Help me identify Hash as no hash mode matches the structure of the input hash.
#1
Hi, I fed the hash into the hashcat but it couldn't find any matches. Anyways based on my personal research, I've done some observations on the data I have,

What I've observed:
* The hashes are 43 characters long always(both the actual hash and the encrypted one)
* The hash size remains unchanged when converted from actual hash to encrypted one
* They only use (a-z),(A-Z),(0-9),"-" and "_", nothing else.

So I'm guessing that rules out SHA or MD5 or any algo which changes string length.

Also All of them have %3D in the end, I've omitted them because it seems appended rather than generated from actual hashing algo, should I include it in the hash (I know it means "=" when converted)?

* e.g The hash is like "2fqRu08kOP5JpDH1uxU9HA2_6ngfcrn10jIsekvAwus%3D " but I use "2fqRu08kOP5JpDH1uxU9HA2_6ngfcrn10jIsekvAwus"

For more context: I have some hashes which are the true values, and then I have the resultant encrypted hashes converted from that original hash by the program.

Example:
Actual Hash => 2fqRu08kOP5JpDH1uxU9HA2_6ngfcrn10jIsekvAwus
Encrypted Hash: => CbaZlptNdOutidqLjdnMJ2IJD5tUpIJ-5NPufl5KdbM
Example 2:
Actual Hash => 5aifPf1JYI5rG8f0VvA2jj2hZTPRq5Be-h__D00Nz6I
Encrypted Hash: => LFkgOgEd0e2x6XcF9mp1Fl4Z8YbB3yOQ_O_qeoNA6pE
Example 3:
Actual Hash => T9ch1rj9xnq_XfgV34KHkZNQxbOvqCa_M2xM5f-oe74
Encrypted Hash: => YYY-PHBzlIzW0c3HEcsat4vxTYjmAIs_8neCLTjo_As
Example 4:
Actual Hash => rPucupw-mFgvdRxsScmOZuD-D5riaPXPqmOhY0iWDRg
Encrypted Hash: => GXPCA1kn4tKagRuq6nqLC28axMWQZ0LDGYuwQexaNSM
Example 5:
Actual Hash => JTFl1zNbJzav4QQo12LfVux8Anz9j6aaRdIJxx35C_U
Encrypted Hash: => OasBj3o9JeB6qnTkdDLVD_rj3JAhMRBtKAYzNbOp8kA


But suppose if I only have the encrypted hash, can I find the true hash value, using the above patterns? How to reverse engineer it?

Example:
Encrypted hash => sEaBkorIMYfaV_CUVHFcoUH2tbIeO39QnRS4yPZSUCA
Actual Hash => ?????????????????????????????????????????????????????

FYI I can generate more actual hash and their encryptions if more data is needed for pattern recognition.

Any insights based on my observations would be massively helpful, thanks..
Reply
#2
(a-z),(A-Z),(0-9),"-" and "_" are all part of the "URL Safe Base64 encoding", this makes a bit more sense since %3D is URLencoding of =, but that is usually omitted for this encoding.

If you 'decode' the input you have provided you get 256 bits of information. 256 bits fits with a lot of hashtypes.

But with just this information you are not likely going to find how this works. You need more context or code on what is happening.
Reply
#3
(03-27-2025, 05:11 PM)DanielG Wrote: (a-z),(A-Z),(0-9),"-" and "_" are all part of the "URL Safe Base64 encoding", this makes a bit more sense since %3D is URLencoding of =, but that is usually omitted for this encoding.

If you 'decode' the input you have provided you get 256 bits of information. 256 bits fits with a lot of hashtypes.

But with just this information you are not likely going to find how this works. You need more context or code on what is happening.

Thanks, sadly I don't have the code, only the api which generates two hashes, one is encrypted other is the actual one.

Most I can do is generate N no of hashes through it and try to find the pattern or the encryption mechanism.
Reply