Extract a John the Ripper / hashcat hash from an encrypted RAR archive with rar2john. Supports RAR3 and RAR5. For authorized password recovery only.
rar2john reads a password-protected RAR file and outputs a hash string for offline cracking with John the Ripper or hashcat. It supports both the older RAR3 format and the modern RAR5 format, which use different key-derivation schemes (RAR5 uses PBKDF2-HMAC-SHA256). The tool extracts the salt and verification data needed to test guesses; it does not unpack the archive. Use only on files you are permitted to access.
Input:
backup.rar (encrypted)
Output:
backup.rar:$rar5$16*<salt>*<iter>*<...>
What is the difference between RAR3 and RAR5 hashes?
RAR3 uses an older SHA-1-based key derivation; RAR5 uses PBKDF2-HMAC-SHA256 with a configurable iteration count, making it much slower to brute force.
Does rar2john decrypt my archive?
No. It only produces a hash for a cracking tool. Whether the password is recoverable depends on its strength.
Which hashcat modes apply?
RAR3 uses modes 12500/23700/23800; RAR5 uses mode 13000.
This tool extracts password hashes from encrypted RAR archives to aid in password recovery and auditing.
Supported Tools: