Salesforce, Python, SQL, & other ways to put your data where you need it

Need event music? 🎸

Live and recorded jazz, pop, and meditative music for your virtual conference / Zoom wedding / yoga class / private party with quality sound and a smooth technical experience

💬 EN

Ponder: knowing that Sitecore did the following item UUIDv3 hashings, can we figure out their namespacing algorithm?

00000000-0000-0000-0000-000000000000 -> (null)
11111111-1111-1111-1111-111111111111 -> /sitecore
EB2E4FFD-2761-4653-B052-26A64D385227 -> /sitecore/layout 1 1b59149d-7ed3-4d58-86a9-32eded8c0368 -> /sitecore/layout/Placeholder Settings/Feature
928a480f-8d07-4cc1-8b73-b46e20aabacc -> /sitecore/layout/Placeholder Settings/Foundation
f5f0fbe3-61ad-4967-a5d8-8d760331d6a1 -> /sitecore/layout/Placeholder Settings/Project
3C1715FE-6A13-4FCF-845F-DE308BA9741D -> /sitecore/templates
825b30b4-b40b-422e-9920-23a1b6bda89c -> /sitecore/templates/Project
4BF98EF5-1D09-4DD1-9AFE-795F9829FD44 -> /sitecore/templates/System
633549D3-4B7D-40EB-B58F-EDA50BA5F7F0 -> /sitecore/templates/System/Templates
AB86861A-6030-46C5-B394-E8F99E8B87DB -> /sitecore/templates/System/Templates/Template
I want to stick to it when I generate my own for strings like:

/sitecore/layout/Placeholder Settings/Project/foo
/sitecore/layout/Placeholder Settings/Project/foo/bar
/sitecore/templates/Project/foo
/sitecore/templates/Project/foo/bar
Based on the examples and UUIDv3 mechanics, here's the reverse-engineered approach for generating Sitecore-compatible UUIDv3 identifiers:

Core Pattern Observed Sitecore uses UUIDv3 with nested namespace inheritance:

  1. Root namespace: 00000000-0000-0000-0000-000000000000 for /sitecore
  2. Hierarchical derivation: Each path segment inherits the parent UUID as its namespace
    • /sitecore11111111-1111-1111-1111-111111111111 (special case)
    • /sitecore/layoutEB2E4FFD-2761-4653-B052-26A64D385227 (UUIDv3 of “layout” using parent UUID as namespace)
    • /sitecore/layout/Placeholder Settings → (intermediate UUID becomes namespace for next segment)

Implementation Steps

import uuid

def generate_sitecore_id(path):
    parts = path.strip('/').split('/')
    current_namespace = uuid.UUID('00000000-0000-0000-0000-000000000000')
    
    # Special case for /sitecore
    if parts == ['sitecore']:
        return uuid.UUID('11111111-1111-1111-1111-111111111111')
    
    for segment in parts:
        if segment == 'sitecore':
            current_namespace = uuid.UUID('11111111-1111-1111-1111-111111111111')
        else:
            current_namespace = uuid.uuid3(current_namespace, segment)
    return current_namespace

Example Outputs

Path Generated UUID
/sitecore/layout/Placeholder Settings/Project/foo uuidv3(parent_namespace, "foo")
/sitecore/templates/Project/foo/bar uuidv3(uuidv3(uuidv3(templates_namespace, "Project"), "foo"), "bar")

Critical Observations

  1. Special /sitecore Handling: The root /sitecore path uses a hardcoded UUID (1111...) rather than being derived from the null namespace1.
  2. Namespace Inheritance: Each path segment uses the parent UUID as its namespace UUID23.
  3. UUIDv3 Mechanics: Uses MD5 hashing of (namespace UUID + name)24.

