Ah yes, it seems that they don't first decode the salt from base64.
The annoying thing is that 'Encoding.Unicode.GetBytes' returns what looks like a UTF-16 representation of the data. As a byte array the code 'Encoding.Unicode.GetBytes(salt + ";" + pw)' returns:
So a null byte after each character, if you would to hash that in something else such as hashcat you will need to compensate for that. I don't know if hashcat has an easy way to transform password candidates to utf-16 beforehand.
As you can see on https://gchq.github.io/CyberChef/#recipe...IDExNiwgMA taking a sha256 hash from that array of bytes creates the correct value (b3e20bcdf27a30eca65539e679001ada20c4a04791765bb43265a7cf200396f5)
The annoying thing is that 'Encoding.Unicode.GetBytes' returns what looks like a UTF-16 representation of the data. As a byte array the code 'Encoding.Unicode.GetBytes(salt + ";" + pw)' returns:
Code:
51, 0, 116, 0, 75, 0, 74, 0, 114, 0, 104, 0, 119, 0, 83, 0, 119, 0, 118, 0, 112, 0, 49, 0, 84, 0, 71, 0, 48, 0, 119, 0, 59, 0, 104, 0, 97, 0, 115, 0, 104, 0, 99, 0, 97, 0, 116, 0So a null byte after each character, if you would to hash that in something else such as hashcat you will need to compensate for that. I don't know if hashcat has an easy way to transform password candidates to utf-16 beforehand.
As you can see on https://gchq.github.io/CyberChef/#recipe...IDExNiwgMA taking a sha256 hash from that array of bytes creates the correct value (b3e20bcdf27a30eca65539e679001ada20c4a04791765bb43265a7cf200396f5)