Korean Social Security Number Brute-forcer
(preview)
This is another one of the scripts I wrote quite a while ago. It just wrote it out of pure boredom and actually got somewhere. Korean social securyity numbers have a pattern, consisting of 13 digits segmented into 2 parts of 6 and 7 digits. The first part is like this.
e.g. 930217
The second part is a bit complicated. It hold information on your gender and which region of Korea you were registered from. The gender codes are 9 for male 0 for female if you were born in the 1800s, 1 and 2 for the 1900s and 3 and 4 for the 2000s. The regional codes are complicated so I’ll pass on that.
e.g. 2004155
The check number is generated by a pattern. The following PHP code calculates it.
function get_check_no($s_no){
unset($total);
for($i=0; $i<13; $i++){
$s_no[$i] = intval($s_no[$i]); // convert to integer
}
// calculate social security number
$total = $s_no[0]*2 + $s_no[1]*3 + $s_no[2]*4 + $s_no[3]*5 + $s_no[4]*6 + $s_no[5]*7 + $s_no[6]*8 + $s_no[7]*9 + $s_no[8]*2 + $s_no[9]*3 + $s_no[10]*4 + $s_no[11]*5;
$total = $total%11;
$check_no = 11-$total;
// if the value of the check number exceeds 9, divide by 10 and return remainder
if($check_no>9){
$check_no = $check_no % 10;
}
return $check_no; // return result
}
So I created the bruteforcer by simply letting someone enter a hash, birthdate, and gender to get a general idea of what the SSN will look like. Then I simply incremented the leftover digits and calcultated the check numbers. I then hashed them and checked them with the entered hash value.
<?php
$b_year = $_POST['b_year'];
$b_month = $_POST['b_month'];
$b_day = $_POST['b_day'];
$gender = $_POST['gender'];
$s_no_hash_str = $_POST['s_no_hash_str'];
$hash_type = $_POST['hash_type'];
// error messages
if(!$b_year){
echo “* Enter birth year<br />”;
}
if(!$b_month){
echo “* Enter birth month<br />”;
}
if(!$b_day){
echo “* Enter birth day<br />”;
}
if(!$gender){
echo “* Select gender<br />”;
}
if(!$s_no_hash_str){
echo “* Enter hashed SSN.<br />”;
}
if(!$hash_type){
echo “* Select hash type<br />”;
}
// if everything is entered, start processing.
if($b_year && $b_month && $b_day && $gender && $hash_type && $s_no_hash_str){
// pad valued with 0
$b_year = str_pad($b_year, 4, ‘19′, STR_PAD_LEFT);
$b_month = str_pad($b_month, 2, ‘0′, STR_PAD_LEFT);
$b_day = str_pad($b_day, 2, ‘0′, STR_PAD_LEFT);
$b_year_det = substr($b_year,0,2);
$b_year = substr($b_year,2,2);
if($b_year_det == “18″){
if($gender == “1″){
$gender = “9″;
}
else{
$gender = “0″;
}
}
else if($b_year_det == “19″){
if($gender == “1″){
$gender = “1″;
}
else{
$gender = “2″;
}
}
else if($b_year_det == “20″){
if($gender == “1″){
$gender = “3″;
}
else{
$gender = “4″;
}
}
// loop misc
for($misc=0;$misc<=99999;$misc++){
// pad misc
$misc = str_pad($misc, 5, ‘0′, STR_PAD_LEFT); // pad left with 0’s
// merge valued to form actual s s no
$s_no_1 = $b_year.$b_month.$b_day;
$s_no_2 = $gender.$misc;
// get full number including check number
$s_no_string = $s_no_1.$s_no_2.get_check_no($s_no_1.$s_no_2);
// select hash type and convert
if($hash_type == “md5″){
$s_no_hash = md5($s_no_string);
}
else if($hash_type == “sha1″){
$s_no_hash = sha1($s_no_string);
}
// if the hash matches the processed, return the value and break loop
if($s_no_hash == $s_no_hash_str){
echo ”
Done: “.$s_no_string.”(”.$s_no_hash.”)
<script type=\”text/javascript\”>
<!–
document.getElementById(’result’).innerHTML = ‘”.$s_no_string.”‘;
//–>
</script>
”;
break;
}
// if not… just print current value and continue
else{
echo “Processing: “.$s_no_string.”(”.$s_no_hash.”)<br />”;
}
}
}
?>