72hex —-» MD5(32hex)+SHA1(40hex)
#1
Extracted this hash out of GalleryVault android app and need an explanation how to decrypt it.
The hash extracted from kidd.xml file located at the system-root directory of the app.

<string name="LockPin">2F059A5F49AAFD2127DD6065494A91FF5B515E46A5F1BC60BE71C3DB0DF946BD0548C145</string>

Searching around, found a PDF talking about that, it mentioned that the hash is MD5(32hex)+SHA1(40hex) and it said we can do "Swap attack".

.png   2021-08-16_20-29-50.png (Size: 77.82 KB / Downloads: 16)
Reply
#2
Well should be simple. What's the password of that hash?
Reply
#3
its vice versa in this case (was just playing around with this), first sha1 then md5, given this

2F059A5F49AAFD2127DD6065494A91FF5B515E46 (sha-1)
A5F1BC60BE71C3DB0DF946BD0548C145 (md5)

the passwords / lockpin is just plain 6 numbers ...so you can bruteforce this md5 on your own quite fast Wink or use any of the known lookuptables

and yes sha1(pw) == md5(pw)
Reply
#4
This was really helpful.
I could crack both hashes using hashcat (-m 0 & 100) and got the same 6-digit numeric password.
Thank you so much.
Reply