Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
ax333l2020-07-30 01:42:11
Hashing
ax333l, 2020-07-30 01:42:11

How to decode sha1 hash captcha?

There is a frontend application that sends a POST request to the backend, protecting it with a sha1 hash using the object-hash npm module. The backend is already checking the correctness of the captcha. The captcha is generated on the front and sent along with the request. Example:

{
  "operationName": "promocode",
  "variables": {
    "code": "hello",
    "captcha": "a9c761a0be87d0e96d9203887725f1ac0f2acddf"
  },
  "query": "mutation promocode($code: String!, $captcha: String!) {\n  promocode(code: $code, captcha: $captcha) {\n    error\n    message\n    __typename\n  }\n}\n"
}

Is it possible to somehow find out the line with which the hash is generated, if it is 99% guaranteed that the line consists exclusively of the elements of this request (cookies and other request data do not affect the generation of the captcha in any way) and the line definitely contains the code itself, since the captcha changes with other code. It can also be possible to decompile apk and there will be a captcha generation code?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
1
15432, 2020-07-30
@ax333l

to begin with, determine exactly what the hash sum is generated from, get examples of this data. ideally - in a debugger.
once you have examples of hashable data, define the part to be changed. let's say only 6 characters are changed, the captcha itself - in this case, sorting through the data is possible and will not take much time. but if, for example, this data contains a random character identifier for 16, the search becomes extremely complicated and the selection becomes impossible in a reasonable time

Report
S
Saboteur, 2020-07-30
@saboteur_kiev

no way.
Hashing is not encryption. This is a one-way operation with compression, that is, with the loss of information.
It is impossible to restore the original string from the hash.
Given a hash algorithm, you can try different strings to see which ones generate the same hash. But due to collisions, this does not make it possible to tell exactly which line was the original one.

Similar questions
P
Pavel K2015-06-04 04:41:01
How to compose a hash function according to interesting conditions? 2Reply
M
Matvey Mamonov2015-07-08 23:13:25
Why does hash_password() generate a different value each time? 1Reply
F
FeRViD2017-07-29 12:18:34
Is stealing a password hash from an account database the same as knowing the password? 2Reply
S
Sergey Brovko2017-10-11 20:46:34
How to check the integrity (checksums) of files when booting Linux? 4Reply
S
Stepan Bykov2020-03-01 19:10:11
Who knows this type of hash? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question