PHP - Sha1 dehasher
From Global Programming Syntax
Many may wonder how to dehash those hashes. Well, a hash is generally not designed to be dehashed but there are ways around it. One is to have a computer with 2 Petabytes then to just lookup the conversion in a huge database which is the technique this script will use. The other method that can be used is to have a mainframe computer that justs keeps on trying random strings untill it gets a matching hash. But that would take the same amount of CPU power as to run Google for example.
Now just so you understand how much 2 Petabytes is, below is a list of conversions:
- 2048 Terabytes
- 2097152 Gigabytes
- 2147483648 Megabytes
The script
First you will need to create a mysql database with phpmyadmin then add a table named 'dehasher' (without the quotes) and inside that table have 2 text columns each named 'word' and 'hash' (without the quotes). So now you should have a mysql database with a table named dehasher and inside it two columns, one named word and the other named hash
Next is the make the files. So 'db.php' is the following:
<?
//db.php
//configure below mysql variables
$dbhost='localhost';
$accountname='root';
$password='';
$database='my database';
?>
Then next create the 'index.php' file with the below contents
<?
//index.php
if (isset($_GET['hash']))
{
set_time_limit(0);
ini_set('memory_limit','512M');
ini_set('mysql.cache_size','1073741824');
include('db.php');
mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
mysql_select_db($database) or die(mysql_error()."Could not select database");
$rowid=0;
$sqlresult=mysql_query("SELECT * FROM `dehasher`");
while ($row = mysql_fetch_array($sqlresult))
{
if ($_GET['hash']==$row['hash'])
{
$word=$row['word'];
$dehashed=1;
break;
}
}
mysql_free_result($sqlresult);
unset($row);
}
echo "Enter in the details below and click the dehash button to dehash the code.<br>
<b>Please note it may take a few minutes to dehash due to the size of the database</b><br>
<table border=1 cellpadding=5 cellspacing=0 bgcolor=#FFCCCC><tr><td>
<form style='padding:0; margin:0;'>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=#FFCCCC><tr><td>
Insert hash below</td><td>Hash type</td></tr><tr><td valign=top>
<input type='text' name='hash' size=50> </td><td align=left><input type='submit' value='dehash'>
</td></tr></table>
</form></td></tr></table>";
if (!isset($dehashed)) { $dehashed=0; }
if ($dehashed==1)
{
echo "<p>.<p><font size=3>The hash was decrypted successfully.<br>Below are the details:<br>
<table border=1 cellpadding=0 cellspacing=0><tr><td>
<table border=0 cellpadding=4 cellspacing=0><tr>
<td bgcolor=#EEBBBB><font face='arial'><b>Word</b></font></td><td bgcolor=#FFCCCC>".$word."</td></tr><tr>
<td bgcolor=#D8CCCC><font face='arial'><b>Hash</b></font></td><td bgcolor=#E9DDDD>".$_GET['hash']."</td></tr></table>
</td></tr></table>";
} else if (isset($_GET['hash'])) {
echo "<b>Your hash could not be decrypted.</b>";
}
?>
Then create a file named 'generator.php' with the following contents:
<?
//generator.php
set_time_limit(0);
ini_set('memory_limit','2147483648M');
ini_set('mysql.cache_size','1073741824');
include('db.php');
mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
mysql_select_db($database) or die(mysql_error()."Could not select database");
$rownum=0;
//echo - text debugger for IE.
echo "<img src=0.gif width=1 height=1 alt=' ".
" '><br>";
$list=" ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890`~!@#$%^&*()-_=+\|[{]};:\"',<.>/?abcdefghijklmnopqrstuvwxyz.,";
$loops=38430716820228233;
$chars=30;
$allwords=array();
$sqlresult=mysql_query("SELECT `word` FROM `dehasher`");
while ($row = mysql_fetch_array($sqlresult))
{
$allwords[]=$row['word'];
}
mysql_free_result($sqlresult);
unset($row);
unset($sqlresult);
while (count($allwords)<$loops)
{
$escapecharplus=0;
$repeat=mt_rand(1,$chars);
while ($escapecharplus<$repeat)
{
$randomword.=$list[mt_rand(1, strlen($list)-1)];
$escapecharplus+=1;
}
if (!in_array($randomword,$allwords))
{
$allwords[]=$randomword;
$rowid+=1;
mysql_query("INSERT INTO `dehasher` SET `word`='".mysql_real_escape_string($randomword).
"', `hash`='".mysql_real_escape_string(hash('sha1', $randomword))."'");
echo mysql_error();
$rownum+=1;
echo "<xmp>".$randomword."\n</xmp>";
flush();
unset($randomword);
if (mt_rand(1,32)==2)
{
mysql_query("DELETE FROM `dehasher` WHERE `word`=''; DELETE FROM `dehasher` WHERE `hash`=''");
}
usleep(50000);
}
}
?>
Using the script
After you have created the database, copied the above files and configured 'db.php' then its time to use the script. To generate the database, simply open or use a cron job to execute the file named 'generator.php' and 'generator.php' will keep on running until approximately 2 Petabytes are used weather you have that much space or not. Also this script could take weeks to fully execute so it is recommended you use a cron job if you are going to use the full 2 Petabytes.
Then after generator.php has been executed, you may then dehash those hashes. This can be done through index.php where you simply enter the hash into the main field and click the dehash button. It may take a minute or so to scan through the full 2 Petabytes so be patient then when the match has been found, it will be displayed in a second pink box below. Or if the hash is not found then a message will append to the page. So have fun and dehash those hashes.
