hashcat Forum Support hashcat v
72hex —-» MD5(32hex)+SHA1(40hex)

Threaded Mode
72hex —-» MD5(32hex)+SHA1(40hex)
mshibo Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Aug 2021
#1
08-16-2021, 08:26 PM (This post was last modified: 08-16-2021, 08:31 PM by mshibo.)
Extracted this hash out of GalleryVault android app and need an explanation how to decrypt it.
The hash extracted from kidd.xml file located at the system-root directory of the app.

<string name="LockPin">2F059A5F49AAFD2127DD6065494A91FF5B515E46A5F1BC60BE71C3DB0DF946BD0548C145</string>

Searching around, found a PDF talking about that, it mentioned that the hash is MD5(32hex)+SHA1(40hex) and it said we can do "Swap attack".

.png   2021-08-16_20-29-50.png (Size: 77.82 KB / Downloads: 16)
Find
Reply
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#2
08-17-2021, 10:00 AM
Well should be simple. What's the password of that hash?
Website Find
Reply
Snoopy Online
Posting Freak
*****
Posts: 889
Threads: 15
Joined: Sep 2017
#3
08-17-2021, 02:40 PM (This post was last modified: 08-17-2021, 02:46 PM by Snoopy.)
its vice versa in this case (was just playing around with this), first sha1 then md5, given this

2F059A5F49AAFD2127DD6065494A91FF5B515E46 (sha-1)
A5F1BC60BE71C3DB0DF946BD0548C145 (md5)

the passwords / lockpin is just plain 6 numbers ...so you can bruteforce this md5 on your own quite fast Wink or use any of the known lookuptables

and yes sha1(pw) == md5(pw)
Find
Reply
mshibo Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Aug 2021
#4
08-17-2021, 06:53 PM (This post was last modified: 08-17-2021, 06:53 PM by mshibo.)
This was really helpful.
I could crack both hashes using hashcat (-m 0 & 100) and got the same 6-digit numeric password.
Thank you so much.
Find
Reply