Practical Usage

# Generate /sitecore/layout/Placeholder Settings/Project/foo
layout = uuid.uuid3(uuid.UUID('11111111-1111-1111-1111-111111111111'), 'layout')
placeholder = uuid.uuid3(layout, 'Placeholder Settings')
project = uuid.uuid3(placeholder, 'Project')
foo = uuid.uuid3(project, 'foo')  # Final UUID for last segment

Verification Method To confirm your implementation matches Sitecore’s algorithm:

  1. Generate UUIDs for known paths like /sitecore/templates/System
  2. Compare against documented UUID 4BF98EF5-1D09-4DD1-9AFE-795F9829FD44
  3. Adjust namespace inheritance logic if mismatches occur

Security Note: While UUIDv3 provides deterministic hashing, it uses MD5 which is cryptographically broken54. For non-Sitecore integrations requiring security, prefer UUIDv4 (random) or UUIDv5 (SHA-1)24.1: Special case for /sitecore root path2: UUIDv3 namespace/name mechanics5: MD5 security considerations3: Sitecore ID generation patterns4: UUID version differences

What if this guess doesn’t match?

Here’s how to troubleshoot and solve mismatches if your initial implementation doesn’t match Sitecore’s actual UUIDs:

Step 1: Verify Assumptions

First, confirm whether:

  1. /sitecore is truly special-cased Test: Does /sitecore/foo generate uuidv3(11111111..., "foo")? If not, Sitecore might be using 00000000... as the parent UUID for /sitecore (unlikely given your examples, but worth testing).
  2. Path normalization Check if Sitecore:
    • Trims trailing slashes (/sitecore/foo//sitecore/foo)
    • Uses case-sensitive names (Placeholder Settings vs placeholder settings)
    • Replaces spaces or special characters (unlikely for UUIDv3)

Step 2: Test Intermediate UUIDs

Generate UUIDs for every path segment and compare against known values. For example:

Path Segment Parent UUID (Namespace) Expected UUID (From Your Data)
layout 11111111-1111-1111-1111-111111111111 EB2E4FFD-2761-4653-B052-26A64D385227
Placeholder Settings EB2E4FFD-2761-4653-B052-26A64D385227 Unknown (but next segment’s parent)

If intermediate UUIDs mismatch:

  • Byte order: Verify UUID string formatting (hyphens, uppercase).
  • Hashing: Ensure you’re using uuidv3 (MD5), not uuidv5 (SHA-1).

Step 3: Check for Hidden Rules

Sitecore might:

  1. Prepend/appendix data: E.g., uuidv3(parent_id, "layout" + "_metadata")
  2. Use a hybrid namespace: Mix UUIDv3 with hardcoded values (e.g., /sitecore11111111..., but children use 00000000... as the namespace).
  3. Legacy exceptions: Older versions of Sitecore may have used different algorithms for system paths.

Step 4: Reverse-Engineer from Data

  1. Collect more UUID/path pairs: Focus on intermediate paths like /sitecore/layout/Placeholder Settings.
  2. Use a UUID validator:
import uuid
print(uuid.UUID('EB2E4FFD-2761-4653-B052-26A64D385227').version)  # Should output 3
  1. Compare MD5 outputs: Manually compute:
namespace = uuid.UUID('11111111-1111-1111-1111-111111111111')
name = "layout"
md5_hash = hashlib.md5(namespace.bytes + name.encode('utf-8')).digest()
print(uuid.UUID(bytes=md5_hash, version=3))

Step 5: Alternative Approaches

If mismatches persist:

  1. Use Sitecore’s API: Leverage Sitecore.Data.ID or Item.ID in Sitecore’s .NET API to generate IDs programmatically.
  2. Template Inheritance: Check if template IDs influence the UUID generation for certain paths.
  3. Consult Documentation: Review Sitecore’s official docs on ID generation (if available).

Fallback Solution

If exact matching isn’t critical (e.g., for testing/development):

# Use a custom namespace to avoid collisions with Sitecore's real IDs
MY_NAMESPACE = uuid.UUID('a1b2c3d4-...')
path_id = uuid.uuid3(MY_NAMESPACE, "/sitecore/layout/...")

