MyBB Community Forums

Hello,

in the function below $data and $key (private key) is passed and a hash will be returned as $hmac.

 Cod removed.

Just wanted to ask if there is any way to reverse the output of this
function (base64_encode($hmac)) using $key and get $data back? or this encoding method is one way? If this is possible to understand what is $data (using $key and $hmac), can someone write a function for me to reverse the function above? I appreciate it.

I know sha1 is one-way but it just does encrypt $key and not $data, so it doesn't matter that sha1 is used here. Is the original $data reversable or one way?

Haven't really taken a look at it, but try

pack -- unpack
base64_encode -- base64_decode
sha1 -- sha1_unhash



























just kidding about the last one...sha1 is one way.

as i said sha1 is applied on $key and we will know the $key value always, and sha1 is nor running on $data but a complicated math formula is applied on $data. Is it possible to reverese that math formula using $key and get back $data?

$hmac = pack('H*', $hashfunc(($key^$opad).pack('H*', $hashfunc(($key^$ipad).$data))));

If $hashfunc == sha1, then yes $data is being hashed in sha1. And I doubt you can reverse that.

got it.
Can you interprete this function what it actually does? Why not simply use sha1($data) instead of this?

Maybe....http://en.wikipedia.org/wiki/HMAC