So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?

Information about how the program uses them to hash.

		PUSH 0
		PUSH 1
		PUSH [009D1328]			  ; UNICODE "Microsoft Base Cryptographic Provider v1.0"
		PUSH 0
		PUSH EDX
		CALL ESI; ADVAPI32.CryptAcquireContextW; <&ADVAPI32.CryptAcquireContextW>

		PUSH ECX
		PUSH 0
		PUSH 0
		PUSH 08003h
		PUSH EDX
		CALL DWORD PTR DS:[<&ADVAPI32.CryptCreateHash>]; ADVAPI32.CryptCreateHash

		PUSH 0
		PUSH EAX
		PUSH ECX
		PUSH EAX
		CALL DWORD PTR DS:[<&ADVAPI32.CryptHashData>]; ADVAPI32.CryptHashData

		PUSH 0
		PUSH ECX
		PUSH EDX
		PUSH 4
		PUSH EAX
		CALL ESI;  ADVAPI32.CryptGetHashParam; <&ADVAPI32.CryptGetHashParam>

Then it converts the hash to a string.

So is it easy/hard to reverse a hashed string? And is there already a function to do it?

Aren't hashes by definition one way functions. Meaning, no reversing?

Aren't hashes by definition one way functions. Meaning, no reversing?

I thought it was just salted md5 hashes(and other like it) that can't be reversed easily.

So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?

...

So is it easy/hard to reverse a hashed string? And is there already a function to do it?

to create a hash md5 algo needs to be fed with some data (binary or string of some kind)..

so if you can trace the target.. just find what arguments are passed to this dll..

So I have a program that uses AdvApi32's MD5 function and was wonder how difficult/easy it is to un-hash and md5 from it?

...

So is it easy/hard to reverse a hashed string? And is there already a function to do it?

to create a hash md5 algo needs to be fed with some data (binary or string of some kind)..

so if you can trace the target.. just find what arguments are passed to this dll..

Well I am more interested in unhashing the string then just getting an unhashed string.

unhashing? you need to bruteforce it to get whats made the hash; it is not a good way if you can trace it.

Look for argumets passed just before initialization of md5 to get your string

All the info passed is constant besides the string that gets hashed.

i thought you were after that string anyway..

i dont get it.. what is you are trying to do?

Hi,

The crypto-API implementation of MD5 is based on RFC 1321. It pretty much produces the exact same result as any other implementation of MD5.

You cannot "unhash" something, cause as rendari & all people said, it's a one-way function.

Edited May 6, 200817 yr by HVC

MD5 is a one way hash function. In general it is not possible to recover the original data from the MD5 hash string and this is one of the main features which makes MD5 very useful.

It is sometimes possible to recover short data strings using brute force attack or rainbow tables. However even for fairly short strings the raw processing power required is very high and increases exponentially as the length of the data string increases.

In your case where the AdvApi32's MD5 function is being used, you will find a pointer to the original data (and the length of the data string) being hashed as parameters to the CryptHashData function. Look up the CryptHashData parameters on MSDN.

Ziggy