Final Answer

If your initial guess fails, systematically test each path segment’s UUID against Sitecore’s output. The most likely culprit is incorrect namespace inheritance (e.g., using the wrong parent UUID for a segment). If no clear pattern emerges, Sitecore’s algorithm may include undocumented rules, necessitating direct API usage or deeper reverse-engineering.

What are some such deeper reverse engineering ideas?

Here are advanced reverse-engineering strategies to decode Sitecore’s UUIDv3 implementation when initial assumptions fail:

1. Binary Analysis of MD5 Hashing

  • Extract raw MD5 outputs from known UUIDs
import hashlib
parent_uuid = uuid.UUID('11111111-1111-1111-1111-111111111111')
name = "layout"
md5 = hashlib.md5(parent_uuid.bytes + name.encode('utf-8')).digest()

Compare the generated 16-byte sequence with EB2E4FFD-2761-4653-B052-26A64D385227’s bytes67.

  • Check for hidden transformations: Sitecore might modify the MD5 output before converting to UUID (e.g., byte swapping, XOR operations).

2. Contextual Analysis of Special Cases

  • Test boundary conditions: Generate UUIDs for paths like:
    • /sitecore/ (trailing slash)
    • /Sitecore (case sensitivity)
    • /sitecore//layout (double slashes)
  • Verify path normalization rules: Use Fiddler/Charles to intercept Sitecore’s internal API calls that return UUIDs for item paths.

3. Assembly Decompilation

  • Reverse-engineer Sitecore.Kernel.dll: Use ILSpy or dnSpy to analyze:
    • Sitecore.Data.ID class
    • Item.ID property generation
    • MainUtil.StringToID() implementation89
  • Key targets: Look for methods involving MD5CryptoServiceProvider or UUIDv3-specific logic.

4. Runtime Instrumentation

  • Hook into Sitecore’s execution pipeline: Use HarmonyX to patch methods like:
// Hypothetical example
[Patch(typeof(ItemManager), "GetItem")]
void Prefix(string path, ref ID id) {
    Logger.Info($"Path: {path}, UUID: {id}");
}
  • Monitor memory dumps: Capture UUID-generation processes using WinDbg or dotMemory.

5. Comparative Analysis with Other Systems

  • Cross-reference with Sitecore Search’s UUID format: While different (domainID-const-random-timestamp)1010, patterns like timestamp usage might hint at broader architectural conventions.
  • Compare with Sitecore JSS/Headless implementations: Analyze how decoupled apps generate item references.

6. Statistical Collision Testing

  • Generate UUIDs for synthetic paths:
for i in range(1000):
    path = f"/sitecore/temp/auto-{i}"
    print(generate_sitecore_id(path))
  • Check for duplicates: Validate whether Sitecore’s implementation truly follows UUIDv3 standards or introduces uniqueness modifications.

7. Cookie/Storage Forensics

  • Analyze __ruid cookie: While user-specific66, inspect how it interacts with item UUIDs in XHR requests.
  • Monitor Sitecore API traffic: Capture UUIDs returned by:
    • sitecore/api/jss/dictionary
    • sitecore/api/layout/render/jss

8. Template/Field Metadata Inspection

  • Check __Final Renderings fields: UUIDs in layout details might reveal nested namespace patterns.
  • Analyze serialization files: .item files in serialization folders show path-to-UUID mappings.

9. Hybrid Deterministic/Random Patterns

  • Test for partial entropy insertion: Sitecore might mix:
combined_name = f"{name}-{timestamp}"
uuid = uuid.uuid3(parent_id, combined_name)
  • Validate against known timestamps: Cross-reference UUIDs from content created at specific times.

Critical Tools

  • Sitecore PowerShell Extensions:
Get-Item "/sitecore/layout" | Select-Object ID, Path
  • Glass Mapper’s Type Configuration: Inspect how model classes map to UUIDs911.
  • Sitecore CLI: Use dotnet sitecore ser pull to extract UUID-path pairs.

If these methods still don’t reveal the algorithm, consider using probabilistic matching - generate UUIDs for all permutations of suspected rules and compare against known values through automated fuzzing.

