|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 81
Members: 0
Total: 81
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
L2J hash |
|
Posted: Wed Nov 03, 2010 5:37 am |
|
|
tehanderson |
Active user |
|
|
Joined: Dec 23, 2009 |
Posts: 33 |
|
|
|
|
|
|
|
The original l2j-encoded hash is:
Code: | 3Y/oRuB5uLE9ZWoVn24hJGqLerE= |
after some research I found (directly from l2j account manager's php code) that the hashing algo is:
Code: | base64_encode(pack("H*", sha1(utf8_encode($password)))); |
so I wrote a simple php script to unpack the original sha1 hash:
Code: | unpack("H*",base64_decode($l2j_hash)); |
which actually returns an array which first element is the string containing the sha1 hash which is encoded like this:
Code: | sha1(utf8_encode($password)); |
so the resulting sha1 hash in this case is:
Code: | dd8fe846e079b8b13d656a159f6e21246a8b7ab1 |
which can be actually cracked as a normal sha1 hash. |
|
Last edited by tehanderson on Thu Nov 04, 2010 5:37 pm; edited 1 time in total |
|
|
|
Posted: Thu Nov 04, 2010 4:31 pm |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
Use passwordspro, it has the algorithm. I've used it to crack L2J hash |
|
|
|
|
Posted: Thu Nov 04, 2010 5:16 pm |
|
|
tehanderson |
Active user |
|
|
Joined: Dec 23, 2009 |
Posts: 33 |
|
|
|
|
|
|
|
Well if you run this php code
Code: | echo sha1(utf8_encode("test"))."\n";
echo sha1("test")."\n"; |
You 'll see how actually the two things are the same for non-utf8-encoded strings, so
Code: | sha1(utf8_encode($password))==sha1($password) |
and thus, once you have decoded the hash, you can just pass it to your favorite GPU cracker with sha1() support, you don't need passwordspro
The only thing is that I couldn't crack it... lol |
|
|
|
|
Posted: Tue Nov 09, 2010 5:15 am |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
Yes, of course.
But before your post was edited, you asked if it was possible |
|
|
|
|
Posted: Tue Nov 09, 2010 8:44 pm |
|
|
tehanderson |
Active user |
|
|
Joined: Dec 23, 2009 |
Posts: 33 |
|
|
|
|
|
|
|
well I meant if someone was able to crack it actually, sorry |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|