From 67ba1f21121e951e6d999a084842de4ee74ba164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Sun, 27 Feb 2022 23:29:15 +0100 Subject: [PATCH 1/8] add new version fix --- OpenCL/m23400-pure.cl | 25 +++++- src/modules/module_23400.c | 4 +- tools/bitwarden2hashcat.py | 143 +++++++++++++++++++++++++++++++++++ tools/test_modules/m23400.pm | 2 +- 4 files changed, 167 insertions(+), 7 deletions(-) create mode 100644 tools/bitwarden2hashcat.py diff --git a/OpenCL/m23400-pure.cl b/OpenCL/m23400-pure.cl index 77baf0362..48480ed56 100644 --- a/OpenCL/m23400-pure.cl +++ b/OpenCL/m23400-pure.cl @@ -329,10 +329,27 @@ KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS (bitwarden_tmp_t)) sha256_hmac_final (&sha256_hmac_ctx2); - const u32 r0 = sha256_hmac_ctx2.opad.h[0]; - const u32 r1 = sha256_hmac_ctx2.opad.h[1]; - const u32 r2 = sha256_hmac_ctx2.opad.h[2]; - const u32 r3 = sha256_hmac_ctx2.opad.h[3]; + sha256_hmac_ctx_t sha256_hmac_ctx3; + + + u32 buff[16] = {0}; + buff[0] = sha256_hmac_ctx2.opad.h[0]; + buff[1] = sha256_hmac_ctx2.opad.h[1]; + buff[2] = sha256_hmac_ctx2.opad.h[2]; + buff[3] = sha256_hmac_ctx2.opad.h[3]; + buff[4] = sha256_hmac_ctx2.opad.h[4]; + buff[5] = sha256_hmac_ctx2.opad.h[5]; + buff[6] = sha256_hmac_ctx2.opad.h[6]; + buff[7] = sha256_hmac_ctx2.opad.h[7]; + + sha256_hmac_init (&sha256_hmac_ctx3, out, 32); + sha256_hmac_update (&sha256_hmac_ctx3, buff, 32); + sha256_hmac_final (&sha256_hmac_ctx3); + + const u32 r0 = sha256_hmac_ctx2.opad.h[0] ^ sha256_hmac_ctx3.opad.h[0]; + const u32 r1 = sha256_hmac_ctx2.opad.h[1] ^ sha256_hmac_ctx3.opad.h[1]; + const u32 r2 = sha256_hmac_ctx2.opad.h[2] ^ sha256_hmac_ctx3.opad.h[2]; + const u32 r3 = sha256_hmac_ctx2.opad.h[3] ^ sha256_hmac_ctx3.opad.h[3]; #define il_pos 0 diff --git a/src/modules/module_23400.c b/src/modules/module_23400.c index 3704ef228..3a69b5d57 100644 --- a/src/modules/module_23400.c +++ b/src/modules/module_23400.c @@ -23,8 +23,8 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "hashcat"; -static const char *ST_HASH = "$bitwarden$1*100000*bm9yZXBseUBoYXNoY2F0Lm5ldA==*zAXL7noQxkIJG82vWuqyDsnoqnKAVU7gE/8IRI6BlMs="; +static const char *ST_PASS = "hashcat1"; +static const char *ST_HASH = "$bitwarden$1*100000*bm9yZXBseUBoYXNoY2F0Lm5ldA==*CWCy4KZEEw1W92qB7xfLRNoJpepTMSyr7WJGZ0/Xr8c="; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } diff --git a/tools/bitwarden2hashcat.py b/tools/bitwarden2hashcat.py new file mode 100644 index 000000000..05d7932e1 --- /dev/null +++ b/tools/bitwarden2hashcat.py @@ -0,0 +1,143 @@ +"""Utility to extract Bitwarden data from Google Chrome / Firefox / Android local data""" + +# Based on bitwarden2john.py https://github.com/willstruggle/john/blob/master/bitwarden2john.py + +from dataclasses import dataclass +import os +import argparse +import string +import sys +import base64 +import binascii +import traceback +import xml.etree.ElementTree as ET +from dataclasses import dataclass + +try: + import json + assert json +except ImportError: + try: + import simplejson as json + except ImportError: + sys.stderr.write("Please install json module which is currently not installed.\n") + sys.exit(-1) + +try: + import leveldb +except ImportError: + sys.stderr.write("[WARNING] Please install the leveldb module for full functionality!\n") + sys.exit(-1) + + +@dataclass +class BitwardenData: + email: string + enc_key: string + key_hash: string + iterations: int = 0 + + +def process_xml_file(filename): + tree = ET.parse(filename) + root = tree.getroot() + email = None + enc_key = None + + for item in root: + if item.tag == 'string': + name = item.attrib['name'] + if name == "encKey": + enc_key = item.text + if name == "email": + email = item.text + return email, enc_key + + +def process_leveldb(path): + db = leveldb.LevelDB(path, create_if_missing=False) + + for key, value in db.RangeIter(): + print(key.decode('ascii').strip('"') + " " + value.decode('ascii').strip('"')) + + data = BitwardenData( + email = db.Get(b'userEmail')\ + .decode("utf-8")\ + .strip('"').rstrip('"'), + enc_key = db.Get(b'encKey')\ + .decode("ascii").strip('"').rstrip('"'), + key_hash = db.Get(b'keyHash')\ + .decode("ascii").strip('"').rstrip('"'), + # Usually 100000 + iterations = int(db.Get(b'kdfIterations').decode("ascii")) + ) + + print(data) + + return data + + +def process_file(filename): + if "nngceckbap" in filename or os.path.isdir(filename): + try: + bitw_data = process_leveldb(filename) + if not bitw_data.email or not bitw_data.enc_key: + sys.stderr.write("[error] %s could not be parsed properly!