Improve anf fix bitwarden extract tool

2024-11-22 08:08:10 +00:00 · 2022-03-06 10:50:04 +01:00 · 2022-03-06 10:50:04 +01:00 · b3f1a0ebdf
commit b3f1a0ebdf
parent 6db32cd992
1 changed files with 44 additions and 26 deletions
--- a/tools/bitwarden2hashcat.py
+++ b/tools/bitwarden2hashcat.py
@ -50,50 +50,68 @@ def process_sqlite(path):
    key_hash = dataValue.split(b"keyHash")[1][9:53].decode()
    email = dataValue.split(b"email")[1][11:].split(b'\x00')[0].decode()
    iterations = int.from_bytes(dataValue.split(b"kdfIterations")[1][3:7], byteorder="little")
-    
-    return email, key_hash, iterations
+
+    return [(email, key_hash, iterations)]


 def process_leveldb(path):
    try:
        import leveldb
    except ImportError:
-        print("[WARNING] Please install the leveldb module for full functionality!\n", file=sys.stderr)
-        return
+        print("Please install the leveldb module for full functionality!\n", file=sys.stderr)
+        sys.exit(-1)

    db = leveldb.LevelDB(path, create_if_missing=False)

    try:
-        active = db.Get(b'activeUserId').decode().strip('"')
-        data = db.Get(active.encode())
-        return process_json(data)
+        out = []
+        accIds = db.Get(b'authenticatedAccounts')
+        accIds = json.loads(accIds)
+
+        for id in accIds:
+            authAccData = db.Get(id.strip('"').encode())
+            out.append(extract_json_profile(json.loads(authAccData)))
+
+        return out
    except(KeyError):
        # support for older Bitwarden versions (before account switch implementation)
        # data is stored in different format
-        print("Failed to exctract data, trying old format.", file=sys.stderr)
+        print("Failed to extract data, trying old format.", file=sys.stderr)
        email = db.Get(b'userEmail')\
-            .decode("utf-8")\
-            .strip('"').rstrip('"')
+            .decode('utf-8')\
+            .strip('"')
        key_hash = db.Get(b'keyHash')\
-            .decode("ascii").strip('"').rstrip('"')
+            .decode("ascii").strip('"')
        iterations = int(db.Get(b'kdfIterations').decode("ascii"))

-    return email, key_hash, iterations
+    return [(email, key_hash, iterations)]


 def process_json(data):
    data = json.loads(data)
+
    try:
-        profile = data["profile"]
-        email = profile["email"]
-        iterations = profile["kdfIterations"]
-        hash = profile["keyHash"]
+        out = []
+        accIds = data["authenticatedAccounts"]
+        for id in accIds:
+            authAccData = data[id.strip('"')]
+            out.append(extract_json_profile(authAccData))
+
+        return out
    except(KeyError):
-        print("Failed to exctract data, trying old format.", file=sys.stderr)
+        print("Failed to extract data, trying old format.", file=sys.stderr)
        email = data["rememberedEmail"]
        hash = data["keyHash"]
        iterations = data["kdfIterations"]

+    return [(email, hash, iterations)]
+
+
+def extract_json_profile(data):
+    profile = data["profile"]
+    email = profile["email"]
+    iterations = profile["kdfIterations"]
+    hash = profile["keyHash"]
    return email, hash, iterations


@ -101,15 +119,15 @@ def process_file(filename, legacy = False):
    try:
        if os.path.isdir(filename):
            # Chromium based
-            email, key_hash, iterations = process_leveldb(filename)
+            data = process_leveldb(filename)
        elif filename.endswith(".sqlite"):
            # Firefox
-            email, key_hash, iterations = process_sqlite(filename)
+            data = process_sqlite(filename)
        elif filename.endswith(".json"):
            # json - Desktop 
            with open(filename, "rb") as f:
                data = f.read()
-                email, key_hash, iterations = process_leveldb(data)
+                data = process_json(data)
        else:
            print("Unknown storage. Don't know how to extract data.", file=sys.stderr)
            sys.exit(-1)
@ -122,14 +140,14 @@ def process_file(filename, legacy = False):
        traceback.print_exc()
        return

-    if not email or not key_hash or not iterations:
-        print("[error] %s could not be parsed properly!\nUser is probably logged out." % filename, file=sys.stderr)
-        sys.exit(-1)
-
    iterations2 = 1 if legacy else 2
+    for entry in data:
+        if len(entry) != 3:
+            print("[error] %s could not be parsed properly!\nUser is probably logged out." % filename, file=sys.stderr)
+            continue

-    print(f"$bitwarden$2*%d*%d*%s*%s\n" %
-        (iterations, iterations2, base64.b64encode(email.encode("ascii")).decode("ascii"), key_hash))
+        print("$bitwarden$2*%d*%d*%s*%s" %
+            (entry[2], iterations2, base64.b64encode(entry[0].encode("ascii")).decode("ascii"), entry[1]))


 if __name__ == "__main__":