LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   need help unpacking hmac-md5 hash into md5 hash (http://www.linuxquestions.org/questions/programming-9/need-help-unpacking-hmac-md5-hash-into-md5-hash-617369/)

lynx5 01-30-2008 04:29 AM

need help unpacking hmac-md5 hash into md5 hash
 
Hey Im wondering if theres any code out there to unpack a hmac-md5 hash (with the key) back to the original md5.. I would assume this fairly easy to do and there should be code out there.. I cant find it however.. much appericated. thanks, (and I dont code myself or I would make it) well I do in perl but not php.

heres all the packing that is done anyways not much code here as you can see.. I would just like to UNPACK it.. maybe someone could write a few lines of code for me?

<?php

$hash = md5_hmac(yycc, yyaa);

// MD5 Encryption
function md5_hmac($data, $key)
{

if (strlen($key) > 64)
$key = pack('H*', md5($key));
$key = str_pad($key, 64, chr(0x00));

$k_ipad = $key ^ str_repeat(chr(0x36), 64);
$k_opad = $key ^ str_repeat(chr(0x5c), 64);

return md5($k_opad . pack('H*', md5($k_ipad . $data)));
}

?>


thanks..

rubadub 01-30-2008 09:20 PM

I was just starting to work through it and realised it finished like this:
Code:

return md5($k_opad . pack('H*', md5($k_ipad . $data)));
which means the last action applies a one way function to it, sorry no return!

lynx5 02-01-2008 09:23 AM

Quote:

Originally Posted by rubadub (Post 3040585)
I was just starting to work through it and realised it finished like this:
Code:

return md5($k_opad . pack('H*', md5($k_ipad . $data)));
which means the last action applies a one way function to it, sorry no return!

I think its still possible, because all we want to do is find the orignial md5 hash not reverse it. so we would call md5 UNPACKED $data.. so that would be the same as md5 $data, jsut tryin to elimate the packing process, make sense?

rubadub 02-02-2008 04:06 PM

The last operation on the statement is itself a md5 one way hash sum, before that is a salt concatenated with a pack of padding and a hash sum of the data and a salt.

If you think you can do it without a lookup or by using brute force then good luck (and when I say good luck, I mean have a 'Good Look!')...


All times are GMT -5. The time now is 05:12 PM.