\n" % filename) + return + except: + traceback.print_exc() + return + else: + with open(filename, "rb") as f: + data = f.read() + if filename.endswith(".xml") or data.startswith(b"\n" % + # sys.argv[0]) + # sys.exit(-1) + + for p in args.path: + process_file(p) diff --git a/tools/test_modules/m23400.pm b/tools/test_modules/m23400.pm index 0981b0db0..4fd327845 100644 --- a/tools/test_modules/m23400.pm +++ b/tools/test_modules/m23400.pm @@ -29,7 +29,7 @@ sub module_generate_hash my $kdf2 = Crypt::PBKDF2->new ( hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256), - iterations => 1, + iterations => 2, output_len => 32 ); From 74af4eced60bf8d966f22451bda98d05c2a93f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Mon, 28 Feb 2022 21:47:59 +0100 Subject: [PATCH 2/8] update module version --- OpenCL/m23400-pure.cl | 70 ++++++++++++++++++++++-------------- src/modules/module_23400.c | 20 ++++++++--- tools/test_modules/m23400.pm | 4 +-- 3 files changed, 62 insertions(+), 32 deletions(-) diff --git a/OpenCL/m23400-pure.cl b/OpenCL/m23400-pure.cl index 48480ed56..d63d6c4b4 100644 --- a/OpenCL/m23400-pure.cl +++ b/OpenCL/m23400-pure.cl @@ -253,7 +253,7 @@ KERNEL_FQ void m23400_loop (KERN_ATTR_TMPS (bitwarden_tmp_t)) unpackv (tmps, out, gid, 7, out[7]); } -KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS (bitwarden_tmp_t)) +KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS_ESALT (bitwarden_tmp_t, u32)) { /** * base @@ -324,36 +324,54 @@ KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS (bitwarden_tmp_t)) w3[1] = 0; w3[2] = 0; w3[3] = 0; - + sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); sha256_hmac_final (&sha256_hmac_ctx2); - sha256_hmac_ctx_t sha256_hmac_ctx3; - - - u32 buff[16] = {0}; - buff[0] = sha256_hmac_ctx2.opad.h[0]; - buff[1] = sha256_hmac_ctx2.opad.h[1]; - buff[2] = sha256_hmac_ctx2.opad.h[2]; - buff[3] = sha256_hmac_ctx2.opad.h[3]; - buff[4] = sha256_hmac_ctx2.opad.h[4]; - buff[5] = sha256_hmac_ctx2.opad.h[5]; - buff[6] = sha256_hmac_ctx2.opad.h[6]; - buff[7] = sha256_hmac_ctx2.opad.h[7]; + const u32 version = esalt_bufs[DIGESTS_OFFSET_HOST]; + if(version == 2) + { - sha256_hmac_init (&sha256_hmac_ctx3, out, 32); - sha256_hmac_update (&sha256_hmac_ctx3, buff, 32); - sha256_hmac_final (&sha256_hmac_ctx3); - - const u32 r0 = sha256_hmac_ctx2.opad.h[0] ^ sha256_hmac_ctx3.opad.h[0]; - const u32 r1 = sha256_hmac_ctx2.opad.h[1] ^ sha256_hmac_ctx3.opad.h[1]; - const u32 r2 = sha256_hmac_ctx2.opad.h[2] ^ sha256_hmac_ctx3.opad.h[2]; - const u32 r3 = sha256_hmac_ctx2.opad.h[3] ^ sha256_hmac_ctx3.opad.h[3]; + sha256_hmac_ctx_t sha256_hmac_ctx3; + + + u32 buff[16] = {0}; + buff[0] = sha256_hmac_ctx2.opad.h[0]; + buff[1] = sha256_hmac_ctx2.opad.h[1]; + buff[2] = sha256_hmac_ctx2.opad.h[2]; + buff[3] = sha256_hmac_ctx2.opad.h[3]; + buff[4] = sha256_hmac_ctx2.opad.h[4]; + buff[5] = sha256_hmac_ctx2.opad.h[5]; + buff[6] = sha256_hmac_ctx2.opad.h[6]; + buff[7] = sha256_hmac_ctx2.opad.h[7]; + + sha256_hmac_init (&sha256_hmac_ctx3, out, 32); + sha256_hmac_update (&sha256_hmac_ctx3, buff, 32); + sha256_hmac_final (&sha256_hmac_ctx3); + + const u32 r0 = sha256_hmac_ctx2.opad.h[0] ^ sha256_hmac_ctx3.opad.h[0]; + const u32 r1 = sha256_hmac_ctx2.opad.h[1] ^ sha256_hmac_ctx3.opad.h[1]; + const u32 r2 = sha256_hmac_ctx2.opad.h[2] ^ sha256_hmac_ctx3.opad.h[2]; + const u32 r3 = sha256_hmac_ctx2.opad.h[3] ^ sha256_hmac_ctx3.opad.h[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif + } + else if (version == 1) + { + const u32 r0 = sha256_hmac_ctx2.opad.h[0]; + const u32 r1 = sha256_hmac_ctx2.opad.h[1]; + const u32 r2 = sha256_hmac_ctx2.opad.h[2]; + const u32 r3 = sha256_hmac_ctx2.opad.h[3]; - #define il_pos 0 + #define il_pos 0 - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif + } } diff --git a/src/modules/module_23400.c b/src/modules/module_23400.c index 3a69b5d57..d0e14a293 100644 --- a/src/modules/module_23400.c +++ b/src/modules/module_23400.c @@ -24,7 +24,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat1"; -static const char *ST_HASH = "$bitwarden$1*100000*bm9yZXBseUBoYXNoY2F0Lm5ldA==*CWCy4KZEEw1W92qB7xfLRNoJpepTMSyr7WJGZ0/Xr8c="; +static const char *ST_HASH = "$bitwarden$2*100000*bm9yZXBseUBoYXNoY2F0Lm5ldA==*CWCy4KZEEw1W92qB7xfLRNoJpepTMSyr7WJGZ0/Xr8c="; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -84,6 +84,11 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return (u64) sizeof(u32); +} + u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (bitwarden_tmp_t); @@ -104,6 +109,8 @@ u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED con int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) { u32 *digest = (u32 *) digest_buf; + + u32 *ver = (u32 *) esalt_buf; hc_token_t token; @@ -146,8 +153,13 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // version const u8 *version_pos = token.buf[1]; + const u32 version = *version_pos - 0x30; - if (version_pos[0] != '1') return (PARSER_SALT_VALUE); + if (version == 1 || version == 2) + { + *ver = version; + } + else return (PARSER_SALT_VALUE); // iter @@ -230,7 +242,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE base64_encode (int_to_base64, (const u8 *) tmp_buf, 32, (u8 *) hash_buf); - const int line_len = snprintf (line_buf, line_size, "%s1*%i*%s*%s", + const int line_len = snprintf (line_buf, line_size, "%s2*%i*%s*%s", SIGNATURE_BITWARDEN, salt->salt_iter + 1, salt_buf, @@ -258,7 +270,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_dgst_pos3 = module_dgst_pos3; module_ctx->module_dgst_size = module_dgst_size; module_ctx->module_dictstat_disable = MODULE_DEFAULT; - module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; module_ctx->module_extra_buffer_size = MODULE_DEFAULT; module_ctx->module_extra_tmp_size = MODULE_DEFAULT; module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; diff --git a/tools/test_modules/m23400.pm b/tools/test_modules/m23400.pm index 4fd327845..d891ae046 100644 --- a/tools/test_modules/m23400.pm +++ b/tools/test_modules/m23400.pm @@ -38,7 +38,7 @@ sub module_generate_hash my $digest1 = $kdf1->PBKDF2 ($email, $word); my $digest2 = $kdf2->PBKDF2 ($word, $digest1); # position of $word switched ! - my $hash = sprintf ("\$bitwarden\$1*%d*%s*%s", $iter, encode_base64 ($email, ""), encode_base64 ($digest2, "")); + my $hash = sprintf ("\$bitwarden\$2*%d*%s*%s", $iter, encode_base64 ($email, ""), encode_base64 ($digest2, "")); return $hash; } @@ -54,7 +54,7 @@ sub module_verify_hash my $hash = substr ($line, 0, $idx); my $word = substr ($line, $idx + 1); - return unless substr ($hash, 0, 12) eq '$bitwarden$1'; + return unless substr ($hash, 0, 12) eq '$bitwarden$2'; my ($type, $iter, $salt_base64, $hash_base64) = split ('\*', $hash); From 9b66c015357e0e0736a3e3c86c329fa6a1fa6d75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Mon, 28 Feb 2022 23:16:12 +0100 Subject: [PATCH 3/8] Add parameter for second iteration count --- OpenCL/m23400-pure.cl | 216 +++++++++++++++++++++++++---------- src/modules/module_23400.c | 68 ++++++----- tools/test_modules/m23400.pm | 5 +- 3 files changed, 195 insertions(+), 94 deletions(-) diff --git a/OpenCL/m23400-pure.cl b/OpenCL/m23400-pure.cl index d63d6c4b4..e8e65d49d 100644 --- a/OpenCL/m23400-pure.cl +++ b/OpenCL/m23400-pure.cl @@ -253,7 +253,7 @@ KERNEL_FQ void m23400_loop (KERN_ATTR_TMPS (bitwarden_tmp_t)) unpackv (tmps, out, gid, 7, out[7]); } -KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS_ESALT (bitwarden_tmp_t, u32)) +KERNEL_FQ void m23400_init2 (KERN_ATTR_TMPS (bitwarden_tmp_t)) { /** * base @@ -278,26 +278,23 @@ KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS_ESALT (bitwarden_tmp_t, u32)) sha256_hmac_init (&sha256_hmac_ctx, out, 32); - u32 ipad[8]; - u32 opad[8]; + tmps[gid].ipad[0] = sha256_hmac_ctx.ipad.h[0]; + tmps[gid].ipad[1] = sha256_hmac_ctx.ipad.h[1]; + tmps[gid].ipad[2] = sha256_hmac_ctx.ipad.h[2]; + tmps[gid].ipad[3] = sha256_hmac_ctx.ipad.h[3]; + tmps[gid].ipad[4] = sha256_hmac_ctx.ipad.h[4]; + tmps[gid].ipad[5] = sha256_hmac_ctx.ipad.h[5]; + tmps[gid].ipad[6] = sha256_hmac_ctx.ipad.h[6]; + tmps[gid].ipad[7] = sha256_hmac_ctx.ipad.h[7]; - ipad[0] = sha256_hmac_ctx.ipad.h[0]; - ipad[1] = sha256_hmac_ctx.ipad.h[1]; - ipad[2] = sha256_hmac_ctx.ipad.h[2]; - ipad[3] = sha256_hmac_ctx.ipad.h[3]; - ipad[4] = sha256_hmac_ctx.ipad.h[4]; - ipad[5] = sha256_hmac_ctx.ipad.h[5]; - ipad[6] = sha256_hmac_ctx.ipad.h[6]; - ipad[7] = sha256_hmac_ctx.ipad.h[7]; - - opad[0] = sha256_hmac_ctx.opad.h[0]; - opad[1] = sha256_hmac_ctx.opad.h[1]; - opad[2] = sha256_hmac_ctx.opad.h[2]; - opad[3] = sha256_hmac_ctx.opad.h[3]; - opad[4] = sha256_hmac_ctx.opad.h[4]; - opad[5] = sha256_hmac_ctx.opad.h[5]; - opad[6] = sha256_hmac_ctx.opad.h[6]; - opad[7] = sha256_hmac_ctx.opad.h[7]; + tmps[gid].opad[0] = sha256_hmac_ctx.opad.h[0]; + tmps[gid].opad[1] = sha256_hmac_ctx.opad.h[1]; + tmps[gid].opad[2] = sha256_hmac_ctx.opad.h[2]; + tmps[gid].opad[3] = sha256_hmac_ctx.opad.h[3]; + tmps[gid].opad[4] = sha256_hmac_ctx.opad.h[4]; + tmps[gid].opad[5] = sha256_hmac_ctx.opad.h[5]; + tmps[gid].opad[6] = sha256_hmac_ctx.opad.h[6]; + tmps[gid].opad[7] = sha256_hmac_ctx.opad.h[7]; sha256_hmac_update_global_swap (&sha256_hmac_ctx, pws[gid].i, pws[gid].pw_len); @@ -324,54 +321,151 @@ KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS_ESALT (bitwarden_tmp_t, u32)) w3[1] = 0; w3[2] = 0; w3[3] = 0; - + sha256_hmac_update_64 (&sha256_hmac_ctx2, w0, w1, w2, w3, 4); sha256_hmac_final (&sha256_hmac_ctx2); - const u32 version = esalt_bufs[DIGESTS_OFFSET_HOST]; - if(version == 2) - { + tmps[gid].dgst[0] = sha256_hmac_ctx2.opad.h[0]; + tmps[gid].dgst[1] = sha256_hmac_ctx2.opad.h[1]; + tmps[gid].dgst[2] = sha256_hmac_ctx2.opad.h[2]; + tmps[gid].dgst[3] = sha256_hmac_ctx2.opad.h[3]; + tmps[gid].dgst[4] = sha256_hmac_ctx2.opad.h[4]; + tmps[gid].dgst[5] = sha256_hmac_ctx2.opad.h[5]; + tmps[gid].dgst[6] = sha256_hmac_ctx2.opad.h[6]; + tmps[gid].dgst[7] = sha256_hmac_ctx2.opad.h[7]; - sha256_hmac_ctx_t