How to open password protected RAR file without password?

Losing a password can be very frustrating especially if it’s of something important, but keep calm and try these password recovery methods.

First of all, sorry for the title; you cannot extract a password protected RAR file without its password. If that was possible there was no need for passwords and encryptions in the first place. It would be lying if someone told you that RAR password recovery was possible instantly but sadly there are many sites spreading fake tutorials. One such tutorial asks the user to open the encrypted RAR file in a text editor and remove the password from there. How ridiculous! It would have been possible with a hex editor if the RAR stores the password as a clear text in the file itself but they do not.

Anyways we are lucky that we have many tools to help us recover lost or forgotten passwords and in this article, we will go through some of these known softwares. These are the same tools that police and forensic people use, so again, there is no shortcut to bypass the password.

RAR password recovery is a time-consuming and resource-intensive process for large & complex password and there is no guarantee for a successful recovery. During the recovery process, your CPU may stay at 100% utilization for long periods of time. This is totally okay if you have adequate cooling, also modern systems are equipped with thermistors to monitor temperature and perform auto shutdown if needed.

I’ll try my best to educate you on the recovery process, the best tools (including some free ones), and services for a successful password recovery. So please go through the entire article.

Basics of different password recovery techniques

Before we answer the age-old question on how to extract RAR file without password, there are three different recovery options that you should know about. Choosing the right method is the key to a fast & successful unlock and therefore it is very important to know what these different attack modes are. They are as follows:

  • Brute-force Attack: This method tries all the possible combinations of characters. As a result, brute force attacks are very slow and require powerful computers to speed up the process. Assume your password is 5 characters long and that you have no idea of its features (i.e whether it contains uppercase, digits,..), this makes the total combinations to a minimum of 7,820,126,495. I said minimum because this calculation assumes we are dealing with the English character set alone! With every extra character in the password, the total number of possible combinations increases exponentially.
  • Brute-force with Mask Attack: If you know something about the password such as its length, character set, prefix, suffix, etc. then you can also bring down the total search space exponentially; how cool is that! To take advantage of this you should need a RAR password recoverer that has this feature.
  • Dictionary Attack: This type of technique is used when you are sure that the password is from a given set of words, let’s say one from the English words. It doesn’t necessarily have to be English though, you can supply any wordlist as a text file in most softwares. Large dictionary files can also be found online.

If every possible password is tried, sooner or later yours will be found.

The question is: Will that be too soon . . . or enough later?

grc.com/haystack.htm – [Check out their brute force calculator]

Important requirements for fast and successful password retrieval

  • Recollect as many features you remember about the password such as its length, casing, letter combinations, language, etc.
  • A new powerful CPU
  • A modern GPU can improve the speed of recovery by 10-20 times.
  • A RAR password recovery software that can make use of the above features

The Best RAR password recovery softwares & services

Passware Kit

The leading decryption software; used by NASA, the US Department of Homeland Security, and more.

Passware Kit also sells servers optimized for decryption which can test 85,000 – 285,000 passwords/sec. Combine that with the accelerated hardware feature which can take advantage of multiple decryptum servers on a network; we can achieve really impressive speeds! For a reference, my PC which is equipped with an i5 8400 and GTX 970 card got a top speed of under 13000 passwords/sec.

Passware Kit Promo Video

Passware Kit Standard costs $80 and it is the minimum version required to decrypt archive files like ZIP and RAR. There is a limited free trial available to experience the software but it can’t run for over a minute and won’t recover passwords over 4 characters. Using Passware Kit is pretty straight forward but if you still need a tutorial, our previous article on Passware Kit for Zip decryption would be helpful.


RAR Password Unlocker

Dictionary Mode | Brute Force Mode | Mask Attack | CUDA Support | Limited free trial

Screenshot of RAR password unlocker by passwordunlocker.com

RAR Password Unlocker is a simple to use software with many useful features like save/resume attacks, multi core support, GPU acceleration, auto shutdown, and more. It can also search for encrypted files on your PC which can be handy. Unfortunately the software failed to accelerate the recovery with my GTX 970 which is weird as even the free utility cRARk did worked with my GPU. But even without GPU acceleration it managed to top over 1000 passwords/ second which is almost double of the average speed of cRARk (without GPU engine).

They offer a free trial of the software with some limitations.

  1. Download the RAR password unlocker from the link below.
  2. Launch the application, click open, and select your encrypted RAR file.
  3. Under attack types, select your choice, and click start. Now, wait till it throws a response.

It is better to first try the Dictionary attack before going with Brute-force.


Other RAR password recovery softwares

The following are some other tools to decrypt password protected RAR but I haven’t tested all of these myself. If you did, share your experience in the comments.

  1. Elcomsoft’s Advanced Archive Password Recovery
  2. PassFab for RAR
  3. Passper for RAR by imyphone

Online Password Recovery Services

Pay only if the password is recovered.

A RAR password recovery software cannot guarantee successful decryption (theoretically possible but practically no), so if you don’t want to pay for such software unless decryption is guaranteed then it’s better to make use of online recovery services. One such company is password-online. Just upload your encrypted RAR file on their website and wait for them to crack it. Once the RAR is decrypted, they will present the proof, after which you can pay their fees of just 10 Euros to get the password. Password-online has large server farms so you can expect to recover the password sooner than if you attempted to recover it yourself.


