Magento Hash Converter

Plum

Plum

Moderator
Staff member
Moderator
Trusted
Contributor
Feedback: 11 / 0 / 0
Joined
Dec 30, 2019
Messages
4,311
Reaction score
5,106
Credits
12,439
After many hours of research and combing through the source of a few libraries. I have discovered a method to convert Magento2 hashes to the correct $argon2id format. This is a quick and dirty script that does that. Allowing the hashes to be cracked with other programs that support the traditional $argon2id format. Whereas previously they could only be cracked with something like https://github.com/cyclone-github/magento_cracker.

This is what a Magento2 hash will look like before being converted:
ab5ebf8d273b085b6a60336198e0a5a2090fdc3e0606a678315c7274ab06e046:5PiKJRn28bBKoFMopMaaKuV47aJ6GzVg:3_32_2_67108864

This is what the hash will look like after the conversion is done:
$argon2id$v=19$m=65536,t=2,p=1$NVBpS0pSbjI4YkJLb0ZNbw$q16/jSc7CFtqYDNhmOClogkP3D4GBqZ4MVxydKsG4EY

Hope you guys find this helpful.
github.com

GitHub - PlumLulz/magento_converter: Convert Magento2 hashes to the $argon2id format.

Convert Magento2 hashes to the $argon2id format. Contribute to PlumLulz/magento_converter development by creating an account on GitHub.
github.com github.com
 
174region174

174region174

Active member
Feedback: 3 / 0 / 0
Joined
Jun 30, 2021
Messages
579
Reaction score
1,111
Credits
3,657
python

Python: 
import sys
import time
import base64

def hex_to_bin(hex_str):
    return bytes.fromhex(hex_str)

def sodium_bin2base64(data):
    return base64.b64encode(data).decode('utf-8').rstrip('=')

def main(input_file, output_file):
    timestart = time.time()
    invalid_format = 0
    invalid_options = 0
    valid = 0
    print("Processing hashes...")

 
    with open(input_file, 'r') as infile, open(output_file, 'a') as outfile:
        for line in infile:
            parse = line.strip().split(":")
            if len(parse) != 3:
                invalid_format += 1
                continue
                
            hexdigest, salt, options = parse
            options = options.split("_")
            if len(options) != 4:
                invalid_options += 1
                continue

            # Set each option to a variable
            t = options[2]
            m = int(options[3]) // 1024
            p = 1
            v = 19

            # Convert salt to argon2id format
            salt = salt[:16]
            salt = sodium_bin2base64(salt.encode('utf-8'))

            # Convert hash hex digest to argon2id format
            hexdigest = sodium_bin2base64(hex_to_bin(hexdigest))

            # Final argon2id format output
            final = f"$argon2id$v={v}$m={m},t={t},p={p}${salt}${hexdigest}\n"
            outfile.write(final)
            valid += 1

    timeend = time.time()
    etime = round(timeend - timestart, 2)
    total = valid + invalid_format + invalid_options
    print(f"\n\n{total} Total lines processed.")
    print(f"{valid} Valid hashes.")
    print(f"{invalid_format} Invalid hash format.")
    print(f"{invalid_options} Invalid options.")
    print(f"Execution time: {etime} seconds")

if __name__ == "__main__":
    if len(sys.argv) != 3:
        print(f"Usage: python {sys.argv[0]} inputfile outputfile")
        sys.exit(1)

    input_file = sys.argv[1]
    output_file = sys.argv[2]
    main(input_file, output_file)
 
Last edited by a moderator:
You must log in or register to reply here.
Top