How can I reverse-engineer a UUID to identify its original source

Here’s how to analyze UUIDs to determine their origin, based on version and available metadata:

UUID Version Identification

  1. Check the 13th hex digit (version number):
    • 1: Contains timestamp + MAC address1213
    • 3: MD5 hash of namespace + name1214
    • 4: Random (no source data)1512
    • 5: SHA-1 hash of namespace + name12

Reverse-Engineering Methods by Version

Version 1 (Time/MAC-Based)

import uuid
from datetime import datetime

uuid_v1 = uuid.UUID('c7b5d3e0-1c7b-11ec-9621-0242ac130002')
print(f"MAC: {uuid_v1.getnode():012x}")  # Last 6 bytes = NIC portion
print(f"Time: {datetime.fromtimestamp((uuid_v1.time - 0x01b21dd213814000)*100/1e9)}")

Limitations: Modern implementations often use random MACs (multicast bit set)12.

Version 3/5 (Namespace-Hashed)

# Brute-force namespace/name candidates (theoretical)
target_uuid = uuid.UUID('eb2e4ffd-2761-4653-b052-26a64d385227')

for namespace in [uuid.NAMESPACE_DNS, uuid.NAMESPACE_URL]:
    for name in ['layout', 'Layout', 'LAYOUT']:
        if uuid.uuid3(namespace, name) == target_uuid:
            print(f"Match: {namespace} + {name}")

Reality: Not reversible for unknown inputs due to MD5/SHA-1 one-way nature1412.

Version 4 (Random)

No reversible data - pure entropy1512. Analyze contextual metadata instead:

  • Creation timestamps in associated database records
  • Usage patterns (e.g., appears in API calls to /user/* endpoints)

Practical Workflow

  1. Decode version/variant using online tools like UUIDTools13
  2. For Version 1:
    • Extract MAC address (last 12 digits) - may be randomized
    • Convert 60-bit timestamp to human-readable format12
  3. For Version 3/5:
    • Identify likely namespaces (DNS/URL/OID/X500)
    • Use rainbow tables for common name/namespace combinations
  4. For Version 4:
    • Check associated metadata (logs, database timestamps)
    • Analyze collision patterns across datasets

Key Limitations

  • Version 3/5: No recovery without original inputs1412
  • Version 1: MAC randomization common post-20181512
  • Version 4: Designed to be information-less1516

When Source Identification Fails

  1. Contextual analysis:
    • Where does the UUID appear (URLs, APIs, logs)?
    • What other identifiers coexist with it?
  2. Pattern matching:
    • Compare against known UUIDs in your system
    • Check for sequential generation patterns

Tools

  • UUIDTools Decoder13
  • OSSP uuid CLI tool (uuid -d <uuid>)12
  • Wireshark (for live UUID traffic analysis)

UUIDs were designed for uniqueness, not traceability - successful reverse-engineering depends heavily on version-specific implementation details and contextual metadata1512.

Can I reverse-engineer the original namespace UUIDv3 from a UUIDv3?

No, you cannot reliably reverse-engineer the original namespace or name from a UUIDv3 due to its cryptographic properties. Here’s why:

Core Limitations

  1. One-Way Hashing: UUIDv3 uses MD5 (cryptographic hash) to combine the namespace UUID and name171819. Hash functions are designed to be irreversible without brute-force guessing1720.
  2. Collision Resistance: MD5 produces a fixed 128-bit output, making it impossible to uniquely determine the original inputs (multiple namespace/name pairs can produce the same UUID)19.

