2

I'm actually stuck with a idea. So what I want to create is the following:

1) Create a array of hash algorithms like:

$methods =  array('md5()', 'base64_encode()', 'hex2bin()');

2) Loop through the algorithm permutations and generate a output like:

Method: md5 > md5 > md5 > base64_encode > md5 = Output the hash of md5(md5(md5(base64_encode(hex2bin(md5($value))))));

The amount of the used array positions should be randomized and the order also.

For example:

Output 1: md5(md5($value));

Output 2: md5(base64_encode(md5($value)));

And so on...

My problem is the following: I've been trying to put the amount of items to the end of each array position as u can see in the code. But somehow this is the result: http://pr0b.com/sqlx/documents/list/hashr.php

It puts the braces to each item sadly. The code looks like:

<?php

    $pass = 'test';
    $array_elems_to_combine = array('md5(', 'base64_encode(', 'hex2bin(');
    $size = rand(0,10);
    $current_set = array('');

    for ($i = 0; $i < $size; $i++) {
        $tmp_set = array();
        foreach ($current_set as $curr_elem) {
            foreach ($array_elems_to_combine as $new_elem) {
                $tmp_set[] = $curr_elem . $new_elem . $pass . str_repeat(')', $size);
            }
        }
        $current_set = $tmp_set;
    }

    foreach ($current_set as $key) {
        echo($key) . '</br>';
    }

?>
Improve this question
2
  • Updated the question. Commented Aug 14, 2015 at 10:09
  • Only md5 is a hashing function. The other two just encode data. Also, why on earth are you doing something like this? I hope it is not for hashing passwords... Commented Aug 14, 2015 at 10:39

2 Answers 2

Reset to default
1

How about

<?php

$value   = 'foobar';
$methods =  array('md5', 'base64_encode', 'sha1');

for ($k = 0; $k < 5; $k++) {
    $nb_recursions = rand(0, 5);
    $result = recurse_on_methods($methods, $nb_recursions, $value);
    echo ' = ' . $result . "\n";
}

function recurse_on_methods($methods, $recursions, $value)
{
    $method_no = rand(0, count($methods) - 1);
    $method = $methods[$method_no];

    if ($recursions > 0) {
        echo $method . ' > ';
        return $method(recurse_on_methods($methods, $recursions - 1, $value));
    } else {
        echo $method . '(' . $value . ')';
        return $method($value);
    }
}

Sample output

sha1 > base64_encode > sha1(foobar) = b1322e636ae45c163be50b28f8cb6e51debf341e
base64_encode > sha1 > md5 > sha1 > md5 > md5(foobar) = ZDBkMzY4YWI4NjRjY2FlNGRmNTAzMGM0NTg5ZmFjZjQ5MmI0MTc2YQ==
md5(foobar) = 3858f62230ac3c915f300c664312c63f
md5 > md5 > md5 > base64_encode > sha1(foobar) = 694a8dd41c13868abb9c6300ec87413a
sha1 > sha1(foobar) = 72833f1c7d3b80aadc836d5d035745ffa3a65894

This assumes that the functions in $methods are endomorphisms, so to speak, meaning that they can be composed in arbitrary order. However, in your example, hex2bin(hex2bin($value)) can fail, because the output of hex2bin is not necessarily a hexdecimal value.

Edit regarding your comment: If you’re looking for a composition f_1(f_2(...(f_N($value))...)) that returns $hash, then you can do the following. First define a function which generates all such compositions of a fixed length N:

function recurse_on_methods($methods, $N, $value)
{
    if ($N <= 0) {
        yield [$value, 'id'];
    } else {
        foreach ($methods as $method) {
            $recurse = recurse_on_methods($methods, $N - 1, $value);

            foreach ($recurse as $r) {
                yield [$method($r[0]), $method . ' > ' . $r[1]];
            }
        }
    }
}

Then iterate over a desired range of values for N (the length of the composition) and look for your specific hash in the results:

$hash = sha1(md5(sha1(sha1($value))));
echo 'Looking for a composition that yields ' . $hash . "\n";

for ($N = 1; $N <= 5; $N++) {
    $results = recurse_on_methods(['md5', 'sha1'], $N, $value);
    foreach ($results as $r) {
        if ($r[0] == $hash) {
            echo $r[1] . '(' . $value . '): ' . $r[0] . "\n";
        }
    }
}

Output:

Looking for a composition that yields 93fe1beeef1c02a4162d47f387728a8c9e8633fd
sha1 > md5 > sha1 > sha1 > id(foobar): 93fe1beeef1c02a4162d47f387728a8c9e8633fd
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Could i run this code also till for example $value = hash is == 2e0ef2227b116a25bbbcadf2017e86d9 and then echo out the hash method?
You could change recurse_on_methods to return an array of two values. The first value is its current return value and the second value is what is currently output with echo. Then you could wrap the call to recurse_on_methods with a simple while loop which tests the first return value.
Thanks ill try that :)
@probxjjskdanxj Maybe my edit helped you with your question ;-)
The only problem in there is, that i have no clue what the algorythm actually is. So i have to add the methods to the first array pos and the result to the second one to search the array if the result exists, to figure out the hash algo. Since i really dont know the algorythm.
0

how about:

plain:

php > echo base64_encode(md5("a value"));
YTIxM2RmNDA5YzcwNGY2ZWZkOTY4MTEyMDZmODk0ZTI=

fancy:

php > echo array_reduce(['md5','base64_encode'] // add as much as you like
                        ,function($val,$fn){ return $fn($val); }
                        ,"a value");
YTIxM2RmNDA5YzcwNGY2ZWZkOTY4MTEyMDZmODk0ZTI=

EDIT: this is only partially a solution, what remains is creating a array of desired fn-permutation

Improve this answer

3 Comments

The problem would be that i do not know the actuall hashing method. All i know is the Plain text value and the hashed value, which i search the hash algorythm from.
brute forcing is see - do you have a list of used hash methods? What if someone use a custom (not build in) hash or i.e. BCRYPT where subsequent calls do no produce the same hash - bc('A')!=bc('A') ? how are you planning to proceed here ?
I have the old hash algorithm and heard its supposed to be similar. The old algorithm looks like this: md5 - md5 - md5 - base64 - hex2bin - md5 It sadly changed. Trying to figure out the new algorythm of value: 2e0ef2227b116a25bbbcadf2017e86d9 and Plain text: walkman123

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.