Reverse "XSHA1" PvPGN Password Hash Algorithm

XSHA1 Reverser 1.1 (code included)

This is the hashing algorithm used by battle.net. I contacted them saying that this is broken and that I was releasing this tool but wanted to give them a heads up first. They replied with we are secure, you don't have to worry. So I'm taking that as "you can release the tool, we do not care". I would like to take this time to remind you that you should not create new hash algorithms. This should crack any password of length 0 to 20. For me I get 14.5 ms for any password of length 0 to 16 and 490 ms for any password of length 0 to 20. I might add multithreading but this will only help with multiple hashes since splitting up the work load of a single hash is doable but not really worth it when it only takes 490 ms. A simple hack is to just split the hash list up and run multiple instances. I guess it would be nice if someone had several cores and wanted to have an online cracker for any password of length 0 to 20.

Version 1.1 is out and has a huge speed increase almost 7 times faster than version 1.0.1. I have pretty much removed the rate limit because it takes only about 17 ms on my server. If anyone is up to it you can I think theoretically get it about 25% faster. This is because there are only 1,296 unique expansions (from number 20 on) for reversing 16 characters and 7,776 unique expansions (from number 21 on) for reversing 20 characters. I'm doing 36,864 and 1,179,648 expansions for reversing 16 and 20 characters respectively. Note that you still need to do 12-ish reversing steps per attempt (32 ^ 4 and 32 ^ 5 for reversing 16 and 20 characters respectively).

Note this is not SHA1!
you 0/60, total 0/600 in the last 1 minute



Almost forgot I found a collision (takes 490 ms to run through 0-20 characters):
99f0fab8b5b4523e0d58e5efe126fa5f12633b4b:31323334353637383930:1234567890
99f0fab8b5b4523e0d58e5efe126fa5f12633b4b:3d750222f3e685ee030cb703a736efda18021630:=u.".........6.....0
unsigned int pw[16] = {0x2202753d, 0xee85e6f3, 0x03b70c03, 0xdaef36a7, 0x30160218};

Special thanks to Naki-BoT (naki AT pvpgn DOT pl) for the JavaScript implementation of the PvPGN Password Hash Algorithm.