一个关于逆向工程的算法呢？ [英] How does one go about reverse engineering an algorithm?

问题描述

我想知道如何解决一个用于存储登录或引脚代码的算法。

I'm wondering how does one go about reversing an algorithm such as one for storing logins or pin codes.

假设我有一个数据量，其中：

Lets say I have an amount of data where:

7262627 -> ? -> 8172

5353773 -> ? -> 1132

等。这只是一个例子。或者说一个十六进制字符串变成另一个。

etc. This is just an example. Or say a hex string that is tansformed into another.

& h8712 - > & h1283 或类似的东西。

如何开始弄清楚该算法是什么？你在哪里开始？

How do I go about starting to figure out what that algorithm is? Where does one start?

你会开始尝试不同的班次，希望和希望有什么突出的？我确定有一个更好的方法，因为这似乎在黑暗中刺伤。

Would you start trying different shifts, xors and hope something stands out? I'm sure there's a better way as this seems like stabbing in the dark.

甚至可以逆向工程这种算法？

Is it even practically possible to reverse engineer this kind of algorithm?

对不起，如果这是一个愚蠢的问题。感谢您的帮助/指针。

Sorry if this is a stupid question. Thanks for your help / pointers.

推荐答案

有些人会尝试：

• 获取源代码或反汇编可执行文件。


• 根据其他人使用的哈希函数，猜测。例如，由32位十六进制数组成的散列可能是MD5的一个或多个重复，如果您可以获得单个输入/输出对，则很容易确认或反驳（尽管见下面的salt）


• 统计分析大量输入和输出对，寻找任何类型的模式或相关性，并将这些相关性与已知散列函数的属性和/或可能的操作相关联系统的设计者可能已经使用了。这超出了单一技术的范围，并超出了一般密码分析的范围。


• 询问作者。安全系统通常不依赖于他们使用的散列算法的保密性（如果它们做的话通常不会保持安全）。你给出的例子是相当小的，尽管如此，安全的密码哈希总是涉及一种盐，你显然不会。所以我们可能不会谈论作者有信心这样做的系统。

• Get the source code, or disassemble an executable.
• Guess, based on the hash functions other people use. For example, a hash consisting of 32 hex digits might well be one or more repetitions of MD5, and if you can get a single input/output pair then it is quite easy to confirm or refute this (although see "salt", below).
• Statistically analyze a large number of pairs of inputs and outputs, looking for any kind of pattern or correlations, and relate those correlations to properties of known hash functions and/or possible operations that the designer of the system might have used. This is beyond the scope of a single technique, and into the realms of general cryptanalysis.
• Ask the author. Secure systems don't usually rely on the secrecy of the hash algorithms they use (and don't usually stay secure long if they do). The examples you give are quite small, though, and secure hashing of passwords would always involve a salt, which yours apparently don't. So we might not be talking about the kind of system where the author is confident to do that.

在散列的情况下输出只有4位十进制数字，您可以通过构建每个可能的7位数输入表以及其散列值来进行攻击。然后，您可以反转表，并且拥有（一对多）去哈希操作。你不需要知道哈希是如何实际计算的。如何获取输入/输出对？那么如果一个局外人可以以某种方式指定一个要散列的值，并且看到结果，那么你有一个所谓的选择的明文，依赖这种攻击的攻击就是选择的明文攻击。因此，如果以一种允许选择的明文攻击生成大量输入/输出对的方式使用，则7位数 - > 4位散列将非常弱。我知道只是一个例子，但它也只是一个反转技术的一个例子。

In the case of a hash where the output is only 4 decimal digits, you can attack it simply by building a table of every possible 7 digit input, together with its hashed value. You can then reverse the table and you have your (one-to-many) de-hashing operation. You never need to know how the hash is actually calculated. How do you get the input/output pairs? Well, if an outsider can somehow specify a value to be hashed, and see the result, then you have what's called a "chosen plaintext", and an attack relying on that is a "chosen plaintext attack". So a 7 digit -> 4 digit hash would be very weak indeed if it was used in a way which allowed chosen plaintext attacks to generate a lot of input/output pairs. I realise that's just one example, but it's also just one example of a technique to reverse it.

注意，反向工程哈希，实际上是反转它是两个不同的的东西。你可以弄清楚我使用的是SHA-256，但是这不会帮助你反转它（即给出一个输出，计算输入值）。没有人知道如何完全反转SHA-256，虽然当然总是有彩虹表（见上面的salt）< conspiracy> 至少没有人承认他们这样做，所以这对你或我没有用。< / conspiracy>

Note that reverse engineering the hash, and actually reversing it, are two different things. You could figure out that I'm using SHA-256, but that wouldn't help you reverse it (i.e., given an output, work out the input value). Nobody knows how to fully reverse SHA-256, although of course there are always rainbow tables (see "salt", above) <conspiracy>At least nobody admits they do, so it's no use to you or me.</conspiracy>

这篇关于一个关于逆向工程的算法呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！