The algorithm could use and do literally everything.
I mean, it could iterate a random number of times (and store the number in salt), it could split the salt and prefix/suffix it, append it, suffix it, transform it first etc etc etc
If it is your app, you should be able to check what it does AND know what it does, otherwise there is sth strange happening here.
Our focus should also remain on recovering passwords and not instead blindly guess what an app could possibly do. Of course, sometimes this job also needs to be done, but *not* if it is an app/code under your control.
Furthermore, it seems that before your changes the salt wasn't *at all* numeric (instead it seemed to be (I think) 4 hex chars)... so I am totally confused what you are trying to do here, why you changed the salt format and why one should *crack the algorithm* under his control
I mean, it could iterate a random number of times (and store the number in salt), it could split the salt and prefix/suffix it, append it, suffix it, transform it first etc etc etc
If it is your app, you should be able to check what it does AND know what it does, otherwise there is sth strange happening here.
Our focus should also remain on recovering passwords and not instead blindly guess what an app could possibly do. Of course, sometimes this job also needs to be done, but *not* if it is an app/code under your control.
Furthermore, it seems that before your changes the salt wasn't *at all* numeric (instead it seemed to be (I think) 4 hex chars)... so I am totally confused what you are trying to do here, why you changed the salt format and why one should *crack the algorithm* under his control