Double SHA1
#1
Hi all,

Im quite new to using Hashcat.

My first database I happen to have Im testing against to which I also have the source to how it was hashed is proving more difficult that I thought.

It has been hashed twice as follows. (there is no salt)

$Hash1 = SHA1([password-to-hash);

$Hash2 = SHA1($Hash1);

Now $Hash2 contains something like "FF 12 FE ........" in Hex etc.

Now Hashcat can have a go at this now with the right parameters even though its doubled. (I believe).

The problem I have is that the Hex output of the double hash has been converted to a base 10 Decimal number and that is what is now the hash.

i.e. "FF12FE...." will become: "25518254...." which without some sort of delimiter I cannot convert back to Hex again. (without coding something)

Is there a way to deal with this within Hashcat or do I need to go off and create my own rainbow tables maybe.

Billy
#2
Are you certain the conversion is done in pairs of hex characters (e.g. ff 0f => 25515), and not interpreting the entire 40-character sequence as one value and converting it?

e.g. instead of "f1d2d2f924e986ac86fdf7b36c94bcdf32beec15" being converted into (241210...), it'd be (138056...).

Otherwise, I think you're correct, and it's not unambiguously parseable. The cheesy way to work around this would be to write something that spits out all the valid ambiguous parses that could result in that string (which, in some cases, might only be one), and then try breaking those - presumably, if it's encoded the way you say it is, then cracking _any_ of those hashes should work, since they encode to the same end result.
#3
No its converted by iterating a Byte array of Hex values converting each one in turn into a base 10 value then appending to a string as described.

Seems simple on first look but its made it a little bit more difficult to crack.

I did think of creating all possibilities but befeore I go down those paths I thought i would ask if there is a built in alternative.
#4
(06-20-2016, 12:14 AM)WJHumphreys Wrote: No its converted by iterating a Byte array of Hex values converting each one in turn into a base 10 value then appending to a string as described.

Seems simple on first look but its made it a little bit more difficult to crack.

I did think of creating all possibilities but befeore I go down those paths I thought i would ask if there is a built in alternative.

No, and you should probably convince them that this is a bad idea, because as observed, it makes finding collisions at least marginally easier (how much easier in practice, I can't begin to guess).
#5
I agree but to be fair this is old code and just something I was using as a test to see how Hashcat worked. Personally I wouldnt use SHA1 at all anymore.
#6
try -m 300
#7
I see from the docs that the switch you suggest is for:

300 = MySQL4.1/MySQL5

This doesnt seem to address the conversion of the Hex to Base 10.

Doesnt MySql output its hash as Hex?
#8
You could either code a custom hash mode for this or write a converter that generates all possible hashes from the concatenated numbers you have.
#9
Is this something done within Hashcat so to speak or something I write externally. I can write some code externally easily enough I was just not trying to re invent the wheel if its already built in.
#10
I think looking at the amount off possibilities there are trying to reverse the base 10 back into Hex that writing custom hash code is more feasible.