Decrypt WebDav vault on mobile fails

[chnoack]

Error description

If I create a new vault on my Mac (either with Chrome extension or with the desktop app) I can sync it vice versa. The vault lies on a WebDav. I cannot open it on my iPad with the app. It connects to the WebDav and sees the vault, but decryption failed. The other way round is the same issue. A vault created on my iPad cannot be decrypted on my desktop. I tried this with GoogleDrive instead of WebDay and encountered the same problem.

After several tests I can narrow it down to the password string. If it contains special characters (like "$"), it won't work. It works if the password is easier.

Devices

• MacBook pro 16", latest Big Sur
• iPad iOS 14.1
• Synoloy NAS DS 216, WebDav Server, SSL with a valid Let's Encrypt certificate
• all devices use a German locale

To reproduce

• Open the ButterCup App on a Mac
• Create a ButterCup vault and sync it to a new vault on a WebDav Server or on GoogleDrive
• use a 16 character password containing numeric and alpha letters, upase and downcase and a "$" sign
• Open the same vault in Chrome and add a login to the vault
• Open the ButterCup App on an iPad and connect to the vault on the WebDav

Experienced Results

• Vault created on iOS cannot be opened (decrypted) on Desktop and vice versa
• Vault created in the desktop app can be opened in Chrome on desktop

Expected Results

Syncing should work in both directions

[perry-mitchell]

Thanks @chnoack - Can you please verify which versions of Buttercup you're using? The password's characters should not matter. Can you verify that it's the master password you're having issues with, and not the WebDAV password?

[chnoack]

Hi Perry,

I’m using the latest version of Buttercup for Firefox and for iPhone/iPad. For sure it’s the master password, not the WebDAV password. I’m using an easier one now and it works perfectly. My former password had 13 letters (mixed upper/lower case), 2 numbers and a $. It contained an „x“.I’m on a German location. Could it be that there is an „x“ and „y“ problem in the iPhone sotware, because the x on a German keyboard sits where the y on an ascii keyboard is.

Best regards,

Christian

— Christian Noack christian.noack@agile-methoden.de

Am 21.11.2020 um 14:24 schrieb Perry Mitchell notifications@github.com:

Thanks @chnoack https://github.com/chnoack - Can you please verify which versions of Buttercup you're using? The password's characters should not matter. Can you verify that it's the master password you're having issues with, and not the WebDAV password?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/buttercup/buttercup-mobile/issues/256#issuecomment-731579155, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAIDYBVPE6A3SGC6TBGWT3SQ65RHANCNFSM4T2NDEOA.

[nickbe]

Same here. Existing version do still work, but when I try to add the archive to my mobile it cannot be decrypted. If there were vault breaking changes here - It means we cannot rely on buttercup anymore. And for whatever reason - this is bad.

[nickbe]

On a second mobile which seems to have an older buttercup iOS client 15.1 - it still works. So the current iOS client if buggy and cannot be used reliably anymore. Please go back to this version on iOS. Whatever the new client invented - it prevents updates on the client side and decryption of newly added vaults.

[perry-mitchell]

I can't reproduce this issue using the most current desktop (1.20.5 on mac) and the most current mobile version (1.16.0 iOS). I made a 16 character long password, alphanumeric, with a $ and it worked fine on Desktop and iOS, alternating which is saving and reading the vault.

What's more, is that I created another vault with an even more complex password to test with: พ่อÄnB3.$012 <>磨 - This also didn't fail, and I was able to save/read/update on all systems.

I tested everything using Yandex's WebDAV as I have a throwaway account there. I doubt it's provider specific as webdav is only the transport protocol - encryption and decryption happens on device, regardless of which transport got it there.

[perry-mitchell]

@chnoack Had you changed your password during this process or created new vaults? If it's a password change, I wonder if it could be related to #229 where caching is causing old vaults to be loaded. If a vault with a previous password was returned, due to caching, and you tried a newer password - it's possible that this could be the issue for failing to unlock a vault.

[simonneutert]

Hi there, we have the same issues all Apple Devices run the newest software and buttercup ist updated, too. Navigating on the WebDav is possible, but it then fails unlocking.

"Failed decrypting content."

I will provide more info if you tell me what you need 😎

[simonneutert]

moved the vault to dropbox, to at least have it working again. dropbox suffers now from: failed decrypting content 😭

[glombek]

I'm seeing the same issue.

I'm running on Windows desktop v2.9.1 (Core v6) and iOS at v1.16.0. I noticed the iOS version seems to be using v5 Core - are these incompatible? I didn't see anywhere stating this may be the case?

The vault works fine on desktop or in Chrome.

[perry-mitchell]

This was most likely due to a crypto bug, fixed in 2.0.1. It was prevalent on mobile for > 4/5 years I suspect 😩

[perry-mitchell]

Closing this for now. I'll reopen if the issue remains.