Using John the Ripper to crack a password protected RAR archive.

I recently had a RAR archive that I needed to find the password for. I searched for RAR cracking tools on the web, but didn’t see anything impressive. I didn’t want a straight brute force tool either, I wanted something that would use a dictionary as input and do some common permutations kind of like … hey wait a minute the output of JTR fed into rar is what I need!

So I decided to join JTR and the standard rar archive tools together with a little script. It worked perfectly.

You need to install the rar and john tools so:

sudo apt-get install rar john

You also need a wordlist, the rockyou is a good start.

Here is the script:

echo "RAR-JTR Decrypt Script";
if [ $# -ne 2 ]
echo "Usage $0 <rarfile> <wordlist>";
rar l $1
john --wordlist=$2 --rules --stdout | while read i
 echo -ne "\rtrying \"$i\" " 
 rar e -o+ -inul -p$i $1 >/dev/null 
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 

And here is a sample run:

$ ./ lame2.rar lame.dic 
RAR-JTR Decrypt Script
RAR 3.93 Copyright (c) 1993-2010 Alexander Roshal 15 Mar 2010
Shareware version Type RAR -? for help
Archive lame2.rar
Name Size Packed Ratio Date Time Attr CRC Meth Ver
*lame.txt 46 48 104% 16-08-12 18:03 -rw-r--r-- 37F47C80 m3b 2.9
 1 46 48 104%
words: 405 time: 0:00:00:00 100% w/s: 40500 current: Lamepassing
trying "Lamepassed" 
Archive password is: "Lamepassed"


  1. Barry

    I like it, and seems to work well, however:

    RAR 3.80 Copyright (c) 1993-2008 Alexander Roshal 16 Sep 2008
    Shareware version Type RAR -? for help

    Enter password (will not be echoed) for example.rar:

    Encrypted file: CRC failed in RT_C.rar (password incorrect ?)
    ./script: line 9: unexpected EOF while looking for matching `”‘
    ./script: line 10: syntax error: unexpected end of file

    Any ideas? Rar doesn’t seem to work.

    • synacl

      The error seems to indicate that a double quote character is missing. Double check that you have 4 instances of double quotes (2 are escaped , 2 are not) on line 9 of the script.

      • rdk

        I do get the same error message as Barry above. Double checked the quotes and they seem correct. Any ideas how I could sort it out?

  2. Michael Schmidlin

    one small question: what do you need john for? it doesn’t seem to get called in your script. am i missing something?

  3. Margaret

    This will not work for a wordlist like rockyou unless you have copious amounts of memory, because you are generating the entire search space before starting to test them. Better read passwords lazily from stdin/pipe while you keep a pool of processes that try passwords.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s