Little quiz and bruteforce

Little quiz and bruteforce

Friend is in college, studying Computer Science. His professor from Programming Classes gives a little quizes 24 hours before big tests.

So I tried one quiz and succeeded in less than 2 hours. Yey!

Description of the quiz

There is 7z archive packed using password.

The starting password was:

But, to not things be too easy, the password was hashed/encrypted/encoded by these five functions:

  • SHA1
  • ROT13
  • BASE64
  • MD5
  • SHA3 (Keccak) (256bit)

It was encoded five times, but you need to guess an order and which functions were used. Some of them might not be used at all.

5 functions, random order, random usage – so we need permutations with repeated items.

What to do?

As I counted, its only 3905 possibilities, so we can hack this using brute-force.

First, lets write function which checks if password is correct:

It will run 7z program via shell, and check if we don’t have Wrong password message on line 6. I tested it with my own packed archive.7z (I have used password AAA, you can check it in repo).

Okey then, lets find some usefull code for our permutations, I found it on Google

It just works so I won’t go into details.

We have all available permutations in an array now which looks like this:

So, we need helper function which will encode our starting password with provided functions:

As you can see, for SHA3 I used special parameter to say that I need only 256bit password. (as quiz said)

Then, we just need to put everything into foreach statement!

And after 20 minutes on my MacBook I got that permutation 2234 was correct one and functions used were

As you can easily check, correct password is:

Summarizing

It was nice fun to play with it, unfortunatelly I haven’t helped anyone.

All sources are available on GitHub

  • bartoszhernas

    TEst

Comments are closed.