The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave. -Jakob Nielsen
REQUIREMENTS
--------------
Brain
Math Knowlegde
Programming Knowledge(NOT BATCH/DOS)
Okay, if you've read my other article, then you will know how the algorithm works, if not, then here is the explanation, word for word from my other article:
CODE :
First, it assigns each letter the alphabet a corresponding prime number. The reason for this is that when multiplied together, prime numbers create a number unique to that combination of primes. Example:
3*17=51
Here we see that the two primes make the number 51. Try as you might you wont find any other divisors of 51 than 3 and 17. This is due to the fact that 3 and 17 have no divisors themselves. If we were to instead use this equation as an example:
4*6=24
We will find many more divisors other than 4 and 6, such as 2,3,8, and 12. The reason this algorithm was created was to solve anagrams. This is due to the Commutative property. The Commutative property says that two or more numbers being multiplied together can swap positions in the equation and the answer will still be the same. As the numbers swap places, so do their corresponding letters. In this instance, rather than being used to solve anagrams, the algorithm is being used as a rudimentary hashing algorithm.
Understand that much? Good. Now we can begin. The aim of this mission is to crack the hash. Since this is my own algorithm, something like Cain and Abel can not be used. Rather, you must program YOUR OWN bruteforcer. Now this bruteforcer will not use a dictionary attack... ( I imagine you could crack it with a dictionary attack, but that's not the focus of this article, and there is a much simpler way)... the method I will show you is bruteforcer with math.
First, I'll tell you a secret. The hash supplied in the mission is not good to start with. It has something special about it, that will be explained later, and this could halt you where you would progress with another hash. Instead, I will show you how to add a debug line into the batch file that will generate new hashes to test.
After the END label add a line to echo the hash out to a file.
E.g.
CODE :
:END
Echo %PASSWORDVALUE% > %userprofile%\desktop\hash.txt
ENDLOCAL&IF NOT %PASSWORDVALUE%==1065435274 GOTO :ACCESSDENIED
ECHO You have been authenticated. Welcome aboard!
....
....
This would output the hash to a file on your desktop called hash.txt. For this mission, we will use a simple hash. Lets say, the word WIN. Type win into the program and let it output the hash. You should get: 82087 If you did, then proceed to the next step.
Okay, now let's start writing our program. To come up with a concept of how to go about this process, think about it logically. How would you go about cracking the hash BY HAND. Well the idea is that only those 3 primes will go into and nothing else. So get all the primes 2-101 and go down the list. Is 82087 divisible by 2? No.. 3? No. 5? No.. and so on until you find a number that is divisible. Once you find one you know it is one of the letters in the word. Now to find the other two, we need to take that one out, to do so we just divide the hash by the number we found. E.g.
Lets say we use the hash 8. This is the hash for aaa
Is it divisible by 2? Yes
Write down a two.
So now divide the hash by two.
We now have 4 as our hash, which is the hash of aa.
Is it divisible by 2? Yes
Write down a two.
So now divide the hash by two again.
We now have 2 as our hash, which is the hash of a.
Is it divisible by 2? Yes
Write down a two.
So now divide the hash by two.
We now have 2 as our hash, which means that we have cracked the hash.
The end result was the numbers 2, 2, and 2.
Converted: aaa
So use loops and math to go about automating this. To check if a number divisible, just check the quotient for a decimal. E.g.
8/3=2.67 (Has a decimal, thus not divisible by three)
8/2=4 (No decimal means its a whole number and that two is divisible)
Once you have a program that can crack the hash:82087, you need to add one more thing. Integer Overflow. This one is tricky at first, but simple once you get it. I'm going to introduce you to a word here. Modulo. Now I will explain it.
8 wrapped by a modulo of 5 would be 3.
26 wrapped by a modulo of 5 would be 1.
Make sense? No? Let's go further. 8/5=1.6 It goes into 8 only one full time. The remainder is the final output. 26/5=5.2 It only goes into 26 five full times, thus one, being the remainder is our answer. So how does this apply to our hash? Well for the hash of "win" it doesn't. But for the hash in the algorithm, it makes ALL the difference. In programming, sometimes a number will exceed a maximum limit. In that event, the number will wrap by a modulo of that limit. Put simply, if the limit were 5 and the input 26, we know that 26 would become 1. However, we are dealing with much bigger numbers. In this case the limit is * to the ** power (I'll let you figure that one out on your own :P) So we need to keep unwrapping the hash each time the program fails to crack it after a certain number of loops. Once the program loops so many times, obviously the hash is wrapped and can never be solved. So have your program detect this, and add the limit number (modulo) one time and run the loop again. Keep doing this until you get a hash. It's that simple. I don't want to spoil this part of the mission, so I'll just say if you need help on it, contact me on HTS and I'll help you out a little. (Just ask Chiodium ;] )
Cast your vote on this article 10 - Highest, 1 - Lowest
HAHA thanks for the include. Yes, mutants helped me out a lot on it. If you are going to write a program, be careful/aware of how the language you are using handles (or doesn't handle) integer overflow.
Thanks for this guide I tried solving it without reading this and learned batch scripting on the way(which probably wasn't the entention of this mission). This explained why the negative numbers occured.
Hi!.. I would apreciate your help in this... ive already made a program to take the divisible prime numbers of a number and its results and I got that 1065435274(passwordvalue) is divisible between 2, 6827, and 78031 ... the thing is that i cant put a value greater than 101(z) what should i do? thanks
I found programming skills to be unnecessary for this challenge. All you need, when you get the principle of the issue, is a math program which performs prime factorization and preferable some kind of loops (as it will take SOME loops). This way it's done in a min... No brute force necessary really.
Sorry to burst your bubble, but looping over and over, making guesses (random or not), is referred to as brute forcing. This is just INTELLIGENT bruting. While it may be based in solid mathematical principles, it still relies heavily on guessing a large number of times.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.
Nice job /10