Program for decrypting rar archives. Archivers under X-ray. Password protection in Microsoft Word

Often there are archives that were encrypted with the WinRar archiver program. This encryption method can be easily bypassed by advanced users. In this article I will tell you how to hack an archive encrypted with a password. And this does not require any special skills, just one small, easy-to-use program is enough.

How to hack an archive using Advanced Archive Password Recovery

Advanced Archive Password Recovery is a program that will help you decrypt any archive corrupted by WinRar. It is easy to use, has a Russian interface and is fast.

Before hacking the archive, download this program to your computer and install it. I have attached an activation key in the archive, which will be needed during installation.

Advanced Archive Password Recovery works simply. It tries different password combinations until the correct one is found. When the correct one is found, a message appears about this. It may take the program a significant amount of time to find the correct password, depending on its complexity. To speed up the process, you can narrow the selection range by specifying, for example, only numbers, only letters, a length range, or other parameters.

Before hacking the archive, run the downloaded program and make basic settings.

So, in the “Character set” settings block, select which characters you want to use in the selection. For example, I’m going to open an archive that I password-protected myself, and I know for sure that the password contained only numbers, so I check the “All numbers” box.

On the avi1 service you can purchase active and live followers on Instagram at one of the cheapest prices on the network, also available for ordering: likes, views, comments and bots on Instagram

If you know what the first and last characters password, then they can be specified in the lines “Start with” and “End”. For example, I remember for sure that my password ended with 3.

Then you can go to the “Length” tab and set the maximum and minimum length of the selected password. Let's say from 1 to 4.

Setting length and character ranges will help reduce password guessing time. The number of selected keys is significantly reduced, which makes the result appear faster.

So, the settings are set. Now, to hack the archive, you need to click the “Open” button at the top, select the archive on your computer and wait for the program to select the password itself. If the password is complex, it will take a long time.

At the end you will see a message indicating the archive password. All that remains is to use it and you can unpack the files.

Is it possible to bypass password protection in documents? Microsoft Word? Does this depend on the version of Word? When can this save time and money?

The answers are in this post.

Password protection in Microsoft Word

Word has several options for password protection of information:

• Protecting document opening
• Document change protection
• Workbook protection
• Protecting VBA Macros

All of them except "Password to open", do not encrypt data, but only restrict access to it. The data can be viewed, printed, processed with macros, but cannot be changed. But such "restrictive" Passwords can be instantly found, replaced, or removed for all versions of Word.

"Password to open"- is a completely different matter.

From this password, special algorithms (hashing algorithms) calculate an encryption key, which other algorithms (encryption algorithms) use to encrypt all data in the doc/docx file. Without knowing the password (or - oh, spoiler - the key;)), it is impossible to read any data from an encrypted Word file.

And what if the “Open Password” is lost? The answer depends on the format Microsoft Office, in which the document was saved.

Removing Open Password from a Microsoft Word File

There are three fundamental possibilities for removing a password and dividing format versions:

• Microsoft Word 6/95- the opening password is always found instantly
• Microsoft Word 97-2003 (40bit)- it is not advisable to look for a password; it is easier to find the encryption key and decrypt the document without knowing the password
• Microsoft Word 2007-2016- the opening password is searched only by brute force, and its speed can be increased due to GPU acceleration on AMD/NVIDIA video cards

Password to open Word 6-95

This is an outdated format that is becoming increasingly rare. To protect data, it used primitive protection, the password for which is always recovered instantly, and success does not depend on the length or complexity of the password itself.

Password to open Word 97-2003 (40-bit)

Perhaps the most common format today with its own shortcomings in data protection.

It uses a very short key for encryption. This allows you to search not for a password, but for this very key and guarantees 100% success in decrypting data. After all, the number of key variants does not change, regardless of the complexity and length of the original password - it is always equal to 2 40 (40 bits, you remember, right?), and how many passwords will have to be checked is not known...

The number of options to check is calculated by the formula: the number of characters to the power of the password length. That is (for the English alphabet) this is 26 lowercase and uppercase letters, 10 numbers, [let’s say] 8 special characters - a total of 70 characters. And then for a 7-character password there will be seven times more options than encryption key options: 70 7 = 8235430000000 / 2 40 = 1099511627776

And this is without a guarantee of success. What if the password is, say, 9 characters long?..

This whole story with ease and a 100% guarantee of success in decoding 40-bit Word 97-2003 (by the way, Excel too!) would not be complete without mentioning rainbow tables.

