hashcat Forum

hashcat Forum > Deprecated; Previous versions > General Help > Need Help to find out hash type
Full Version: Need Help to find out hash type
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

bc77

05-16-2016, 10:16 AM
Hi!

I captured HTTP POST data. The posted data is verified with a X-Signature-Header.

If i resend the same data, i got a success message.
If i change the data i got a message from Server {"status":"INVALID_AUTH_SIGNATURE"}

Here is an example Signature Header:
"X-Signature: 6b3d91b6118ebbd6ba6e1360f782c5c6"

I want to find out which hash-type is used to change the content of data, calculate the signature and create my own posts.

I have the posted data in a file and know the signature - Can you help me a hint how can i realize my plan?


Thank you and so long,
josen

atom

05-16-2016, 01:45 PM
You need the source to find about the algorithm used.

bc77

05-16-2016, 07:32 PM
Is there no possibility to brute force / try and error?

bigblacknose

05-17-2016, 07:45 PM
Try to find out what type of framework that is used. See if you can figure out something that way.
Otherwise it just guessing. 16 bytes, md5?

epixoip

05-17-2016, 07:53 PM
Signatures like that are almost always hmac.

bc77

05-17-2016, 10:21 PM
(05-17-2016, 07:45 PM)bigblacknose Wrote: [ -> ]Try to find out what type of framework that is used. See if you can figure out something that way.

It is a iOS App

atom

05-19-2016, 08:18 PM
Could be anything. As I've said, you need to reverse the algorithm or look into the source.
hashcat Forum > Deprecated; Previous versions > General Help > Need Help to find out hash type