What types of encrypted files can we decipher?

2024-12-11 11:46:20

MD4
MD5
SHA1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA3-224
SHA3-256
SHA3-384
SHA3-512
RIPEMD-160
BLAKE2b-512
GOST R 34.11-2012 (Streebog) 256-bit, big-endian
GOST R 34.11-2012 (Streebog) 512-bit, big-endian
GOST R 34.11-94
GPG (AES-128/AES-256 (SHA-1($pass)))
Half MD5
Keccak-224
Keccak-256
Keccak-384
Keccak-512
Whirlpool
SipHash
md5(utf16le($pass))
sha1(utf16le($pass))
sha256(utf16le($pass))
sha384(utf16le($pass))
sha512(utf16le($pass))
md5($pass.$salt)
md5($salt.$pass)
md5($salt.$pass.$salt)
md5($salt.md5($pass))
md5($salt.md5($pass.$salt))
md5($salt.md5($salt.$pass))
md5($salt.sha1($salt.$pass))
md5($salt.utf16le($pass))
md5(md5($pass))
md5(md5($pass).md5($salt))
md5(md5(md5($pass)))
md5(sha1($pass))
md5(sha1($pass).$salt)
md5(sha1($pass).md5($pass).sha1($pass))
md5(sha1($salt).md5($pass))
md5(strtoupper(md5($pass)))
md5(utf16le($pass).$salt)
sha1($pass.$salt)
sha1($salt.$pass)
sha1($salt.$pass.$salt)
sha1($salt.sha1($pass))
sha1($salt.sha1($pass.$salt))
sha1($salt.utf16le($pass))
sha1($salt1.$pass.$salt2)
sha1(CX)
sha1(md5($pass))
sha1(md5($pass).$salt)
sha1(md5($pass.$salt))
sha1(md5(md5($pass)))
sha1(sha1($pass))
sha1(sha1($pass).$salt)
sha1(sha1($salt.$pass.$salt))
sha1(utf16le($pass).$salt)
sha256($pass.$salt)
sha256($salt.$pass)
sha256($salt.$pass.$salt)
sha256($salt.sha256($pass))
sha256($salt.sha256_bin($pass))
sha256($salt.utf16le($pass))
sha256(md5($pass))
sha256(sha256($pass).$salt)
sha256(sha256_bin($pass))
sha256(utf16le($pass).$salt)
sha384($pass.$salt)
sha384($salt.$pass)
sha384($salt.utf16le($pass))
sha384(utf16le($pass).$salt)
sha512($pass.$salt)
sha512($salt.$pass)
sha512($salt.utf16le($pass))
sha512(utf16le($pass).$salt)
BLAKE2b-512($pass.$salt)
BLAKE2b-512($salt.$pass)
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
HMAC-Streebog-256 (key = $pass), big-endian
HMAC-Streebog-256 (key = $salt), big-endian
HMAC-Streebog-512 (key = $pass), big-endian
HMAC-Streebog-512 (key = $salt), big-endian
CRC32
CRC32C
CRC64Jones
Java Object hashCode()
MurmurHash
MurmurHash3
3DES (PT = $salt, key = $pass)
DES (PT = $salt, key = $pass)
AES-128-ECB NOKDF (PT = $salt, key = $pass)
AES-192-ECB NOKDF (PT = $salt, key = $pass)
AES-256-ECB NOKDF (PT = $salt, key = $pass)
ChaCha20
Linux Kernel Crypto API (2.4)
Skip32 (PT = $salt, key = $pass)
PBKDF2-HMAC-MD5
PBKDF2-HMAC-SHA1
PBKDF2-HMAC-SHA256
PBKDF2-HMAC-SHA512
scrypt
phpass
TACACS+
SIP digest authentication (MD5)
IKE-PSK MD5
IKE-PSK SHA1
SNMPv3 HMAC-MD5-96
SNMPv3 HMAC-MD5-96/HMAC-SHA1-96
SNMPv3 HMAC-SHA1-96
SNMPv3 HMAC-SHA224-128
SNMPv3 HMAC-SHA256-192
SNMPv3 HMAC-SHA384-256
SNMPv3 HMAC-SHA512-384
WPA-EAPOL-PBKDF2
WPA-EAPOL-PMK
WPA-PBKDF2-PMKID+EAPOL
WPA-PMK-PMKID+EAPOL
WPA-PMKID-PBKDF2
WPA-PMKID-PMK
IPMI2 RAKP HMAC-SHA1
CRAM-MD5
JWT (JSON Web Token)
Kerberos 5, etype 17, TGS-REP
Kerberos 5, etype 17, Pre-Auth
Kerberos 5, etype 18, TGS-REP
Kerberos 5, etype 18, Pre-Auth
Kerberos 5, etype 23, AS-REQ Pre-Auth
Kerberos 5, etype 23, TGS-REP
Kerberos 5, etype 23, AS-REP
NetNTLMv1 / NetNTLMv1+ESS
NetNTLMv1 / NetNTLMv1+ESS (NT)
NetNTLMv2
NetNTLMv2 (NT)
Amazon AWS4-HMAC-SHA256
