Re: reversing hash ?
From: Spamhater (spam_them_at_yahoo.com)
Date: 05/12/03
- Next message: JohnTromaville: "Re: TETRA encryption"
- Previous message: Paul Rubin: "Re: "Rule 30" CA encryption implementation"
- In reply to: mrpolitics.mrkane: "Re: reversing hash ?"
- Next in thread: mrpolitics.mrkane: "Re: reversing hash ?"
- Reply: mrpolitics.mrkane: "Re: reversing hash ?"
- Reply: Vedat Hallac: "Re: reversing hash ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 May 2003 22:49:16 +0200
hI!
I think I don't quite understand what you're trying to explain..
The hash value generated by the script with the following line:
for each character in the string do
hash = hash * multiplier (7 for the user, 9 for the password) + position
of the character in a predefined string + 1
So I don't think it's possible to split the password up in two smaller
strings and than combine the results.... halas..
I'll keep looking ! I've made a brute force attack program and let it run
for 3 days. Then I saw my code was wrong... Aaaarrgghghgh...
Has anyone a solution ??
"mrpolitics.mrkane" <mrpolitics@cinci.rr.com> wrote in message
news:BAwva.31229$VP.5208998@twister.neo.rr.com...
> Well I didn't take a look at the code but, for future reference...
>
> If Say I took password A and encrypted it with some sort of MD5 Hash, you
> not going to reverse the MD5, what you can do insted is try to guestimate
> how many possible characters where used to create the password, and try
> brute forcing it (see if the hashes match up). Basicly you want to limit
> yourself with the searching... another thing, say the hash is
"7462443859",
> and lets say because your really lucky that the password is the same
length,
> break your code into pieces for creating the password. Say the password is
> "9583442647", insted of generating strings of 10 bytes, generate two
strings
> of random characters of 5 bytes each and combine them later. For some
> reason in languages like VB this gives a performence boost. I don't use
> java, but figured I'd throw out the idea for you.
>
> Good luck!
>
>
> "Spamhater" <spam_them@yahoo.com> wrote in message
> news:3ebe5ebd$0$26703$ba620e4c@reader1.news.skynet.be...
> > Looking for a solution to crack a javascript hash coded string !
> > I'm not active in informatics professionally but I do some programming
in
> my
> > spare time.. I've set up a delphi program that I guess does some Brute
> force
> > attack on the code but it already runs 2 days and is only 10% completed
I
> > think (2,4 Ghz machine)...!
> > Could anyone tell me how I could crack this code ? I've included the
> source
> > herafter....
> >
> > The password file gives this:
> >
> > m[m.length]=new Array("425","894203311","vzkBg","onvmtj.ixm");
> >
> > I've already come up with the username (425), the string "fps" gives the
> > same hash value of 425... The second is the password (894203311) and it
is
> > used to decrypt the destination...
> >
> >
> > Hopefully you can help me ?
> >
> > thank you very much in advance...
> >
> > Sniper
> >
> > m=new Array();
> > var
> >
>
alpha="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefg
> > hij";
> >
> > function box(part,c,r)
> > { prms=new Array(r,c); typ=new Array("rowspan=","colspan=");
> > bx=new Array("<tr>","</tr>","</tr><tr>","</table>");
> > clr=new Array("808080","c0c0c0","ffffff","000000");
> > img='<img src="blank.gif" width=1 height=1>'; txt="";
> > bx[bx.length]='<table border=0 cellpadding=0 cellspacing=0>';
> > for(bi=0;bi<4;bi++)
> > { for(bj=0;bj<2;bj++)
> > bx[bx.length]='<td '+typ[bj]+(2*bi+prms[bj]);
> > bx[bx.length]=' bgcolor="#'+clr[bi]+'">'+img+'</td>'; };
> > ord=new Array();
> > ord[0]=new
> > Array(4,0,14,16,12,16,14,16,2,11,13,9,13,11,7,2,8,10,6,10,8,10,1);
> > ord[1]=new Array(0,6,10,2,9,7,2,12,16,1,3);
> > for(bi=0;bi<ord[part].length;bi++)
> > txt+=bx[ord[part][bi]]+"\n";
> > return txt; };
> >
> > function check(frm)
> > { var ary=new Array(0,1,1,7,9,8); f=new Array();
> > for(i=0;i<3;i++)
> > ary[i]=makehash(frm.elements[ary[i]].value,ary[i+3]);
> > for(i=0;i<m.length;i++)
> > if(m[i][0]==ary[0]) f[f.length]=i;
> > if(f.length==0) { alert("Member Not Found"); return; };
> > for(i=0;i<f.length;i++)
> > if(m[f[i]][1]==ary[1])
> > { ary[2]+=" ";
> > for(j=2;j<m[f[i]].length;j++)
> > { t=""; cnt=0;
> > for(k=0;k<m[f[i]][j].length;k++)
> > { c=m[f[i]][j].substring(k,k+1);
> > a=alpha.indexOf(c,9);
> > if(a>-1)
> > { b=a-(ary[2].substring(cnt,cnt+1)*1);
> > c=alpha.substring(b,b+1);
> > cnt=(cnt+1)%(ary[2].length-1); };
> > t+=c; };
> > m[f[i]][j]=t; };
> > if(m[f[i]].length>4)
> > { wt='<html><body
> > bgcolor="#bfbfbf"><center><form>'+box(0,1,1)+'<tr><td
> > align="center">Destination<br>';
> > wt+='<select size=5
> >
>
onchange="window.opener.window.opener.location=this.options[this.selectedInd
> > ex].value; window.opener.close(); window.close();">';
> > for(j=2;j<m[f[i]].length;j=j+2)
> > wt+='<option value="'+m[f[i]][j+1]+'">'+m[f[i]][j];
> > wt+='</select></td></tr>'+box(1,1,1)+'</form></body></html>';
> > w=window.open("","ls","width=150,height=150");
> > w.document.write(wt); w.document.close(); }
> > else { window.opener.location=m[f[i]][3]; window.close(); };
> > return; };
> > alert("Incorrect Password!");
> > };
> >
> > function makehash(str,mult)
> > { hash=0;
> > for (j=0;j<str.length;j++)
> > hash=hash*mult+alpha.indexOf(str.substring(j,j+1),0)+1;
> > return hash; };
> >
> >
>
>
- Next message: JohnTromaville: "Re: TETRA encryption"
- Previous message: Paul Rubin: "Re: "Rule 30" CA encryption implementation"
- In reply to: mrpolitics.mrkane: "Re: reversing hash ?"
- Next in thread: mrpolitics.mrkane: "Re: reversing hash ?"
- Reply: mrpolitics.mrkane: "Re: reversing hash ?"
- Reply: Vedat Hallac: "Re: reversing hash ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
