Can I find a sha256 hash based on results it produces?

Question

Alright guys, basically I have this code:

$code ="39b7d32fcb743c244c569a56d6de4dc27577d6277d6cf155bdcba6d05befcb34";
$code2 = "9999999";
$code3 = "56985";
$hash = hash("sha256",$code."-".$code2."-".$code3);
$result = hexdec(substr($hash,0,8)) % 15;
echo $result;

It's a random number generator range 0 to 14. The code3 variable is the only one that keeps changing(and result of course), the other ones are static values. After each number is generated, the code3 value is increased by 1. The thing is, I don't have the $code value, at least not currently, it periodically changes, and when it changes the previous code is revealed. My mission is to find the code value before it changes, it seems like a sha256 hash(correct me if I'm wrong). The current $code value is the only thing I don't have so my question is: Is it possible for me to find it based on last 10 or so results making like a hash cracking code comparing the results and giving me the possible hash or hashes? If so where do I start? Thank You

EDIT: I don't need to decrypt the hash or reverse it, I just need to find the hash as it is. The $code variable is a sha256 hash which I don't know and thats what I have to figure out. Even if it is by brute force method.

Answer 1

The SHA-256 is designed, to make it impossible to find the original value by looking at the output. For short passwords it is feasible to do a brute-force attack and just try out any combination until one finds a match.

In your case the $code you need to find, is a 64 character string, which looks like the hex representation of a random 32 byte key. With 32 bytes of information you can describe about 1E77 combinations, so with 15 Giga SHA256/second you would still need about 1E58 years to brute-force.

So unless you can find out additional information about the key (e.g. a certain scheme), it is not possible to get the code. Nevertheless, the example is a bad implementation of a random number generator, it would be much safer and cheaper to read one byte from the random source of the operating system.

Answer 2

Hashing is the one-way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.

The SHA (Secure Hash Algorithm) is one of a number of cryptographic hash functions. A cryptographic hash is like a signature for a text or a data file. SHA-256 algorithm generates an almost-unique, fixed size 256-bit (32-byte) hash.

SHA-256 is one of the successor hash functions to SHA-1, and is one of the strongest hash functions available.

Every hashing cannot revert by calculation but you can map between brute force hashed plaintext like

a -> ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
b -> 3e23e8160039594a33894f6564e1b1348bbd7a0088d42c4acb73eeaed59c009d
.
.

if you meet the same hashing data, it means that you know plaintext. Normally,people generate the map of plaintext and hashed-text then they use database lookup.

So, this website provides the big hashing database that you can try revert it. Although, you can use this method to revert hashing, no one have every possible word hasing database. It just contains only words on dictionary or commonly used words for password.

For more information you can use these keywords : "rainbow table", "hashing" , "reverse hashing lookup", "cryptographic hash functions"

Answer 3

sha256 hashes are one way and cannot be reversed!

Therefore it is not possible to get the codes back unless you use a brute-force method.