Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Reverse salted MD5

Posted on 2016-10-13
10
Medium Priority
?
76 Views
Last Modified: 2016-11-09
Hey,
I have a hash, which was salted, but I know the salt. According to https://www.experts-exchange.com/questions/26216169/md5-with-salt.html I found that reversing is not possible, but is there a (semi-)efficient brute-force way to reverse this? The thread is six years old now, which is a lot in terms of computer science, so I thought I'd just ask again.

Also I know the length of the original string (8 chars) and that they are hexadecimal digits, if that helps.

So, is there any program which lets me reverse the hash given that info within some hours?
0
Comment
Question by:Patrick W.
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points (awarded by participants)
ID: 41842937
Best effort even though salt is known. Pls see either online service or tool called hashcat which support salted md5 hash mode

     10 | md5($pass.$salt)                                 | Raw Hash, Salted and / or Iterated
     20 | md5($salt.$pass)                                 | Raw Hash, Salted and / or Iterated
     30 | md5(unicode($pass).$salt)                        | Raw Hash, Salted and / or Iterated
     40 | md5($salt.unicode($pass))                        | Raw Hash, Salted and / or Iterated
   3800 | md5($salt.$pass.$salt)                           | Raw Hash, Salted and / or Iterated
   3710 | md5($salt.md5($pass))                            | Raw Hash, Salted and / or Iterated
   2600 | md5(md5($pass))                                  | Raw Hash, Salted and / or Iterated
   4300 | md5(strtoupper(md5($pass)))                      | Raw Hash, Salted and / or Iterated
   4400 | md5(sha1($pass))                                 | Raw Hash, Salted and / or Iterated
http://www.dcode.fr/md5-hash
https://hashcat.net/wiki/doku.php?id=hashcat

Example
hashcat -n 2 -m 0 -a 3 --pw-min 9 hashfile.txt ?l?l?l?l?l?l?l?l?l?l

-n = 2 threads
-m 0 = md5
–pw-min 9 = minimal 9 characters
hashfile.txt = is txt file where the hash is located
?l?l?l?l?l?l?l?l?l?l = lowercase password

Do ensure the doing is legit and authorised of using the real hash.
0
 
LVL 29

Expert Comment

by:Dr. Klahn
ID: 41842946
So, is there any program which lets me reverse the hash given that info within some hours?

That depends on how generous the definition of "some" is.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41849991
I found that reversing is not possible, but is there a (semi-)efficient brute-force way to reverse this?

not quite : brute forcing will give you one string that will produce the same md5 with that same salt. there is no guarantee and actually little chances this string is the original one.

md5 will sqeeze all possible inputs into a finite number of possible outputs. each output can be produced by an infinite number of inputs.

then having one valid string might be enough for you needs. if you have hints about the strings, you should be able to complete the crack within hours on commodity hardware, and within about a month with no information. if you can use a cray for about 2 or 3 seconds, that should also do
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points (awarded by participants)
ID: 41850327
other online "calculator" that does the reversing to best effort based on their existing store knowledge. it will be good to have prior knowing of the salt length or how it is "mixed" with the password show when the reverse does hit it, it is left with using salt to reverse to get the actual string. most time the salth is either appended (or padded) or XOR .. just my few cents
https://isc.sans.edu/tools/reversehash.html
https://hashtoolkit.com/reverse-md5-hash/
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 1000 total points (awarded by participants)
ID: 41851569
neither of those tools work :  they both answer "no solution found for the md5s or the empty string and "test"
d8e8fca2dc0f896fd7cb4cb0031ba249
d41d8cd98f00b204e9800998ecf8427e

and again expecting to reverse a hash is a misunderstanding of what a hash does. plenty of inputs will produce the same output and the md5 of en entire book if only a few bytes long so there is clearly no way to get the original string for sure.

btw if you know the salt and the password store was poorly designed you may get lucky and end up with something that is reversible indeed : for example if you interpolate the salt and the password ( pick one letter from each ) and take the base64 of the result before feeding it to md5sum, you end up with something that could be brute force broken since it is unlikely that many base64-encrypted strings with exactly x many letters corresponding to the salt appearing at proper locations will produce that same resulting hash...
0
 
LVL 64

Expert Comment

by:btan
ID: 41851814
The link stated pre compiled database for kniwn password, it is None the wiser to cover all combination to lookup for hit. I try the standard "password"  below. There is hit but really I also see it is not foolproof..

md5 hash 9e107d9d372bb6826bd81d3542a419d6 = The quick brown fox jumps over the lazy dog
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41853787
This expert suggested creating a Gigs project.
i neglected part of the information

Also I know the length of the original string (8 chars) and that they are hexadecimal digits, if that helps.

with a tool like hashcat or possibly a big loop on a unix machine you can get quite easily the list of 8 character long hex strings that match this specific md5. the list should be small, most likely a single response, less than 5 i guess.

8 hex chars produce 2^4^8 = 2^32 = 4 billion possibilities which can be computed on commodity hardware ( at least a decent i5 or equivalent ) in about half a day. arm processors if the tools can use them efficiently can be even faster.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41853789
sorry about the gigs project, i checked the box accidentally and have no idea how to revert
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 1000 total points (awarded by participants)
ID: 41853823
here is a small demo code that will loop over the 10 first possibilities and print md5s which you can grep

seq 1 10 | while read line ; do printf '%08x ' $line ; printf '%08x\n' $line | md5sum  ; done

beware the hex numbers are spelled in lower case which might not be the same as your input string

also note that this code is poor for at least the following reasons
- it will not run multiple md5 in parallel
- it spawns md5sum commands at each loop which is most definitely slow
- it is not capable to start over where it stopped if it crashes

with this code, on my machine you'd need about 4-5 months  ( i tried 100k combinations in about 5 minutes ) but hashcat, johntheripper, or a proper code ( i'd use php or perl probably ) and the likes can do this in a few hours or possibly days at most depending on your hardware.
0
 
LVL 64

Expert Comment

by:btan
ID: 41880240
As suggested
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question