3
It is important to note that none of the attacks outlined above provide a practical
method for attacking WinRAR archives. The majority of the attacks do not work on
the full 14 rounds of AES-256, which limits their usefulness. The time complexities are
also an issue. The majority of the attacks are simply too computationally expensive
to implement.
Beyond attacks on the key space of a WinRAR archive, there are alternative
methods to gain information about the contents of an archive or the activities of
the owner. These include exploitation of the independence between compression and
encryption, the examination of compression ratios and artifacts in temporary folders.
Each potential attack is discussed in detail below.
In their paper, Yeo and Phan discuss several attacks based on previous work by
Kohno [9, 10]. The first attack involving manipulating the interaction between the
compression and encryption algorithm is of particular interest. The attack is as fol
lows. Two individuals, Alice and Bob, share an encrypted compressed archive. A
malicious individual, Eve, intercepts the archive in transit and modifies the indicated
compression method in the RAR archive’s file header. When Bob attempts to decrypt
and decompress the modified archive using his secret password, he obtains a com
pressed version of the original file. The compressed version looks like a corrupted
file to Bob, who was expecting to obtain the plaintext of the original file after using
his password. Bob then sends the decrypted compressed file he obtained back to
Alice to discover the source of the confusion. Eve intercepts once again to obtain the
decrypted compressed file, which can be used to reconstruct the original.
This attack relies on the ability of the adversary to intercept communications
between Alice and Bob to obtain the required files. However, it is not uncommon for
individuals to email files back and forth with little regard to eavesdropping. Therefore
it is sufficient to show that this attack holds with the assumption that the necessary
files are acquired through other means. Yeo and Phan have verified this attack on
WinRAR v3.42 and v2.9. One issue is the fact that in v3.42 only half of the file
contents are recoverable due to verification on the length of the file. The effectiveness
4
of this attack on later versions of WinRAR as well as the newest file format remains
to be seen.
File compression provides side-channels that leaks information about an archive’s
contents, even when encryption is applied. Polimirova-Nikolova showed that the
initial size and extension of an archived object relates to the size of the archive
itself [11]. Kelsey explores various attacks via the compression side-channel to leak
information about the plaintext within an archive [12]. These findings imply that
through the passive observation of compression ratios, it is possible to identify file
types within the archive. Compression ratios can be viewed through two methods in
WinRAR archives. The Info button in the WinRAR graphical interface can provide
information on the overall compression ratio for an archive. Further details, including
information for individual files contained within an archive, can be found by inspecting
the file header. Further research into the ratios that WinRAR yields as well as the
effect of multiple file types within an archive is needed to evaluate the effectiveness
of this attack.
Less passive attacks allows for the possibility of string detection. Given a set of
encrypted compressed messages, it is possible to determine whether an uncompressed
plaintext string, S, appears in the set. This attack requires the encrypted compressed
versions of S appended to the original messages. It may not be feasible to obtain
these messages. However, an alternative attack involving the correlation between
appearances of substrings of S within a known file from an archive may be feasible [12].
Finally, examination of a computer’s memory is another method discussed in the
literature. This can yield information about the archive and its contents. Both Ji-
Zhong and Maartmann-Moe note that cryptographic keys may be found in virtual
memory [13,14]. There is also evidence that WinRAR stores information in areas such
as the windows registry, log files, or temp files [15, 16]. A difficulty with identifying
cryptographic keys in this method is the fact that in session-based encryption such
as WinRAR, the keys are short-lived. When the session is closed, the key is wiped
from memory. Maartmann-Moe’s experiments were unable to retrieve information
5
on cryptographic keys from memory. The short time window that this attack must
take place in presents further difficulties and leaves this attack impractical for most
implementations.
WinRAR leaves behind artifacts that provide information on the user’s activities
in the archive. Fellows showed that v3.x releases of WinRAR leave artifacts in temp
folders that show changes to the archive and files that the user viewed through Win-
RAR [15]. While exploring the collection of artifacts, Gupta and Mehtre also found
that with normal use, information can be found in windows registry, the AppData
folder, and Temporary folders. However, this can be avoided by the use of a portable
version of the software [16].