| Author | Message | Time |
|---|---|---|
| xpeh | As a proof, post xsha1 hash of string not longer that 16 characters and sha1 hash of same string. If the hashes are made of same string, i'll post the corresponding string. Any characters (\x00-\xff) are allowed. | July 14, 2011, 9:45 PM |
| Myndfyr | I don't understand... xsha1 has been reversed. | July 15, 2011, 5:40 AM |
| xpeh | Where? | July 15, 2011, 12:06 PM |
| rabbit | Everywhere? | July 15, 2011, 1:34 PM |
| xpeh | You mean what i have written - you can obtain a password from xsha1 hash? | July 15, 2011, 2:05 PM |
| Ribose | You can't do that with xsha1 or especially sha1 (except by making a table with all possible passwords leading to all possible results). That's the point of a hashing algorithm... | July 15, 2011, 3:16 PM |
| xpeh | Just read the op post... (Is it true that most persons here are native english speakers? I highly doubt that now) | July 15, 2011, 3:30 PM |
| Myndfyr | So, what you're claiming is that you have been able to successfully un-hash a string, then? A hash is a one-way function. Like Ribose said, the only way to go backwards is to create a table. | July 16, 2011, 10:37 PM |
| xpeh | Why do you talk instead of testing that? | July 16, 2011, 10:51 PM |
| rabbit | I'm not sure what you're talking about, but I'm pretty sure you don't know what you're talking about either. | July 17, 2011, 1:04 AM |
| xpeh | Lol retard, if you are unabled to read the first post in this topic, so i'll do it for you: Post here xsha1 and sha1 hashes of any string no longer that 16 characters, and i'll try to decrypt it. Undestand? | July 17, 2011, 1:24 AM |
| rabbit | And now you've proven my point: you don't know what you're talking about. All you'll be able to do is find collisions. You can't "decrypt" a hash because it's not a crypt, it's a hash. | July 17, 2011, 1:49 PM |
| xpeh | IF you wanna pay attention on terminology, that's not collision but first preimage. And yes, this forum went completely retarded. What was happened with old VL, after some admin retard has nuked the database for last half year? I thought you are one of few working Battle.Net programming forums, but no. Not anymore. | July 17, 2011, 2:57 PM |
| Ringo | xpeh still trolls here? xpeh, when you input into SHA1, infomation is lost, thus your not going to beable to otain said infomation with out finding a clash, a 16byte string that produces the same 20 byte hash. Anyone able to write a loop should beable to do this. You can not "reverse" a hash back to its orginal form, due to the lossy nature of hashing. FACEPALM. More to the point, what does this have to do with bot development? | July 17, 2011, 4:01 PM |
| Sc00bz | He's telling the truth I just found out about XSHA1 today and well I wrote a program to reverse an XSHA1... I found a collision (takes 10.8 seconds to run through 0-20 characters): hash:hex of password:password 99f0fab8b5b4523e0d58e5efe126fa5f12633b4b:31323334353637383930:1234567890 99f0fab8b5b4523e0d58e5efe126fa5f12633b4b:3d750222f3e685ee030cb703a736efda18021630:=u.".........6.....0 (Sorry I didn't find a collision without control characters. You'll need to use the hex to verify.) | October 25, 2011, 5:30 AM |
| rabbit | That's not reversing...you aren't recovering the original data. | October 26, 2011, 4:12 AM |
| Myndfyr | That the algorithm is very weak has been known for some time. [quote author=Skywing]The Blizzard programmer responsible for implementing this apparently switched the two parameters in every call to ROL. That is, if there was a ``#define ROL(a, b) (...)'' macro, the programmer swapped the two arguments. This drastically reduces the security of Battle.net password hashes, as most of the data being hashed ends up being zero bits. Because of the problem of incompatibility with previously created accounts, this system is still in use today.[/quote] | October 30, 2011, 6:16 AM |
| inquisitive_mind | [quote author=rabbit link=topic=18297.msg185558#msg185558 date=1319602330] That's not reversing...you aren't recovering the original data. [/quote] Really? How is it not recovering the original data? It doesnt require a rainbow table and it doesnt require any type of brute force. Feed it any hash u want and it'll probably spit out the "original data" as you call it faster than my hand could slap your forehead if I were standing right next to you. That's pretty damn close to "reversing" it if you ask me. The method of how it's reversed is completely irrelevant. The whole point of the matter is that it WORKS, which is completely the opposite of what you've tried to say to the OP, in that it's "not possible". And here we have someone proving you wrong and you're just trying to look the other way to make it look like what he's done is some sort of irrelevant lie. Get a grip, you were proven wrong. Own up to it for once in your life. | November 7, 2011, 9:40 PM |
| rabbit | [quote author=inquisitive_mind link=topic=18297.msg185597#msg185597 date=1320702052] [quote author=rabbit link=topic=18297.msg185558#msg185558 date=1319602330] That's not reversing...you aren't recovering the original data. [/quote] Really? How is it not recovering the original data? It doesnt require a rainbow table and it doesnt require any type of brute force. Feed it any hash u want and it'll probably spit out the "original data" as you call it faster than my hand could slap your forehead if I were standing right next to you. That's pretty damn close to "reversing" it if you ask me. The method of how it's reversed is completely irrelevant. The whole point of the matter is that it WORKS, which is completely the opposite of what you've tried to say to the OP, in that it's "not possible". And here we have someone proving you wrong and you're just trying to look the other way to make it look like what he's done is some sort of irrelevant lie. Get a grip, you were proven wrong. Own up to it for once in your life. [/quote]who the fuck are you? | November 7, 2011, 10:38 PM |