Flask Session Cookie
iSCSI CHAP authentication, MD5(CHAP)
RACF
AIX {smd5}
AIX {ssha1}
AIX {ssha256}
AIX {ssha512}
LM
QNX /etc/shadow (MD5)
QNX /etc/shadow (SHA256)
QNX /etc/shadow (SHA512)
DPAPI masterkey file v1
DPAPI masterkey file v2
GRUB 2
MS-AzureSync PBKDF2-HMAC-SHA256
BSDi Crypt, Extended DES
NTLM
Radmin2
Radmin3
Samsung Android Password/PIN
Windows Hello PIN/Password
Windows Phone 8+ PIN/password
Cisco-ASA MD5
Cisco-IOS $8$ (PBKDF2-SHA256)
Cisco-IOS $9$ (scrypt)
Cisco-IOS type 4 (SHA256)
Cisco-PIX MD5
Citrix NetScaler (SHA1)
Citrix NetScaler (SHA512)
Domain Cached Credentials (DCC), MS Cache
Domain Cached Credentials 2 (DCC2), MS Cache 2
FortiGate (FortiOS)
FortiGate256 (FortiOS256)
ArubaOS
Juniper IVE
Juniper NetScreen/SSG (ScreenOS)
Juniper/NetBSD sha1crypt
iPhone passcode (UID key + System Keybag)
macOS v10.4, macOS v10.5, macOS v10.6
macOS v10.7
macOS v10.8+ (PBKDF2-SHA512)
bcrypt $2*$, Blowfish (Unix)
md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)
descrypt, DES (Unix), Traditional DES
sha256crypt $5$, SHA256 (Unix)
sha512crypt $6$, SHA512 (Unix)
SQLCipher
MSSQL (2000)
MSSQL (2005)
MSSQL (2012, 2014)
MongoDB ServerKey SCRAM-SHA-1
MongoDB ServerKey SCRAM-SHA-256
PostgreSQL
PostgreSQL CRAM (MD5)
PostgreSQL SCRAM-SHA-256
Oracle H: Type (Oracle 7+)
Oracle S: Type (Oracle 11+)
Oracle T: Type (Oracle 12+)
MySQL $A$ (sha256crypt)
MySQL CRAM (SHA1)
MySQL323
MySQL4.1/MySQL5
Sybase ASE
DNSSEC (NSEC3)
KNX IP Secure - Device Authentication Code
CRAM-MD5 Dovecot
SSHA-256(Base64), LDAP {SSHA256}
SSHA-512(Base64), LDAP {SSHA512}
Dahua Authentication MD5
RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
FileZilla Server >= 0.9.55
ColdFusion 10+
Apache $apr1$ MD5, md5apr1, MD5 (APR)
Episerver 6.x < .NET 4
Episerver 6.x >= .NET 4
hMailServer
nsldap, SHA-1(Base64), Netscape LDAP SHA
nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
SAP CODVN B (BCODE)
SAP CODVN B (BCODE) from RFC_READ_TABLE
SAP CODVN F/G (PASSCODE)
SAP CODVN F/G (PASSCODE) from RFC_READ_TABLE
SAP CODVN H (PWDSALTEDHASH) iSSHA-1
PeopleSoft
PeopleSoft PS_TOKEN
SolarWinds Orion
SolarWinds Orion v2
SolarWinds Serv-U
Lotus Notes/Domino 5
Lotus Notes/Domino 6
Lotus Notes/Domino 8
OpenEdge Progress Encode
Oracle Transportation Management (SHA256)
Huawei sha1(md5($pass).$salt)
AuthMe sha256
AES Crypt (SHA256)
VMware VMX (PBKDF2-HMAC-SHA1 + AES-256-CBC)
LUKS
VeraCrypt
BestCrypt v3 Volume Encryption
FileVault 2
VirtualBox (PBKDF2-HMAC-SHA256 & AES-128-XTS)
VirtualBox (PBKDF2-HMAC-SHA256 & AES-256-XTS)
DiskCryptor
BitLocker
Android FDE (Samsung DEK)
Android FDE <= 4.3
Apple File System (APFS)
TrueCrypt
eCryptfs
PDF 1.1 - 1.3 (Acrobat 2 - 4)
PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1
PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2
PDF 1.4 - 1.6 (Acrobat 5 - 8)
PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass
PDF 1.7 Level 3 (Acrobat 9)
PDF 1.7 Level 8 (Acrobat 10 - 11)
MS Office 2007
MS Office 2010
MS Office 2013
MS Office 2016 - SheetProtection
MS Office <= 2003 $0/$1, MD5 + RC4
MS Office <= 2003 $0/$1, MD5 + RC4, collider #1
MS Office <= 2003 $0/$1, MD5 + RC4, collider #2
