu) , truncated words, words without vowels, transliteration of letters (such as parol). In addition, you can check whether the layout is replaced with a Latin one (for example, the word “password” in the Latin layout will look like “gfhjkm”) and with a localized one (the word “password” in the Russian layout will look like “zfyitsshchkv”). In addition, when attacking by dictionary, it is possible to connect several dictionaries.

In addition, some utilities can implement a so-called hybrid attack, which can be considered a variant of a dictionary attack. When guessing passwords using a hybrid attack, several characters from a predefined set are added to each word or modification of a word in the dictionary on the right and/or left. For each resulting combination, a hash is calculated and compared with the password hash.

Brute force attack

In a brute-force attack, the generated test passwords are random combinations of characters (such as 6F7drts78). With this type of attack, you can specify a set of characters from which test passwords will be composed, as well as set the minimum and maximum length password.

It is always possible to find a password using brute-force methods - it is only a matter of time, which can be calculated in years and even centuries. Therefore, the effectiveness of this method is very, very low. Naturally, if the set of characters used for the password is known in advance (for example, only English letters and numbers, or only Russian letters, or only numbers), as well as the approximate length of the password, then this significantly simplifies the task of selecting it and makes the problem completely solvable. If nothing is known about the password in advance, then it is almost impossible to find it using a brute-force method.

Mask attack

A mask attack is a modified brute force attack and is used when there is some prior information about the password. For example, if some characters of the password are known, then you can additionally specify which characters should be present in the password (and their location), that is, configure the password mask.

Classification of programs

Utilities for guessing passwords can be divided into two classes: multi-purpose software packages that allow you to guess passwords for various types files, and specialized utilities that are focused on guessing passwords for files created by any one application. In fact, multi-purpose software packages are a collection of individual utilities (sometimes such packages provide for the use of a single shell to access individual utilities).

Among the multi-purpose software packages are AccentSoft Team (www.passwordrecoverytools.com), Passware Kit Enterprise 7.11 from Passware (www.lostpassword.com), Elcomsoft Password Recovery Bundle from ElcomSoft (www.elcomsoft.com, www.passwords.ru ) and Office Password Recovery Master v. 1.4 (www.rixler.com).

Many of the utilities included in the Elcomsoft Password Recovery Bundle can be purchased separately.

With the exception of Office Password Recovery Master v. 1.4, all packages are paid, and only on the website www.rixler.com you can find the mark: “These programs are distributed absolutely free of charge in the territory of Russian Federation and CIS countries."

If we talk about specialized utilities focused on selecting passwords for individual applications (for example, RAR archives, PDF files, etc.), then there are quite a lot of them, both in paid and free versions.

Next, we will look at several of the most popular packages and individual utilities that allow you to guess passwords for various files. However, when talking about multi-purpose packages, you should keep in mind that some of them (for example, Elcomsoft Password Recovery Bundle and Accent Office Password Recovery v2.50) include dozens of different utilities. However, in this article we will consider only those utilities that allow you to select passwords for DOC, XLS, MBD, PDF, RAR and ZIP files.

To test all packages and utilities, we created several test files protected with passwords (Table 1). All password guessing utilities used a brute force attack, that is, it was assumed that the combination of characters we used was not in the dictionary. In addition, in order to somewhat simplify the task and save time, we used a predefined set of characters, namely lowercase Latin letters. The minimum password length was set to six characters.

Table 1. Test results of Accent Office Password Recovery v2.50

Password type

Opening password

Change password

Instantly

Opening password

Change password

Instantly

General password

Instantly

The files Open.doc, Write.doc, Open.xls, Write.xls and Test.mbd were created using the package Microsoft Office 2003; WinRAR 3.62 was used to create the Test.rar file, WinZip Pro 10.0 was used to create the Test.zip file, and Adobe Acrobat Professional 7.0 was used to create the Test.pdf file.

All utilities were tested on a computer with a dual-core processor Intel Core 2 Duo E6600, equipped with 2 GB DDR2-800 memory.

Accent Office Password Recovery v2.50

The first package we are considering - Accent Office Password Recovery v2.50 from AccentSoft Team (www.passwordrecoverytools.com) - is multi-purpose and allows you to recover passwords for documents created by Microsoft Office applications: Access, Excel and Word. This package is shareware. The demo version of the program has a significant limitation: it allows you to recover passwords with a maximum length of four characters. A fully functional registered version of the package costs only 400 rubles. In addition, the Access Password Recovery, Excel Password Recovery, Word Password Recovery and Money Password Recovery utilities included in the Accent Office Password Recovery v2.50 package can be purchased separately.

Accent Office Password Recovery v2.50 has a simple and intuitive GUI(Fig. 1). Most of it is occupied by the information window, which displays the program's actions. Below it is a help window containing short tips. The program is controlled through a menu system. In addition, all the main capabilities of menu items are duplicated by buttons and hotkeys.

Rice. 1. Main window of the Accent Office Password Recovery v2.50 utility

First of all you need to open required file, protected by a password. After this, the information window will display the information that the program was able to find out about this file. If the file uses one of the protections known to the program, then you can begin to guess the password.

Passwords for database files created Microsoft Access versions 6.0, 97, 2000, XP and 2003 are restored instantly, which is explained by the type of protection used.