sha256_hmac_ctx3; - - - u32 buff[16] = {0}; - buff[0] = sha256_hmac_ctx2.opad.h[0]; - buff[1] = sha256_hmac_ctx2.opad.h[1]; - buff[2] = sha256_hmac_ctx2.opad.h[2]; - buff[3] = sha256_hmac_ctx2.opad.h[3]; - buff[4] = sha256_hmac_ctx2.opad.h[4]; - buff[5] = sha256_hmac_ctx2.opad.h[5]; - buff[6] = sha256_hmac_ctx2.opad.h[6]; - buff[7] = sha256_hmac_ctx2.opad.h[7]; - - sha256_hmac_init (&sha256_hmac_ctx3, out, 32); - sha256_hmac_update (&sha256_hmac_ctx3, buff, 32); - sha256_hmac_final (&sha256_hmac_ctx3); - - const u32 r0 = sha256_hmac_ctx2.opad.h[0] ^ sha256_hmac_ctx3.opad.h[0]; - const u32 r1 = sha256_hmac_ctx2.opad.h[1] ^ sha256_hmac_ctx3.opad.h[1]; - const u32 r2 = sha256_hmac_ctx2.opad.h[2] ^ sha256_hmac_ctx3.opad.h[2]; - const u32 r3 = sha256_hmac_ctx2.opad.h[3] ^ sha256_hmac_ctx3.opad.h[3]; - - #define il_pos 0 - - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif - } - else if (version == 1) + tmps[gid].out[0] = tmps[gid].dgst[0]; + tmps[gid].out[1] = tmps[gid].dgst[1]; + tmps[gid].out[2] = tmps[gid].dgst[2]; + tmps[gid].out[3] = tmps[gid].dgst[3]; + tmps[gid].out[4] = tmps[gid].dgst[4]; + tmps[gid].out[5] = tmps[gid].dgst[5]; + tmps[gid].out[6] = tmps[gid].dgst[6]; + tmps[gid].out[7] = tmps[gid].dgst[7]; +} + +KERNEL_FQ void m23400_loop2 (KERN_ATTR_TMPS (bitwarden_tmp_t)) +{ + const u64 gid = get_global_id (0); + + if ((gid * VECT_SIZE) >= GID_CNT) return; + + u32x ipad[8]; + u32x opad[8]; + + ipad[0] = packv (tmps, ipad, gid, 0); + ipad[1] = packv (tmps, ipad, gid, 1); + ipad[2] = packv (tmps, ipad, gid, 2); + ipad[3] = packv (tmps, ipad, gid, 3); + ipad[4] = packv (tmps, ipad, gid, 4); + ipad[5] = packv (tmps, ipad, gid, 5); + ipad[6] = packv (tmps, ipad, gid, 6); + ipad[7] = packv (tmps, ipad, gid, 7); + + opad[0] = packv (tmps, opad, gid, 0); + opad[1] = packv (tmps, opad, gid, 1); + opad[2] = packv (tmps, opad, gid, 2); + opad[3] = packv (tmps, opad, gid, 3); + opad[4] = packv (tmps, opad, gid, 4); + opad[5] = packv (tmps, opad, gid, 5); + opad[6] = packv (tmps, opad, gid, 6); + opad[7] = packv (tmps, opad, gid, 7); + + u32x dgst[8]; + u32x out[8]; + + dgst[0] = packv (tmps, dgst, gid, 0); + dgst[1] = packv (tmps, dgst, gid, 1); + dgst[2] = packv (tmps, dgst, gid, 2); + dgst[3] = packv (tmps, dgst, gid, 3); + dgst[4] = packv (tmps, dgst, gid, 4); + dgst[5] = packv (tmps, dgst, gid, 5); + dgst[6] = packv (tmps, dgst, gid, 6); + dgst[7] = packv (tmps, dgst, gid, 7); + + out[0] = packv (tmps, out, gid, 0); + out[1] = packv (tmps, out, gid, 1); + out[2] = packv (tmps, out, gid, 2); + out[3] = packv (tmps, out, gid, 3); + out[4] = packv (tmps, out, gid, 4); + out[5] = packv (tmps, out, gid, 5); + out[6] = packv (tmps, out, gid, 6); + out[7] = packv (tmps, out, gid, 7); + + for (u32 j = 0; j < LOOP_CNT; j++) { - const u32 r0 = sha256_hmac_ctx2.opad.h[0]; - const u32 r1 = sha256_hmac_ctx2.opad.h[1]; - const u32 r2 = sha256_hmac_ctx2.opad.h[2]; - const u32 r3 = sha256_hmac_ctx2.opad.h[3]; + u32x w0[4]; + u32x w1[4]; + u32x w2[4]; + u32x w3[4]; + + w0[0] = dgst[0]; + w0[1] = dgst[1]; + w0[2] = dgst[2]; + w0[3] = dgst[3]; + w1[0] = dgst[4]; + w1[1] = dgst[5]; + w1[2] = dgst[6]; + w1[3] = dgst[7]; + w2[0] = 0x80000000; + w2[1] = 0; + w2[2] = 0; + w2[3] = 0; + w3[0] = 0; + w3[1] = 0; + w3[2] = 0; + w3[3] = (64 + 32) * 8; - #define il_pos 0 + hmac_sha256_run_V (w0, w1, w2, w3, ipad, opad, dgst); - #ifdef KERNEL_STATIC - #include COMPARE_M - #endif + out[0] ^= dgst[0]; + out[1] ^= dgst[1]; + out[2] ^= dgst[2]; + out[3] ^= dgst[3]; + out[4] ^= dgst[4]; + out[5] ^= dgst[5]; + out[6] ^= dgst[6]; + out[7] ^= dgst[7]; } + + unpackv (tmps, dgst, gid, 0, dgst[0]); + unpackv (tmps, dgst, gid, 1, dgst[1]); + unpackv (tmps, dgst, gid, 2, dgst[2]); + unpackv (tmps, dgst, gid, 3, dgst[3]); + unpackv (tmps, dgst, gid, 4, dgst[4]); + unpackv (tmps, dgst, gid, 5, dgst[5]); + unpackv (tmps, dgst, gid, 6, dgst[6]); + unpackv (tmps, dgst, gid, 7, dgst[7]); + + unpackv (tmps, out, gid, 0, out[0]); + unpackv (tmps, out, gid, 1, out[1]); + unpackv (tmps, out, gid, 2, out[2]); + unpackv (tmps, out, gid, 3, out[3]); + unpackv (tmps, out, gid, 4, out[4]); + unpackv (tmps, out, gid, 5, out[5]); + unpackv (tmps, out, gid, 6, out[6]); + unpackv (tmps, out, gid, 7, out[7]); +} + +KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS_ESALT (bitwarden_tmp_t, u32)) +{ + /** + * base + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + const u32 r0 = tmps[gid].out[0]; + const u32 r1 = tmps[gid].out[1]; + const u32 r2 = tmps[gid].out[2]; + const u32 r3 = tmps[gid].out[3]; + + #define il_pos 0 + + #ifdef KERNEL_STATIC + #include COMPARE_M + #endif } diff --git