Howto Crack Rar, 7z, and zip files in Linux

Apr 242008

If you forget your password for compressed archive (rar, 7z, zip), this program is the solution.This program uses bruteforce algorithm to find correct password. You can specify wich characters will be used in password generations.

Warning: Please don't use this program for any illegal things!

Preparing your system

First you need to install the following package

#apt-get install libxml2-dev build-essential

Now you need to download the latest version of rarcrack from here

#wget http://surfnet.dl.sourceforge.net/sourceforge/rarcrack/rarcrack-0.2.tar.bz2

Now you have rarcrack-0.2.tar.bz2 file and you need to extract this file

#tar -xjf rarcrack-0.2.tar.bz2

#cd rarcrack-0.2

#make

You must be root to run the following command

#make install

Using Rarcrack

rarcrack your_encrypted_archive.ext [--threads thread_num] [--type rar|zip|7z]

Example

rarcrack something.rar

After the cracking started RarCrack will print the current status of cracking and save it's to a status file. If you want more specific password character set, you need to run RarCrack to create the XML status file (3 sec).

Related content:

Incoming search terms:

H

how if the file is a exe that was a rar ? exe with password.
please help
George

I tested rarcrack but failed.
A file (a.txt) was crypted by WinRAR 3.5 with password ‘aa’. The encrypted file is a.rar.

./rarcrack a.rar
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)

INFO: detected file type: rar
INFO: cracking a.rar, status file: a.rar.xml
Probing: ‘p8′ [539 pwds/sec]

it didn’t found ‘aa’.

George
http://N/A Belete

i forget it my zip folder file help me when i get my password or breaker it and the folder has four file
Merc

Of course, brute force can sometimes useful but in most cases it’s not (the same for this program approach).

On my 1.6Mhz/512MB it’s an average of 50pass/sec which means 180.000 password/h. Pretty impressive but…

Let’s consider we have 62 digits to try (A-Za-z = 52, 0-9 = 10). This means

2 digits pass = 62 * 62 = 3844 possible combinations
3 digits pass = 62^3 = 246.016 possible combinations
…
and for a simple 5 digits pass means 62^5 = 916.132.832 combinations.

How take this number, divide it by 180k pass/h and we’ll have more than 5000h ~ 212 days of non stop trying. Put a 8 character password and you’ll end up with a lifetime.

A more friendly approach (I saw it long time ago) was to remove the password from the file and modify the file flag to nonpass situation, but I’m not quite sure if it’s still working.
dirk

looking at the source code, it’s incredible that people are using this. it just calls the unrar binary repeatedly. i wrote a perl script in 5 minutes that performs faster and uses a dictionary.
MintThing

@Dirk:Share it then. (I also invented an airplane=)
vishwanath

i hav install rarcrack-0.2-1.1.i586.rpm and not able to crack locked rar files…….
when i execute the command
#rarcrack sample.rar
it is showing output and creating the xml file
but i m not ablr to open file
its displaying
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)

INFO: detected file type: rar
INFO: cracking sample.rar, status file: sample.rar.xml
GOOD: password cracked: ‘1?
GOOD: password cracked: ‘0?

and xml file contents is

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
2
0
szemy

same problems as above
replaced unrar-nonfree with unrar free, works now perfectly on ubuntu 8.04.1
bijan

@Szemy- Thanks! purged unrar, installed unrar-free & working perfectly!
Ian

how can I do this under OS X?
Linus

You may have to compile it manually, and perhaps edit it slightly… Do you want instructions on how to do so?
chas

It seems to work, but is extremely slow, about 200 passwords/sec on a 3GHz CPU. It means that it will need a whole life to unscramble a simple eleven characters password.
Misty

Don’t know why you are getting such slow performance, I am consistently getting over 1200 passwords per second on a 2.16GHz Core 2 Duo.

