Date: Sat, 11 Sep 2021 12:36:56 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: brute forcing AES key On 2021-09-10 20:55, p+password@...atpro.net wrote: > On 10 Sep 2021, at 18:36, magnum <john.magnum@...hmail.com> wrote: >> But if you post a couple of sample vaults and the passwords for them, I'll have a look at it sooner or later. One vault should be empty (just create it, don't add any wallet) and one should be populated with some mockup data. > > Ok here we go: > > Empty vault file name: emptyvault.cryptoSafe > Empty vault file content: (one line, no trailing newline character) 62eIxonP+2mIsrhfIn0IzQ== > Empty vault password: foobar > > ETH vault file name: ETHkey.cryptoSafe > ETH vault file content: (one line, no trailing newline character) RJ+YWtuyOoLnnOpOdmj43+hwO5cquMsSO3f/OiQfINofM+c0JVbIyUTQg3St+1Ue09QiZKlNnCAmlPHq2wuI31QoZQ/KNKZT/VMLd3qYbkOv873HT4wsYeavSwOqrdVdxpEimkqgdDkGP7XHfeFUCv6+jXFZioiR8jYrgxA8fDQQ5C+YReuvfiqLGaVrC9ih58X8Q7NLxAlQTGSQvHgsZI6DNfAsXw3Zt++fIJh9bdLzHDEBF/pLp47zj132UOYr6TuufnnA+HeUISdk+xH6/w== > ETH vault password: foobar This decrypts to (hex) : 6b6d3e3e3e3e3e3e3e3e3e3e3e3e3e3e. The padding is weird, should be 14 x 0e but it's 14 x 3e. Not sure why, it might be a bug showing up only with empty vaults (which aren't worth cracking anyway). > Apparently the vault content is a concatenation of multiple informations: coin name, pub key, private key, seed and comment as shown on the last screen capture displayed on https://github.com/Anubis901/SafeCrypto . I can't find in the code any information regarding that storage :( > Here are the info for the ETH vault: > > ETH vault coin name: ETH > ETH public key: 0x4ac97B48CbBF9D54AE1f07bF72b10F19eBE30BB1 > ETH private key: a5f54b647905db05a82d523fe0027a5da9760c2e97e4124448896f7333cdf96f > ETH seed: (left blank) > ETH vault comment: (left blank) Decrypted hex: 6b4b12535f595e(...)3934227d5d07070707070707 As you can see we got expected padding this time: seven bytes of 07. Plaintext: kKS_Y^~Q]U udH","publicKey":"0x4ac97B48CbBF9D54AE1f07bF72b10F19eBE30BB1","privateKey":"a5f54b647905db05a82d523fe0027a5da9760c2e97e4124448896f7333cdf96f","seed":"","comment":"","id":"1631298033694"}] We could look for that constant string "publicKey" within, say, the first two blocks of AES. But I sort of think we can trust the padding as long as the vault isn't completely empty - it's faster than scanning. > thanks to 0 padding up to 32 chars, using password foobar in the app GUI gives the same result as foobar0000, foobar0000000000, foobar000000000000000, etc., this app is so nicely coded… :) Yes, I noticed the iv is also 16 x ASCII "0" as opposed to null bytes. I now opened https://github.com/openwall/john/issues/4804 for implementing this format. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.