Rainbow tables contain pre-calculated encryption key chains, which significantly reduces the search for the required key with virtually no reduction in the success rate. Based on rainbow tables, there are also online services for opening encrypted Word files.

Password to open Word 2007-2016

The format is gaining popularity and at the same time the time for quickly decrypting Word files is running out. Passwords have to be recovered, that is, you simply have to go through the options one by one in the hope that the desired password will be among them within a reasonable time.

In addition to increasing the length of the encryption key (for example, in Word 2013 it is already 256 bits and such a key is impossible to find), developers are also complicating hashing algorithms, slowing down the time for generating the key. When you enter the correct password, this is not noticeable, but when trying out millions of options, the drop in speed from version to version of the format only grows. Even in highly optimized programs. Even with GPU acceleration on video cards.

Conditions for a successful search "Password to open" for Word 2007-2016:

• manipulation of the verification range. The ability to cut off unnecessary checks allows you to save a lot of time when going through options. For manipulation, they use an attack with mutations based on dictionaries, an attack based on a simple and positional mask. Mutation of dictionaries helps to cover the options for intentionally changing a password from an ordinary word, and a positional mask sets possible values ​​​​for each position in the password
• GPU acceleration on NVIDIA/AMD video cards. The password search task is highly scalable and can be executed on modern video cards. The more powerful video cards are connected to the search, the higher the search speed and the faster success can be achieved
• Password recovery programs designed for search speed. Optimization in such programs can increase the speed of searching through options tens of times. Therefore, pay special attention to assessing the capabilities of a password cracking program based on the speed of password search

Quintessence

So, how to open an encrypted Microsoft Word file:

• Word 6-95- instantly recover your password in an entry-level program

• Word 97-2003- guaranteed to decrypt a file online in a maximum of 24 hours

• Word 2007-2016- use all the capabilities of professional password recovery solutions

Probably, many users found themselves in a situation where they had certain information in a rar archive, but could not open it because it was “password-protected”. True, you can forget the password to the archive that you set yourself, but most often there are situations when a file is downloaded from the Internet, and they ask to transfer money for the password to the archive. In such cases, it is not necessary to pay, nor is it even advisable. You can try to open it yourself.

You will need

• Computer, ARCHPR application, Internet access

Instructions

It’s a quiet, dark night outside, and only the faint noise of the cooler disturbs the calm. You glance at the clock in the tray and realize that it’s soon morning, and that again the whole night was spent trying to hack the website of some company. Suddenly your mouse cursor freezes near the topsecret.rar file. Double click on the name of this file, and... in front of you is a standard window asking you to enter a password. Not yet fully realizing what happened, you nervously tap on the keyboard: qwerty, 123, asdf, sex, but apart from a message about the impossibility of extracting files, you see nothing. Let's try to figure out how to get the treasured files of the TopSecret archive. If you are an attentive reader, you remember that there was already an article describing programs for hacking archives. We will look at this issue from a slightly different perspective.

About encryption methods used in archivers

Today there are quite a few different algorithms for cryptographic information protection. The most modern ones include 3DES, IDEA, Blowfish, Cast-128 and some of the AES, including the new AES Rijndael along with ZIP compression. And if we talk about encryption methods implemented in archiver programs, then the choice here is more limited. In the vast majority of cases, popular archivers implement one method. Most often ZIP encoding or AES Rijndael. The exception is PowerArchiver, which provides the user with as many as 5 options for encoding compressed data: Blowfish (128 bits), DES (64 bits), Triple DES (128 bits), Rijndael AES (128 bits) and regular ZIP encryption. It should be recognized that standard ZIP encoding is not considered reliable today, nor is encryption using the DES (Data Encryption Standard) algorithm. The latter remained the federal encryption standard for almost 20 years; as the most reliable, it was the most frequently used symmetric block cipher algorithm, and was used by many structures, including banks and financial circulation services. However, today computing power has increased significantly, and it is no longer difficult to sort through all possible options keys, because the key length in DES is only 8 bytes. Small key size and low speed encryption - factors that allow you to quickly crack this cipher if you have a powerful computer.

Since the mid-1990s, candidates to replace DES have emerged, the most notable of which are Triple DES, IDEA, and Blowfish. The first and last are still used today in different software for data encryption, including in archivers. And IDEA is used by PGP and a number of other cryptographic programs. Triple DES (“triple DES”, since it encrypts information three times with the “regular” DES algorithm) is free from the main drawback of the previous version - a short key. Here the key is 2 times longer, and therefore the reliability of “triple” DES is much higher. But Triple DES also inherited the weaknesses of its predecessor - the lack of parallel computing capabilities for encryption and low speed.

