Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
ax333l2020-07-30 01:42:11
Hashing
ax333l, 2020-07-30 01:42:11

How to decode sha1 hash captcha?

There is a frontend application that sends a POST request to the backend, protecting it with a sha1 hash using the object-hash npm module. The backend is already checking the correctness of the captcha. The captcha is generated on the front and sent along with the request. Example:

{
  "operationName": "promocode",
  "variables": {
    "code": "hello",
    "captcha": "a9c761a0be87d0e96d9203887725f1ac0f2acddf"
  },
  "query": "mutation promocode($code: String!, $captcha: String!) {\n  promocode(code: $code, captcha: $captcha) {\n    error\n    message\n    __typename\n  }\n}\n"
}

Is it possible to somehow find out the line with which the hash is generated, if it is 99% guaranteed that the line consists exclusively of the elements of this request (cookies and other request data do not affect the generation of the captcha in any way) and the line definitely contains the code itself, since the captcha changes with other code. It can also be possible to decompile apk and there will be a captcha generation code?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
1
15432, 2020-07-30
@ax333l

to begin with, determine exactly what the hash sum is generated from, get examples of this data. ideally - in a debugger.
once you have examples of hashable data, define the part to be changed. let's say only 6 characters are changed, the captcha itself - in this case, sorting through the data is possible and will not take much time. but if, for example, this data contains a random character identifier for 16, the search becomes extremely complicated and the selection becomes impossible in a reasonable time

Report
S
Saboteur, 2020-07-30
@saboteur_kiev

no way.
Hashing is not encryption. This is a one-way operation with compression, that is, with the loss of information.
It is impossible to restore the original string from the hash.
Given a hash algorithm, you can try different strings to see which ones generate the same hash. But due to collisions, this does not make it possible to tell exactly which line was the original one.

Similar questions
E
entermix2015-02-03 15:16:30
How to calculate vk video hash? 1Reply
M
MaxLich2019-07-18 15:20:34
What is the program / web service that generates a hash of text data in accordance with GOST R 34.11-2012? 0Reply
V
Victor2015-03-20 02:50:15
Uniformly distributed hash function. How to use all bits of the hash code? 2Reply
A
alexbelru2019-08-23 10:12:33
How to get content back from md5 sum? 4Reply
E
Egor2021-04-04 13:06:44
Is there a way to calculate the checksum for a folder? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question