In addition, passwords for changing the contents of an XLS file created by Microsoft application Excel versions 97, 2000, XP and 2003, as well as to change the contents of the DOC file created by the application Microsoft Word versions 97, 2000, XP and 2003. Passwords for opening XLS and DOC files created by these applications require a long recovery time.

To select passwords, Accent Office Password Recovery v2.50 provides three types of attacks: brute-force attack, mask and dictionary.

When using a brute-force attack, you must specify the alphabet and range of characters from which passwords will be generated (you can choose from standard sets or create a set of characters manually). You should also set the minimum password length (no more than 15 characters), and in addition, you can specify the combination of characters with which the program will start searching (Start search with).

In the case of a mask attack (Fig. 2), which is used if part of the password is known and there is no need to go through all the options, it is possible to specify a set of characters allowed for generation for each character position or specify a specific character that is used in the password for a certain position.

Rice. 2. Setting up a mask attack in the program
Accent Office Password Recovery v2.50

In a dictionary attack (Fig. 3), in addition to the usual check, transformation of word forms read from the dictionary is provided. In the program settings, you can specify that the case of characters is changed, adjacent characters are swapped, and characters are skipped. The program allows the use of any standard dictionaries, and in addition, you can download a dictionary containing more than 3 million word forms (in Latin) from the website www.passwordrecoverytools.com.

Rice. 3. Setting up a dictionary attack in the program
Accent Office Password Recovery v2.50

In conclusion, let us turn to the results of testing the program (see Table 1). In a brute-force attack, the password generation rate is about 110 thousand passwords per second. Taking into account the fact that we set up a brute-force attack for the exact length of the password and used a character set consisting of lowercase Latin letters, the program took 8 minutes to find the password, and it would have taken 38 minutes to search through all possible combinations of five characters. It would seem that it would not take long. But... if our password consisted of eight characters of lowercase Latin letters, then it would take 22 days to try all the combinations. If we assume that nothing is known about the password in advance, then at such a speed of password search the problem will become unsolvable.

But the program, as promised, dealt with passwords for changing Word and Excel documents, as well as the database password, instantly.

Passware Kit Enterprise 7.11

Passware Kit Enterprise 7.11 from Passware (www.lostpassword.com) also belongs to the category of multi-purpose packages and is essentially a collection of 32 separate utilities. The demo version of this program is practically useless, since the restrictions are so strict that it is simply impossible to use it. The cost of a full-featured version of the package depends on its configuration (there are many configuration options) and varies from 100 to 5 thousand dollars.

To crack passwords for documents created by Microsoft Office, use the Office Key 7.11 utility, included in the Passware Kit Enterprise 7.11 package. This utility is also sold separately.

Office Key 7.11 utility

The Office Key 7.11 utility has an English-language interface, which, however, is so simple and intuitive that understanding it will not be difficult.

This utility supports password guessing for all types of Microsoft Office files: Access, Excel, Outlook, Word, PowerPoint and Visual Basic for Applications (VBA).

Working with the utility begins with setting up one of four types of attacks: dictionary, brute-force, mask-based and an attack called Xieve optimization.

When setting up a dictionary attack (Fig. 4), it is possible to specify the minimum and maximum password length, as well as check modified words from the dictionary. Modifying words means reversing the order of letters in a word (user -> resu), writing a word with a capital letter, writing the entire word in capital letters, and checking combinations when any letters in a word can be capital letters.

Rice. 4. Setting up a dictionary attack

Setting up a brute-force attack includes the ability to set a minimum and maximum password length, as well as the ability to use a password mask. When setting up a mask, you can use both individual known password characters and undefined “?” characters. For example, the mask “good???” will match the password "goodday". In addition, the “*” character can be used to replace any set of characters, for example, the “*more” mask matches the “nevermore” password.

The proprietary type of attack Xieve optimization allows, according to the documentation, to significantly speed up a brute-force attack and is nothing more than a modified brute-force attack. The modification in this case is that meaningless combinations of symbols are skipped, that is, combinations that do not carry a semantic load.

In general, it should be noted that for Russian-speaking users, the use of this attack method seems very doubtful. After all, users often use Russian words typed on an English keyboard layout as a password, and therefore represent a meaningless combination of characters.

In addition to configuring specific types of attacks, when configuring the program, you must specify the character set that will be used in all types of attacks (except for the dictionary attack). In this case, it is possible to either use predefined character sets or specify the character set manually. In the predefined character sets, you can only specify Latin letters (upper and lower case), numbers, special characters, and space. If you use Russian letters, the character set will have to be created manually.

Having configured the attacks and specified the type of attack (all types of attacks can be used sequentially), you can open an MS Office document, after which the program will immediately begin guessing passwords. Information about the document and the result of the program are displayed in the main window (Fig. 5).

Rice. 5. Main window of Office Key 7.11

During testing of the Office Key 7.11 program, it turned out (Table 2) that when using a brute-force attack, the password generation rate is 457 thousand passwords per second - this, of course, is several times higher than the generation rate in the Accent Office Password Recovery program v2.50, but it’s hardly possible to consider this speed acceptable.