The modern 64-bit block cipher Blowfish with a variable key length from 32 to 48 bits is currently considered a fairly strong algorithm. It was developed in 1993 as a replacement for existing algorithms and is much faster than DES, Triple DES and IDEA.

However, the most reliable today is Rijndael - the new AES encryption standard. It has 3 key sizes: 128, 192 and 256 bits and has many advantages. These include high encryption speed, minimal requirements for computing resources, resistance to all known attacks and easy expandability (you can increase the block size or encryption key if necessary). Moreover, in the near future, AES Rijndael will remain the most reliable method, since even if we assume that there is a computer capable of verifying 255 keys per second, it will take approximately 149 trillion years to determine a 128-bit key
AES!

Encryption in ZIP archives

Let me remind you that the ZIP format is considered the world standard for archiving and has the longest history, and the WinZip archiver has become the most downloaded product. Its popularity is also evidenced by the fact that most archives on the Internet are in ZIP format. WinZip's capabilities are wide enough to provide reliable and efficient data archiving. WinZip is focused primarily on ZIP archives, but also supports the popular archive formats TAR, GZIP, UUencode, XXencode, BinHex, MIME, ARJ, LZH and ARC. At the same time, a significant drawback of the program can be considered the fact that WinZip does not work with widely used archive formats, for example, RAR, ACE and JAR.

But let's return to the topic of data encryption in WinZIP. For a long time, the possibility of password protection in this archiver was more of a marketing ploy than a truly useful function. There were a huge number of programs on the Internet that made it possible to find a password for such archives in a matter of hours, if not minutes. The situation changed only recently, with the release of the latest, ninth version of the archiver. Then WinZip added support for 128- and 256-bit encryption using the Rijndael algorithm. The encryption procedure remains as simple as before: you only need to select the encryption level and enter the password twice. Another thing is that many users still work with old versions of the program and still have illusions about the security of their archives. Let's look at this in more detail.

Hacking ZIP archives

So, to crack the ZIP archive created by early version WinZip, no special effort required. On an average computer, the speed of password search reaches several million per second. And if the password for the archive was set by a mere mortal, then at such a rate of search it can be found quickly. I am sure that many people have already had to deal with this kind of search more than once, and no questions should arise here. But what if you don’t want or don’t have time to stupidly sort through millions of possible combinations of symbols? To our joy, there is another way. It is worth mentioning the well-known Advanced Archive Password Recovery program from Elcomsoft, designed to select passwords for many types of archives. It supports the following types of attacks:

1. banal password search;
2. searching passwords by mask;
3. searching passwords using a dictionary;
4. plaintext attack;
5. guaranteed WinZip decryption;
6. password from the keys.

We'll take a closer look at plaintext, WinZip guaranteed decryption, and key passwords.

So, what kind of plaintext attack is this? As you know, ZIP files are encrypted using a fairly strong algorithm: the archive password is not stored inside the archive itself, but is converted into a 32-bit key, which is used to encrypt the archive. But this algorithm is not as cool as, for example, DES, RSA, IDEA, etc. One way to break the protection of ZIP files involves using an archive with an exact copy of one of the files in the encrypted archive, made by the same archiver and with the same degree of compression. It should not be less than 12 bytes. The attack occurs in 2 stages: discarding obviously inappropriate keys, and then searching for suitable ones. In the first phase of work, which takes from one to three minutes (this depends on the size of the archive with one file and the amount of RAM you have), the remaining time cannot be calculated, so most of the time the indicator process remains at zero. Fortunately, this type of attack is not as time-consuming as simply trying all possible passwords, which makes it possible to use it to more quickly crack passwords for ZIP and GZIP archives. The disadvantage of this type of attack is that you need to have an unencrypted file identical to the encrypted one, which is rarely feasible.

Now let's talk about guaranteed WinZip decryption. This attack is similar to the previous one, but does not require any additional archives with files. The password-protected archive itself must contain at least 5 files. The attack works with archives created using WinZip version 8.0 and later, as well as with other archivers based on Info-ZIP sources. If the archive has fewer than five files, the program will display an error message. The attack consists of three stages: the first 2 look for suitable keys, and the last one generates a password (no more than 10 characters) based on these keys. The first part of the attack usually lasts several minutes (the program can show the remaining time as several hours, but this is a theoretical maximum), the second - about half an hour (here, too, you should not pay attention to the program’s predictions), and the last - 2-3 minutes. The attack works with most ZIP archives, and even if the password is long enough and was not found at the last stage of the attack, the program will be able to decrypt the archive by simply removing the password protection. This type of attack is based on a bad generator random numbers, which was used in WinZip before version 8.1. However, even versions of WinZip below 8.1 in 0.4% of cases generate “normal” archives that cannot be cracked in this way. In such a case, the program will display a warning, which means that not a single key will be found in the first stage of the attack.

