Korean Social Security Number Brute-forcer

Filed under: Hardware, Internet, JavaScript, PHP, Programming, Reviews, Security, Web Development — Wrote by Kay Park on Monday, April 14th, 2008 @ 4:58 pm

(preview)

This is another one of the scripts I wrote quite a while ago. It just wrote it out of pure boredom and actually got somewhere. Korean social securyity numbers have a pattern, consisting of 13 digits segmented into 2 parts of 6 and 7 digits. The first part is like this.

[Birth Year] [Birth Month] [Birth Day]
e.g. 930217

The second part is a bit complicated. It hold information on your gender and which region of Korea you were registered from. The gender codes are 9 for male 0 for female if you were born in the 1800s, 1 and 2 for the 1900s and 3 and 4 for the 2000s. The regional codes are complicated so I’ll pass on that.

[Gender Code] [Regional Code] [Check Number]
e.g. 2004155

The check number is generated by a pattern. The following PHP code calculates it.

function get_check_no($s_no){
 unset($total);
  
 for($i=0; $i<13; $i++){
  $s_no[$i] = intval($s_no[$i]); // convert to integer
 }
 
 // calculate social security number
 $total = $s_no[0]*2 + $s_no[1]*3 + $s_no[2]*4 + $s_no[3]*5 + $s_no[4]*6 + $s_no[5]*7 + $s_no[6]*8 + $s_no[7]*9 + $s_no[8]*2 + $s_no[9]*3 + $s_no[10]*4 + $s_no[11]*5;
 $total = $total%11;
 $check_no = 11-$total;
 
 // if the value of the check number exceeds 9, divide by 10 and return remainder
 if($check_no>9){
  $check_no = $check_no % 10;
 }
 
 return $check_no; // return result
}

So I created the bruteforcer by simply letting someone enter a hash, birthdate, and gender to get a general idea of what the SSN will look like. Then I simply incremented the leftover digits and calcultated the check numbers. I then hashed them and checked them with the entered hash value.

<?php
$b_year = $_POST['b_year'];
$b_month = $_POST['b_month'];
$b_day = $_POST['b_day'];
$gender = $_POST['gender'];
$s_no_hash_str = $_POST['s_no_hash_str'];
$hash_type = $_POST['hash_type'];
// error messages
if(!$b_year){
 echo “* Enter birth year<br />”;
}
if(!$b_month){
 echo “* Enter birth month<br />”;
}
if(!$b_day){
 echo “* Enter birth day<br />”;
}
if(!$gender){
 echo “* Select gender<br />”;
}
if(!$s_no_hash_str){
 echo “* Enter hashed SSN.<br />”;
}
if(!$hash_type){
 echo “* Select hash type<br />”;
}
// if everything is entered, start processing.
if($b_year && $b_month && $b_day && $gender && $hash_type && $s_no_hash_str){
// pad valued with 0
$b_year = str_pad($b_year, 4, ‘19′, STR_PAD_LEFT);
$b_month = str_pad($b_month, 2, ‘0′, STR_PAD_LEFT);
$b_day = str_pad($b_day, 2, ‘0′, STR_PAD_LEFT);
$b_year_det = substr($b_year,0,2);
$b_year = substr($b_year,2,2);
if($b_year_det == “18″){
 if($gender == “1″){
  $gender = “9″;
 }
 else{
  $gender = “0″;
 }
}
else if($b_year_det == “19″){
 if($gender == “1″){
  $gender = “1″;
 }
 else{
  $gender = “2″;
 }
}
else if($b_year_det == “20″){
 if($gender == “1″){
  $gender = “3″;
 }
 else{
  $gender = “4″;
 }
}
// loop misc
for($misc=0;$misc<=99999;$misc++){
 // pad misc
 $misc = str_pad($misc, 5, ‘0′, STR_PAD_LEFT); // pad left with 0’s
 
 // merge valued to form actual s s no
 $s_no_1 = $b_year.$b_month.$b_day;
 $s_no_2 = $gender.$misc;
 
 // get full number including check number
 $s_no_string = $s_no_1.$s_no_2.get_check_no($s_no_1.$s_no_2);
 
 // select hash type and convert
 if($hash_type == “md5″){
  $s_no_hash = md5($s_no_string);
 }
 else if($hash_type == “sha1″){
  $s_no_hash = sha1($s_no_string);
 }
 // if the hash matches the processed, return the value and break loop
 if($s_no_hash == $s_no_hash_str){
  echo ”
  Done: “.$s_no_string.”(”.$s_no_hash.”)
  <script type=\”text/javascript\”>
 
  <!–
  document.getElementById(’result’).innerHTML = ‘”.$s_no_string.”‘;
  //–>
  </script>
  ”;
  break;
 }
 // if not… just print current value and continue
 else{
  echo “Processing: “.$s_no_string.”(”.$s_no_hash.”)<br />”;
 }
}
}
?>

Samsung Syncmaster 245B Arrives!

Filed under: Computers, Hardware, Reviews — Wrote by Kay Park on Saturday, April 5th, 2008 @ 11:01 pm

After about a weeks planning, I have finally bought the Samsung Syncmaster 245B. It is a 24 inch TN TFT LCD monitor with VGA and DVI input. Its maximum resolution is 1920 x 1200 which gives quite a bit of workspace. Somereviews say the vewing angles aren’t too good, but I couldn’t really tell the difference. Because I hooked it up to a Dell D410 Latitude laptop which uses a graphics accelerator rather than a real graphics card, the pictures might be a bit lower in quality. But since I don’t really game or to any graphics intensive working, it hasn’t been a problem so far.
When I first saw the box, my reaction was “whoa.” The monitor was bigger than I really expected and I had to move alot of things around in my room to make it fit properly. After strugglings with tons of cabling , I finally got to hook the monitor up and turn it on. But there was a problem! My computer was OS-less… The night before I had messed up the OS so I had to reinstall windows before I could check out the monitor. I waited whilst doing some homework and drinking some nice green tea.
After waiting for ever, windows was ready, I installed all the drivers and programs and went through the basic routine when you format a computer. When finally everything was back to normal, I turned on the monitor, and voila, the screen appeared. I had to do adjust the resolution first to 1920 x 1200. The resolution and quality was just awesome. My laptop monitor wasn’t something you could even compare it with. I tried setting the brightness to maximum, but unlike my laptop, the thing got blinding so I had to set it down a bit.
Overall, I am very satisfied with my monitor and am hoping I can get a computer with a proper graphics card so I can use it to its fullest potential.

12
© FLIXEY.COM