search

CooperRS / decrypt-otpauth-files

Decrypt files created by OTP Auth
http://cooperrs.de/otpauth.html
MIT License
122 stars 46 forks source link

Decrypt isn't working for new version #6

Open hmarrao opened 4 years ago

hmarrao commented 4 years ago

I'm currently unable to decrypt my db file.

the AES part is complaining about length not being in a 16*X block.

I don't know if db as some extra metadata or the decrypt options changed.

Can you help me decrypting my db file¿?

CooperRS commented 4 years ago

Hey there!

I just updated the crypto library used by this tool. Can you try again with the current master HEAD (Commit 2b71b602388e4901ec98998e470d87590709a94f)? I hope my update fixed this issue :)

Best regards, Roland

hmarrao commented 4 years ago

Hi Roland, thx for the reply.

Im still getting the same problem:

Traceback (most recent call last):
  File "decrypt_otpauth.py", line 324, in <module>
    cli()
  File "/home/sp82254/.local/share/virtualenvs/decrypt-otpauth-files-JiRYvIvc/lib/python3.7/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/home/sp82254/.local/share/virtualenvs/decrypt-otpauth-files-JiRYvIvc/lib/python3.7/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/home/sp82254/.local/share/virtualenvs/decrypt-otpauth-files-JiRYvIvc/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/sp82254/.local/share/virtualenvs/decrypt-otpauth-files-JiRYvIvc/lib/python3.7/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/sp82254/.local/share/virtualenvs/decrypt-otpauth-files-JiRYvIvc/lib/python3.7/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "decrypt_otpauth.py", line 278, in decrypt_backup
    data = AES.new(key, AES.MODE_CBC, iv).decrypt(encrypted_otpauth_backup.read())
  File "/home/sp82254/.local/share/virtualenvs/decrypt-otpauth-files-JiRYvIvc/lib/python3.7/site-packages/Crypto/Cipher/_mode_cbc.py", line 246, in decrypt
    raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
ValueError: Data must be padded to 16 byte boundary in CBC mode

Im currently using OTP Auth 2.13.5 (504)

hmarrao commented 4 years ago

Updated to OTP Auth 2.16.1 (701) but got the same result.

CooperRS commented 4 years ago

Hmm, to me it seems like either the backup is not properly formatted or the Python Crypto library is broken.

Did you already try to recreate the virtual environment 8containing the dependencies) using piping --rm followed by a pipenv install?

Updated to OTP Auth 2.16.1 (701) but got the same result.

Updated to OTP Auth 2.16.1 means you installed that version of OTP Auth and re-created the backup with it?

hmarrao commented 4 years ago

same error:

    raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
ValueError: Data must be padded to 16 byte boundary in CBC mode

my otpauthdb doesn't have the proper block size ... it doesn't match a multiple of 16 as the one in your examples ...

todd-a-jacobs commented 3 years ago

I'm also having problems with v2.17.4 (937) on macOS when using 2b71b602388e4901ec98998e470d87590709a94f. The traceback says:

$ pipenv run python decrypt_otpauth.py decrypt_account --encrypted-otpauth-account ./accounts.otpauthdb 
Password for export file ./accounts.otpauthdb: 
Traceback (most recent call last):
  File "decrypt_otpauth.py", line 324, in <module>
    cli()
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "decrypt_otpauth.py", line 223, in decrypt_account
    archive = archiver.Unarchive(data).top_object()
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/bpylist/archiver.py", line 255, in top_object
    self.unpack_archive_header()
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/bpylist/archiver.py", line 174, in unpack_archive_header
    plist = bplist.parse(self.input)
RuntimeError: invalid header for bplist

Because it's so easy to accidentally delete items in the app (because the edit function is overloaded, and is used for both deletion and inspection activities), backups and exports are really important and are currently not recoverable outside of the app itself.

raifcoonjah commented 3 years ago

I'm also having problems with v2.17.4 (937) on macOS when using 2b71b60. The traceback says:

$ pipenv run python decrypt_otpauth.py decrypt_account --encrypted-otpauth-account ./accounts.otpauthdb 
Password for export file ./accounts.otpauthdb: 
Traceback (most recent call last):
  File "decrypt_otpauth.py", line 324, in <module>
    cli()
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "decrypt_otpauth.py", line 223, in decrypt_account
    archive = archiver.Unarchive(data).top_object()
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/bpylist/archiver.py", line 255, in top_object
    self.unpack_archive_header()
  File "/Users/foo/.local/share/virtualenvs/decrypt-otpauth-files-FMj1ZqW9/lib/python3.7/site-packages/bpylist/archiver.py", line 174, in unpack_archive_header
    plist = bplist.parse(self.input)
RuntimeError: invalid header for bplist

Because it's so easy to accidentally delete items in the app (because the edit function is overloaded, and is used for both deletion and inspection activities), backups and exports are really important and are currently not recoverable outside of the app itself.

I've been able to fix this issue (kinda), I changed the password from 40+ characters to 19 and it seems to be working completely fine now.