Table 2. Test results of Passware Kit Enterprise 7.11

Password type

Speed ​​of password generation by brute force method (passwords per second)

Opening password

Change password

Instantly

Opening password

Change password

Instantly

General password

Instantly

General password

ZIP 2.0 compatible

Opening password

RAR Key 7.11 utility

The RAR Key 7.11 utility is included in the Passware Kit Enterprise 7.11 package and is designed to select passwords for RAR archives. The graphical interface of the utility exactly repeats the already described interface of the Office Key 7.11 utility. The methods for setting up all types of attacks are also no different from those already discussed when describing the Office Key 7.11 utility, and therefore we will not focus on them. Much more important, in our opinion, are the testing results of this utility. When using a brute-force attack, password guessing speed is only eight passwords per second. This, of course, is an unacceptably low figure, given the speed at which passwords are brute-forced this type attacks become simply pointless. By the way, we note that so low speed Password brute force is also observed during a dictionary attack. So searching through the entire dictionary will take a very long time. For example, to sort through the standard dictionary supplied with the program, containing only 45 thousand words ( good dictionaries contain several hundred thousand words), it will take 1.5 hours. Based on all this, we can make an unambiguous conclusion that this utility is absolutely useless (in any case, for guessing passwords for archives created using WinRAR archiver 3.61).

ZIP Key 7.11 utility

The ZIP Key 7.11 utility is also included in the Passware Kit Enterprise 7.11 package and is designed to guess passwords for ZIP archives. The graphical interface of ZIP Key 7.11 exactly repeats the already described interface of the Office Key 7.11 utility, but, in addition to the attack methods implemented in it (dictionary, brute force, mask brute force and Xieve optimization attack), ZIP Key 7.11 also provides ZIP-specific -archive attack methods Known Plaintext and SureZip Recovery.

The SureZip Recovery attack decrypts a ZIP archive in less than an hour, regardless of the password length and character set used. To implement the SureZip Recovery feature, you must have at least five encrypted files. Besides, this method attack is applicable only if the archive is created WinZip archiver 8.0 and earlier. For newer versions this attack is unacceptable.

The Known Plaintext attack method is used if there is at least one decrypted file in an archive consisting of several files - in this case, it is possible to decrypt all other files in the archive, regardless of the complexity of the password.

During testing of the ZIP Key 7.11 utility, it turned out (Table 2) that in the case of the brute force method, the brute force speed depends on the type of encryption of the ZIP file. Using the ZIP archiver, you can set three types of encryption: ZIP 2.0 compatible encryption, 128-bit AES and 256-bit AES. With ZIP 2.0 compatible encryption, the password selection speed is 17,535 thousand passwords per second and, naturally, password selection is not difficult. When using 128-bit AES and 256-bit AES encryption, password guessing speeds are 85 and 170 passwords per second, respectively, making password guessing an almost impossible task.

Acrobat Key 7.11 utility

The last utility we'll look at in Passware Kit Enterprise 7.11 is Acrobat Key 7.11, designed to recover passwords for PDF files.

Both the graphical interface of this utility and the capabilities for setting up attacks are exactly the same as those of the Office Key 7.11 utility. Therefore, we will not dwell on its functionality and will immediately move on to the testing results (see Table 2).

The speed of password guessing is 45,800 passwords per second, which, of course, does not allow this utility to be considered as a serious tool for guessing passwords, since this process can drag on for many months and years.

Elcomsoft Password Recovery Bundle

The Elcomsoft Password Recovery Bundle from ElcomSoft (www.elcomsoft.com, www.passwords.ru) is a collection of 30 separate utilities for selecting passwords for various types of files, Windows passwords, etc. Naturally, consideration of all utilities included in The complete set of the package is beyond the scope of this article, so we will focus only on a few utilities that allow you to guess passwords for archives, PDF documents and MS Office documents. As we have already noted, the Elcomsoft Password Recovery Bundle is a paid package, and only a 30-day demo version of it, limited in functionality, can be downloaded from the website. In addition, you can download and purchase not the entire package, but individual utilities.

Advanced Office Password Recovery 3.04 (AOPR) utility

The Advanced Office Password Recovery 3.04 (AOPR) utility is designed to recover passwords for MS Office documents. Note that Current version program - 3.11, but in the absence of it for testing we used version 3.04.

The Advanced Office Password Recovery 3.04 utility has both English and Russian interfaces, which makes the process of mastering the program very simple. In general, even a beginner will not have any problems when working with this program - everything is extremely simple and clear. Perhaps the only thing that remains untranslated into Russian is help on using the program. However, it is difficult to imagine a situation where this certificate might actually be required.

The Advanced Office Password Recovery 3.04 utility provides all traditional types of attacks: dictionary, brute force and mask brute force (Fig. 6).

Rice. 6. Selecting the attack type in the utility
Advanced Office Password Recovery 3.04

In a brute-force attack, you can traditionally set the minimum and maximum password length, specify the set of characters to use (you can select from predefined sets or specify the set manually), as well as the starting combination of characters.

A brute-force attack involves specifying a password mask using the "?" character, which replaces any character from a predefined set of characters, a specific known character, and the "*" character, used to replace several undefined characters.

