3

I am experimenting with a brute force attack using C++ against a password protected rar file. I am already able to generate all of the possible 'passwords'. I am just unsure how to automate attempts to extract the archive using each of the generated combinations from my program. I'm on Windows and am trying to do this with WinRar.

Improve this question
2
  • You'll need a library that can access winrar files. Commented Aug 20, 2013 at 14:40
  • 1
    You would need an API thats able to acces winrar commandline or the winowhandle. Or you could Write an Application thats just acting as an emulated keyboard (but this would be pretty slow). Commented Aug 20, 2013 at 14:44

2 Answers 2

Reset to default
3

One could somewhat easily do something like:

 int main (int argc, char** argv)
 {
      for (;;) {
         /* do something */
         cout << clever_password << "\0";
      }
 }

… and then in the shell, simply:

 your-clever-password-guesser | \
     sed -e 's,'\'','\''"'\''"'\'',g' | \
     xargs -0 -n1 -r -t -I {} -- unrar e 'p{}' some-file.rar

Breaking that down:

  • Print out each password guess with a terminating '\0' character. This allows the password to (potentially) contain things like spaces and tabs that might otherwise “mess up” in the shell.
  • Ask the stream editor sed to protect you from apostrophes '. Each ' must be encoded as a sequence of '\'' (apos-backslash-apos-apos) or '"'"' (apos-quote-apos-quote-apos) to pass through the shell safely. The s///g pattern replaces every ' with '"'"', but the apostrophes that it, itself is passing to sed are written as '\''. (I mixed the styles of escaping the ' to make it easier for me to distinguish between the apostrophe-escaping for sed and the apostrophe-escaping which sed is adding to the stream of passwords.) One could, instead, alter the strings as they're being printed in the C++ program.
  • Invoke xargs to run unrar with each password, with the options that mean:
    • Each password is delimited by \0 (-0)
    • Use only one at a time (-n1)
    • Don't run if there isn't anything to do (-r) — e.g. if your program didn't print out any possible passwords at all.
    • Show the command-line as it's going to be run (-t) — this lets you monitor the guesses as they fly past on your screen
    • Put the password in place of the somewhat traditional for that purpose symbol {} (-I {})
    • Then, run the command that follows --
    • Extract from the RAR file (unrar e …)
    • With the password given replacing the {} in 'p{}'; the ' here protect against spaces and things that may be in the password
    • Then, the filename to un-RAR

If you wanted to try to run multiple unrar instances in parallel, you could also insert -P4 into the xargs invocation (e.g. …-I {} -P4 --…) to run 4 instances at a time; adjust this until your machine gets too loaded down to gain any benefits. (Since this is likely disc I/O bound, you might want to make sure to copy the RAR file into a RAM filesystem like /tmp or /run before starting it, if it's a reasonable size, so that you're not waiting on disc I/O as much, but the OS will likely cache the file after a few dozen rounds, so that might not actually help much over the course of a long run.)

This is a brute-force way to do it, but doesn't require as deep a knowledge of programming as, say, using fork/exec/wait to launch unrar processes, or using a rar-enabled library to do it yourself (which would probably yield a significant improvement in speed over launching the executable hundreds or thousands of times)

PS

I realized afterwards that perhaps you're looking for interaction with the actual WinRAR™ program. The above isn't at all helpful for that; but it will enable you to run the command-line unrar repeatedly.

Also, if you're on a Windows system, you'd need to install some of the standard shell utilities — a POSIX-compatible Bourne shell like BASH, sed, and xargs — which might imply something like Cygwin being needed. I don't have any practical experience with Windows systems to give good advice about how to do that, though.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Installing msysgit ( code.google.com/p/msysgit ) and adding the bin directory to my path gave me both xargs and sed.
1

Winrar has an api, though it only supports decompression. This is as simple as one function call from their api to attempt to decompress the file. Follow the link: http://www.rarlab.com/rar_add.htm

Good luck!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.