Spaces:

wuhp
/

dehash

Sleeping

App Files Files Community

wuhp commited on 17 days ago

Commit

1adcbad

verified ·

1 Parent(s): fde4d6e

Update app.py

Browse files

Files changed (1) hide show

app.py +112 -229

app.py CHANGED Viewed

@@ -1,320 +1,203 @@
 import gradio as gr
 import hashlib
 import zlib
-import base64
-import re
 import bcrypt
-from passlib.hash import (
-    md5_crypt,
-    sha256_crypt,
-    sha512_crypt,
-    argon2,
-)
-# -----------------------------------
-# JAVA HASHCODE
-# -----------------------------------
-def java_string_hashcode(s):
     h = 0
-    for ch in s:
-        h = (31 * h + ord(ch)) & 0xFFFFFFFF
-    # convert to signed int32
     if h >= 0x80000000:
         h -= 0x100000000
     return str(h)
-# -----------------------------------
-# DJB2
-# -----------------------------------
 def djb2(s):
     h = 5381
     for c in s:
         h = ((h << 5) + h) + ord(c)
     return str(h & 0xFFFFFFFF)
-# -----------------------------------
-# FNV1A 32
-# -----------------------------------
-def fnv1a_32(s):
     h = 0x811c9dc5
     for c in s:
         h ^= ord(c)
         h *= 0x01000193
         h &= 0xFFFFFFFF
     return str(h)
-# -----------------------------------
-# BASE64 CHECK
-# -----------------------------------
-def is_base64(value):
-    try:
-        decoded = base64.b64decode(value).decode()
-        return decoded
-    except:
-        return None
-# -----------------------------------
-# IDENTIFY HASH
-# -----------------------------------
-def identify_hash(hash_value):
-    possible = []
     if hash_value.startswith("$2"):
-        possible.append("bcrypt")
-    if hash_value.startswith("$argon2"):
-        possible.append("argon2")
-    if hash_value.startswith("$6$"):
-        possible.append("sha512_crypt")
-    if hash_value.startswith("$5$"):
-        possible.append("sha256_crypt")
-    if re.fullmatch(r"[a-fA-F0-9]{32}", hash_value):
-        possible.extend(["MD5", "NTLM"])
-    elif re.fullmatch(r"[a-fA-F0-9]{40}", hash_value):
-        possible.append("SHA1")
-    elif re.fullmatch(r"[a-fA-F0-9]{64}", hash_value):
-        possible.append("SHA256")
-    elif re.fullmatch(r"[a-fA-F0-9]{128}", hash_value):
-        possible.append("SHA512")
-    # Integer hashes
-    if re.fullmatch(r"-?\d+", hash_value):
-        possible.extend([
-            "Java String.hashCode()",
-            "CRC32",
-            "Adler32",
-            "DJB2",
-            "FNV1a-32"
-        ])
-    return list(dict.fromkeys(possible))
-# -----------------------------------
-# VERIFY
-# -----------------------------------
-def verify(password, hash_value):
     results = []
     # -------------------------
-    # STANDARD HASHES
-    # -------------------------
-    try:
-        if hashlib.md5(password.encode()).hexdigest().lower() == hash_value.lower():
-            results.append("✅ MD5")
-    except:
-        pass
-    try:
-        if hashlib.sha1(password.encode()).hexdigest().lower() == hash_value.lower():
-            results.append("✅ SHA1")
-    except:
-        pass
-    try:
-        if hashlib.sha256(password.encode()).hexdigest().lower() == hash_value.lower():
-            results.append("✅ SHA256")
-    except:
-        pass
-    try:
-        if hashlib.sha512(password.encode()).hexdigest().lower() == hash_value.lower():
-            results.append("✅ SHA512")
-    except:
-        pass
-    # -------------------------
-    # JAVA HASHCODE
     # -------------------------
-    try:
-        if java_string_hashcode(password) == hash_value:
-            results.append("✅ Java String.hashCode()")
-    except:
-        pass
     # -------------------------
     # CRC32
     # -------------------------
-    try:
-        crc = zlib.crc32(password.encode())
-        signed_crc = crc
-        if crc >= 0x80000000:
-            signed_crc -= 0x100000000
-        if str(crc) == hash_value or str(signed_crc) == hash_value:
-            results.append("✅ CRC32")
-    except:
-        pass
     # -------------------------
     # ADLER32
     # -------------------------
-    try:
-        adler = zlib.adler32(password.encode())
-        signed_adler = adler
-        if adler >= 0x80000000:
-            signed_adler -= 0x100000000
-        if str(adler) == hash_value or str(signed_adler) == hash_value:
-            results.append("✅ Adler32")
-    except:
-        pass
     # -------------------------
     # DJB2
     # -------------------------
-    try:
-        if djb2(password) == hash_value:
-            results.append("✅ DJB2")
-    except:
-        pass
     # -------------------------
     # FNV1A
     # -------------------------
-    try:
-        if fnv1a_32(password) == hash_value:
-            results.append("✅ FNV1a-32")
-    except:
-        pass
     # -------------------------
-    # BCRYPT
-    # -------------------------
-    try:
-        if hash_value.startswith("$2"):
-            if bcrypt.checkpw(
-                password.encode(),
-                hash_value.encode()
-            ):
-                results.append("✅ bcrypt")
-    except:
-        pass
     # -------------------------
-    # PASSLIB
-    # -------------------------
-    try:
-        if hash_value.startswith("$6$"):
-            if sha512_crypt.verify(password, hash_value):
-                results.append("✅ sha512_crypt")
-    except:
-        pass
-    try:
-        if hash_value.startswith("$5$"):
-            if sha256_crypt.verify(password, hash_value):
-                results.append("✅ sha256_crypt")
-    except:
-        pass
-    try:
-        if hash_value.startswith("$argon2"):
-            if argon2.verify(password, hash_value):
-                results.append("✅ argon2")
-    except:
-        pass
-    # -------------------------
-    # BASE64
-    # -------------------------
-    decoded = is_base64(hash_value)
-    if decoded is not None:
-        if decoded == password:
-            results.append("✅ Base64 encoded string")
-    return results
-# -----------------------------------
-# MAIN
-# -----------------------------------
-def analyze(password, hash_value):
-    possible = identify_hash(hash_value)
-    results = verify(password, hash_value)
     return (
-        "\n".join(possible) if possible else "Unknown",
-        "\n".join(results) if results else "No matches found."
     )
-# -----------------------------------
 # UI
-# -----------------------------------
 with gr.Blocks(theme=gr.themes.Soft()) as demo:
-    gr.Markdown("# Advanced Hash / Encoding Analyzer")
-    with gr.Row():
-        password = gr.Textbox(
-            label="Known Password",
-            type="password"
-        )
-        hash_value = gr.Textbox(
-            label="Hash / Encoded Value",
-            lines=5
-        )
-    button = gr.Button("Analyze")
-    alg_output = gr.Textbox(
-        label="Possible Algorithms"
     )
-    result_output = gr.Textbox(
-        label="Verification Results",
-        lines=10
     )
-    button.click(
         analyze,
-        inputs=[password, hash_value],
-        outputs=[alg_output, result_output]
     )
 demo.launch()