a/src/modules/module_23400.c b/src/modules/module_23400.c index d0e14a293..a6740e83b 100644 --- a/src/modules/module_23400.c +++ b/src/modules/module_23400.c @@ -21,10 +21,12 @@ static const char *HASH_NAME = "Bitwarden"; static const u64 KERN_TYPE = 23400; static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE | OPTI_TYPE_SLOW_HASH_SIMD_LOOP; -static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE; +static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE + | OPTS_TYPE_LOOP2 + | OPTS_TYPE_INIT2; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "hashcat1"; -static const char *ST_HASH = "$bitwarden$2*100000*bm9yZXBseUBoYXNoY2F0Lm5ldA==*CWCy4KZEEw1W92qB7xfLRNoJpepTMSyr7WJGZ0/Xr8c="; +static const char *ST_HASH = "$bitwarden$2*100000*2*bm9yZXBseUBoYXNoY2F0Lm5ldA==*CWCy4KZEEw1W92qB7xfLRNoJpepTMSyr7WJGZ0/Xr8c="; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -84,11 +86,6 @@ char *module_jit_build_options (MAYBE_UNUSED const hashconfig_t *hashconfig, MAY return jit_build_options; } -u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) -{ - return (u64) sizeof(u32); -} - u64 module_tmp_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { const u64 tmp_size = (const u64) sizeof (bitwarden_tmp_t); @@ -110,11 +107,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE { u32 *digest = (u32 *) digest_buf; - u32 *ver = (u32 *) esalt_buf; - hc_token_t token; - token.token_cnt = 5; + token.token_cnt = 6; token.signatures_cnt = 1; token.signatures_buf[0] = SIGNATURE_BITWARDEN; @@ -137,13 +132,19 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.sep[3] = '*'; token.len_min[3] = 1; - token.len_max[3] = ((SALT_MAX * 8) / 6) + 3; - token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; + token.len_max[3] = 7; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_DIGIT; token.sep[4] = '*'; - token.len_min[4] = 44; - token.len_max[4] = 44; - token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH + token.len_min[4] = 1; + token.len_max[4] = ((SALT_MAX * 8) / 6) + 3; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH; + + token.sep[5] = '*'; + token.len_min[5] = 44; + token.len_max[5] = 44; + token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_BASE64A; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); @@ -155,27 +156,31 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u8 *version_pos = token.buf[1]; const u32 version = *version_pos - 0x30; - if (version == 1 || version == 2) - { - *ver = version; - } - else return (PARSER_SALT_VALUE); + if (version != 2) return (PARSER_SALT_VALUE); // iter - const u8 *iter_pos = token.buf[2]; + const u8 *iter1_pos = token.buf[2]; + const u8 *iter2_pos = token.buf[3]; + + const u32 iter1 = hc_strtoul ((const char *) iter1_pos, NULL, 10); + + if (iter1 < 1) return (PARSER_SALT_ITERATION); + if (iter1 > 999999) return (PARSER_SALT_ITERATION); + + salt->salt_iter = iter1 - 1; - const u32 iter = hc_strtoul ((const char *) iter_pos, NULL, 10); + const u32 iter2 = hc_strtoul ((const char *) iter2_pos, NULL, 10); - if (iter < 1) return (PARSER_SALT_ITERATION); - if (iter > 999999) return (PARSER_SALT_ITERATION); + if (iter2 < 1) return (PARSER_SALT_ITERATION); + if (iter2 > 999999) return (PARSER_SALT_ITERATION); - salt->salt_iter = iter - 1; + salt->salt_iter2 = iter2 - 1; // salt - const u8 *salt_pos = token.buf[3]; - const int salt_len = token.len[3]; + const u8 *salt_pos = token.buf[4]; + const int salt_len = token.len[4]; u8 tmp_buf[SALT_MAX + 1] = { 0 }; @@ -190,8 +195,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // hash - const u8 *hash_pos = token.buf[4]; - const int hash_len = token.len[4]; + const u8 *hash_pos = token.buf[5]; + const int hash_len = token.len[5]; memset (tmp_buf, 0, sizeof (tmp_buf)); @@ -242,9 +247,10 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE base64_encode (int_to_base64, (const u8 *) tmp_buf, 32, (u8 *) hash_buf); - const int line_len = snprintf (line_buf, line_size, "%s2*%i*%s*%s", + const int line_len = snprintf (line_buf, line_size, "%s2*%i*%i*%s*%s", SIGNATURE_BITWARDEN, salt->salt_iter + 1, + salt->salt_iter2 + 1, salt_buf, hash_buf); @@ -270,7 +276,7 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_dgst_pos3 = module_dgst_pos3; module_ctx->module_dgst_size = module_dgst_size; module_ctx->module_dictstat_disable = MODULE_DEFAULT; - module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_esalt_size = MODULE_DEFAULT; module_ctx->module_extra_buffer_size = MODULE_DEFAULT; module_ctx->module_extra_tmp_size = MODULE_DEFAULT; module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; diff --git a/tools/test_modules/m23400.pm b/tools/test_modules/m23400.pm index d891ae046..380620892 100644 --- a/tools/test_modules/m23400.pm +++ b/tools/test_modules/m23400.pm @@ -18,6 +18,7 @@ sub