Since 2009 when I wrote: “The string Decoding Process” (published by hakin9 magazine) I use crafted tools to automatically decode strings (some of them have been published on this blog). Decoding strings results pretty hard especially nowadays where many encoding algorithms are commonly used over planty “daily life tools”. Understanding what encoding we are facing becomes really important if we are analyzing Hashing. Let’s assume we ‘ve just got a file including hundreds of different hash strings, how to identify what kind of hashing algorithm have been used ? Having a list o hashes, that potentially could “hide” passwords or important data, having the power of a bruteforce machine and the right tools to attack the hash list without knowing what algorithm have been used could be pretty nesty for attackers. Indeed attackers might have difficult time in attacking hashes without knowing what is the generation algorithm.
Surfing on this “painful wave” I decided to share a pretty python code that helped me out in solving this specific problem. The script can be downloaded here (pastebin). The following image shows how simple the script is, and how could be really easy to update it within new hashing algorithms. If you are planning to add new features to the script, please give me the diff file, so that we can create a more generic tool able to detect as many different hashing algorithms as possible.
HashFinder.py (click to enlarge)
The script is quite modular and easy to update. What you need to to is to add your new hashing function within its own identifier into the “algorithms” array (lets see the following image).
Algorithms array list: easy to expand (click to enlarge)
After having filled up the “algorithms” array, you need to add the new function which finds out if the string you are processing might be generated (or not) from the hash algorithm you ‘ve just “declared” in the “algorithms” array. The following image shows to you some examples already implemented.
Function that perform the detection (click to enlarge)
Finally, in a very quick’n dirty way you want to process the input string by adding the generated function to the main flow.
Adding functions to control flow (click to enlarge)
Hope it could be useful to everybody, enjoy your new hash detector tool !