Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Jan 2013 10:20:58 +0200
From: Milen Rangelov <>
Subject: Re: npdf2john


Looks like offline attack would not be possible for Android :( Unless there
is some way to get the mail address of course...

On Thu, Jan 10, 2013 at 4:11 AM, shane Shane

> You need root even when looking at the file system from eclipse or adb
> shell to get the local data but if you clear the local cache and then
> choose to store on sd card and login in again it will store on the sd card
> so you can grab the data. Here is some sample data from my droid, with a
> fake lastpass account.
> Password:testtest
> On Wed, Jan 9, 2013 at 9:32 PM, shane Shane <>wrote:
>> Yeah I think you can do it with developer mode enabled from eclipse. If
>> you go into the DDMS view in eclipse. I'll have a little look at it tonight.
>> On Wed, Jan 9, 2013 at 6:58 PM, Milen Rangelov <> wrote:
>>> Thanks for those!
>>> I can now confirm that LastPass Chrome and Opera work the same way on
>>> Windows/Linux/OSX. I also tried to analyze Android's implementation, but
>>> apparently it does not keep profile data (just the encrypted XML file which
>>> contains URLs/passwords) on the SD card even if "store on SD card" option
>>> is enabled. Maybe that's a stupid question not asked on the right place,
>>> but does anyone know a way to access the Android phone's internal memory
>>> filesystem other than rooting it?
>>> On Fri, Jan 4, 2013 at 9:38 PM, Rich Rumble <>wrote:
>>>> On Fri, Jan 4, 2013 at 10:21 AM, shane Shane
>>>> <> wrote:
>>>> > I don't mind looking into the LastPass on windows. I'm usually a
>>>> Linux guy
>>>> > but I have a box I dual boot at home but I'll have to talk to my
>>>> supervisor
>>>> > for my 4th year project first. I want to help out with john's
>>>> development
>>>> > but I want to make sure I'm getting academic credit for it and at the
>>>> moment
>>>> > the scope of the project is only to do with distributed document
>>>> cracking.
>>>> I've added about 8 files (in one zip)for win32 Lastpass with a
>>>> Readme.txt further explaining what each file is, but the filenames
>>>> should be very clear on what they are.
>>>> For example:
>>>> LP_win32_ff_500_password12345678.xml
>>>> Lastpass, windows, firefox, 500 iterations, password12345678. The
>>>> email/username if needed is also included in the readme.
>>>> I've also exported the sqlite 3 chrome files to plain-text SQL files
>>>> if that helps anyone.
>>>> -rich

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.