When setting up a dictionary attack, it is possible to connect a dictionary (albeit just one), and also indicate the ability to check modified dictionary words. In this case, modified words refer to combinations of uppercase and lowercase letters. For example, if the dictionary contains a base word of length n letters, then by combining uppercase and lowercase letters you can get more n2 words It is clear that when using this option, when all possible combinations of uppercase and lowercase letters are considered, even checking a small dictionary can take a very long time. Therefore, when setting up a dictionary attack, the Advanced Office Password Recovery 3.04 utility provides one more option: intelligent modification of words. In this case, various combinations of uppercase and lowercase letters are also considered, but not all possible ones, but only selective combinations in which some logic can be traced. For example, suppose the dictionary contains the base word “password”. It is clear that if we consider all possible combinations of uppercase and lowercase letters, we will get 64 different words. However, remembering a password derived from the base word “password” by randomly combining uppercase and lowercase letters (such as PasSWOrd) is quite difficult. Therefore, it can be assumed that there will be either symmetry or logic in the combination of uppercase and lowercase letters so that such a password can be easily remembered. For example, the passwords Password, passworD, PaSsWoRd, PASSword, passWORD, password will have such logic or symmetry.

The function of intelligent word modification (mutation of words from the dictionary) allows you to check not all possible combinations of uppercase and lowercase letters, but only those that contain either logic or symmetry.

Another interesting feature of the Advanced Office Password Recovery 3.04 utility is the ability to conduct preliminary testing for the speed of brute force passwords for MS Office XP, MS Word 97/2000 and MS Excel 97/2000 documents, although this function has no practical significance (except to help evaluate how long will it take to guess the password in order to give up this hopeless task).

Once the type of attack has been selected and configured, you can upload a password-protected document into the utility and begin selecting it.

When the utility is running, the information window displays the current password search rate, the percentage of task completion, as well as information about the document.

In the process of testing the Advanced Office Password Recovery 3.04 utility, it turned out (Table 3) that when using a brute-force attack, the password generation rate is 615 thousand passwords per second for Word documents and 550 thousand for Excel.

Table 3. Test results for Advanced Office Password Recovery 3.04

Password type

Speed ​​of password generation by brute force method (passwords per second)

Opening password

Change password

Instantly

Opening password

Change password

Instantly

General password

Instantly

Determining database passwords, as well as passwords for changing the contents of Excel and Word documents, occurs instantly.

Advanced Office Password Breaker utility

Another interesting utility from the Elcomsoft Password Recovery Bundle is Advanced Office Password Breaker (Fig. 7), the peculiarity of which is that it implements a method of attacking not passwords, but secret keys (keyspace attack).

Rice. 7. Main window of the Advanced Office Password Breaker utility

This utility allows you to open MS Word and MS Excel documents that are locked with an opening password. MS Word 97/2000 and MS Excel 97/2000 files are supported, as well as MS Word XP/2003 and MS Excel XP/2003 files, but only if they are encrypted in Office compatibility 97/2000, which is the default.

The Advanced Office Password Breaker utility does not allow you to find a password, but it is guaranteed to open a document, since trying out all possible 40-bit secret keys is a completely doable task. Moreover, the solution to such a problem has nothing to do with the length of the password and the set of characters used for it. For example, on a computer with an Athlon XP 1800+ processor, the task is completed in a maximum of 13 days. The use of modern dual-core and quad-core processors allows you to reduce this time (this utility supports multiprocessing), for example, a dual-core Intel Core 2 Duo processor will cope with enumerating all the keys in just 2 days and 17 hours (the enumeration speed is 4,680 thousand keys per second).

This utility requires practically no settings - you just need to specify the file name, locked with a password, since the default settings will be fine in most cases.

Setting up the program involves specifying the type of processor (to optimize the operating algorithm) and the number of processors used (for multi-core processors and SMP systems), as well as the so-called Range in which the key is selected. In the program, all 1,099,511,627,776 keys are divided into 65,535 blocks (16,777,216 keys in each block), so you can specify the range of blocks in which the key is searched. This allows you to use several computers to solve one problem, for example, the first computer uses blocks from 1 to 10,000, the second - from 10,001 to 20,000, etc.

Advanced Archive Password Recovery Utility

The Advanced Archive Password Recovery utility is included in the Elcomsoft Password Recovery Bundle and is designed to recover passwords for RAR and ZIP archives created by ZIP/PKZip/WinZip and RAR/WinRAR archivers. In addition, it supports password selection for archives created by PKZip, ARJ/WinARJ and ACE/WinACE (1.x) archivers.

Note that there are also separate utilities Advanced ZIP Password Recovery and Advanced RAR Password Recovery, but since they are part of the Advanced Archive Password Recovery utility, and the graphical interface of all three utilities is exactly the same, we will consider only the Advanced Archive Password Recovery utility.

The Advanced Archive Password Recovery utility allows you to carry out traditional types of attacks on passwords: dictionary, brute-force and mask-based attacks.

In addition, specific attack methods are provided for ZIP archives: Known Plaintext and Guaranteed WinZip Recovery.

The Known Plaintext attack method is used if an archive consisting of several files contains at least one decrypted file. In this case, this attack method allows you to decrypt all other files in the archive, regardless of the complexity of the password.

