A hash verifies an input, but you can not reproduce the input from a hash.
A simplified version: X % 2 = H
If I give you the formula, and a H of 1, can you, with certainty, tell me that my input was 1029? Cryptographic hashes have a similar property, just with a very large collision space - for Tor only 1 in 36^16 inputs will produce a given hash; yet you still can't guarantee that an input that produces that hash is the original input (and just guessing the possible inputs will take you a very long time).
The downside of our hash above is that it gives you a pretty good clue of what the original input was: if you get an H of 1029 from the forumla X % 10000000 = H, you'll have a pretty good idea of what the X was. Cryptographic hashes do not share this weakness - they will stretch the input, and ensure that there are no clues left as to what the original input was.
The hash is generated from the onion services's private key.
Edit: I'm wrong. It's based on the hash of the public key. But it's rather confusing. After you create an onion service, you get a private key and an onion address. You don't actually get a public key, just the hostname based on it. I suspect that the public key could be found somehow. But it's not used for anything, that I know of.