And finally, about the password from the keys. If you read the article carefully, you noticed that the attack methods described above first try to find encryption keys for password-protected archives and decrypt the archive itself if no password was found. However, they can only be used for archives with passwords less than 10 characters long. There is a special type of attack for archives with longer passwords. If you have encryption keys for a password-protected archive, and you want to find this long password, select “Password from keys” as an attack and enter these keys in the Plaintext tab. Typically this attack is used to find out the password for an archive 14-15 characters long. It is best to set the attack properties to start from the seventh character of the password, since its beginning can be restored from the “tail”. When entering a starting position, it is worth remembering that in any case the attack begins from the end of the password. We can talk about this for hours, but it’s high time for us to leave ZIP archives alone and see what surprises other archivers have in store for us.

Hacking RAR archives version 3.X

Now it’s time for the password-protected file topsecret.rar, which was discussed at the beginning of the article. To be honest, the prospects here are not as bright as in the case of ZIP archives. They say that programmers from ElcomSoft spent a lot of time looking for encryption vulnerabilities in WinRar. Unfortunately, this work did not bring results. As in other archives, information is protected from unauthorized access in WinRar primarily through data encryption. The password can be set either by default (in this case, archiving with the password will continue until it is canceled), or directly during the archiving process in the case of a one-time use.

If it is necessary to encrypt file names, you must additionally enable the corresponding option in the password dialog. An archive encrypted in this mode cannot be unpacked without a password. You can't even view the list of files in it.

As mentioned above, the ZIP format uses its own encryption algorithm, which is generally considered less secure than the AES-128 used in RAR. In addition to password protection, Windows environment NT/2000/XP is allowed to store access rights data (owner, group, capabilities, and audit information). Naturally, this is only possible if the user has sufficient authority. Saving this information may make it impossible for others to access the files after unpacking (this depends on file system and the actual access rights), but slows down the archiving/unarchiving process.

So, as you already understood, the only way hacking a password-protected RAR archive is a banal brute force. Unfortunately, due to the encryption method used in WinRar, the password search speed does not exceed 20
per second, even on a P4 3.8 Ghz and 1 Gb DDRII memory:(. All you have to do is stock up on a brute-force dictionary and hope that the user used a simple and/or short password.

Using the network to brute force RAR archives

To speed up the password search process, you can use not just one computer, but an entire network. It’s clear that the more computers you have, the faster you will receive the coveted password. However, do not rush to strain the entire network at once. Better remember the math and try to calculate how long the brute force will take. For example, you know that someone used a seven-small word as a password for a RAR archive Latin letters(there are 26 in total). It follows that the password can consist of 8031810176
(26*7) all possible combinations. By checking 20 passwords per second, the correct one will be found in approximately 12.7 years (8031810176/20/3600/24/365)! I doubt that anyone will try to do this in practice :). The situation will change dramatically if you use an entire network of, say, 80 computers. It is easy to calculate that in this case all combinations will be checked in 0.16 years, which is approximately 58 days.

You probably have a question, how to organize this search over the network. Let's look at this using the Advanced Archive Password program as an example.
Recovery. Unfortunately, it does not have specialized capabilities for brute force over the network, but it does have the function of specifying the character set and password length for brute force. By installing the program on every computer on the network and manipulating these parameters, we set the range for the search. And in order not to run to each machine on the network personally, you can use specialized software.

Brief conclusions

Looking through the documentation for archivers with an encryption function, you can often read that archives with passwords cannot be decrypted. But we know that this is not always the case. When working with confidential information, this must be taken into account.
Therefore, if you want to reliably protect important information using archivers, then:

1. use archivers with the most reliable AES Rijndael encryption method with a 128-bit key: WinRar, PowerArchiver or UltimateZip;
2. try to choose formats that are not supported by password recovery programs, for example RAR versions 3.0 and higher, TAR, JAR, etc.;
3. set long (at least eight characters) passwords; Any of the listed archivers are suitable from this position, since in each of them the permissible password length exceeds 56 characters, which is quite enough;
4. choose non-trivial passwords; use spaces and combinations of numbers, symbols and letters in your password so that the result is not a phrase made up of real words, but abracadabra - this way it will be impossible to guess the password using a dictionary.