locked
Reverse SHA1.ComputeHash() RRS feed

  • Question

  • I have password saved using SHA1.ComputeHash, i forget the passsword

    Does there have anywhere to reverse SHA1.ComputeHash to show the password again?

    Below is Function i use to save password.

     Public Function ComputeHashPwd(ByVal Password As String) As String
    
            Dim saltedPwBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(Password)
            Dim sha1 As New System.Security.Cryptography.SHA1CryptoServiceProvider()
            Dim hashedPwBytes() As Byte = sha1.ComputeHash(saltedPwBytes)
            Dim hashedPw As String = Convert.ToBase64String(hashedPwBytes)
    
            Return hashedPw
        End Function


    • Edited by pthsoon Thursday, May 29, 2014 4:01 AM
    Thursday, May 29, 2014 3:57 AM

Answers

  • One of the main purposes of hashes is to make it difficult to know what the hashed information was.

    You are asking how to put a smoothie back into whole fruits.

    • Edited by Cadefia Thursday, May 29, 2014 5:42 PM
    • Proposed as answer by Devon_Nullman Thursday, May 29, 2014 5:44 PM
    • Marked as answer by Reed KimbleMVP Thursday, May 29, 2014 7:33 PM
    Thursday, May 29, 2014 5:40 PM

All replies

  • There is no way to decrypt a SHA1 encrypted password back to normal text. The only way is to use the list of random passwords and compare each password's SHA1 hashed value to the that of your forgotten password.

    Hope this helps.... 

    -moderated-



    Thursday, May 29, 2014 6:12 AM
  • One of the main purposes of hashes is to make it difficult to know what the hashed information was.

    You are asking how to put a smoothie back into whole fruits.

    • Edited by Cadefia Thursday, May 29, 2014 5:42 PM
    • Proposed as answer by Devon_Nullman Thursday, May 29, 2014 5:44 PM
    • Marked as answer by Reed KimbleMVP Thursday, May 29, 2014 7:33 PM
    Thursday, May 29, 2014 5:40 PM
  • I don't think that this forum feels it's appropriate to post links to hacking sites.
    Thursday, May 29, 2014 5:44 PM
  • I figure if you're up to it you can review the below two links and reverse engineer the procedure they use to create an Sha1 hash perhaps.

    SHA1 Description

    RFC 3174 - US Secure Hash Algorithm 1 (SHA1) - This RFC may have been updated at some point for all I know.

    In the below code is your function.

    For the unhash function all I did was convert the base64string back to a byte array and compare what was in it to what was in the previous byte array which seems the same. Then all you need to do is anything else! :)

    Option Strict On
    
    Public Class Form1
    
    
        Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
            Me.CenterToScreen()
            Label1.Text = "Waiting"
            Label3.Text = "81fe8bfe87576c3ecb22426f8e57847382917acf" ' Just an example of a hash from one of the references.
        End Sub
    
        Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
            If TextBox1.Text <> "" Then
                Label1.Text = ComputeHashPwd(TextBox1.Text)
                Label2.Text = Label1.Text.Count.ToString
                Label4.Text = Label3.Text.Count.ToString
                Label5.Text &= RichTextBox1.Text.Count.ToString
            End If
        End Sub
    
        Public Function ComputeHashPwd(ByVal Password As String) As String
            RichTextBox1.Text = ""
            Dim saltedPwBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(Password)
            Dim sha1 As New System.Security.Cryptography.SHA1CryptoServiceProvider()
            Dim hashedPwBytes() As Byte = sha1.ComputeHash(saltedPwBytes)
            Dim hashedPw As String = Convert.ToBase64String(hashedPwBytes)
            Label5.Text = hashedPwBytes.Count.ToString & " .. "
            For Each Item In hashedPwBytes
                RichTextBox1.AppendText(Item.ToString)
            Next
            Return hashedPw
        End Function
    
        Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
            UnComputeHashPwd(Label1.Text)
        End Sub
    
        Public Function UnComputeHashPwd(ByVal Password As String) As String
            Dim HashedPWBytes() As Byte = Convert.FromBase64String(Password)
            RichTextBox1.AppendText(vbCrLf & vbCrLf & vbCrLf)
            For Each Item In HashedPWBytes
                RichTextBox1.AppendText(Item.ToString)
            Next
        End Function
    
    
    End Class


    La vida loca

    Thursday, May 29, 2014 11:25 PM
  • Here you go, this will theoretically work EVERY time, but it may take a few minutes. Console App, you can feel free to add error checking and make it fancier

    Module Module1
        Dim CharacterSet As String
        Dim Rnd As New Random
        Public Function ComputeHash(ByVal Password As String) As String
            Dim PWBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(Password)
            Dim sha1 As New System.Security.Cryptography.SHA1CryptoServiceProvider()
            Return Convert.ToBase64String(sha1.ComputeHash(PWBytes))
        End Function
        Sub Main()
            Dim LowPasswordLength As Integer = 6    ' change as desired
            Dim HighPasswordLength As Integer = 16  ' change as desired
            Dim TestString As String = ""
            Dim TestHash As String = ""
            Dim TargetHash As String = ""
            For charvalue As Byte = 32 To 126
                CharacterSet &= Chr(charvalue)
            Next
            Console.Clear()
            Console.WriteLine("Input the Base64 Hash to crack, hit ENTER when done")
            TargetHash = Console.ReadLine
            Do
                TestString = ""
                For Index As Integer = 0 To Rnd.Next(LowPasswordLength, HighPasswordLength + 1)
                    TestString &= CharacterSet.Substring(Rnd.Next(0, CharacterSet.Length), 1)
                Next
                TestHash = ComputeHash(TestString)
                Console.WriteLine("Trying String " & TestString)
            Loop Until Console.KeyAvailable = True Or TestHash = TargetHash
            If TestHash = TargetHash Then
                Console.WriteLine("Success, press ENTER to quit")
            Else
                Console.WriteLine("Aborted, press ENTER to quit")
            End If
            Console.ReadLine()
        End Sub
    End Module


    • Edited by Devon_Nullman Friday, May 30, 2014 12:23 AM Added emphasis
    Friday, May 30, 2014 12:19 AM
  • "You are asking how to put a smoothie back into whole fruits."

    Love it........

    Friday, May 30, 2014 12:25 AM
  • I figure if you're up to it you can review the below two links and reverse engineer the procedure they use to create an Sha1 hash perhaps.



    La vida loca

    You can't "reverse engineer" a hashing algorithm, at least not a good one, that's the whole point of what he algorithm does...  See "unsmoothiefying" as described above.

    Your program would need to output "WhasUp?" to successfully "decrypt" the hash value.  You can use Devon's program to try it if you have nothing better to do (for the rest of your life lol).


    Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

    Friday, May 30, 2014 2:47 AM
  • The generally accepted criteria for a Hash Function is:

    Computing the hash value for any given message is easy.
    Generating a message that has a pre-specified hash is not feasible.
    Modifying a message without changing the hash is not feasible.
    Calculating the message if only the hash is known is not feasible.
    Not feasible is defined as "unlikely to be solved in the time period during which the security of the object remains important"

    The code I posted MIGHT solve a hash on the first try. It also might cycle until the person running it is too old to care, but it's more likely that a power outage would occur long before that.

    Friday, May 30, 2014 5:31 AM