module_generate_hash my $word = shift; my $salt = shift; my $iter = shift // 10000; # or 100000 default but probably too high for tests + my $iter2 = shift // 2; my $kdf1 = Crypt::PBKDF2->new ( @@ -29,7 +30,7 @@ sub module_generate_hash my $kdf2 = Crypt::PBKDF2->new ( hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256), - iterations => 2, + iterations => $iter2, output_len => 32 ); @@ -38,7 +39,7 @@ sub module_generate_hash my $digest1 = $kdf1->PBKDF2 ($email, $word); my $digest2 = $kdf2->PBKDF2 ($word, $digest1); # position of $word switched ! - my $hash = sprintf ("\$bitwarden\$2*%d*%s*%s", $iter, encode_base64 ($email, ""), encode_base64 ($digest2, "")); + my $hash = sprintf ("\$bitwarden\$2*%d*%d*%s*%s", $iter, $iter2, encode_base64 ($email, ""), encode_base64 ($digest2, "")); return $hash; } From 7c29dff84cd126168c9cce4f40e0ad6fbd841584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Mon, 28 Feb 2022 23:36:02 +0100 Subject: [PATCH 4/8] Update changes --- docs/changes.txt | 1 + tools/bitwarden2hashcat.py | 143 ------------------------------------- 2 files changed, 1 insertion(+), 143 deletions(-) delete mode 100644 tools/bitwarden2hashcat.py diff --git a/docs/changes.txt b/docs/changes.txt index 4f7ef789b..e07782b6a 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -18,6 +18,7 @@ - Added support to building universal macOS binary on Apple Silicon - Added hex encoding format for --separator option - Added password candidates range to --status-json output +- Added parameter to Bitwarden mode for second iteration count ## ## Bugs diff --git a/tools/bitwarden2hashcat.py b/tools/bitwarden2hashcat.py deleted file mode 100644 index 05d7932e1..000000000 --- a/tools/bitwarden2hashcat.py +++ /dev/null @@ -1,143 +0,0 @@ -"""Utility to extract Bitwarden data from Google Chrome / Firefox / Android local data""" - -# Based on bitwarden2john.py https://github.com/willstruggle/john/blob/master/bitwarden2john.py - -from dataclasses import dataclass -import os -import argparse -import string -import sys -import base64 -import binascii -import traceback -import xml.etree.ElementTree as ET -from dataclasses import dataclass - -try: - import json - assert json -except ImportError: - try: - import simplejson as json - except ImportError: - sys.stderr.write("Please install json module which is currently not installed.\n") - sys.exit(-1) - -try: - import leveldb -except ImportError: - sys.stderr.write("[WARNING] Please install the leveldb module for full functionality!\n") - sys.exit(-1) - - -@dataclass -class BitwardenData: - email: string - enc_key: string - key_hash: string - iterations: int = 0 - - -def process_xml_file(filename): - tree = ET.parse(filename) - root = tree.getroot() - email = None - enc_key = None - - for item in root: - if item.tag == 'string': - name = item.attrib['name'] - if name == "encKey": - enc_key = item.text - if name == "email": - email = item.text - return email, enc_key - - -def process_leveldb(path): - db = leveldb.LevelDB(path, create_if_missing=False) - - for key, value in db.RangeIter(): - print(key.decode('ascii').strip('"') + " " + value.decode('ascii').strip('"')) - - data = BitwardenData( - email = db.Get(b'userEmail')\ - .decode("utf-8")\ - .strip('"').rstrip('"'), - enc_key = db.Get(b'encKey')\ - .decode("ascii").strip('"').rstrip('"'), - key_hash = db.Get(b'keyHash')\ - .decode("ascii").strip('"').rstrip('"'), - # Usually 100000 - iterations = int(db.Get(b'kdfIterations').decode("ascii")) - ) - - print(data) - - return data - - -def process_file(filename): - if "nngceckbap" in filename or os.path.isdir(filename): - try: - bitw_data = process_leveldb(filename) - if not bitw_data.email or not bitw_data.enc_key: - sys.stderr.write("[error] %s could not be parsed properly!\n" % filename) - return - except: - traceback.print_exc() - return - else: - with open(filename, "rb") as f: - data = f.read() - if filename.endswith(".xml") or data.startswith(b"\n" % - # sys.argv[0]) - # sys.exit(-1) - - for p in args.path: - process_file(p) From 5154807c4ee9fd94d77b4db4b69a5fd4bab83925 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Tue, 1 Mar 2022 00:01:43 +0100 Subject: [PATCH 5/8] Remove esalt param --- OpenCL/m23400-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m23400-pure.cl b/OpenCL/m23400-pure.cl index e8e65d49d..6041818e5 100644 --- a/OpenCL/m23400-pure.cl +++ b/OpenCL/m23400-pure.cl @@ -448,7 +448,7 @@ KERNEL_FQ void m23400_loop2 (KERN_ATTR_TMPS (bitwarden_tmp_t)) unpackv (tmps, out, gid, 7, out[7]); } -KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS_ESALT (bitwarden_tmp_t, u32)) +KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS (bitwarden_tmp_t, u32)) { /** * base From 2d79bc1a225b599d8966e5d44acf97084981908b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Tue, 