How to determine the hash type?

10 May 2023 7 minutes Author: Lady Liberty

Hash: functions and tools

Hashing is the transformation of any amount of information into a unique set of symbols that is unique to this array of input information. This set of characters will be called a hash. It is practically possible to use a hash in working with large volumes of information, checking the integrity of data during transmission, encryption, using electronic signatures, storing passwords, etc. You can determine the type of hash with the help of special utilities and services. There are many online services. But in some cases, it will be difficult to go online to determine the type of hash. In such situations, you can use special utilities. One of the most popular utilities today is the hashID tool. hashID is an extremely useful tool in Python 3 that will try to determine what type of hash is in front of it.

A hash function has several mandatory properties:

  • with a slight change in the input information, its hash changes completely.

  • the hash function must be able to bring any amount of data to a given length.

  • hashing allows you to quickly calculate the desired hash for a large amount of information.

  • the hash is always unique for each array of information. However, so-called collisions sometimes occur when the same hash codes are calculated for different input blocks of information.

  • the hash function is irreversible and does not allow you to restore the original array of information from a character string. This can be done only by going through all the possible options, which with an infinite amount of information requires a lot of time and money.

  • the working algorithm of the hash function is usually made open, so that, if necessary, it is possible to evaluate its resistance to the restoration of the initial data from the issued hash.

Why do we need new hash type identification tools?

hashID has been deprecated since March 2015, hash-identifier has been deprecated since 2011, Dagon since June 2018, and findmyhash since 2011. All of them have no, or incorrect, false support for modern hashes like Keccak/SHA3/Blake2, etc. Also, a tool like hash-identifier, which is completely interactive, has no parameters, and is not user-friendly in scripts findmyhash has a very limited set of discoverable hashes. The most interesting tool is hashID (for hash identification), but since it has not been supported for more than 5 years, problems and open PRs (Pull Requests – requests to make changes to the source code) accumulate, bugs are not fixed, and some features are missing. All this could encourage the authors to create new tools with capabilities absent in their predecessors. Let’s look at the comparison table of tools for determining the type of hash (Screenshot 1):

Legend

Screenshot 1. Comparison table.
The function is not supported
The function is supported
The feature is partially supported
Python programming language
Ruby programming language
Correct support for modern hashes

I selected several hashes for analysis:

SHA3-224

SHA3-512

Keccak-512

PKZIP Master Key

CRC32

Hashes can include special characters that have special meaning for the shell. This is especially important if you are running Linux. If you do not take this into account, the program for determining the type of hash will not report an error, but will receive a string different from the one you thought you entered. Moreover, even in double quotes, the shell interprets some characters as special. So to avoid escaping them, enclose the entire hash in single quotes. It is not necessary to put hashes consisting of only letters and numbers in quotes, but I prefer to pass all hashes in single quotes.

HAITI

HAITI (HAsh IdenTifIer) — command line tool (and library) to identify the type of a given hash. The library is especially good for scripting because you don’t need to nest the command line tool in a subprocess. features:

  • Defining 382+ hash types

  • Support for modern algorithms (SHA3, Keccak, Blake2 and others)

  • Brief information on hashing with Hashcat and John the Ripper

  • Command line tool and library

  • Color output

Using the program is very simple – enter your hash after the program name:

Moreover, the OPTIONS are optional, the behavior of the program by default is very balanced and in most cases you will not want to change it with additional parameters.

Example:

Conclusion:

Conclusion.

Among the conclusions, the correct answer is: SHA3-512 In the conclusion, HC is short for Hashcat, and the following numbers (eg 1700, 17600, etc.) are the mode numbers in this program. JtR is short for John the Ripper, and the following lines are the names of the hash algorithms for cracking in this program (raw-sha512, raw-sha3, and so on).

Color greatly improves the readability of the conclusion, especially if it is large. If you want to disable color output, use the –no-color option (Screenshot 2):

Screenshot 2. We turn off the color output.

Although the output often contains more than one hash type guess, it excludes salted algorithms by default. To show all possible hashing algorithms, including those using salt, use the -e or –extended option (Screenshot 3):

Screenshot 3. Option -e.

If you only want to know the type of hash and the information about the hashcat and john the ripper modes is unnecessary for you, then you can specify the –short option for a shortened conclusion (Screenshot 4):

Screenshot 4. Option -short.

Name-That-Hash

As of January 2021, almost two years after work on HAITI began, a project called Name-That-Hash appeared because the author needed a Python library for Ciphey. Now there are two actual options for hash identification. Name That Hash specifies the type of hash. The program supports MD5, SHA256 and more than 300 other hashes.

Features of Name That Hash:

  • Color conclusion – contrasting and visual.

  • Current – Name-That-Hash is a 2021 project.

  • Popularity Rankings – You will see the most popular hashes first.

  • Working with files – the program reads a string file and checks the type of each hash.

  • Scalability – add new hashes as fast as you can edit the text file.

  • Thoughtfulness – the authors have thought through the features, interface and options with ease of use in mind.

  • Hash search is an extreme mode that tries to extract a hash even if the string contains garbage.

  • Hash Summarization – Name-that-hash will display a brief summary of the basics of each hash’s usage, allowing you to make an informed choice.

To specify the hash type, specify it with the -t (–text) option:

Example:

Example output.

Hashes are divided into two groups:

  • Most Likely — the most likely options

  • Least Likely – less likely options

Moreover, these groups are also sorted by frequency of use. In the conclusion, you can see the already familiar lines HC and JtR with numbers and names of hashing algorithms in Hashcat and John. In addition, there is a short description of the application, for example:

  • Summary: Used in Bitcoin Blockchain and Shadow Files.

  • Summary: Used in Wireguard, Zcash, IPFS and more.

  • Summary: Not considered a hash function

Please note that some entries are hyperlinked (they are underlined with dots) and you can go to the web page for more information. All this is done so that you can navigate the proposed hash types and choose the most suitable one. To check multiple hashes, use the -f (–file) option:

The file format is one hash per line. One of these options (-t or -f) is required. If your hashes are Base64 encoded, use the -b64 (–base64) option. It tells the program to decode Base64 hashes before identification. For files with mixed Base64 strings and in plain text, the program first tries to decode base64, and if it fails, then interprets the hash as a plain string without encoding.

Example:

Please note that the already decoded string is shown as a hash (after the cap) (Screenshot 5)

Screenshot 5. Option -b64.

The -e (-extreme) option enables searching for hashes in a string:

2 teams must give the same result:

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.