03-19-2020, 04:14 PM
First step is to have a test password that you know so you can test your hypothesis.
Mine is: The password base-64 decodes to 160 bit of data, the same length as a SHA1 hash. The salt looks like hex chars. If you know the correct password you can test the scenario's sha1(dehex(salt) + base-64-decode(password)), sha1(base-64-decode(password) + dehex(salt)), sha1(salt + base-64-decode(password)), sha1(base-64-decode(password) + salt), sha1(sha1(dehex(salt) + base-64-decode(password))), etc.
Once you know that you can find the mode to use.
Mine is: The password base-64 decodes to 160 bit of data, the same length as a SHA1 hash. The salt looks like hex chars. If you know the correct password you can test the scenario's sha1(dehex(salt) + base-64-decode(password)), sha1(base-64-decode(password) + dehex(salt)), sha1(salt + base-64-decode(password)), sha1(base-64-decode(password) + salt), sha1(sha1(dehex(salt) + base-64-decode(password))), etc.
Once you know that you can find the mode to use.