Topic created on: October 14, 2007 02:40 CDT by
djnemo 
.
Hi ...
is anyone try to crack winRar SFX files (mean for finding/Bypassing password don't brute force them) ?
are they crack able or not is it Possible to do So?
Tanx Nemo :-x
many researchers analyzed WinRAR. if you want to know how to attack WinRAR just google and read :-) check out the follow paper for example: On the Security of the WinRAR Encryption Method Gary S.-W. Yeo and Raphael C.-W. Phan
there're rumors about super-key allows to decrypt _any_ WinRAR archive, knowing only to Eugene Roshal (the creator of the WinRAR) and probably to Government guys. personally, I don't believe into this. As far as I know, WinRAR uses AES-128bit, and it's very hard to hide back-door inside it. but, I have no guarantee that WinRAR uses standard AES algorithm. I was researching it for years and had found some strange differences between standard AES algorithm and WinRAR AES-like realization. but I don't know much about AES, so, maybe it's just some soft of optimization or something like that. I'm not a crypto-expert.
I just want to say: you have only two way to solve the problem: attack password or 128-bit AES keys themself. but remember that different files of the archive crypted with the different AES keys (and maybe different parts of the single file use different AES keys too! - I just don't remember).
by the way, part of the WinRAR sources are opened, another - still closed, so you have to disassemble the rest (like I did).
I have not found neither back-door, nor faster way to break encryption (well, back in old days I wrote the fastest password finder, but it was very buggy and I had no time to fix bugs, so it was never public-released).
however, if you own a big net of drones, you have a chance to decrypt archive before you die, but even death can be untrue. just remember, WinRar uses salt to prevent you from using pre-calculated tables, like help us to break other chippers like MD5 for example (see, http://distributed.ru/?pro.rc or its google translation distributed computing project
I never saw better crypter than WinRAR (at least version 3.xx and above).
p.s. don't forget dictionary attack. most passwords are not absolute random.
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}