Freeware utilities for RAR password recovery

Not everyone wants to pay for password recovery and I totally get it, so I have found two freeware that supports RAR file types. These are cRARK and John the Ripper. At least some of you may have heard about John the Ripper.

cRARk

An amazing utility for people who are comfortable using terminal. Supported on Windows, Mac and Linux.

cRARK - a free CLI tool to crack RAR passwords. The image shows the CLI in action with a whooping speed of 15352 passwords/second.
cRARk running on Windows achieving a speed of 15352 passwords/sec. On a different test, speed topped to about 25k p/s.

cRARk is a free command-line software for RAR password cracking! It’s a well-maintained project and offers CUDA & OpenCL support, which can tremendously speed up the process. So if you are rocking a decent graphics card and processor, you should be able to crack a password of under 6 characters in a day as opposed to weeks and months. I tested the tool, with and without the GPU engine and the results are astonishing. Without the GPU engine, it was just above 500 passwords/ second and with GPU the speed was over a whooping 25,000 password/ second! That’s even more than what I have achieved with Passware Kit.

With cRARk you can define all you know about the password using a Password Definition Language(PDL) in a .def file. This is very similar to regular expressions so if you already have experience with regex then there will no troubles, plus they have several examples on their website.

  • All RAR versions support, including the latest RAR 5.x
  • Windows, Mac, Linux compatible
  • OpenCL, CUDA support
  • Unique PDL language which is extremely efficient if the user remembers any information about a forgotten password
  • Lacks pause/ resume
  • No multi-core and multi GPU support
  • No GUI
How to use cRARk in Windows?

First download the latest version of cRARk and extract the folder to your desktop.

Note: The downloaded RAR file may prompt you for a password but there is no password!

Now open up Notepad or any text editor to create the PDL. A sample password definition that brute forces passwords containing alphabets and numbers is shown below. Save the file as “password.def” to the cRARk folder which you just extracted.

It should be noted that the PDL file contains two portions: a declaration section and rules section both of which are separated by a ‘##’ symbol. All other ‘##’ are treated as comments. In the following code, there are no custom definitions so the default definitions of $a, $A, $1 will be used.

##
[$a $A $1] *

## For more examples of PDL visit http://www.crark.net/cRARk.html#44

Next, open your Windows terminal or CMD and use the cd command to navigate to the cRARk folder which you just extracted. Then run cRARk with the following command. Replace “..\treasure.rar” with the path of your encrypted file.

.\cRARk.exe -p'password.def' ..\treasure.rar

There are additional flags that you can supply, like min & max length, debug mode, etc. Learn more about it on cRARk’s website.

One of the limitations with cRARk is the lack of multi CPU/GPU support but you can overcome that by using another software known as Parallel Password Recovery which also makes use of PDL files. Additionally, Parallel Password Recovery can also take advantage of multiple computers using the distributed decryption feature. I have tested this software and it works great!


John the Ripper

John the Ripper is a free, open-source, command-line program for password security auditing and recovery. It is available on macOS, Linux, and Windows. JR is incredibly versatile and can crack anything you throw at it including archive files (ZIP, RAR), document files (PDF, Office, etc), filesystems, web apps, and more. You can use JR for brute force or dictionary attack.

To get started, download John the Ripper and extract the archive to your desktop. Now fire up CMD or the new terminal in Windows and cd to the root folder of JR and then to the “run” folder. Next, execute the following commands.

rar2john.exe ..\..\treasure2.rar > hash.txt

Replace “..\..\treasure2.rar” with the path of your encrypted RAR file. The “hash.txt” will now be generated in the “run” folder. The next step is to decrypt the hash to retrieve the password.

john.exe ..\..\treasure.rar hash.txt

You can also use a dictionary attack by supplying a wordlist file. In the following example, “password.lst” is the wordlist file.

Visit “Where can I find good dictionary files for dictionary attack?” for links to community voted collections of awesome wordlists.

john.exe --format=rar --wordlist password.lst hash.txt

FAQ

The program has been searching for many days, but my password is not yet at hand.

Unfortunately there is no shortcut and it can’t be helped without additional information on the password. May be your password is too long, or the search set is wrong.

How to increase the password searching speed?

The best search speeds are only possible if you have an nvidia GPU having CUDA cores and of course a software that can take advantage of it. Another would be to stop running other resource hogging processes.

Can I recover RAR passwords on a Mac?

Yes, you can! Although there are no GUI softwares for the job, you can use cRARk or John the Ripper CLI to decrypt RAR files on a mac.

How to open password protected RAR file without password on android?

This is a popular question with respect to RAR file unlocking, however there are no apps to brute force passwords on your mobile. As a safety warning, you shouldn’t even attempt to brute force on your mobile device even if some technique existed.

Have you tried any of these? Let me know your thoughts & experiences with password protected RAR decryption in the comments below.


Other Password Recovery Tutorials

Total
8
Shares
41 comments
    1. i figured this out..

      1. extract the “Crack” folder as well
      2. open the folder
      3. copy the RAR Password Unlocker file into “C:Program FilesRAR Password Unlocker”
      4. what i chose in the pop-up was “Copy, but keep both files”
      5. open RAR Password Unlocker (2), and voila, Dictionary attack is there

    1. I get essentially the same problem. I purchased the software, and with the very first file I tried to use it on I get the message “No Password”, suggesting that there is no password on the file. However, both 7Zip and WinRAR insist that there IS a password on the file and so will not open it without the password. What’s going on – does this software work properly or not?

  1. i have an rar file of around 4 to 5 mb… i want to unlock it.. i can pay few bucks if anyone is up for it!
    Revert me back if anyone is interested…..

    1. First of all, thanks for visiting Codegena. For all of you wondering about the increased outages and page load time, it has been caused due to increased load on our server. We are working on it for the past 2 days. Kindly cooperate with us. Thanks again.

Leave a Reply
Related Posts
Total
6
Share