4 replies to this topic

[fuel4hatred]

I have retreived data from a database but some of the fields inside are encrypted (i think that they are encrypted with Mcrypt function).Anyone have any ideea how can i decrypt it? Look one example, this whole thing: 0b1111111111110111111111111111111111111011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110111111111111111111111110000000 should mean DUSTER.

[Alexander]

If it was indeed hashed by the hash() function, then there will be no straightforward method of retrieving the hash without a weakness, or brute guess. Your hash appears to have a 256 bit sum which can be many (i.e. SHA-1 family) of which do not have any apparent weaknesses.

Your best guess would be to hash DUSTER under a few different hashes that produce the same result size, and convert the binary representation to a displayable form and compare them to your result at least, from there you can consider other factors or feasibility of lookup tables or such other similar attacks.

Alexander.

[fuel4hatred]

I tried to decript it using something like this:

$data = "DUSTER";

$duster = "1111111111110111111111111111111111111011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110111111111111111111111110000000";

foreach (hash_algos() as $v) {

        $r = hash($v, $data, false);

        printf("%-12s %3d %s\n", $v, strlen($r), $r);

        $bin = str2bin($r);

        $str2bin = str2bin($data);

        //echo $str2bin;

        echo "   binary   ".$bin;

        if ($bin == $duster) {

        	echo "TRUE";

        }

        else{

			echo "FALSE";

		}

        echo "</br>";

}






function str2bin($str, $mode=0) {

    $out = false;

    for($a=0; $a < strlen($str); $a++) {

        $dec = ord(substr($str,$a,1));

        $bin = '';

        for($i=7; $i>=0; $i--) {

            if ( $dec >= pow(2, $i) ) {

                $bin .= "1";

                $dec -= pow(2, $i);

            } else {

                $bin .= "0";

            }

        }

        /* Default-mode */

        if ( $mode == 0 ) $out .= $bin;

        /* Human-mode (easy to read) */

        if ( $mode == 1 ) $out .= $bin . " ";

        /* Array-mode (easy to use) */

        if ( $mode == 2 ) $out[$a] = $bin;

    }

    return $out;

}

Edited by Roger, 11 August 2011 - 01:24 PM.
added [code] tags

[fuel4hatred]

Thanks for the code tags.

Edited by fuel4hatred, 11 August 2011 - 11:47 PM.

[Alexander]

Did you find the hash function you were looking for?

Remember, 2^256 is a large number of guesses even if you know the hash function - This does not account for the possibility of a salt, or a random value appended to the plaintext upon hashing to prevent lookup tables or allow reduced complexity of the plaintext.

Also: Binary is commonly represented in hexadecimal pairs, or base64 encodings (not this sloppy 01001010010101001001 stuff), you would likely benefit from converting that in to hexadecimal encoding and then compare with all of your hashing algorithms.