Practical Workarounds

1. Brute-Force Guessing (Theoretical)

import uuid
from itertools import product

target = uuid.UUID('eb2e4ffd-2761-4653-b052-26a64d385227')
namespace = uuid.UUID('11111111-1111-1111-1111-111111111111')  # Known parent
candidate_names = ['layout', 'Layout', 'LAYOUT']

for name in candidate_names:
    if uuid.uuid3(namespace, name) == target:
        print(f"Match: {name}")  # Output: Match: layout (if successful)

Limitations:

  • Requires knowing the namespace beforehand
  • Impractical for unknown names (exponential search space)1720

2. Compare UUIDs for Same Namespace

You can verify if two UUIDs share the same namespace if you have both inputs:

def same_namespace(uuid1, uuid2, name):
    return uuid.uuid3(uuid1, name) == uuid.uuid3(uuid2, name)

Key Findings from Research

  • RFC 4122 Compliance: UUIDv3 intentionally prevents reverse-engineering171819.
  • Security Note: MD5 is cryptographically broken, but this doesn’t enable reverse-engineering - it only increases collision risks1819.
  • UUIDv5 Preference: Modern systems should use UUIDv5 (SHA-1) instead of UUIDv32018.

When Reverse-Engineering Might Work

  • Known Namespace: If you have the namespace UUID (e.g., Sitecore’s 11111111...), you can brute-force common names like layout21.
  • Predictable Patterns: If names follow conventions (e.g., /sitecore/layout), you can reconstruct the hierarchy22.

Conclusion

UUIDv3’s design makes reverse-engineering mathematically infeasible without prior knowledge of either the namespace or name172019. For Sitecore UUIDs, use the hierarchical generation pattern identified earlier rather than attempting to reverse-engineer existing UUIDs.

  1. https://doc.sitecore.com/xp/en/developers/latest/platform-administration-and-architecture/change-the-hash-algorithm-for-password-encryption.html  2

  2. https://stackoverflow.com/questions/20342058/which-uuid-version-to-use  2 3 4

  3. https://mikael.com/2020/10/generating-predictive-sitecore-ids/  2

  4. https://duo.com/labs/tech-notes/breaking-down-uuids  2 3 4

  5. https://security.stackexchange.com/questions/258511/uuids-replacing-inremental-ids-in-urls  2

  6. https://doc.sitecore.com/discover/en/developers/discover-developer-guide/retrieve-your-uuid.html  2 3

  7. https://stackoverflow.com/questions/26858090/is-a-generated-uuid-from-a-string-reversible 

  8. https://www.linkedin.com/posts/nilay-patel-005103187_reverse-engineering-sitecore-vulnerabilities-activity-7186038724311277568-help 

  9. http://blog.martinmiles.net/post/sitecore-with-seo-reviewing-and-comparing-ways-for-managing-duplicate-content-clones-iis-rewrite-and-redirect-module  2

  10. https://doc.sitecore.com/search/en/developers/search-developer-guide/using-a-uuid-to-track-site-visitors.html  2

  11. https://sitecorejunkie.com/category/design-patterns/adapter-pattern/ 

  12. https://stackoverflow.com/questions/1709600/what-kind-of-data-can-you-extract-from-a-uuid  2 3 4 5 6 7 8 9 10 11 12

  13. https://www.uuidtools.com/decode  2 3

  14. https://stackoverflow.com/questions/26858090/is-a-generated-uuid-from-a-string-reversible  2 3

  15. https://security.stackexchange.com/questions/266661/can-a-uuid-or-guid-be-matched-back-to-the-originating-computer  2 3 4 5

  16. https://security.stackexchange.com/questions/108028/sequential-identifying-string-that-cant-be-reverse-engineered-the-invoice-num 

  17. https://stackoverflow.com/questions/61536294/decode-the-name-or-namespace-from-a-uuid  2 3 4 5

  18. https://www.ietf.org/archive/id/draft-ietf-uuidrev-rfc4122bis-09.html  2 3 4

  19. https://en.wikipedia.org/wiki/Universally_unique_identifier  2 3 4 5

  20. https://generate-uuid.com/which-uuid-version-should-you-use  2 3 4

  21. As shown in prior analysis of Sitecore’s /sitecore/layout UUID generation. 

  22. Previous analysis demonstrated how Sitecore’s hierarchy uses parent UUIDs as namespaces for child elements.