The Guaranteed WinZip Recovery attack is guaranteed to decrypt a ZIP archive regardless of the password length and character set used. But to implement this type of attack, it is necessary that the archive contains at least five encrypted files. In addition, this attack method is only applicable if the archive was created with WinZip 8.0 or an earlier version. For version 8.0 this attack is unacceptable.

If we talk about the possibilities of setting up traditional attacks on passwords, then they are quite typical. Thus, when setting up a dictionary attack (Fig. 8), you can connect a dictionary (but only one), and also check the modified words of the dictionary. In this case, modified words mean all possible combinations of uppercase and lowercase letters and the intellectual modification of dictionary words, when not all possible combinations of uppercase and lowercase letters are considered, but only selective combinations in which there is some logic or symmetry.

Rice. 8. Setting up a dictionary attack in the utility
Advanced Archive Password Recovery

When setting up a brute-force attack, you can set the minimum and maximum password length, specify the set of characters to be used (you can select from predefined sets or specify the set manually), as well as the starting combination of characters.

A brute-force attack allows you to specify a password mask using the "?" character, which replaces any character from a predefined set of characters, a specific known character, and the "*" character, which serves to replace several undefined characters.

During testing of the Advanced Archive Password Recovery utility, it turned out (Table 4) that when using the brute force method, the brute force speed depends on the type of encryption of the ZIP file. Using the ZIP archiver, you can set three types of encryption: ZIP 2.0 compatible encryption, 128-bit AES and 256-bit AES. With ZIP 2.0 compatible encryption, the speed of password guessing is 17,535 thousand passwords per second and, naturally, guessing a password is not difficult. With 128-bit AES and 256-bit AES encryption, password guessing speeds are 85 and 170 passwords per second, respectively, making password guessing an almost impossible task.

Table 4. Test results of the Advanced Archive Password Recovery utility

Advanced Access Password Recovery utility

The Advanced Access Password Recovery utility, included in the Elcomsoft Password Recovery Bundle, is designed to recover passwords for MS Access 2000-2003 databases.

Actually, in this case there are no settings at all, so there is nothing to describe. We launch the utility, open the MBD file in it and immediately receive the password (Fig. 9). Everything is extremely simple.

Rice. 9. Advanced Access utility window
Password Recovery

Advanced Access Password Recovery Pro utility

Advanced Access Password utility Recovery Pro, included in the Elcomsoft Password Recovery Bundle, is designed to recover all types of passwords for PDF documents.

IN Adobe file Acrobat PDA provides two types of passwords: a password to open a document and a password to make changes to a document (Owner-level protection). When protected to make changes, editing the PDF file, copying text and graphics, or printing the document is not allowed. The only thing possible in this case is reading the document. Open protection prevents any access to the document at all.

To remove password protection for opening a PDF file, the Elcomsoft Password Recovery Bundle utility provides traditional types of attacks on passwords (by dictionary, brute force and by mask), and it is also possible to attack keys (keyspace attack), since the encryption algorithm for PDF documents provides using a secret key 40 bits long. Accordingly, as in the case of a similar attack used when selecting passwords for opening in Word and Excel documents, it is possible to carry out an attack not on passwords, but on the keys themselves. Naturally, in this case the password for the document is not determined, but the document can be opened and changed. Note that Adobe Acrobat packages version 5.0 and higher can use RC4 or AES encryption with a key length of 128 bits (the use of a 40-bit key length is not provided by default for new versions of Adobe Acrobat). In this case, using a key attack is unacceptable.

If a PDF document uses Owner-level protection type password protection, in which the file itself is not encrypted, then regardless of the password length, the Advanced Access Password Recovery Pro utility allows you to instantly remove it.

The graphical interface of the Advanced Access Password Recovery Pro utility is similar to the interface of the Advanced Archive Password Recovery utility, but the capabilities for setting up traditional types of password attacks are no different from the corresponding settings implemented in the already discussed utilities of the Elcomsoft Password Recovery Bundle.

Setting up an attack on keys (Fig. 10) is done in exactly the same way as it is done in the Advanced Office Password Breaker utility.

Rice. 10. Setting up an attack on keys in the utility
Advanced Access Password Recovery Pro

During testing, it turned out that with the password brute force attack method, the brute force speed is 20,696 passwords per second, which, of course, makes it almost impossible to guess a password in an acceptable time.

When attacking keys (in the case of a 40-bit key length), the key enumeration speed is 2970 thousand keys per second.

Office Password Recovery Wizard

The Office Password Recovery Master package (current version 1.4) from Rixler Software (www.rixler.com) is an absolutely free multi-purpose program that allows you to recover all types of passwords for MS Word, MS Excel documents; MS Outlook and MS Access databases.

More specifically, the program allows you to remove the password for opening Word and Excel documents, selects a security password for correcting documents, recovers passwords for personal files (*.pst) MS Outlook, cracks database passwords (*.mdb), as well as passwords VBA projects in MS Word, MS Excel and Outlook documents.

As a limitation to the program, it is stated that deleting passwords for opening documents is only possible if a standard type of encryption is used (encryption compatible with Word/Excel 97/2000).

Unfortunately, the description of the program does not indicate what types of attacks are used in it, however, judging by the fact that we are talking specifically about deleting, and not about selecting passwords for opening Word and Excel documents, there is a keyspace attack ), which is possible using standard RC4 encryption with a key length of 40 bits.

