This "winrar-protected" hack is almost definitely something you or your "friend" made up. It's quite impossible to create such a hack. The closest thing is to write a chrome extension that detects if a user is using a desktop authy and hijack the session to send a trade offer to a bot. No clue how to create such a thing, if it is even possible, and I wouldn't tell you how even if I did.