PDA

View Full Version : Need to identify hash

servil
December 11th, 2014, 10:11
hi there, I need help to recognize a kind of two pretty long hashes stored in XML sructure, apparently it's a file content verification.
THX

<?xml version="1.0" encoding="UTF-8"?>
<Signature Version="1.0">
<FileName>UpdateManifest.xml</FileName>
<FileSize>4861</FileSize>
<CheckSum>qDz90lpoz35kinmpbCB8Q7lHyk5HjQ2wqWddfYfKzwDO1+3xohyCtqTMzCnkPZ/GpB1DfwhfyOcpejf0OkHG2U5FK/T5gaREiwpSjJMcy+56/0BTP8quX0yNKPaE64/qQmyszFB5ob+WxSO3bQ8OgYSvrsLDh4wp/soLCyK5XfOXzd1VLOyLgWkX0qZTfbtHtstPaSDeBOSU+TvUQnoZHc437tJG+0T+6rdMyWFJbRvWd+lJnILqXrpXkzDet5Fyo/Ji0Lj1po4HHHOW3DoQDdycEsno70dL2GH1uqj4TQsZfRvR322TC6nesA9W9ibKkM/Sw6TdujFdcfB9ThctfuP/xO/t4VW37emyCJ+0ve3jjYeZG5pdGcfsN2Vt717kQZaasXfGyr2cNV7rD8mlJdTQt0LBEWIzAUxw3vpwnUVRgYzbBJ3nbZ/ZjOsIKYIDw4yKV9SS3n7Aq8/qdj9isiXbDA4qr8ib1Og9M+tbF5q3V0+VJOEcWIxub0UlEobA</CheckSum> <=== this
<Sig>H0AcL+CjbUblVwgCBAhdKe5p+lmR4ahu2DbKE7nAnRZFnWYINJ86qgVqzNkUeMSa36Qxq5Snbjq+FesxeLaYSHbHEt6i0HuSj6hT Tu8GwVfxTPzGuU1D1lTew0pwj7sC/et44no+SNRYS8aRpQF5u0Ap+yP6zOhQXSkeWWohxp/Pey4RjlMiViGIsJsWvvXZL0+zrX3Feffc3cH5awkC4YuFbApFSugjtXmVlMWcnPU+4glXC71SomAgYynJaFnYRzNgqzjs/j+Xe53FPBkuFCVa59gg0+LtMpcLOVVXs+oGqvvmso1DHADRBDRmsFQi5MSMzmTQBlIihyvqU86wsBD6phFNRr+r1vfc2A5ppx+fD m/k6VsyLXzFWCFf7VWlsp+wDjWp1aH8lpTPLk+THN7CMMPDwRTF+x0guLP8zI5c/6Sk5nqapbM9zkBMBvWhzWYFEic7gLHNUDfNKJgnmp+dwEglQBnYo+bIeU3J1WeeD7I0m49o1oejDNdHY8Aj</Sig> <====== and this
</Signature>
FoxB
December 11th, 2014, 10:20
base64. decoded <FileSize> and <Sig> has 384 byte or 3072 bit of length.
servil
December 11th, 2014, 10:28
Thanks
<CheckSum>, <Sig> are 512bytes (4096) long, still base64?
I'm going to find a tool that will compute the hashes for me.

OK got it, decoded gives 384B long binary hash. What algorithm gives 384B binary hashes?
FoxB
December 11th, 2014, 11:24
as sample - rsa3072 =)
servil
December 11th, 2014, 11:36
I tried RC4, this requires passphrase. This must be a unique one way algo

openssl rsautl -encrypt -in UpdateManifest.xml

requires a private key. Is that able compute rsa3072 without having any keys or passphrases?
FoxB
December 11th, 2014, 12:49
if this is rsa3072 you cant recovery private part (developer side). public part is not secure (in target software imho)
evlncrn8
December 24th, 2014, 20:00
ssdeep?