My one question is, how does the program verify whether it has found a good password or not?
Misty

Anyone ever wonder if someone, maybe even Microsoft deep within DirectX and Windows is using background CPU and/or GPU cycles of every single PC in the world (that runs Windows) to solve some unknown problem?
http://www.debianadmin.com georglap

It works rather pretty! But! Under 1 (absolute as life&dead) condition: installation succesfull always – but program uses its hide potential (divide processing onto 12 ways – what gives an awesome result=2000passwords/second!!!) only with x86 linux kernel. Otherwise (in a case of try to use it on x86_64) you”ll have coala speed=20pass/sec. Get rid of 64-systems. I like rarcrack for getting possibility of crackig 7z. NO ONE APSS ever & ever can”t guessing 128AES – but rarcrack! And! If you woner crack rar – use cRark3.2 with CUDA support and awesome turbospeed 1500password/second with sure final opening rar!!!
Marlon

I tried it but it comes up with “Segmentation Fault”, it’s probably a n00b error but I have no idea what to do. Can anyone help?
baz

Had the same problem, the filename was separated with whitespace, replaced the whitespace with underscores, problem solved.
from east

I suck at programming, but this guy is even worse than me, and he managed to put that code on SF. It requires xml lib and by reviewing code I didn’t succeed to prove it doesn’t do anything evil.

So, on first run I got 180 pass/sec, my box is amd athlon 1.5ghz
ups, the problem is I hadn’t unrar and the code doesn’t check for it..
so i modified source to call /usr/bin/local/rar t -pPASSWORD file.rar
performance dropped to 12 pass/sec
what else? my rar has header in it encrypted, meaning you can’t list contents of archive.
The cracker only checks first 200 chars of response from unrar for “OK” string(case insensitive). my rar outputs garbage and says – crc is wrong, but program thinks it has recovered password, as that garbage includes OK….
plus add 12 process starts per second…….
need other open source solution that would compile on linux and windows
Ditto

@From East – same experience here… 12 pass/sec, having trouble with “false positives” due to the ‘check password’ just being ‘unrar t -y -p%s %s 2>&1′ and this “passing” when the garbled rar file header contains the lowercase string ‘ok’ … the rarcrack program isn’t useless, but it takes some tweaking to get it to work right – and even then as noted it gives false positives and needs to be restarted each time… and as other posters have noted it can take a long long time to crack any lengthy password.

for those getting super-high rates – check that the commands such as “unrar t -y -p%s %s 2>&1″, “7z t -y -p%s %s 2>&1″, “unzip -P%s -t %s 2>&1″ where %s is a filename and a password respectively, actually work on a known file… if not – then your version of unrar, 7z, or unzip is not functioning the way rarcrack requires – meaning it is probably skipping the actual testing of the password and is only “reporting” that it tested it… thus the high speed.
Ditto

Oh yeah – for those getting the seg faults (segmentation fault) try including the options in the command line
such as #rarcrack –threads 4 –type rar RARFILE.RAR
Tim

@Ditto, thanks that fixes the seg fault +1000 internets for you
htellez

what if the file is split in parts?
does it works in the same way?

i got a segmentation fault trying this:

$ rarcrack file.part1.rar
RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)

Segmentation fault
htellez

well, I have already maked rarcrack work, but I got different passwords for each part, and no one is correct.
cassie

why use brute force? how about writing an unrar/unzip/un7z program that ingnores the password protection and opens it anyway.
Ki

@Cassie,

share it then, how it works?
billy

|| why use brute force? how about writing an unrar/unzip/un7z program that ingnores the password protection and opens it anyway.
what if the password is the decryption key?
iGelb

@cassie
because its forbidden =)
but if you try all the PWS noone can blame you!
aim

Hi Guys, I am having the fragmentation fault message, i tried the suggestions above but none seem to work for me. I am using ubuntu 10.04 LTS, any more suggestions?
Dr Maboul

Hello guys!
I tested rarcrack (on my ubuntu, sorry) and got the same problem as Ditto : false positives when ‘ok’ is included in the error output string of the unrar command.
I just edited the rarcrack.c file at line 206 :
if (strcasestr(ret, "ok") != NULL) {
and put
if (strcasestr(ret, "All OK") != NULL) {
Then “make” and “make install” and it’s all right (“All Ok” seems to never be included in the error output stream). But i only tested with my unrar version and on rar files.

You should go in the rarcrack dir and then type :
unrar t -y -p100 test.rar
And see if it prompts “All OK” (if it’s another string then replace “ok” in the .c with your string).

One last thing the function “strcasestr” is case insensitive so it’s not optimized you should try with the basic “strstr” instead, the good syntax is :
if (strstr(ret, "All OK") != NULL) {

//Wishing it will help
Yogesh

I am too facing the Segmentation fault ,
Then I ran in GDB then it is showing Seg fault in vfprintf()
(gdb) bt
#0 0x002b150b in vfprintf () from /lib/tls/i686/cmov/libc.so.6
#1 0x00351cb6 in __printf_chk () from /lib/tls/i686/cmov/libc.so.6
#2 0x0804a0b9 in init ()
#3 0x0804a44f in main ()
(gdb)

Help me.
http://www.vlan7.org vlan7

For those having seg faults on Ubuntu.

