-2

I have two files (file1 and file2) where file1 is encrypted with rar software and file2 is the original plain text.

Does anyone know the fastest way to get the password used to rar the file?

Anders
  • 64,406
  • 24
  • 178
  • 215
neo m
  • 1
  • 2
  • What's the point in getting the password? Just encrypt file2 with a new password if you need it in rar format… – Ángel Nov 29 '17 at 02:51

1 Answers1

5

The fastest way is to remember the password.

The next best thing is to use john or hashcat on cloud services with a maximum power - as long as money isn’t a limiting factor.

Knowing the original files content will not help you in any way if you are not after the content (then use that file!) but after the password.

Having the original file (i.e. the plain text of the cipher text) and leveraging that is called a known plaintext attack. You seem to be using a version of rar that uses AES from the tags you used; AES is known to be resistant against known plaintext attacks and as far as I know even against the much stronger attack model of adaptive chosen plaintext attacks. Thus your plain text will be of no help and brute force would be the way to go.

Please also note that even if AES was vulnerable to a known plaintext attack, you would still only have the AES key, not the actual password. From key to password, you would have to reverse the password based key derivation function that was used, which is borderline impossible.

TLDR: use john or hashcat.

Tobi Nary
  • 14,302
  • 8
  • 43
  • 58
  • Nitpick: I think knowing the original file will help a little, because when you attempt to decrypt with an invalid password, `unrar` will happily write garbage, then at the end it will calculate a checksum and notice that it's invalid. If you know the original, you can abort the attempt as soon as you notice that the first few bytes are wrong. It's still brute force, but each attempt can be made quicker by knowing the plaintext. – Gilles 'SO- stop being evil' Nov 26 '17 at 11:38
  • I‘m not sure how rar encryption and compression exactly works and if that might help, yet I think writing a tool to exploit that and still be as fast as hashcat and/or john will take as much time, given the quality of the question and the support for hashcat in the cloud. – Tobi Nary Nov 26 '17 at 13:09