high6 Posted May 6, 2008 Posted May 6, 2008 So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?Information about how the program uses them to hash. PUSH 0 PUSH 1 PUSH [009D1328] ; UNICODE "Microsoft Base Cryptographic Provider v1.0" PUSH 0 PUSH EDX CALL ESI; ADVAPI32.CryptAcquireContextW; <&ADVAPI32.CryptAcquireContextW> PUSH ECX PUSH 0 PUSH 0 PUSH 08003h PUSH EDX CALL DWORD PTR DS:[<&ADVAPI32.CryptCreateHash>]; ADVAPI32.CryptCreateHash PUSH 0 PUSH EAX PUSH ECX PUSH EAX CALL DWORD PTR DS:[<&ADVAPI32.CryptHashData>]; ADVAPI32.CryptHashData PUSH 0 PUSH ECX PUSH EDX PUSH 4 PUSH EAX CALL ESI; ADVAPI32.CryptGetHashParam; <&ADVAPI32.CryptGetHashParam>Then it converts the hash to a string.So is it easy/hard to reverse a hashed string? And is there already a function to do it?
rendari Posted May 6, 2008 Posted May 6, 2008 Aren't hashes by definition one way functions. Meaning, no reversing?
high6 Posted May 6, 2008 Author Posted May 6, 2008 Aren't hashes by definition one way functions. Meaning, no reversing?I thought it was just salted md5 hashes(and other like it) that can't be reversed easily.
ChupaChu Posted May 6, 2008 Posted May 6, 2008 So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?...So is it easy/hard to reverse a hashed string? And is there already a function to do it?to create a hash md5 algo needs to be fed with some data (binary or string of some kind)..so if you can trace the target.. just find what arguments are passed to this dll..
high6 Posted May 6, 2008 Author Posted May 6, 2008 So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?...So is it easy/hard to reverse a hashed string? And is there already a function to do it?to create a hash md5 algo needs to be fed with some data (binary or string of some kind)..so if you can trace the target.. just find what arguments are passed to this dll..Well I am more interested in unhashing the string then just getting an unhashed string.
ChupaChu Posted May 6, 2008 Posted May 6, 2008 unhashing? you need to bruteforce it to get whats made the hash; it is not a good way if you can trace it. Look for argumets passed just before initialization of md5 to get your string
high6 Posted May 6, 2008 Author Posted May 6, 2008 All the info passed is constant besides the string that gets hashed.
ChupaChu Posted May 6, 2008 Posted May 6, 2008 i thought you were after that string anyway.. i dont get it.. what is you are trying to do?
HVC Posted May 6, 2008 Posted May 6, 2008 (edited) Hi,The crypto-API implementation of MD5 is based on RFC 1321. It pretty much produces the exact same result as any other implementation of MD5.You cannot "unhash" something, cause as rendari & all people said, it's a one-way function. Edited May 6, 2008 by HVC
Ziggy Posted May 6, 2008 Posted May 6, 2008 MD5 is a one way hash function. In general it is not possible to recover the original data from the MD5 hash string and this is one of the main features which makes MD5 very useful. It is sometimes possible to recover short data strings using brute force attack or rainbow tables. However even for fairly short strings the raw processing power required is very high and increases exponentially as the length of the data string increases.In your case where the AdvApi32's MD5 function is being used, you will find a pointer to the original data (and the length of the data string) being hashed as parameters to the CryptHashData function. Look up the CryptHashData parameters on MSDN.Ziggy
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now