The program is extremely easy to learn, since it has no settings at all. The only thing that is required from the user is to upload a password-protected document into the program. The password for making changes to documents and the password for the database, that is, protection without encrypting the entire document, are restored instantly (Fig. 11).

Rice. 11. Example of instant password recovery
to the database in the program
Office Password Recovery Wizard

However, if we are talking about a password to open a document (Fig. 12), then everything is not so simple. The peculiarity of this program is that the attack on the keys is carried out using a distributed network, which is understood as a network consisting of user computers supporting this project. That is, any willing user with Internet access can provide the resources of his PC to conduct a distributed attack on the keys. All you need to do is connect to a specialized server and agree to participate in the project. Naturally, you won’t be able to take advantage of distributed computing opportunities “for free” - to get them you need to collect a certain number of credits, providing the capabilities of your PC to other users of the project.

Rice. 12. Carrying out an attack using keys
V Office program Password Recovery Wizard requires
Internet connections
to a distributed network

Perhaps the idea of ​​organizing distributed computing on the Internet to solve problems of this kind is not bad in itself, but it seems very doubtful. Still, such voluntary associations of users are not P2P networks with tracker servers, which are gaining enormous popularity and uniting millions of users online. Such a single project for organizing distributed computing is, rather, a small (due to its specifics) association of like-minded people. We have serious doubts regarding the practical feasibility of this project. After all, for distributed computing to be effective, it is necessary that hundreds of users simultaneously be connected to such a network, making the computing capabilities of their PCs available to others, which, it seems to us, is unlikely.

RAR Password Cracker 4.12 utility

The last utility we will look at is RAR Password Cracker 4.12. (www.rarpasswordcracker.com). Its demo version has very limited functionality and only allows you to select passwords of no more than three characters.

As the name suggests, the utility is designed to crack passwords for RAR archives. Working with it begins with creating a new project, for which you need to load a password-protected RAR file into the program.

The peculiarity of this program is that you can add several RAR files to one project at the same time and carry out a password attack on all files at once. However, the feasibility of this approach seems very doubtful, because, as a rule, a password needs to be selected for a single archive.

To crack a password, the RAR Password Cracker 4.12 utility implements only two types of password attacks: using a dictionary and using brute force.

When attacking a dictionary, it is possible to connect several dictionaries and carry out modified types of attacks, which mean checking words obtained from the base words of the dictionary by replacing lowercase letters with uppercase ones, as well as checking words in which only the first letter is capitalized. The possibilities, frankly speaking, are not rich, and therefore the effectiveness of a dictionary attack is quite low.

In a brute-force attack (Fig. 13), you can specify the set of characters used, the minimum and maximum length of the password, as well as the starting and ending combinations of characters, which allows you to implement a kind of distributed computing. Note that when selecting a character set, you can specify numbers, lowercase and uppercase characters of the English alphabet. If you need to use other characters (special characters, letters of the Russian alphabet), then you must first create a file with a set of these characters, which, of course, is not very convenient.

Rice. 13. Setting up a brute force attack
in the RAR Password Cracker 4.12 utility

It should be noted that of all the utilities we reviewed for selecting passwords for RAR archives, the RAR Password Cracker 4.12 utility has the lowest configuration capabilities, which makes it ineffective.

During testing of the RAR Password Cracker 4.12 utility, it turned out that the speed of password search is 38 passwords per second. It is clear that if a dictionary attack did not reveal the password, then it will be almost impossible to find the password using brute force.

conclusions

So, after testing a large number of utilities, we can draw some conclusions. If you choose the best package for password guessing, then you should choose Elcomsoft Password Recovery Bundle or, as a last resort, Passware Kit Enterprise 7.11. They are distinguished by their completeness and wide functionality. Let us recall that we considered only individual utilities from these packages, and the full list of all programs included in them is much more extensive. If we compare exclusively utilities focused on selecting passwords for MS Office documents, archives and PDF documents, it is worth noting that the utilities from the Elcomsoft Password Recovery Bundle provide higher efficiency and speed. At the same time, speaking about the possibility of cracking passwords even with the help of these utilities, it is worth making a number of important remarks.

If we are talking about passwords for changing documents, PDF files or databases, then any utility can easily cope with this task and choosing the best one is simply pointless.

It’s another matter when you need to crack the protection for opening a document or archive, that is, protection in which the contents of the entire document are encrypted. In this case, you need to keep the following in mind. If we are talking about a RAR archive that was created by a modern archiver (for example, WinRAR 3.61), then the ability to guess the password is more a matter of luck than of choosing a utility. If a dictionary attack does not allow you to guess a password, then doing it by brute force will be almost impossible - none of the utilities provides a brute force speed that would allow solving the problem of finding a password in an acceptable time.

If we talk about ZIP archives, then in this case we get the same picture. If a dictionary attack does not lead to a positive result, then we can only hope for a miracle. To believe that, having a modern WinZip archiver and the intention to encrypt the archive, the user will choose the weakest method of protection, ZIP 2.0 compatible, is simply naive. But fighting the protection of 128-bit AES and especially 256-bit AES is absolutely pointless, and no utility will help with this.