 import gradio as gr
 import hashlib
 import zlib
+import itertools
+import string
 import bcrypt
+from collections import Counter
+# -----------------------------
+# HASH FUNCTIONS
+# -----------------------------
+def java_hash(s):
     h = 0
+    for c in s:
+        h = (31 * h + ord(c)) & 0xFFFFFFFF
     if h >= 0x80000000:
         h -= 0x100000000
     return str(h)
+def crc32_hash(s):
+    return str(zlib.crc32(s.encode()))
+def adler32_hash(s):
+    return str(zlib.adler32(s.encode()))
 def djb2(s):
     h = 5381
     for c in s:
         h = ((h << 5) + h) + ord(c)
     return str(h & 0xFFFFFFFF)
+def fnv1a(s):
     h = 0x811c9dc5
     for c in s:
         h ^= ord(c)
         h *= 0x01000193
         h &= 0xFFFFFFFF
     return str(h)
+# -----------------------------
+# DETECTION
+# -----------------------------
+def detect(hash_value):
+    candidates = []
     if hash_value.startswith("$2"):
+        candidates.append("bcrypt")
+    if hash_value.isdigit() or (hash_value.startswith("-") and hash_value[1:].isdigit()):
+        candidates += [
+            "java_hash",
+            "crc32",
+            "adler32",
+            "djb2",
+            "fnv1a"
+        ]
+    return list(dict.fromkeys(candidates))
+# -----------------------------
+# ATTACK ENGINE
+# -----------------------------
+def try_match(func, target, words):
+    matches = []
+    for w in words:
+        try:
+            if func(w) == target:
+                matches.append(w)
+        except:
+            pass
+    return matches
+# -----------------------------
+# MAIN ANALYSIS
+# -----------------------------
+def analyze(hash_value, wordlist_text, charset_mode):
+    wordlist = []
+    if wordlist_text.strip():
+        wordlist = wordlist_text.splitlines()
+    else:
+        # default mini CTF wordlist
+        wordlist = [
+            "admin", "password", "root", "test", "user",
+            "login", "guest", "1234", "12345", "qwerty"
+        ]
+    detected = detect(hash_value)
     results = []
+    matches = {}
     # -------------------------
+    # JAVA HASH
     # -------------------------
+    if "java_hash" in detected:
+        m = try_match(java_hash, hash_value, wordlist)
+        if m:
+            matches["Java hashCode"] = m
     # -------------------------
     # CRC32
     # -------------------------
+    if "crc32" in detected:
+        m = try_match(crc32_hash, hash_value, wordlist)
+        if m:
+            matches["CRC32"] = m
     # -------------------------
     # ADLER32
     # -------------------------
+    if "adler32" in detected:
+        m = try_match(adler32_hash, hash_value, wordlist)
+        if m:
+            matches["Adler32"] = m
     # -------------------------
     # DJB2
     # -------------------------
+    if "djb2" in detected:
+        m = try_match(djb2, hash_value, wordlist)
+        if m:
+            matches["DJB2"] = m
     # -------------------------
     # FNV1A
     # -------------------------
+    if "fnv1a" in detected:
+        m = try_match(fnv1a, hash_value, wordlist)
+        if m:
+            matches["FNV1a"] = m
     # -------------------------
+    # OUTPUT BUILDING
     # -------------------------
+    if not detected:
+        detected = ["Unknown / Non-integer hash"]
+    if not matches:
+        match_text = "No matches found (try larger wordlist)"
+    else:
+        match_text = "\n".join(
+            f"{k}: {v[:10]}" for k, v in matches.items()
+        )
     return (
+        "\n".join(detected),
+        match_text
     )
+# -----------------------------
 # UI
+# -----------------------------
 with gr.Blocks(theme=gr.themes.Soft()) as demo:
+    gr.Markdown("# 🔍 CTF Hash Reverser (TryHackMe Tool)")
+    gr.Markdown(
+        "Detects and attempts to reverse common CTF-style hashes including Java hashCode, CRC32, and custom integer hashes."
+    )
+    hash_input = gr.Textbox(
+        label="Hash / Integer Value",
+        lines=3
     )
+    wordlist_input = gr.Textbox(
+        label="Wordlist (optional, one per line)",
+        lines=10,
+        placeholder="admin\npassword\nroot\nuser..."
     )
+    run_btn = gr.Button("Analyze & Crack")
+    detected_out = gr.Textbox(label="Detected Algorithms")
+    result_out = gr.Textbox(label="Recovered Matches")
+    run_btn.click(
         analyze,
+        inputs=[hash_input, wordlist_input, gr.Radio],
+        outputs=[detected_out, result_out]
     )
 demo.launch()