1 Mar 2022 00:25:06 +0100 Subject: [PATCH 6/8] remove esalt param --- OpenCL/m23400-pure.cl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenCL/m23400-pure.cl b/OpenCL/m23400-pure.cl index 6041818e5..091dc8ca6 100644 --- a/OpenCL/m23400-pure.cl +++ b/OpenCL/m23400-pure.cl @@ -448,7 +448,7 @@ KERNEL_FQ void m23400_loop2 (KERN_ATTR_TMPS (bitwarden_tmp_t)) unpackv (tmps, out, gid, 7, out[7]); } -KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS (bitwarden_tmp_t, u32)) +KERNEL_FQ void m23400_comp (KERN_ATTR_TMPS (bitwarden_tmp_t)) { /** * base From 6db32cd9921a93c91b377597c5853996ddd26880 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Sat, 5 Mar 2022 21:44:01 +0100 Subject: [PATCH 7/8] Add Bitwarden extraction tool --- tools/bitwarden2hashcat.py | 143 +++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 tools/bitwarden2hashcat.py diff --git a/tools/bitwarden2hashcat.py b/tools/bitwarden2hashcat.py new file mode 100644 index 000000000..4afa62d20 --- /dev/null +++ b/tools/bitwarden2hashcat.py @@ -0,0 +1,143 @@ +"""Utility to extract Bitwarden hash for hashcat from Google Chrome / Firefox / Desktop local data""" + +# +# Based on bitwarden2john.py https://github.com/willstruggle/john/blob/master/bitwarden2john.py +# +# Various data locations are documented here: https://bitwarden.com/help/data-storage/#on-your-local-machine +# +# Author: https://github.com/Greexter +# License: MIT +# + +import os +import argparse +import sys +import base64 +import traceback + +try: + import json + assert json +except ImportError: + try: + import simplejson as json + except ImportError: + print("Please install json module which is currently not installed.\n", file=sys.stderr) + sys.exit(-1) + + +def process_sqlite(path): + try: + import snappy + except ImportError: + print("Please install python-snappy module.\n", file=sys.stderr) + sys.exit(-1) + try: + import sqlite3 + except ImportError: + print("Please install sqlite3 module.\n", file=sys.stderr) + sys.exit(-1) + + conn = sqlite3.connect(path) + cur = conn.cursor() + data = cur.execute('SELECT * FROM object_data') + fetched = data.fetchall() + + # uses undocumented nonstandard data format + # probably can break in the future + dataValue = snappy.decompress(fetched[0][4]) + + key_hash = dataValue.split(b"keyHash")[1][9:53].decode() + email = dataValue.split(b"email")[1][11:].split(b'\x00')[0].decode() + iterations = int.from_bytes(dataValue.split(b"kdfIterations")[1][3:7], byteorder="little") + + return email, key_hash, iterations + + +def process_leveldb(path): + try: + import leveldb + except ImportError: + print("[WARNING] Please install the leveldb module for full functionality!\n", file=sys.stderr) + return + + db = leveldb.LevelDB(path, create_if_missing=False) + + try: + active = db.Get(b'activeUserId').decode().strip('"') + data = db.Get(active.encode()) + return process_json(data) + except(KeyError): + # support for older Bitwarden versions (before account switch implementation) + # data is stored in different format + print("Failed to exctract data, trying old format.", file=sys.stderr) + email = db.Get(b'userEmail')\ + .decode("utf-8")\ + .strip('"').rstrip('"') + key_hash = db.Get(b'keyHash')\ + .decode("ascii").strip('"').rstrip('"') + iterations = int(db.Get(b'kdfIterations').decode("ascii")) + + return email, key_hash, iterations + + +def process_json(data): + data = json.loads(data) + try: + profile = data["profile"] + email = profile["email"] + iterations = profile["kdfIterations"] + hash = profile["keyHash"] + except(KeyError): + print("Failed to exctract data, trying old format.", file=sys.stderr) + email = data["rememberedEmail"] + hash = data["keyHash"] + iterations = data["kdfIterations"] + + return email, hash, iterations + + +def process_file(filename, legacy = False): + try: + if os.path.isdir(filename): + # Chromium based + email, key_hash, iterations = process_leveldb(filename) + elif filename.endswith(".sqlite"): + # Firefox + email, key_hash, iterations = process_sqlite(filename) + elif filename.endswith(".json"): + # json - Desktop + with open(filename, "rb") as f: + data = f.read() + email, key_hash, iterations = process_leveldb(data) + else: + print("Unknown storage. Don't know how to extract data.", file=sys.stderr) + sys.exit(-1) + + except (ValueError, KeyError): + traceback.print_exc() + print("Missing values, user is probably logged out.", file=sys.stderr) + return + except: + traceback.print_exc() + return + + if not email or not key_hash or not iterations: + print("[error] %s could not be parsed properly!