Custom scenario files
Scenario file is in fact a simple text file in Unicode format with each scenario describing like:
[Line #1] Name of scenario [Line #2] This scenario will be default for this list of formats identifiers [Line #3] Attack description #1 [Line #4] Attack description #2 ... [Line #N] Attack description #(N-2) [Blank line]
Name of scenario
Name of scenario can be anything up to 256 symbols long.
Formats identifiers
Formats identifiers are predefined set of 4 symbols long codes uniquely describing each format supported by this program. Right now it's possible to use following codes:
- 972K Office 97-2000 documents;
- XP03 Office XP-2003 documents;
- OF07 Office 2007 documents;
- OF10 Office 2010 documents;
- OF13 Office 2013 documents;
- OODF OpenOffice 1.x documents;
- ODF2 OpenOffice 1.2 documents;
- PDF2 Adobe PDF /R2 documents (Adobe Acrobat 2-4);
- PDF3 Adobe PDF /R3 /R4 documents (Adobe Acrobat 5-8);
- PDF5 Adobe PDF /R5 documents (Adobe Acrobat 9);
- PDF6 Adobe PDF /R6 documents (Adobe Acrobat X-XI);
- WPAH & PMKG WPA handshake and WPA-PMK generator mode;
- ZIPC Zip 2.0 archives;
- WZAE WinZIP archives with AES encryption;
- RAR3 RAR 3.x archives;
- RAR5 RAR 5.x archives;
- ABP4 Apple iOS 4.x - 10.1 backups;
- ABPA Apple iOS 10.2+ backups;
- TRUE TrueCrypt volumes;
- BBB5 BlackBerry 5.x backups;
- BBB6 BlackBerry 6.x backups;
- NONE Unknown/blank type.
Attack description
Each attack description line follows simple syntax to define separate attack. General syntax is:
/switch1[:param1] /switch2[:param2]
Possible switches:
- /a: [b | m | d | r | ks | rt] Attack type: brute-force, brute-force with advanced mask, dictionary-based "as is", dictionary-based with rules, key search, rainbow tables;
- /c: [c | s | d | e | a] Charset definition: capitals, smalls, digits, specials characters (34 symbols) or all symbols (/c:a equals to /c:csde);
- /u: [Symbols] User-defined charset;
- /m: [Mask] Mask definition, applicable to brute-force and brute-force with advanced mask attacks;
- /ms: [Symbols] Mask symbol, applicable only to brute-force attack;
- /min: [Length] Minimum password length, applicable to brute-force and brute-force with advanced mask attacks;
- /max: [Length] Maximum password length, applicable to brute-force and brute-force with advanced mask attacks;
- /r: [Filename] Defines full path to rules file, applicable only to /a:r attack;
- /d: [Dictionary filename] Defines full path to dictionary file, applicable only to /a:r and /a:d attacks;
The ks and rt are special switches and cannot be intermixed with other attacks, i.e. the whole scenario will be containing only one switch — "rt" or "ks" one.
If there any special symbols within param it must be enclosed into double quotes. If there is a double quote symbol itself it must be duplicated, i. e.
/c:""""
defines charset with one symbol — double quote, while
/c:"123""45"
defines charset with 6 symbols, 1-2-3-4-5 digits and double quote character.
Character \ (backslash) having special meaning, it must be followed either by backslash meaning backslash itself must be used, i. e.
/c:\\
defines charset with one symbols — backslash. If \ followed by x then two next symbols must be hexadecimal character code while if it's followed by X then four next symbols must be hexadecimal character code in Unicode encoding. Thus,
/c:\x20\X0410
defines charset with two symbols — space (code = 0x20) and Russian capital letter A (code = 0x410).
This also means that file paths are looks like:
/d:"C:\\Temp\\User1\\Dictionary1.txt"
Asterisk before file name having special meaning — to use internal rules or dictionary files built-in into program.
Example
No dictionary based attacks NONE /a:b /c:a /min:1 /max:3 /a:b /c:s /min:4 /max:4 /a:b /c:c /min:4 /max:4 /a:b /c:d /min:4 /max:5 Default for RAR 3.x RAR3 /a:b /c:a /min:1 /max:2 /a:r /r:*1s.rul /d:*medium_en.dic /a:r /r:*1a.rul /d:*medium_en.dic /a:b /c:a /min:3 /max:3 /a:b /c:s /min:4 /max:4 /a:b /c:c /min:4 /max:4 /a:b /c:d /min:4 /max:5 /a:r /r:*2s.rul /d:*medium_en.dic /d:*small_en.dic
This short scenario file describes two scenarios named "No dictionary based attacks" and "Default for RAR 3.x". And second one is marked as default for RAR 3.x archives via RAR3 format identifier. First scenario using only brute-force attacks while second one performing some dictionary based attack with rules sets and dictionaries built-in into program.
You can also check out file named "Default scenario file.txt" in program directory for more advanced scenarios.