How much does Hash Crack cost?

Hash Crack costs 25 sats per call.

Which hash types are supported?

The endpoint supports md5, sha1, sha256, and ntlm. The only supported mode is fasttrack.

Does ArkAPI run brute force attacks?

No. The endpoint is intentionally constrained to a curated weak-password wordlist plus John Wordlist rules, CPU-limited execution, caching, and request caps.

Hash Crack API • Live on Signet test network only

Recover weak hashes with a tightly bounded ruleset.

Use a funded Signet session to test weak password recovery against MD5, SHA1, SHA256, or NTLM digests. ArkAPI runs a constrained fasttrack mode with a curated wordlist, John Wordlist rules, CPU-limited execution, caching, and strict request caps.

25 sats / call

POST /api/hash-crack

fasttrack mode only

What It Does

Hash Crack is built for controlled recovery checks, weak-password validation, and agent security workflows where you want a fast answer on weak credential material without exposing a general cracking interface.

Supports md5, sha1, sha256, and ntlm
Uses the curated fasttrack.txt wordlist plus John Wordlist rules
Caches cracked and confirmed-uncracked results for fast repeats
Good fit for weak-hash validation and test harnesses

Guardrails

This is intentionally not a general cracking service. It is designed to stay narrow, predictable, and inexpensive to operate.

No brute force, masks, GPU jobs, or custom user rules
Separate container with CPU and memory limits
Cached results plus global and per-token rate limits
Current deployment is Signet only

Example Request

curl -X POST https://arkapi.dev/api/hash-crack \
  -H "Authorization: Bearer ak_your_token" \
  -H "Content-Type: application/json" \
  -d '{"hash":"482c811da5d5b4bc6d497ffa98491e38","type":"md5","mode":"fasttrack"}' | jq

Use a funded token from the Fund page. The same request shape is documented in /openapi.json for agents and wrappers.

How To Call It

1. Open the Fund page and create a Signet session.
2. Copy the bearer token from the session confirmation or dashboard.
3. Call POST /api/hash-crack with that token in the Authorization header.

The landing page is public, but the cracking endpoint itself still requires a funded session token and valid JSON body.

Supported Body

{
  "hash": "482c811da5d5b4bc6d497ffa98491e38",
  "type": "md5",
  "mode": "fasttrack"
}

hash is required
type must be md5, sha1, sha256, or ntlm
mode is optional but currently must be fasttrack

Example Response

{
  "success": true,
  "data": {
    "hash": "482c811da5d5b4bc6d497ffa98491e38",
    "type": "md5",
    "mode": "fasttrack",
    "engine": "john",
    "ruleset": "fasttrack.txt+wordlist-rules",
    "cracked": true,
    "plaintext": "password123",
    "elapsed_ms": 491
  },
  "cost_sats": 25,
  "balance_remaining": 1475,
  "response_ms": 503,
  "endpoint": "/api/hash-crack"
}

Good Uses

Validate whether a digest falls to a curated weak-password list
Test agent or pipeline behavior with bounded password-recovery checks
Support CTF-style exercises and weak-password demonstrations
Run repeatable checks where cached results matter

For broader platform usage, see the main docs and the live catalog.