Need Help to find out hash type
#1
Hi!

I captured HTTP POST data. The posted data is verified with a X-Signature-Header.

If i resend the same data, i got a success message.
If i change the data i got a message from Server {"status":"INVALID_AUTH_SIGNATURE"}

Here is an example Signature Header:
"X-Signature: 6b3d91b6118ebbd6ba6e1360f782c5c6"

I want to find out which hash-type is used to change the content of data, calculate the signature and create my own posts.

I have the posted data in a file and know the signature - Can you help me a hint how can i realize my plan?


Thank you and so long,
josen
#2
You need the source to find about the algorithm used.
#3
Is there no possibility to brute force / try and error?
#4
Try to find out what type of framework that is used. See if you can figure out something that way.
Otherwise it just guessing. 16 bytes, md5?
#5
Signatures like that are almost always hmac.
#6
(05-17-2016, 07:45 PM)bigblacknose Wrote: Try to find out what type of framework that is used. See if you can figure out something that way.

It is a iOS App
#7
Could be anything. As I've said, you need to reverse the algorithm or look into the source.