0

I am a beginner and i made this program for curiosity to see how much time does it take to 'decrypt' sha-256 hashes, and it become really complicated. This thing can find out 8 characters long texts which contains only numbers 0..9 and a few character from a to f.

package hash;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class Hash {

public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException {
    String[] array = new String[16];
    array[0]="0"; array[1]="1"; array[1]="1"; array[2]="2"; array[3]="3"; array[4]="4"; array[5]="5"; array[6]="6"; array[7]="7"; array[8]="8";
    array[9]="9"; array[10]="a"; array[11]="b"; array[12]="c"; array[13]="d"; array[14]="e"; array[15]="f";
    int one, two, three, four, five, six, seven, eight; one=two=three=four=five=six=seven=eight=0;
    String text = ""; //this is gonna be the original text
    String hash = "ae5ce162888ee3ebe974976cac5ab94a3f55049f8515884883d579fb3fa378d2"; //this is the hash
    byte[] digest = null;
    MessageDigest md = MessageDigest.getInstance("SHA-256");

    for (int i=1; i<999999999; i++) {

    if (i%(16*16*16*16*16*16*16)==0) {
        two=three=four=five=six=seven=eight=0; one++;
        text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
    } else {
        if (i%(16*16*16*16*16*16)==0) {
            three=four=five=six=seven=eight=0; two++;
            text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
        } else {
            if (i%(16*16*16*16*16)==0) {
                four=five=six=seven=eight=0; three++;
                text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
            } else {
                if (i%(16*16*16*16)==0) {
                    five=six=seven=eight=0; four++;
                    text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
                } else {
                    if (i%(16*16*16)==0) {
                    six=seven=eight=0; five++;
                    text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
                } else {
                    if (i%(16*16)==0) {
                    seven=eight=0; six++;
                    text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
                    } else {
                        if (i%16==0) {
                            eight=0; seven++;
                            text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
                        } else {
                            eight++;
                            text=array[one]+array[two]+array[three]+array[four]+array[five]+array[six]+array[seven]+array[eight];
                        }
                    }
                }
            }
        }
    }
}


    md.update(text.getBytes("UTF-8")); 
    digest = md.digest();


    if (String.format("%064x", new java.math.BigInteger(1, digest)).equals(hash)) {
        i=999999999;
    }
}
    System.out.println(text);
}
}

Thx for the help!

Horten75
  • 21
  • 2
  • 6
    This may belong on CodeReview – Yassin Hajaj May 20 '16 at 17:02
  • Collapse your computations to generate numeric constants. For example, you are computing (16*16) 999999999 times. – nicomp May 20 '16 at 17:15
  • It has 999999999 retries,(i know it is a stupid way but it only worked like this) and it will exit when it found the original text. But nvm i regret sign up to this site anyway.. – Horten75 May 20 '16 at 17:27
  • 1
    @Horten75 I have a lot of things to tell you. **(1)** Many of your security knowledge/concepts are wrong. **(2)** What you are doing is not *decrypting*, calculating every possible hash is not *decrypting*, is trial and error. **(3)** A Hash 256 input are not just values from [*0*, *9*] and [*a*, *f*]. It accepts any input, any uppercase or lowercase letter (*H*, *i*, *w*, *Z* etc.), symbols (*[*, *&*, *#*) and much more. **(4)** Thus, your code is not working as you stated. **(5)** Comments like `But nvm i regret sign up to this site anyway..` won't help you to get more help. – UDKOX May 20 '16 at 18:27
  • 1
    **(6)** You did not understand what @nicomp said, so read it again and put effort on it. **(7)** Your approach is prety bad to be honest.. **(8)** Hash functions are made so that people can just do what you are doing, if I were you, I would not do these because every 1 extra character you add increases the time by double. **(9)** You did not even explain how your code works and how you tried to speed it up already, so that we don't suggest the same things again. **(10)** I wrote a 10 line code that does what you want, but I don't know if I want to share it with someone who behaves like this. – UDKOX May 20 '16 at 18:33
  • @UDKOX And sorry again for my behave. i know its accepts any letter but from [0, 9] and [a, f] will be enough, i only need thoose. And once more: i am a beginner. And yes i dont understand what nicomp said :( – Horten75 May 21 '16 at 10:23
  • @Horten75 If you learn programming at school you are lucky. Anyway, my code calculates and compares the hash of 8 byte long Strings, that may contain numbers [*0*, *9*] and letters [*A*, *F*] (uppercase). Is that enough for you ? – UDKOX May 21 '16 at 15:37
  • @UDKOX Actually one more thing: i was curios how much time does it takes to calculate 50-100 (or maybe even 256) characters long strings (if it only contains 16 different types of char) if you could give me an approximate answer that would be great. Your code will be great, thanks for the help. – Horten75 May 21 '16 at 16:05

1 Answers1

2

A lot of things to say before posting the code

  • You are making questions that don't make sense. Hash functions were made so that you can't just calculate all hash-ed and compare them.

  • The speed will depend in a lot of things. If the the seed is 0000 won't take long, if it's 3Gs98y/!=p 9IYÇ]T$78fffIUas4ª!5MJg7BN Jfi86n ,K¨}]+I may take years. Also, the computer speed, the programming language used etc.

  • They are meant to take a lot of time. Have a look at this link for more details. Notice they are measuring hundreds of thousands of years, not seconds.

  • This is the conclusion of the link above: It doesn't get much better with the fastest hardware on the planet computing thousands of hashes in parallel. No human technology will be able to crunch this number into something acceptable. So forget brute-forcing SHA-256 here

  • So that you understand better: you are using 16 characters max on the seed, when up to 128 different characters can be used. The possible convinations are 128^n (where n: lenght of seed).

Code

  • It only uses numbers [0, 9] and letters [A, F] (uppercase)

  • To find out the seed 0129ABCF it took 227 seconds

  • This code is still improvable in so many ways

    public static String calculateHash(String hash) throws NoSuchAlgorithmException, UnsupportedEncodingException{      
    MessageDigest md = MessageDigest.getInstance("SHA-256");

    // 16 characters used in the seed, 8 length. Possibilities : 8 * 8 * 8... (16 times) = 8 ^ 16
    long convinations = (long) Math.pow(8, 16);
    String hex, formatted;

    for (long i = 0; i < (long) convinations; i++) {

        hex = String.format("%08X", i);

        // This takes CPU time, only uncomment for debug purposses
        //System.out.println(hex);

        // Calculate hash of "hex"
        md.update(hex.getBytes("UTF-8")); 
        byte[] digest = md.digest();

        // Compare results
        formatted = String.format("%064x", new BigInteger(1, digest));
        if (formatted.equals(hash)) {
            return hex;
        }
    }

    return "";
}
Community
  • 1
  • 1
UDKOX
  • 738
  • 3
  • 15
  • Thanks for the help! Your code is way better than mine, it seems like i have a lot more to learn :) – Horten75 May 21 '16 at 19:50