\nUser is probably logged out." % filename, file=sys.stderr) + sys.exit(-1) + + iterations2 = 1 if legacy else 2 + + print(f"$bitwarden$2*%d*%d*%s*%s\n" % + (iterations, iterations2, base64.b64encode(email.encode("ascii")).decode("ascii"), key_hash)) + + +if __name__ == "__main__": + parser = argparse.ArgumentParser() + parser.add_argument("paths", type=str, nargs="+") + parser.add_argument("--legacy", action="store_true", help="Used for older versions of Bitwarden (before static iteration count had been changed).") + + args = parser.parse_args() + + for p in args.paths: + process_file(p, args.legacy) From b3f1a0ebdfe64ccb3af0b189b390348249e2fc65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C5=A0trom?= Date: Sun, 6 Mar 2022 10:50:04 +0100 Subject: [PATCH 8/8] Improve anf fix bitwarden extract tool --- tools/bitwarden2hashcat.py | 70 ++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 26 deletions(-) diff --git a/tools/bitwarden2hashcat.py b/tools/bitwarden2hashcat.py index 4afa62d20..07b56cb83 100644 --- a/tools/bitwarden2hashcat.py +++ b/tools/bitwarden2hashcat.py @@ -50,50 +50,68 @@ def process_sqlite(path): key_hash = dataValue.split(b"keyHash")[1][9:53].decode() email = dataValue.split(b"email")[1][11:].split(b'\x00')[0].decode() iterations = int.from_bytes(dataValue.split(b"kdfIterations")[1][3:7], byteorder="little") - - return email, key_hash, iterations + + return [(email, key_hash, iterations)] def process_leveldb(path): try: import leveldb except ImportError: - print("[WARNING] Please install the leveldb module for full functionality!\n", file=sys.stderr) - return + print("Please install the leveldb module for full functionality!\n", file=sys.stderr) + sys.exit(-1) db = leveldb.LevelDB(path, create_if_missing=False) try: - active = db.Get(b'activeUserId').decode().strip('"') - data = db.Get(active.encode()) - return process_json(data) + out = [] + accIds = db.Get(b'authenticatedAccounts') + accIds = json.loads(accIds) + + for id in accIds: + authAccData = db.Get(id.strip('"').encode()) + out.append(extract_json_profile(json.loads(authAccData))) + + return out except(KeyError): # support for older Bitwarden versions (before account switch implementation) # data is stored in different format - print("Failed to exctract data, trying old format.", file=sys.stderr) + print("Failed to extract data, trying old format.", file=sys.stderr) email = db.Get(b'userEmail')\ - .decode("utf-8")\ - .strip('"').rstrip('"') + .decode('utf-8')\ + .strip('"') key_hash = db.Get(b'keyHash')\ - .decode("ascii").strip('"').rstrip('"') + .decode("ascii").strip('"') iterations = int(db.Get(b'kdfIterations').decode("ascii")) - return email, key_hash, iterations + return [(email, key_hash, iterations)] def process_json(data): data = json.loads(data) + try: - profile = data["profile"] - email = profile["email"] - iterations = profile["kdfIterations"] - hash = profile["keyHash"] + out = [] + accIds = data["authenticatedAccounts"] + for id in accIds: + authAccData = data[id.strip('"')] + out.append(extract_json_profile(authAccData)) + + return out except(KeyError): - print("Failed to exctract data, trying old format.", file=sys.stderr) + print("Failed to extract data, trying old format.", file=sys.stderr) email = data["rememberedEmail"] hash = data["keyHash"] iterations = data["kdfIterations"] + return [(email, hash, iterations)] + + +def extract_json_profile(data): + profile = data["profile"] + email = profile["email"] + iterations = profile["kdfIterations"] + hash = profile["keyHash"] return email, hash, iterations @@ -101,15 +119,15 @@ def process_file(filename, legacy = False): try: if os.path.isdir(filename): # Chromium based - email, key_hash, iterations = process_leveldb(filename) + data = process_leveldb(filename) elif filename.endswith(".sqlite"): # Firefox - email, key_hash, iterations = process_sqlite(filename) + data = process_sqlite(filename) elif filename.endswith(".json"): # json - Desktop with open(filename, "rb") as f: data = f.read() - email, key_hash, iterations = process_leveldb(data) + data = process_json(data) else: print("Unknown storage. Don't know how to extract data.", file=sys.stderr) sys.exit(-1) @@ -122,14 +140,14 @@ def process_file(filename, legacy = False): traceback.print_exc() return - if not email or not key_hash or not iterations: - print("[error] %s could not be parsed properly!\nUser is probably logged out." % filename, file=sys.stderr) - sys.exit(-1) - iterations2 = 1 if legacy else 2 + for entry in data: + if len(entry) != 3: + print("[error] %s could not be parsed properly!\nUser is probably logged out." % filename, file=sys.stderr) + continue - print(f"$bitwarden$2*%d*%d*%s*%s\n" % - (iterations, iterations2, base64.b64encode(email.encode("ascii")).decode("ascii"), key_hash)) + print("$bitwarden$2*%d*%d*%s*%s" % + (entry[2], iterations2, base64.b64encode(entry[0].encode("ascii")).decode("ascii"), entry[1])) if __name__ == "__main__":