I am a web developer trying to reverse engineer a seemingly simple password obfuscation scheme. I have spent a few hours looking at the data and it seems like what I need now is a fresh pair of eyes and someone with a logic puzzle mindset. I assure you, this is not a hacking project. I need to be able to call on a web API that is undocumented and without source so I am trying to replicate what it already does. It is simple to see what is being done except for this password obfuscation. I have ruled out all the difficult encryptions (MD5, etc.), and it doesn't appear to have any salt or be affected by username or anything else I can see. If anyone has any ideas it would be of great help!
On the left is the hash it creates and on the right are the simple passwords I put through the original interface to get that hash:
and just for giggles:
To me it appears to be in hexadecimal, always starting with 7F. Then there is another hex character that does something, then the following hex values each represent a digit for the password. It looks quite simple until the aab example, which starts confusing me to no end. Let me know if you need more examples and what to try. I hope you are up to the challenge!
Thanks for any help you may gleam!