Decrypting hex codes [Archive] - RCE Messageboard's Regroupment

View Full Version : Decrypting hex codes

AmazingTrans

September 3rd, 2013, 20:40

Hi there,

I am trying to decrypt the following information that I have to unlock a locked program.
From the table below, I entered the following username, and password. The encrypted password that I manage to extract are as follow.
If given username and encrypted password, how can i decrypt the password?
Hope to hear some insight from someone out there.

Username
Password
Encrypted Password

abc
11111
bdb657d2838d000193be91183680bce4f1cc400d

abc
111111
b7ccdad283a6e9c393bef7ea069dd8e2f2ac5031

abc
1111111
2db391d28384511593befcfea670a1d1c116a471

abc
11111111
d6bcb0d28313c49a93be717e9a3fb004905df1f6

abc
111111111
4be79ed283139b0f093be03bf3cd876003aad83d

abc
111111111111
8319b2d283b4159c93be1d539a1e74369b849822

Cheers,
AT

Woodmann

September 3rd, 2013, 21:24

That dont look like no hex to me.
Is it English ?

Woodmann

AmazingTrans

September 3rd, 2013, 21:30

My bad, it is more like char instead.

naides

September 4th, 2013, 13:18

What you may be looking at is a 'hash' of the password, or a hash of the combination of username and password. . .
Hashes are by definition one way functions: If you know the 'before', ie 11111 or abc11111, it is easy and deterministic to derive the after, or hash: bdb657d2838d000193be91183680bce4f1cc400d

Knowing the after 'hash' has no simple algorithm to derive the 'before'. Any protection system, worth is salt, would use such 'one way' functions. Read about MD5 for instance.

Besides brute force, no simple way to reverse the hash into the password.

AmazingTrans

September 5th, 2013, 07:10

naides, by knowing the username and password, am i able to track what type of hashes method are utilized to derive hash: bdb657d2838d000193be91183680bce4f1cc400d ?

naides

September 5th, 2013, 18:26

Not directly. However some of the hash algorithms have code signatures and use specific structures, "tables", that are characteristic enough so that they can be identified by crypto tools: RPG comes to mind . . .http://www.woodmann.com/collaborative/tools/RDG_Packer_Detector ("http://www.woodmann.com/collaborative/tools/RDG_Packer_Detector")

There were others that I do not remember. Also the length of the hash: in your case 16 bytes or 128 bits is characteristic of MD5. SHA-1 is 160 bits. Others have more or less typical hash lengths

Add on: I remember another, PEiD with its Kanal (KryptoANALizer) plug-in.