Partially known info for decryption
#1
I have a table of 128-bit hashes that represent US mailing addresses. I believe they represent an address such as: 123 Main St, Apt B, Beverly Hills, CA 90210-3209.

But, I do not know what the format of the address is. It could be
Code:
123 Main St|Apt B|Beverly Hills|CA|90210|3209
or some variation. It could be all upper case, or all lower case. There could be additional information as well that I do not know.


I'm guessing that it's a MD5 hash, but don't know for certain. I'm pretty sure that Address1, Address2, City, State, Zip are part of the final result. Those fields may be in a different order than that as well. The delimiter may be anything, including multiple characters.

First, is it worth my time to try to reverse a hash knowing the above? I just ran a straight brute-force for a few minutes and was processing 4667.3 MH/s.

If you think so, how do I run hashcat to optimize for this scenario?

Thanks for your assistance.
Reply
#2
Make a wordlist and use rules under ./hashcat/rules. You can find extra rules like OneRuleToRuleThemStill on Internet.
Reply
#3
so you know that the plains are just straight adresses, so why do you want to crack them?

next point without knowing the exact form -> city, country, c-code or is it -> country, city, ccode, you will have so much combinations that the only possibility for attacking these hashes i could think of would be, if you know, that one particular address is for 100% sure among these hashes (without any additional data you mentioned), then you could use just these known parts of that adress for prebuilding a wordlist with all possibel combinations aof that parts (the different separators are the least problem, if successful the result would tell you the used style (in which order are the different infos)

anyway, if you think that a database or programm will store such informations hashed, e.g. you have an entry with a person, person-id but these adress details are hashed, you are wrong, because how should the database "decrypt" these infos for using them? data stored without the possibility to decrypt them is no usecase, so when this data has to be used, the only possibility is using encryption/decryption, but not hashing the data
Reply
#4
(05-12-2023, 02:45 PM)Snoopy Wrote: so you know that the plains are just straight adresses, so why do you want to crack them?

The only reason I know the address is that I have the hash along with a latitude and longitude. With that I was able to determine the address. 

My goal is to determine what the format of the input/plain is so that I can reproduce these hashes. I need to supplement my dataset and don't know the format and the party who knows is unable to tell due to proprietary reasons.

Honestly, this was a long shot and I learned yesterday that it's possible that the input may not have everything that I specified. I'm fairly confident that the Street Address Line 1 is in the plain text, but the rest is questionable as there are other ways to get City, State, & Zip.

Thanks for the input.
Reply
#5
(05-12-2023, 12:25 PM)aikiuslik Wrote: Make a wordlist and use rules under ./hashcat/rules. You can find extra rules like OneRuleToRuleThemStill on Internet.

Thank you for the input. I'm not certain that it's worth my time given so many unknowns at this point. You can see my other response for more details.
Reply
#6
(05-12-2023, 03:13 PM)ksbecker Wrote:
(05-12-2023, 02:45 PM)Snoopy Wrote: so you know that the plains are just straight adresses, so why do you want to crack them?

The only reason I know the address is that I have the hash along with a latitude and longitude. With that I was able to determine the address. 

My goal is to determine what the format of the input/plain is so that I can reproduce these hashes. I need to supplement my dataset and don't know the format and the party who knows is unable to tell due to proprietary reasons.

Honestly, this was a long shot and I learned yesterday that it's possible that the input may not have everything that I specified. I'm fairly confident that the Street Address Line 1 is in the plain text, but the rest is questionable as there are other ways to get City, State, & Zip.

Thanks for the input.

as i said before im certainly sure that your "hashes" are no real hashes as storing data this way will make this data unuseable, because you will not be able to process to the data back to plaintext when this data is needed. i think these "hashes" are more like an id or something similar, you said you have lat long beside, i know some databases where the positions of wlans are stored, so these "hashes" could be the mac-adresses or similar

could you provide a single dataset but please mask at least 4 chars of your hash with XX
Reply