Korean Social Security Number Brute-forcer
(preview)
This is another one of the scripts I wrote quite a while ago. It just wrote it out of pure boredom and actually got somewhere. Korean social securyity numbers have a pattern, consisting of 13 digits segmented into 2 parts of 6 and 7 digits. The first part is like this.
e.g. 930217
The second part is a bit complicated. It hold information on your gender and which region of Korea you were registered from. The gender codes are 9 for male 0 for female if you were born in the 1800s, 1 and 2 for the 1900s and 3 and 4 for the 2000s. The regional codes are complicated so I’ll pass on that.
e.g. 2004155
The check number is generated by a pattern. The following PHP code calculates it.
function get_check_no($s_no){
unset($total);
for($i=0; $i<13; $i++){
$s_no[$i] = intval($s_no[$i]); // convert to integer
}
// calculate social security number
$total = $s_no[0]*2 + $s_no[1]*3 + $s_no[2]*4 + $s_no[3]*5 + $s_no[4]*6 + $s_no[5]*7 + $s_no[6]*8 + $s_no[7]*9 + $s_no[8]*2 + $s_no[9]*3 + $s_no[10]*4 + $s_no[11]*5;
$total = $total%11;
$check_no = 11-$total;
// if the value of the check number exceeds 9, divide by 10 and return remainder
if($check_no>9){
$check_no = $check_no % 10;
}
return $check_no; // return result
}
So I created the bruteforcer by simply letting someone enter a hash, birthdate, and gender to get a general idea of what the SSN will look like. Then I simply incremented the leftover digits and calcultated the check numbers. I then hashed them and checked them with the entered hash value.
<?php
$b_year = $_POST['b_year'];
$b_month = $_POST['b_month'];
$b_day = $_POST['b_day'];
$gender = $_POST['gender'];
$s_no_hash_str = $_POST['s_no_hash_str'];
$hash_type = $_POST['hash_type'];
// error messages
if(!$b_year){
echo “* Enter birth year<br />”;
}
if(!$b_month){
echo “* Enter birth month<br />”;
}
if(!$b_day){
echo “* Enter birth day<br />”;
}
if(!$gender){
echo “* Select gender<br />”;
}
if(!$s_no_hash_str){
echo “* Enter hashed SSN.<br />”;
}
if(!$hash_type){
echo “* Select hash type<br />”;
}
// if everything is entered, start processing.
if($b_year && $b_month && $b_day && $gender && $hash_type && $s_no_hash_str){
// pad valued with 0
$b_year = str_pad($b_year, 4, ‘19′, STR_PAD_LEFT);
$b_month = str_pad($b_month, 2, ‘0′, STR_PAD_LEFT);
$b_day = str_pad($b_day, 2, ‘0′, STR_PAD_LEFT);
$b_year_det = substr($b_year,0,2);
$b_year = substr($b_year,2,2);
if($b_year_det == “18″){
if($gender == “1″){
$gender = “9″;
}
else{
$gender = “0″;
}
}
else if($b_year_det == “19″){
if($gender == “1″){
$gender = “1″;
}
else{
$gender = “2″;
}
}
else if($b_year_det == “20″){
if($gender == “1″){
$gender = “3″;
}
else{
$gender = “4″;
}
}
// loop misc
for($misc=0;$misc<=99999;$misc++){
// pad misc
$misc = str_pad($misc, 5, ‘0′, STR_PAD_LEFT); // pad left with 0’s
// merge valued to form actual s s no
$s_no_1 = $b_year.$b_month.$b_day;
$s_no_2 = $gender.$misc;
// get full number including check number
$s_no_string = $s_no_1.$s_no_2.get_check_no($s_no_1.$s_no_2);
// select hash type and convert
if($hash_type == “md5″){
$s_no_hash = md5($s_no_string);
}
else if($hash_type == “sha1″){
$s_no_hash = sha1($s_no_string);
}
// if the hash matches the processed, return the value and break loop
if($s_no_hash == $s_no_hash_str){
echo ”
Done: “.$s_no_string.”(”.$s_no_hash.”)
<script type=\”text/javascript\”>
<!–
document.getElementById(’result’).innerHTML = ‘”.$s_no_string.”‘;
//–>
</script>
”;
break;
}
// if not… just print current value and continue
else{
echo “Processing: “.$s_no_string.”(”.$s_no_hash.”)<br />”;
}
}
}
?>
thanks for such a wonderful script. i have a question..the hash part..what do i need to fill it with?
The hashes are md5, sha1, and so forth. You can add them to the script if you want by putting in fields.
If you’re asking about what they might look like, an md5 string looks somewhat like this: b1b553a5ccb0944322202952f07a5a4e