In the case of guessing passwords to open PDF files, the situation is approximately the same as with archives. If a dictionary attack does not lead to a positive result, then everything else becomes meaningless. And it’s generally worth implementing an attack on keys only if you are sure that the document was created using old version Adobe Acrobat 3.0, since a user creating a PDF document using Adobe Acrobat version 5.0 or higher is unlikely to use a weak encryption algorithm with such wide capabilities.

In conclusion, let us dwell on the possibilities of selecting passwords for opening MS Word and MS Excel documents. Actually, in this case the situation is no better. You can try (but only try) to open the protection of MS Word and MS Excel documents only if you use protection in compatibility mode with MS Word 97/2000 and MS Excel 97/2000. If we are talking about “native” protection implemented in MS Word XP/2003 and MS Excel XP/2003, then all attempts will be unsuccessful. If the document was created in MS Office 2007 without using compatibility mode previous versions, then it is almost impossible to open the security of such a document.


Rating: 4.1 out of 5
Votes: 31 

We present to your attention a program that will help you recover a forgotten password from a RAR archive created by the WinRAR archiver program.

The program features a very convenient user interface, as well as a large number of settings and options:

Work in the background (save system resources)
- Support for single-file archives (there is only one file in the archive)
- Select the password length and character sets: only lower case, upper case, numbers, specials. symbols, etc. The option will be useful if you approximately remember the size and content of the password. The Russian character set is fully supported.
- The program supports all data compression methods used in RAR archives, as well as self-extracting archives in the SFX format
- Various search options: by dictionary, by mask, brute force RAR passwords (searching all possible combinations).
- Saving the work result. The Winrar password recovery process can be interrupted at any time and then started again from the moment it was stopped, without losing data. Taking into account the option " Background mode"This allows you to sooner or later recover even complex passwords from the archive.

So if you have downloaded a password-protected archive on the Internet, or have forgotten the password for your own archive, do not despair. RAR Password Recovery will help you restore access to archived data.




Additional Information
License: Shareware
Software Developer: ElcomSoft Co.Ltd
Supported OS: Windows XP - 10
Interface language: English
Update date: 2019-04-05
Program size: 2.3 MB


Comments and reviews: 7

1. Darick 04.08.2011
You can guess/crack a password for a rar archive only if:
The password is some word, and then it can be found in the dictionary.
The password length is less than 6 characters or less, and it consists only of Latin letters.
You really forgot the password, but you roughly remember what it looked like (length, characters or word, are there numbers, maybe you remember part of the password), then it can be guessed using a given mask.

If the password looks like this: Ps&623Kl>Fer, then no brute force dictionary will help you, there is only brute force. But the time it takes to search through combinations of all characters, especially if the password length is unknown, will take more than one year.

2. Alexey 09.09.2011
Darick, this is not about cracking the password for a RAR archive, but about restoring it. The user approximately remembers, at least remotely, what type and length the password is. Was it a word or a number? In this case, the program may well help.
Well, if a person enters abracadabra like: “&S9)kfkJ8#IKmnfrd” as a password, then of course, in this case even a miracle will not help. But in this case, if a person is paranoid, then we need to think about what will happen if I lose my password. The word forgot is inappropriate here; remembering such a password is almost impossible.

3.VASYA 25.04.2012
GA*N0! not a program. I really couldn't find anything. Even simple passwords. I went through it for two weeks. :(

Answer:
Did you set the password yourself? Did you set the password to 123 and the program couldn’t find it? I will not believe. Either you did something wrong, or the password was unknown to you in advance, or it was very complex.

---
Since version 3.0, RAR uses a strong AES algorithm, which does not allow any attacks more effective than brute-force password attacks. Moreover, the implementation of the encryption system is such that the search speed is only a few tens of passwords per second per modern computer, which allows us to consider RAR 3.x the most resistant of the common encryption systems in terms of brute-forcing passwords.
---

That's why passwords are set, to hide something. WinRar is very useful in this regard good protection. If the password is more than 6 characters long, then you will not be able to guess it in a reasonable time.

The program is useful for those who have forgotten their password (recovery) and approximately remember its contents and length; in this case, guessing using a given mask significantly reduces the time.

4. Andrew 09.06.2013
I have a question.
There is an archive, it contains several files, pictures, some files I have in unzipped form. Is there any way to use them to find a password?

Answer:
No, this method no longer works.

5. Andrew 09.06.2013
I have a winrar 2.9 archive

6. Sanchos 29.04.2014
"I have a winrar 2.9 archive"

How do you find out what version of your RAR archive you have? Where can I watch this?

7. Sucsa 29.07.2015
Complex password RAR archive cannot be hacked. It will take too long to search.
I once had a case where I found a CD in good condition on the street. Out of curiosity, I brought it home to see what was on it. In addition to all the files, there was also a hefty RAR archive. I started guessing the password using a dictionary. While I was eating, the password was found - "scorpio". So anything is possible. If the password is an ordinary word, then it will not be difficult to find it in the dictionary.

The Advanced Archive Password Recovery utility is designed to recover passwords for ZIP archives and RAR, created using almost any archiver program, as well as self-extracting exe format archives.

You can download a free trial version (8 MB) and familiarize yourself with the program for 30 days on our website.

