PIN algorithm - converting from Python to Delphi

Question

I am writing an application in Delphi that cracks the PIN for an Android device. There is a working Python source I have that is ;

# Generate Hash
def generateHash(passcode,salt,model):
    if model == "SAMSUNG":
        return hashSamsung(passcode,salt)
    else:
        return hashDefault(passcode,salt)

try:
    # Generate Passcodes
    if not options.wordlist_file:
        for l in range(3, options.length):
            for passcode in product(CHARSET, repeat=l+1):
                passcode = "".join([x for x in passcode])
                # GenerateHash
                GUESS_HASH = generateHash( passcode, SALT, MODEL )
                # CompareHash
                if GUESS_HASH == HASH_SHA1:
                    print "Found! Passcode = " +  passcode
                    exit()

# Special Samsung Hashung Algorithm
def hashSamsung(passcode,salt):
    salted_passcode = passcode + salt
    buf=str()

    for i in range(1024):
        step_string = str(buf) + str(i) + salted_passcode       
        buf = hashlib.sha1( step_string ).digest()
    return hexlify(buf).upper()

My attempt to translate this to Delphi;

function AddLeadingZeroes(const aNumber, Length : integer) : string;
begin
   result := Format('%.*d', [Length, aNumber]) ;
end;

function SHA1FromString(const AString: string): string;
var
  SHA1: TIdHashSHA1;
begin
  SHA1 := TIdHashSHA1.Create;
  try
    Result := SHA1.HashStringAsHex(AString);
  finally
    SHA1.Free;
  end;
end;

function HashSamsung(passcode, salt: AnsiString):AnsiString;
var
  salted_pass : AnsiString;
  g_digest:AnsiString;
  buf: AnsiString;
  I: Integer;
  step: AnsiString;
begin
  salted_pass := passcode + salt;
  buf := '';
  for I := 0 to 1024 do
  begin
    step := buf + IntTOStr(i) + salted_pass;
    buf := SHA1FromString(step);
  end;
 Result := buf;

for I := 0 to 9999 do
begin
  guess := HashSamsung(AddLeadingZeroes(i,4), '988796901418269782');
  if guess = 'DC59AACF2AFCE72E737190323022FFB6E2831446'  then
end;

As an example

HASH = DC59AACF2AFCE72E737190323022FFB6E2831446
SALT = 988796901418269782
PIN  = 1234

If anyone can point out my faults, it would be greatly appreciated.

A hash operates on bytes, not on characters. Hashing a character string is subject to the bytes that are created by converting the string to a specific charset, so make sure you are using the correct charset when calling Indy's `HashString...()` methods. You are not specifying any charset in this example, so Indy's default charset (7bit ASCII) will be used, which will lose data if the string contains any non-ASCII characters. — Remy Lebeau, Apr 14 '15 at 01:08
You should debug this to work out where the algos diverge. What debugging have you done? — David Heffernan, Apr 14 '15 at 05:29

score 4 · Answer 1 · answered Apr 13 '15 at 23:19

4

There's a lot more Delphi code there than the Python, but one thing that immediately stands out: Python's range starts at 0 and ends at the number before the argument. If you go from 0 to 1024 in your Delphi code, you're iterating one time too many.

answered Apr 13 '15 at 23:19

Mason Wheeler

82,511
50
270
477

PIN algorithm - converting from Python to Delphi

1 Answers1

Linked