View Single Post
Old 08-02-2020, 07:11
chants chants is offline
Join Date: Jul 2016
Posts: 594
Rept. Given: 10
Rept. Rcvd 35 Times in 21 Posts
Thanks Given: 535
Thanks Rcvd at 867 Times in 405 Posts
chants Reputation: 35
SHA1 preimage SAT solver

SHA1-SAT translated for Windows:
Espresso heuristic logic minimizer translated for Windows:
Python script that gives an idea how to use the output - with IDA Pro 7.2 known password example, and 3 other unknown password examples already ready.

The projects are included (SHA1-SAT requires boost to build), with binaries for SHA1-SAT and espresso, but I also provide some rather large SAT instance files already generated. The python script can then be used if the SAT instance files (.cnf) are locatable.

Unfortunately, it needs real work to get it able to beat hashcat which is already too slow. 7*12=84 unknown bits (since high bit is always 0 for printable characters). It can easily hand 7, 14 or 21 unknown bits. After that it starts to get really slow.

Would be interesting if some properties of the Boolean equations allowed for finding anything in the preimage such as equivalence of certain bits, or if bad prefixes could be found quickly to narrow it down. SAT solvers have a particularly difficult time on crypto hash algorithms as is well known though. It is probably out of reach without further research.

Thought I would share in case anyone is interested.
Reply With Quote
The Following 4 Users Say Thank You to chants For This Useful Post:
chessgod101 (08-02-2020), Mendax47 (08-03-2020), p4r4d0x (08-03-2020), yoza (08-02-2020)