A better script for about 16GB (Gigabytes)
Below is a script with better efficiency and is limited to guessing 16GB of space before it's database is full. (about 306,783,378 rows) To use the below script, setup a cron job to occur every 1 or 2 minutes for VPS servers or every 3 minutes on shared hosting and over time your database will get populated with the dehashing data. Also note that this script is only ever alive for about 30 seconds then completes it's cycle untill the next relaunch.
<?Note that an interface has not yet been written for this script so you will need to program that part. Also in the database structure there is only one table called "hash" and inside it are all text columns called "id", "crc32", "crc32b" and "sha1". (Don't include the quotes.)
set_time_limit(60);
mysql_connect('localhost','username','password') or die('Cannot connect to mysql. Check username & password fields');
mysql_select_db('databasename') or die('Specified database name is invalid');
$char=array('','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y',
'z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','1','2',
'3','4','5','6','7','8','9','0','@','.','-','_');
$bchar=array(''=>0,'a'=>1,'b'=>2,'c'=>3,'d'=>4,'e'=>5,'f'=>6,'g'=>7,'h'=>8,'i'=>9,'j'=>10,'k'=>11,'l'=>12,'m'=>13,
'n'=>14,'o'=>15,'p'=>16,'q'=>17,'r'=>18,'s'=>19,'t'=>20,'u'=>21,'v'=>22,'w'=>23,'x'=>24,'y'=>25,'z'=>26,'A'=>27,
'B'=>28,'C'=>29,'D'=>30,'E'=>31,'F'=>32,'G'=>33,'H'=>34,'I'=>35,'J'=>36,'K'=>37,'L'=>38,'M'=>39,'N'=>40,'O'=>41,
'P'=>42,'Q'=>43,'R'=>44,'S'=>45,'T'=>46,'U'=>47,'V'=>48,'W'=>49,'X'=>50,'Y'=>51,'Z'=>52,'1'=>53,'2'=>54,'3'=>55,
'4'=>56,'5'=>57,'6'=>58,'7'=>59,'8'=>60,'9'=>61,'0'=>62,'@'=>63,'.'=>64,'-'=>65,'_'=>66,' '=>0);
$r=mysql_query('SELECT `id` FROM `hash`');
$n=mysql_num_rows($r);
if ($n>0) {
$re=mysql_query('SELECT `id` FROM `hash` LIMIT '.($n-1).',1');
$d=mysql_fetch_assoc($re);
if (strlen($d['id'])<7) {
while (strlen($d['id'])<=6) {
$d['id']=' '.$d['id'];
}
}
$x=str_split($d['id'],1);
$j[1]=$bchar[$x[0]];
$j[2]=$bchar[$x[1]];
$j[3]=$bchar[$x[2]];
$j[4]=$bchar[$x[3]];
$j[5]=$bchar[$x[4]];
$j[6]=$bchar[$x[5]];
$j[7]=$bchar[$x[6]];
} else {
$j[1]=0;
$j[2]=0;
$j[3]=0;
$j[4]=0;
$j[5]=0;
$j[6]=0;
$j[7]=0;
}
$m=0;
$l=0;
$p=true;
$res=mysql_query('SELECT * FROM `hash`');
$go=(mysql_num_rows($res)==0)?true:false;
for ($i[1]=$j[1];$i[1]<15;$i[1]++) { //16.0655625GB Database
for ($i[2]=$j[2];isset($char[$i[2]]);$i[2]++) {
for ($i[3]=$j[3];isset($char[$i[3]]);$i[3]++) {
for ($i[4]=$j[4];isset($char[$i[4]]);$i[4]++) {
for ($i[5]=$j[5];isset($char[$i[5]]);$i[5]++) {
for ($i[6]=$j[6];isset($char[$i[6]]);$i[6]++) {
$m+=$l;
$l=0;
for ($i[7]=$j[7];isset($char[$i[7]]);$i[7]++) {
$v=$char[$i[1]].$char[$i[2]].$char[$i[3]].$char[$i[4]].$char[$i[5]].$char[$i[6]].$char[$i[7]];
if (((!empty($i[6]) && empty($i[7])) || (!empty($i[5]) && (empty($i[6]) || empty($i[7]))) ||
(!empty($i[4]) && (empty($i[5]) || empty($i[6]) || empty($i[7]))) || (!empty($i[3]) && (empty($i[4]) || empty($i[5]) ||
empty($i[6]) || empty($i[7]))) || (!empty($i[2]) && (empty($i[3]) || empty($i[4]) || empty($i[5]) || empty($i[6]) ||
empty($i[7]))) || (!empty($i[1]) && (empty($i[2]) || empty($i[3]) || empty($i[4]) || empty($i[5]) || empty($i[6]) ||
empty($i[7])))) || $go==false) {
if ($go==false) {
$go=true;
$i[7]++;
$j[7]=0;
}
if (!isset($char[$i[7]])) {
break;
}
} else {
mysql_query('INSERT INTO `hash` SET `id`="'.$v.'", `crc32`="'.hash('crc32',$v).
'", `crc32b`="'.hash('crc32b',$v).'", `sha1`="'.hash('sha1',$v).'"');
$l++;
//if ($l==30) { sleep(1); }
}
$j[7]=0;
}
if($m>900) {
$exits=true;
break;
}
$j[6]=0;
sleep(2);
}
if ($exits==true) { break; }
$j[5]=0;
}
if ($exits==true) { break; }
$j[4]=0;
}
if ($exits==true) { break; }
$j[3]=0;
}
if ($exits==true) { break; }
$j[2]=0;
}
if ($exits==true) { break; }
$j[1]=0;
}
?>