MS Office <= 2003 $3, SHA1 + RC4, collider #1
MS Office <= 2003 $3, SHA1 + RC4, collider #2
MS Office <= 2003 $3/$4, SHA1 + RC4
Open Document Format (ODF) 1.2 (SHA-256, AES)
Open Document Format (ODF) 1.1 (SHA-1, Blowfish)
Apple Secure Notes
Apple iWork
1Password, agilekeychain
1Password, cloudkeychain
Password Safe v2
Password Safe v3
LastPass + LastPass sniffed
KeePass 1 (AES/Twofish) and KeePass 2 (AES)
KeePass 1 (AES/Twofish) and KeePass 2 (AES) - keyfile only mode
Bitwarden
Ansible Vault
Mozilla key3.db
Mozilla key4.db
Apple Keychain
7-Zip
RAR3-hp
RAR3-p (Compressed)
RAR3-p (Uncompressed)
RAR5
PKZIP (Compressed Multi-File)
PKZIP (Compressed)
PKZIP (Mixed Multi-File)
PKZIP (Mixed Multi-File Checksum-Only)
PKZIP (Uncompressed)
PKZIP Master Key
PKZIP Master Key (6 byte optimization)
SecureZIP AES-128
SecureZIP AES-192
SecureZIP AES-256
WinZip
Android Backup
Stuffit5
AxCrypt 1
AxCrypt 1 in-memory SHA1
AxCrypt 2 AES-128
AxCrypt 2 AES-256
iTunes backup < 10.0
iTunes backup >= 10.0
WBB3 (Woltlab Burning Board)
PHPS
SMF (Simple Machines Forum) > v1.1
MediaWiki B type
Redmine
Umbraco HMAC-SHA1
Joomla < 2.5.18
OpenCart
PrestaShop
Tripcode
Drupal7
PunBB
MyBB 1.2+, IPB2+ (Invision Power Board)
vBulletin < v3.8.5
vBulletin >= v3.8.5
bcrypt(md5($pass)) / bcryptmd5
bcrypt(sha1($pass)) / bcryptsha1
bcrypt(sha512($pass)) / bcryptsha512
osCommerce, xt:Commerce
TOTP (HMAC-SHA1)
Web2py pbkdf2-sha512
Django (PBKDF2-SHA256)
Django (SHA-1)
Atlassian (PBKDF2-HMAC-SHA1)
Ruby on Rails Restful-Authentication
Ruby on Rails Restful Auth (one round, no sitekey)
Python passlib pbkdf2-sha512
Python passlib pbkdf2-sha256
Python passlib pbkdf2-sha1
PKCS#8 Private Keys (PBKDF2-HMAC-SHA1 + 3DES/AES)
PKCS#8 Private Keys (PBKDF2-HMAC-SHA256 + 3DES/AES)
JKS Java Key Store Private Keys (SHA1)
RSA/DSA/EC/OpenSSH Private Keys ($0$)
RSA/DSA/EC/OpenSSH Private Keys ($6$)
RSA/DSA/EC/OpenSSH Private Keys ($1, $3$)
RSA/DSA/EC/OpenSSH Private Keys ($4$)
RSA/DSA/EC/OpenSSH Private Keys ($5$)
XMPP SCRAM PBKDF2-SHA1
Teamspeak 3 (channel hash)
Telegram Desktop < v2.1.14 (PBKDF2-HMAC-SHA1)
Telegram Desktop >= v2.1.14 (PBKDF2-HMAC-SHA512)
Telegram Mobile App Passcode (SHA256)
Skype
MetaMask Wallet
BitShares v0.x - sha512(sha512_bin(pass))
Bitcoin/Litecoin wallet.dat
Bitcoin WIF private key (P2PKH)
Bitcoin WIF private key (P2SH(P2WPKH))
Bitcoin WIF private key (P2WPKH, Bech32)
Electrum Wallet (Salt-Type 1-3)
Electrum Wallet (Salt-Type 4)
Electrum Wallet (Salt-Type 5)
Blockchain, My Wallet
Blockchain, My Wallet, V2
Blockchain, My Wallet, Second Password (SHA256)
Stargazer Stellar Wallet XLM
Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256
Ethereum Wallet, PBKDF2-HMAC-SHA256
Ethereum Wallet, SCRYPT
MultiBit Classic .key (MD5)
MultiBit Classic .wallet (scrypt)
MultiBit HD (scrypt)
Exodus Desktop Wallet (scrypt)
Terra Station Wallet (AES256-CBC(PBKDF2($pass)))

The above formats all support decryption and require extracting hash values by oneself, sending them to customers for manual processing. Online methods only support common formats such as Excel, Word, PDF, PPT, RAR, ZIP, 7z, etc

Previous:What tool can be used to quickly query how many lines of data are