Try specifying the filename first.

sudo rarcrack archive.rar –type rar –threads 4

It works for me.
baidu

I tried the rarcrack to crack a small file having a password of just 3 characters and it took a lot of time to do something and the end result is junk…it could not crack the rar file…I’m going to uninstall this crap thing…just a waste of time.
d3v1150m471c

my god this program is awful… i’m almost finished with a friggin’ bash script that cracks 20 digit passwords, that includes all the fun non-alphabetic and non-numeric crap, too. i’ll port it to run with unrar when i finish and i’ll upload a link.
Mr. Singh

I HAD THE SAME PROBLEM “segmt fault”. BUT it was MY FAULT. I was using “-threads and -type” INSTEAD OF “–thread and –type”(WITH TWO “-” SYMBOLS)

MAY BE THIS WILL HELP SOME OF US !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!111
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!11
d3v1150m471c

i could be wrong but i believe segmentation fault is a buffer overflow. it’s common with C/C++ when the code isn’t written appropriately.
MVM

For people getting bad performance: install unrar-free and remove unrar-nonfree (just “unrar” on Ubuntu 10.04). This increased the speed from 45 pw/sec to nearly 2000 pw/sec on my computer.

Also, I get a segfault when not specifying the file type. So I have to do “rarcrack my_pics.rar –type rar” instead of only “rarcrack my_pics.rar”
d3v1150m471c

for everyone switching to unrar-free, stop. it’s not actually cracking your passwords. it’s going faster because unrar-free is receiving an error and only printing its usage because it doesn’t have the same command line options as unrar-nonfree.
Baracuda

I can’t get it to even compile..( I never could do the make, sudo make install dance very well anyways…) Ton of errors. I have everything installed that they posted that is needed…Tried in both sudo and root terminal.. Probably some noob mistake

Here’s what I get:
root@baracuda:/home/bob# cd Downloads
root@baracuda:/home/bob/Downloads# tar -xjf rarcrack-0.2.tar.bz2
root@baracuda:/home/bob/Downloads# cd rarcrack-0.2
root@baracuda:/home/bob/Downloads/rarcrack-0.2# make
gcc -pthread rarcrack.c `xml2-config –libs –cflags` -O2 -o rarcrack
/bin/sh: xml2-config: not found
In file included from rarcrack.c:21:
rarcrack.h:25:48: error: libxml/xmlmemory.h: No such file or directory
rarcrack.h:26:27: error: libxml/parser.h: No such file or directory
rarcrack.h:27:36: error: libxml/parserInternals.h: No such file or directory
rarcrack.h:28:25: error: libxml/tree.h: No such file or directory
rarcrack.h:29:28: error: libxml/threads.h: No such file or directory
rarcrack.c:30: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘pwdMutex’
rarcrack.c:33: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘status’
rarcrack.c:35: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘finishedMutex’
rarcrack.c: In function ‘savestatus’:
rarcrack.c:46: error: ‘xmlNodePtr’ undeclared (first use in this function)
rarcrack.c:46: error: (Each undeclared identifier is reported only once
rarcrack.c:46: error: for each function it appears in.)
rarcrack.c:46: error: expected ‘;’ before ‘root’
rarcrack.c:47: error: expected ‘;’ before ‘node’
rarcrack.c:48: error: ‘xmlChar’ undeclared (first use in this function)
rarcrack.c:48: error: ‘tmp’ undeclared (first use in this function)
rarcrack.c:49: error: ‘status’ undeclared (first use in this function)
rarcrack.c:50: error: ‘root’ undeclared (first use in this function)
rarcrack.c:52: error: ‘finishedMutex’ undeclared (first use in this function)
rarcrack.c:53: error: ‘node’ undeclared (first use in this function)
rarcrack.c:55: error: ‘pwdMutex’ undeclared (first use in this function)
rarcrack.c:56: error: expected ‘)’ before ‘xmlChar’
rarcrack.c:66: error: expected ‘)’ before ‘xmlChar’
rarcrack.c: In function ‘loadstatus’:
rarcrack.c:87: error: ‘xmlNodePtr’ undeclared (first use in this function)
rarcrack.c:87: error: expected ‘;’ before ‘root’
rarcrack.c:88: error: expected ‘;’ before ‘node’
rarcrack.c:89: error: ‘xmlParserCtxtPtr’ undeclared (first use in this function)
rarcrack.c:89: error: expected ‘;’ before ‘parserctxt’
rarcrack.c:96: error: ‘status’ undeclared (first use in this function)
rarcrack.c:99: error: ‘root’ undeclared (first use in this function)
rarcrack.c:103: error: ‘parserctxt’ undeclared (first use in this function)
rarcrack.c:104: error: ‘node’ undeclared (first use in this function)
rarcrack.c:108: error: ‘XML_SUBSTITUTE_BOTH’ undeclared (first use in this function)
rarcrack.c:127: error: ‘finishedMutex’ undeclared (first use in this function)
rarcrack.c: In function ‘nextpass’:
rarcrack.c:170: error: ‘pwdMutex’ undeclared (first use in this function)
rarcrack.c: In function ‘status_thread’:
rarcrack.c:182: error: ‘finishedMutex’ undeclared (first use in this function)
rarcrack.c:188: error: ‘pwdMutex’ undeclared (first use in this function)
rarcrack.c: In function ‘crack_thread’:
rarcrack.c:206: warning: comparison between pointer and integer
rarcrack.c:208: error: ‘finishedMutex’ undeclared (first use in this function)
rarcrack.c:205: warning: ignoring return value of ‘fgets’, declared with attribute warn_unused_result
rarcrack.c: In function ‘init’:
rarcrack.c:250: error: ‘pwdMutex’ undeclared (first use in this function)
rarcrack.c:251: error: ‘finishedMutex’ undeclared (first use in this function)
rarcrack.c:283: warning: format ‘%s’ expects type ‘char *’, but argument 3 has type ‘char (*)[300]’
rarcrack.c:317: warning: ignoring return value of ‘fscanf’, declared with attribute warn_unused_result
rarcrack.c: In function ‘main’:
rarcrack.c:351: error: ‘status’ undeclared (first use in this function)
rarcrack.c:353: error: ‘pwdMutex’ undeclared (first use in this function)
rarcrack.c:354: error: ‘finishedMutex’ undeclared (first use in this function)
make: *** [all] Error 1
root@baracuda:/home/bob/Downloads/rarcrack-0.2# make install
install -s rarcrack /usr/bin
install: cannot stat `rarcrack’: No such file or directory
make: *** [install] Error 1

