How is the bcrypt algorithm decrypted?

Question

I have a ton of hashed texts and their decrypted or de-hashed forms (I don't know which term is suitable in this case) via bcrypt. The thing I want to learn is how they are decrypted.

For example, the second text after the first colon is the salt and the last one is their plain versions.

$2y$12$./BuBOjyTdqysbY1eR7TC.pXlt7ySJW6PKlrfEw9CjnfD3tMHU2v.:lmnsqF0X:lol1234
$2y$12$./gIYLjuH5FborFLHJqT/e3oZ7DgXCfQyfYhjMURDxhW4zek1MHlG:UGMEYL0I:tomek2929
$2y$12$./mcc9eqh8tjRTWDcqkW0OLY6E./taB9gWc7Oz7NzzTibtgEO17Tu:ZFNgWoa5:Greenydon15

As far as I get, 12 is the number of rounds.

Answer 1

Bcrypt is a hash function, not an encryption function.

It cannot be decrypted, in the sense that you send the hash result into a function and get the decrypted version. You can only bruteforce it: send lots and lots of inputs into it, until you get the desired output, or you give up.

According to Wikipedia, this is a Bcrypt string:

$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
\__/\/ \____________________/\_____________________________/
 Alg Cost      Salt                        Hash

The 12 is not the number of rounds, but the Cost Factor, measured as 2^x. In case of 12, there are 4096 rounds (2¹²). The $2y indicates that those hashes are created by a bugged Blowfish version.

The only thing you can do it throw the salt and plain text at Blowfish, using the supplied cost factor, and compare the stored hash with the calculated one.