decrypt hash using sha256managed

Question

Well, a week ago I began to use c#, and I'm a bit confused.

I began with cryptography, basically hash and salt.

My teacher gave us some "homework" for doing this weekend and all my mates and me are very confused.

I have this simple code:

The exercise consists of "decrypting" a hashed password (was hashed using SHA256managed) and we know it is a 4 character number.

I tried doing it with loops and decrypting all characters one by one but I got stuck and I don't know how to continue.

If you can give me a hand with this I'd really appreciate it.

Thanks!

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
using System.IO;

namespace Examen
{
    class Program
    {
        static void Main(string[] args)
        {

            string hashed_password = "YOSGtSkJ41KX7K80FEmg+vme4ioLsp3qr28XU8nDQ9c=";



            Console.ReadLine();
        }


    }
}

I'm a little confused, are you saying the hashed password also contains a salt? Are you also saying the password is 4 numbers, as in 0000 to 9999? Do you know what the salt is, is it also 4 numbers? — Ron Beyer, May 15 '15 at 17:38
The original password can be a value from 0000 to 9999 and the hashed password doesn't contains salt. Sorry for my english, I'm a non-speaking english. I have to find this value between 0000 and 9999 (the non-hashed password) — , May 15 '15 at 17:44
Is the example the actual value that was given? I ran it through a pretty good cracker (https://crackstation.net/) and it didn't find a result. — Ron Beyer, May 15 '15 at 17:48
Search term - [Rainbow tables](http://en.wikipedia.org/wiki/Rainbow_table) — Alexei Levenkov, May 15 '15 at 18:17

score 7 · Answer 1 · answered May 15 '15 at 18:08

The hash is a one-way function. Given a password of '1805' you will get a hash of '2DOrd5wHHjYbtrSvQ+SyTH6HUDID5z+XV/cV8aYOSzs='.

You cannot go backwards: given a hash of '2DOrd5wHHjYbtrSvQ+SyTH6HUDID5z+XV/cV8aYOSzs=', you cannot calculate the password of '1805'.

But, you can try every possible password, and see what the hash is of each password. Then, you have a list of all possible hashes, for all possible passwords from '0000' to '9999'. In that case, somewhere in that list of hashes is the one you are interested in: 'YOSGtSkJ41KX7K80FEmg+vme4ioLsp3qr28XU8nDQ9c='.

It should take your program less than a second to discover the password.

Note that your program has to hash the data in the same format as the password, which is 8 bytes of data, in the UTF-16LE encoding. Make sure you are hashing the same data format as the password was hashed with, or you'll never find a match.

score 3 · Answer 2 · edited May 23 '17 at 11:46

3

What you would need to do is compute the hash for all values from 0000-9999 until you find the matching hash.

Here is an example of a method that will compute the hash for you, given a string: Obtain SHA-256 string of a string

EDIT: Here is a quick example.

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;

namespace TestConsoleProject
{

class Program
{
        static void Main(string[] args)
        {
            string hashed_password = "YOSGtSkJ41KX7K80FEmg+vme4ioLsp3qr28XU8nDQ9c=";
            int index;

            for(index = 0; index <= 9999; index++)
            {
                if (hashed_password.Equals(sha256_hash(index.ToString("0000"))))
                    break;                            
            }

            Console.WriteLine("Password is: " + index.ToString("0000"));

            Console.ReadLine();
        }

        public static String sha256_hash(String value)
        {
            using (SHA256 hash = SHA256Managed.Create())
            {
                return Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(value.ToCharArray())));
            }
        }
    }
}

