Closed chemputer closed 2 years ago
Thanks for reporting this. It looks like each attachment has it's own Protected Symmetric Key, and BitwardenDecrypt is trying to decrypt it with the primary encryption key that's used for all other vault items. This fails, is not handled gracefully and the script aborts.
Commit https://github.com/GurpreetKang/BitwardenDecrypt/commit/35593444c6497c46b536694b223f1a1576ebc2ef does not resolve the underlying issue (won't decrypt attachments/keys) but will no longer abort when it encounters them so BitwardenDecrypt can still be used to decrypt a backup data.json (though without attachments/keys).
Commit https://github.com/GurpreetKang/BitwardenDecrypt/commit/4e95002a592b9c36f90d55def3a83b22c1a67b2b will decrypt the attachment/key value as a hex string.
Closed with Version 1.4.
This is an issue filed after going back and forth with GurpreetKang on Reddit a few times, and just documenting the issue and what we went through and discovered in the process.
With the (as of writing) currently available version, v1.3, setup with Python 3.9.7 (also tried it with 3.10 and 3.8), in a venv created specifically for this, after running
pip install -r requirements.txt
, then running the program in PowerShell or CMD with the venv active (to rule out any other installed packages or dependencies), it gives the following error:Now, 0xa0 is a "non-returning space". I don't think this is relevant as even switching it to a different attachment by reordering the data.json file, regardless of what you do it still causes issues with various bytes that it considers invalid start bytes.
I made a minor modification to the code to print out the cleartext variable in the decryptCipherString function, to see what the last item was before it errored out, and it turned out to be the first instance of an attachment's key. GurpreetKang then sent me a couple of versions to do some debugging with, and every instance of an attachments key was failing to decrypt. This indicates that it is almost certainly encrypted in a different way to the rest of the file.