Jump to content
Tuts 4 You

AdvApi32 MD5?


high6

Recommended Posts

Posted

So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?

Information about how the program uses them to hash.

		PUSH 0
PUSH 1
PUSH [009D1328] ; UNICODE "Microsoft Base Cryptographic Provider v1.0"
PUSH 0
PUSH EDX
CALL ESI; ADVAPI32.CryptAcquireContextW; <&ADVAPI32.CryptAcquireContextW>
		PUSH ECX
PUSH 0
PUSH 0
PUSH 08003h
PUSH EDX
CALL DWORD PTR DS:[<&ADVAPI32.CryptCreateHash>]; ADVAPI32.CryptCreateHash
		PUSH 0
PUSH EAX
PUSH ECX
PUSH EAX
CALL DWORD PTR DS:[<&ADVAPI32.CryptHashData>]; ADVAPI32.CryptHashData
		PUSH 0
PUSH ECX
PUSH EDX
PUSH 4
PUSH EAX
CALL ESI; ADVAPI32.CryptGetHashParam; <&ADVAPI32.CryptGetHashParam>

Then it converts the hash to a string.

So is it easy/hard to reverse a hashed string? And is there already a function to do it?

Posted

Aren't hashes by definition one way functions. Meaning, no reversing?

Posted
Aren't hashes by definition one way functions. Meaning, no reversing?

I thought it was just salted md5 hashes(and other like it) that can't be reversed easily.

Posted
So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?

...

So is it easy/hard to reverse a hashed string? And is there already a function to do it?

to create a hash md5 algo needs to be fed with some data (binary or string of some kind)..

so if you can trace the target.. just find what arguments are passed to this dll..

Posted
So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?

...

So is it easy/hard to reverse a hashed string? And is there already a function to do it?

to create a hash md5 algo needs to be fed with some data (binary or string of some kind)..

so if you can trace the target.. just find what arguments are passed to this dll..

Well I am more interested in unhashing the string then just getting an unhashed string.

Posted

unhashing? you need to bruteforce it to get whats made the hash; it is not a good way if you can trace it.

Look for argumets passed just before initialization of md5 to get your string ;)

Posted

All the info passed is constant besides the string that gets hashed.

Posted

i thought you were after that string anyway.. :confused:

i dont get it.. what is you are trying to do?

Posted (edited)

Hi,

The crypto-API implementation of MD5 is based on RFC 1321. It pretty much produces the exact same result as any other implementation of MD5.

You cannot "unhash" something, cause as rendari & all people said, it's a one-way function.

Edited by HVC
Posted

MD5 is a one way hash function. In general it is not possible to recover the original data from the MD5 hash string and this is one of the main features which makes MD5 very useful.

It is sometimes possible to recover short data strings using brute force attack or rainbow tables. However even for fairly short strings the raw processing power required is very high and increases exponentially as the length of the data string increases.

In your case where the AdvApi32's MD5 function is being used, you will find a pointer to the original data (and the length of the data string) being hashed as parameters to the CryptHashData function. Look up the CryptHashData parameters on MSDN.

Ziggy

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...