edited May 23 '17 at 11:46

Community

1
1

answered May 15 '15 at 17:48

Cory

783
5
12

exactlly, with a brute force attack, but i don't know hoe to do it – May 15 '15 at 17:51
I know how to hash a password, but what i don't know is how can I do it to getting the values of the original string using a brute force attack – May 15 '15 at 17:53
Your code will never equal or find the string. The `hashed_password` is base-64 encoded, not hex. – Ron Beyer May 15 '15 at 18:07
Possibly, but the `Select` and `String.Join` are unnecessary. Just return the value of `Convert.ToBase64String(hash.ComputeHash(...))`. – Ron Beyer May 15 '15 at 18:43
Also, instead of using "pad left", you can use `.ToString("0000")`, it reduces the need for additional strings to be created. – Ron Beyer May 15 '15 at 18:47
@RonBeyer Yes, good point, thank you. This updated version works – Cory May 15 '15 at 18:52
Its worth noting though, as in the CrackStation test I ran, I ran your code (after fixing the compile errors), that it doesn't return a result (you need to check for index > 9999 and print not found). When you say "it works" do you mean compiles and runs, or finds the password, because it doesn't find it for me. – Ron Beyer May 15 '15 at 18:54
@RonBeyer I meant that it compiles, runs, and finds the same "decrypted" password as Karthik: 8765. What compile error did you have? I will update my code to include the entire program. – Cory May 15 '15 at 18:57
It was before you removed the select and join statements. – Ron Beyer May 15 '15 at 18:58
I probably should have mentioned I changed that...sorry :-/ – Cory May 15 '15 at 19:05

score 2 · Answer 3 · answered May 15 '15 at 17:45

2

I might be wrong but I'm preety sure that its not possible to decrypted hashed strings. Its the reason why sha256 or sha512 are used to store passwords in databases.

answered May 15 '15 at 17:45

Frank Grech

35
1
9

Actually there's a way because the teacher showed us the results in class. – May 15 '15 at 17:46
1

Its not possible to *decrypt* them, but you can do a dictionary or brute force attack, running the *guess* through the SHA256 and comparing the two results. If they match, you essentially decrypted it. – Ron Beyer May 15 '15 at 17:47
Yes, brute force attack i meant. – May 15 '15 at 17:50
Yes I agree, a simple loop that goes from 0000 to 9999 and hashing the current position of the loop and then comparing the result would solve it. – Frank Grech May 15 '15 at 17:51
how can I do it? I began with c# just a few days ago and It's a bit difficult to me – May 15 '15 at 17:54
I'm currently on my mobile so can't post code or test it but the code in the other posted answer should solve your problem. – Frank Grech May 15 '15 at 18:05

Karthik · Answer 4 · 2015-05-15T18:40:05.963

My approacch would be to do a brute force since you said you already know it's a 4 digit number.

you can do something like this:

  static void Main(string[] args)
    {
        string hashed = "YOSGtSkJ41KX7K80FEmg+vme4ioLsp3qr28XU8nDQ9c=";

        for (int i = 1000; i <=9999; i++)
        {
            string digit = i.ToString().PadLeft(4, '0');
            string s = ComputeSHA256(digit);
            if (s == hashed)
            {
                Console.WriteLine(digit + "is my decrypted hash");
                break;
            }
        }
        Console.ReadKey();
    }

    static string ComputeSHA256(string plainText)
    {
         SHA256Managed sha256Managed = new SHA256Managed();
        Encoding u16LE = Encoding.Unicode;
        string hash = String.Empty;
        byte[] hashed = sha256Managed.ComputeHash(u16LE.GetBytes(plainText), 0, u16LE.GetByteCount(plainText));
        return Convert.ToBase64String(hashed);
    }

Your code will never equal or find the string. The hashed_password is base-64 encoded, not hex. Plus he doesn't use a salt, so that has to be removed. You also miss 999 possible passwords (0000 to 0999). — Ron Beyer, May 15 '15 at 18:07
i missed his comments about not using the salt. i was doing it from 1000 because he explicitly said it is a 4 character number, but yea again it could be 0's prepended in the front.....you are right about the base64 part too.....i also corrected the encoding part after looking at Jim's note below....this gives the answer now.....it is 8765 — Karthik, May 15 '15 at 18:40

decrypt hash using sha256managed

4 Answers4