2

The concept is pretty simple actually, and involves finding out the hash function from known input and output.

Is there a tool (I'm on linux) that can find out this information quickly?

Example:

secret - fc683cd9ed1990ca2ea10b84e5e6fba048c24929

Knowing the two values above, this hypothetical machine would print out sha1sum.

And excuse my beginner mindset, I'm new and learning about this topic in my free time.

Zchpyvr
  • 1,119
  • 3
  • 12
  • 26
  • What system are you trying to crack? – John Nov 07 '12 at 23:39
  • Well, this is just for knowledge. I have a text file here from my friend, which has ~7 pairs of input and output. I'm trying to find out which hash function was used. So... there's really no system, I only have this text file with no source or context. – Zchpyvr Nov 07 '12 at 23:41
  • You could try to run it through some of the more common hashfunctions and see if the outputs match. Might get lucky – Abraham P Nov 07 '12 at 23:41

1 Answers1

3

Assuming that an input string X is guaranteed to produce output hash Y, you can build a program which makes use of each encoding type.

Pseudocode:

hash = "fc683cd9ed1990ca2ea10b84e5e6fba048c24929";
input = "secret"

if (md5(input) == hash)
    return "md5";
else if (sha1(input) == hash)
    return "sha1";
//etc...
else
    return "Unknown"

Edit: See How come MD5 hash values are not reversible? for more information on why you can't "reverse" a hash such as md5.

Edit 2: I did some searches and found this: http://code.google.com/p/hash-identifier/ - It looks pretty comprehensive, so take a look.

Community
  • 1
  • 1
marknuzz
  • 2,847
  • 1
  • 26
  • 29
  • ... Other than that, is there no way to 'reverse' the hash? – Zchpyvr Nov 07 '12 at 23:44
  • 2
    Nope. That's why they're called "non-reversible" hashes. – marknuzz Nov 07 '12 at 23:44
  • Well, I thought they meant that in regards to the output itself, and not the combination of knowing both the input and output. – Zchpyvr Nov 07 '12 at 23:48
  • Ok, so I ran this, and it gave me two possible choices for the ones I have. I don't understand what hashes the program suggests though. One of them: `Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username))) ` I can't comprehend this one. – Zchpyvr Nov 08 '12 at 00:11
  • How would knowing the input make reversing it any easier? It just makes it easy to tell if you've succeeded. But if you have the input, why would you need to reverse it at all? – Barmar Nov 08 '12 at 00:11
  • This is just for a personal bet. My friend and I thought it would be fun to figure out which hash function was used. – Zchpyvr Nov 08 '12 at 00:13
  • That doesn't answer my question. Why reverse it instead of running it forward and seeing if you get the known output? BTW, if it's a password hash, you may also need to salt it properly. – Barmar Nov 08 '12 at 00:14
  • No, you're right in that approach. But which ones do I test, and how do I go about doing every single hash function? Also I didn't know any better and I put "reverse" in the title. Doing it "forward" would also be fine and acceptable. – Zchpyvr Nov 08 '12 at 00:20
  • And in response to the output of the program mentioned, what I meant was, I don't know how to get the domain cached credential. The other option was a md5, and I tested and disproved that. – Zchpyvr Nov 08 '12 at 00:25
  • Ok, it seems like my doubts are going beyond the topic of this question. I'll put the rest of my thoughts in another question. – Zchpyvr Nov 08 '12 at 00:29