SHA-256 really?
#1
Hi guys, I need help identifying a hash. All analyzing methods I tried they show SHA-256 but that doesn't seem to be the case. Because what is being generated by site code is different than all SHA types. Can someone please help me ID it.....
Thank you
Plain string: hellomoto
SHA-256: e47204df44254059b86dd41b5ba9eceae09be42be01ef0d649651602101c316f
Generated by site: de5eb7c3dfbd5216ccf3015d50ccbcdd97c26887bb277409ed71d9e62a6cc57d
Reply
#2
the site can do anything to your input before hashing it. What often happens is that an extra piece of data is prepended or appended, this is commonly referred to as "adding salt". Do you have the 'site code'? If you do then you can see what happens to the data.
Reply
#3
is the generated string by site everytime the same (for same input) or does the string change? if its change, this could be a hint for an automatic generated/added salt like danielg said, if it stays fixed this could mean something like fixed salt or something like double*hashing sha(sha(pw)

can you test same iput -> generated string?
Reply
#4
@DanielG what do you mean by 'site code' bro?
@Snoopy yes bro it stays fixed for same string each time...
Reply
#5
how did you get the strings generated by the site?

danielg means, if you have access to the site (see above how did you get the generated strings?) you should also have access to the code (php whatever) and there you should see / be able to search how the input-string is handled to compute the result
Reply
#6
@Snoopy these strings are passes being sent in login request in form of hash....
Plus I just noticed something that hash remains same as long as email is same too but if you change email it changes..
I think they are using using email too in some way maybe as a salt
Reply
#7
well this sounds like "yeah could be"

do you know the "software" used? is it a kind of forum or something similar? for most software like e.g. phpbb the generator for the hash is known (free software) so you know how the string is generated like

sha256($salt.$pass.$salt)
sha256(sha256($pass).$salt)
Reply
#8
Its not a forum so I dont think it is using a software...Its a site (https://lastpass*com/)..this code maybe related to hash generation.
var hash = "";
if (res[0].getAttribute("type") == "trueapi") {
hash = SHA256(SHA256(fix_username(g_username) + res[0].getAttribute("type")));
}
if (hash.length != 64) {
send_website_event("multifactorauth", res[0].getAttribute("type"), g_username, "", res[0].getAttribute("challenge"));
counter = 0;
setTimeout(function(){checkMultifactorAuth();}, 250);
} else {
document.getElementById("eventdata5").value = SHA256(hash + res[0].getAttribute("challenge"));
document.getElementById("eventdata3").value = "done";
checkMultifactorAuth();
}
Reply
#9
well given this line

hash = SHA256(SHA256(fix_username(g_username) + res[0].getAttribute("type")));

it is seems to be doubled sha256 and the username (g_username) is processed by another function (fix_username) the output is then appended by the output from res[0].getAttribute("type")
Reply
#10
but problem with this code is there is no mention of password being used...so there must be something else going on that uses password too.
Reply