System requirements for the ARCHPR program:

Supported OS: Windows XP, Windows Vista(32/64 bit), Windows 7 (32/64 bit), Windows Server 2003/2008
- About 6 MB of free hard disk space

On the tab Options can be set General settings programs:

1. Interface language(Fig.1) Russian, English, German;

Fig.1 Main window of the Advanced Archive Password Recovery program

2. A priority(background work priority or high);

3. Minimize to tray(if this option is enabled, when minimizing the program window, the icon will be located in the system tray; to expand the program, just click on it);

4. Event log archpr4.log(if this option is enabled, all information that is displayed in the status window is written to the archpr4.log log file. This file can be found in the following path: C:\Users\.........\AppData\Local\VirtualStore\Program Files(x86)\Elcomsoft Password Recovery\Advanced Archive Password Recovery);

5. Start attack on file select(if this option is enabled, the program analyzes the file immediately when it is opened).

Creating an archive with a password

To test the program's operation, several archives were encrypted using WinRAR with different passwords to use different types of attacks.

To create a password for an archive, you need to right-click the folder or file that you want to archive in the main menu of the WinRAR program (another archiver can be used) and select Add files to archive in the context menu (Fig. 2)


Rice. 2 Adding a file to an archive in WinRAR

On the tab Additionally choose Set password


Fig.3 Setting a password for the archive in WinRAR

In the dialog box that opens Entering your password enter the password and check the checkbox Encrypt file names


Fig.4 Dialog box Enter WinRAR program password

In the example, the folder " archive No. 1» with password 1234 .

Recovering the archive password

Now let's proceed to recovering the password for archive No. 1.

Let's open the program Elcomsoft Advanced Archive Password Recovery.

In the dropdown list Attack type choose Bust. When selecting this type of attack, all possible combinations of symbols allowed by the user on the tab will be searched Kit fields Character set(Fig.5). This type of attack is the slowest, but is often most successful against short and simple passwords.

If you know what characters the password consists of, you must in the field Character set Select or clear the necessary checkboxes to reduce password recovery time.


Fig.5 Configuring Advanced Archive Password Recovery program parameters using a brute-force attack

When all the settings for the password recovery program have been made, you need to click the button on the toolbar Open and specify the path to the encrypted archive. Upon completion of decryption, a window with the recovered password will open (Fig. 6)


Fig.6 Resulting window displaying the Advanced Archive Password Recovery program password

As we see in Fig. 6, the password was recovered in 9 seconds. This time can be reduced if information is known not only about the characters used, but also about the length of the password. This setting can be done on the tab Length(Fig.7).


Rice. 7 Setting the password length in Advanced Archive Password Recovery


Fig.8 Resulting window displaying the Advanced Archive Password Recovery program password

When specified additional information about the password (password length), recovery time was 5 seconds (Fig. 8).

If some part of the password is known, the program provides the ability to use Mask attack. A mask attack is a modified brute-force attack and is used if certain information about the password is known, namely if some of the characters in the password are known. You can specify a specific character/characters that are used in the password at a specific position.

In order to use this type of attack, you must in the drop-down list Attack type choose By mask and indicate on the tab Kit known password characters in the Mask field (Fig. 9). For example, the password consists of 4 characters, starts with “a” and ends with “f”. In this case, you can specify the mask “a??f”, in which the question mark characters replace the searched ones. With this setting, guessing unknown password characters will take the same amount of time as searching for a two-character password.


Fig.9 Configuring Advanced Archive Password Recovery program parameters using a mask attack

If the password contains “ ? ”, then on the tab Advanced you can change the character that will be used when specifying the mask as an unknown character.

Users often use whole words as passwords to make them easier to remember, rather than a random set of characters. To recover such a password, the following type of attack is suitable: According to the dictionary. This method allows you to brute force passwords included in dictionaries. Compared to trying all possible combinations of characters, trying dictionary words takes much less time, but there is a high probability that the password is not in the dictionary.

When setting up this attack (Fig. 10) on the tab Dictionary You can specify the path to the dictionary that will be used to recover the password.


Rice. 10 Configuring Advanced Archive Password Recovery program settings using a dictionary attack

Unfortunately, only one dictionary can be used at a time. Elcomsoft Advanced Archive Password Recovery already has three built-in dictionaries (Fig. 11): English (242965 words), German (80472 words) and Russian (75459 words). Additional dictionaries can be used.


Fig. 11 Selecting a dictionary for password recovery

Attack method Plaintext used if an archive consisting of several files contains at least one decrypted file. In this case, this attack method allows you to decrypt all other files in the archive, regardless of the complexity of the password.

You can find out in advance how long it will take to recover your password. To do this you need to select desired type attack (the speed test is only possible for a brute force attack or a mask attack), specify the path to the archive and click on the button on the toolbar Test. At the end of the test in the window Result you will be able to see the total number of possible passwords, the speed of searching for options, as well as the approximate time to search for a password (Fig. 12).


Rice. 12 Resulting window of the test mode of the Advanced Archive Password Recovery program

In conclusion, I would like to say that if you forget the password to the archive, you should not panic. Password recovery is not an easy task, but it is quite doable.

Found a typo? Highlight and press Ctrl + Enter