Well it's probably possible, but I have an applet that is asking for a 6 digit password and then performing a function if the password is correct. I've been looking through the code (someone else wrote it) and I have found a hash in there around the 'passwordField' variable, etc.

S(aGd0ci0jNG9wc2d1dmRmaSY7MCswLURpaXV6Yik=)

Because this is just a simple 6 digit password it has to be a static value, so I figured the password has been hashed to keep it from appearing in the code as plain text. However, is there a way to reverse engineer that?

You need to know what hash algorithm was used.  Once you know that you can brute force it with something like this:

String realhash = \    
    "S(aGd0ci0jNG9wc2d1dmRmaSY7MCswLURpaXV6Yik=)";
for (Integer x=0; x<1000000; x++)
{
    String mypass = String.format(%06d", x);
    String myhash = hash(mypass);
    if myhash.equals(realhash)
    {
        System.out.println("The password is " + mypass);
    }
}

My syntax may be a little off (I'm not a Java programmer), but that code shows essentially what you need to do.

it looks like the hash would be without the brackets as well. That kind of hash should be 40 chars I think so if the brackets were taken out of the original and just having the stuff between them you get:

aGd0ci0jNG9wc2d1dmRmaSY7MCswLURpaXV6Yik=

And that's the 40. Just need to reverse it....

Okay, thanks for the help.

I wasn't really under the impression it would be 'easy' but at least what you guys have given me helps to narrow down the focus of my efforts.

Thanks again.

Are you sure its a hash and not just base64 encoded? That looks very base64ish.  Decoded to text =

hgtr-#4opsguvdfi&;0+0-Diiuzb)

hgtr-#4opsguvdfi&;0+0-Diiuzb) ... not a whole lot to go on.

I've been hunting through the class files to see if I can figure out how it got to that point so I can reverse it from there....