hashcat Forum

hashcat Forum > Support > hashcat > 72hex —-» MD5(32hex)+SHA1(40hex)
Full Version: 72hex —-» MD5(32hex)+SHA1(40hex)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mshibo

08-16-2021, 08:26 PM
Extracted this hash out of GalleryVault android app and need an explanation how to decrypt it.
The hash extracted from kidd.xml file located at the system-root directory of the app.

<string name="LockPin">2F059A5F49AAFD2127DD6065494A91FF5B515E46A5F1BC60BE71C3DB0DF946BD0548C145</string>

Searching around, found a PDF talking about that, it mentioned that the hash is MD5(32hex)+SHA1(40hex) and it said we can do "Swap attack".
[attachment=851]

atom

08-17-2021, 10:00 AM
Well should be simple. What's the password of that hash?

Snoopy

08-17-2021, 02:40 PM
its vice versa in this case (was just playing around with this), first sha1 then md5, given this

2F059A5F49AAFD2127DD6065494A91FF5B515E46 (sha-1)
A5F1BC60BE71C3DB0DF946BD0548C145 (md5)

the passwords / lockpin is just plain 6 numbers ...so you can bruteforce this md5 on your own quite fast Wink or use any of the known lookuptables

and yes sha1(pw) == md5(pw)

mshibo

08-17-2021, 06:53 PM
This was really helpful.
I could crack both hashes using hashcat (-m 0 & 100) and got the same 6-digit numeric password.
Thank you so much.
hashcat Forum > Support > hashcat > 72hex —-» MD5(32hex)+SHA1(40hex)