Thanks..
Baracuda

ok…sorry, disregard my last post.I did not have the dev version of libxml…
Got it compiled, but now get the seg fault… Still trying…
Cutty Flam

Wow what an awful program, no wonder Debian doesn’t include it. Instead, just install john (general password cracker, requires super user), from the repositories. Then use it with xargs and unrar, and let it do its thing.

sudo john --wordlist=/usr/share/john/password.lst --rules --stdout | xargs -I jtr unrar e -pjtr yoursillyfile.rar
3Lm0

worked for me! thanks
dimon

RarCrack! 0.2 by David Zoltan Kedves (kedazo@gmail.com)

Segmentation fault
memedy

Thanks guys…
d3v1150m471c

splice2 -c”unrar -pPASSWORD t file.rar” -t”All OK” -ACLNRS

https://sourceforge.net/projects/splicepy/files/

Problem solved. Enjoy ^_^
m00ny

for me removing the unrar package speeded the process up from 0 pwds/s to over 2000 pwds/s !!!
Jacob

To all of those thinking they are burning through passwords by removing unrar:

Try cracking the test files. The password is ’100′ and you will fail. You’re big smile will turn into a big frown. Forget this program, its ridiculously slow.
Greg

I tried using rarcrack, too, and it didn’t seem all that helpful. So I installed john the ripper – I am using Suse. This is the line I used for cracking a 7z file:

sudo john –wordlist=/home/greg/all.lst –rules –stdout | xargs -I jtr 7z e -pjtr test.7z

With my test file it seems to work but there is nothing that stops it so it just continues on through the dictionary. How would I make a little script that shows the % through the dictionary and then it stops when it gets to a good one to open the 7z file?

Thanks so much for the help!
megalomania

just add | grep 100% at end of line
sudo john –wordlist=/home/greg/all.lst –rules –stdout | xargs -I jtr 7z e -pjtr test.7z | grep 100%
Lenny

This is taking some time, just doing it for fun on a slow computer.
Only getting 24-40 pwds/sec and the pass is 16 letters. Guess I won’t finish it
me

it is a great programm but it needs an explanation of how to make an .ext file because I do not know how to do it