openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.33k stars 2.1k forks source link

Support Keplr v2 wallets #5481

Open akirayamaoka32 opened 6 months ago

akirayamaoka32 commented 6 months ago

The files of the latest version of the wallet have been updated and therefore the kерlr2john.py script is inactive. When using it on new files we get the following:

################################################################################# Users found on the database in the format -> username:$kерlr$saltciphertextmac ################################################################################# So the script is outdated and not useful at the moment.

The command to execute was completely correct, hash from “john-samples” I received. python kерlr2john.py “C:\Users\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkkamcknogkgcdfhhbddcghddcghachkejeap”.

solardiz commented 6 months ago

We have this in the script:

print('#################################################################################')
print('Users found on the database in the format -> username:$keplr$salt*ciphertext*mac')
print('#################################################################################')
for user in users:
    print(f'{user[0]}:$keplr${user[1]}*{user[2]}*{user[3]}')

Per your report, I assume the users list ends up empty, so only the heading is printed, but no data?

I disagree the script is "not useful at the moment." Perhaps not useful for you, but I guess there are people with older wallets who need password recovery. So I disagree about "obsoleting" the script, and thus have changed the issue's title to be positive.

We're not currently planning to put further effort into Keplr wallet support, so I expect this issue will just hang here documenting the current script's limitations, or in case a new contributor appears later or someone sponsors the effort. That's fine.

Thank you for reporting this!

claudioandre-br commented 6 months ago

hash from “john-samples” I received.

I'm afraid you need to read some tutorial to help you. The john-samples sample wallet works fine.

I downloaded the zip and extracted it to ./john-samples-main/Keplr_Wallet/.

$ python3 keplr2john.py ../john-samples-main/Keplr_Wallet/
Keplr wallet data extractor

#################################################################################
Users found on the database in the format -> username:$keplr$salt*ciphertext*mac
#################################################################################
john:$keplr$10bca142af812a12ac97619cdc057ef4848421e48154c58a5a6500fcdefbf813*21722449d976b56f8bb01911b7753a40ce1095509032f13b2bcc76ce13f681888d093159685a49b9a0e7a5f660044492c78e9cc3c2a02b752f849e8fd409ce2b471d7fbaeeb07daf10e82611da2742f14cfe213c908276441d054164e3f718438f6dbaf4dd2536dce07c43bc76058fd4fd2e1d5af99a35b9ae36b277927c7f41f5debd1fa50c52c2cbc9a3a57e5ff17f4f630407caecd6b0fc*069bc36e83cd8d9d85cce797b1d2f99e5f235b7619b55e95f155e67d3b0197fd
uttäb:$keplr$8c27d4300d2de3b209541659c17bc38e63345564d49df4b32c6f20c26cb2bfb5*05dd72de944d59f908339addfd8a42c5433043057a95823a779a32052471c0a9a191099ffd478c6801307e2433a9787838c09c09e4b019e02f0cd1f61d9e0dc88765aa819fb6bcc21ba8cdefc29cb7b6a8*d370e6aa94dbfcbc3029cd41146728c7f8ef9c51a0eb4e0c336118e4a6afba99
pepe:$keplr$31aa4c50f62b54b4e4bf0a1f6ff38ef8bcc3902ab309533037e96ff60ecfd4a6*8a3b159e9fd7e104049aca4f432575b5bb95c7e3f6829e1549ca9066ed4fcf0a6ff4eb355923a28a4171af171bc36055a2631f10f35dd0b8a5872a51ca9c2c09e7f4e407ec614d546717e1a03c*8ed6786d2ea66ac9a2f8347b8c84ff7eb250c0d5a9aae616500f24e635a7ada7
$ john -wordlist=john-samples-main/Keplr_Wallet/passwords.txt run/hash.txt 
Using default input encoding: UTF-8
Loaded 3 password hashes with 3 different salts (keplr, Keplr Wallet [scrypt Salsa20/8 128/128 AVX, SHA256 32/64])
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Warning: Only 3 candidates buffered, minimum 8 needed for performance.
password         (john)     
12345678         (pepe)     
pässword         (uttäb)     
3g 0:00:00:00 DONE (2024-05-19 12:41) 3.704g/s 3.704p/s 11.11c/s 11.11C/s 12345678..pässword
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

What I noticed:

python kерlr2john.py “C:\Users\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension

^^^  # User\Users? Where is the wallet saved?

IMO:

solardiz commented 6 months ago

I'm afraid you need to read some tutorial to help you.

I think this is a misunderstanding. We also had other communication from OP via multiple channels, and it appears that they do have some kind of newer wallet that is not yet supported by us. A confirmation of this would be helpful.

The john-samples sample wallet works fine.

Indeed.

solardiz commented 6 months ago

Also tagging @alainesp here, just in case he has comments.

alainesp commented 6 months ago

Also tagging @alainesp here, just in case he has comments.

No useful comments, sorry.

akirayamaoka32 commented 6 months ago

hash from “john-samples” I received.

I'm afraid you need to read some tutorial to help you. The john-samples sample wallet works fine.

I downloaded the zip and extracted it to ./john-samples-main/Keplr_Wallet/.

I know that the files from ./john-samples-main/Keplr_Wallet/ work. I was saying that they won't work with new wallet files. I can provide you with new files to check if you don't believe me.

solardiz commented 6 months ago

@akirayamaoka32 It would be great if you could generate a new empty wallet (that never had any funds in it) and provide us with the files for it, as well as with the known test password. Not because we don't believe, but rather for us to have this recorded as a test case that we can use to test our possible code changes later. Thank you!

akirayamaoka32 commented 6 months ago

@akirayamaoka32 It would be great if you could generate a new empty wallet (that never had any funds in it) and provide us with the files for it, as well as with the known test password. Not because we don't believe, but rather for us to have this recorded as a test case that we can use to test our possible code changes later. Thank you!

test.zip Sure

claudioandre-br commented 6 months ago

Documenting the current script's limitations. Currently it expects something like this:

Record(key=b'keyring/[...]

But, this is what is seen in the test.zip file:

Record(key=b'keyring-v2/[...]

We can give the new wallet a name as v2 and confirm it is not supported.

solardiz commented 6 months ago

I just took a look. They seem to have merged this v2 stuff from the 2.0/develop branch in one go a year ago. And it looks totally different from what they had before, so we'd need a new extractor script (edit: or implementation of v2 in the same script, just not as a minor change) and a new format. Also, it looks a lot weaker than they had before. Was scrypt at 128 MiB. Now:

https://github.com/chainapsis/keplr-wallet/blob/master/packages/background/src/vault/service.ts

  protected static pbkdf2(
    salt: Uint8Array,
    data: Uint8Array
  ): Promise<Uint8Array> {
    return new Promise<Uint8Array>((resolve, reject) => {
      pbkdf2.pbkdf2(data, salt, 4000, 32, "sha256", (err, derivedKey) => {
        if (err) {
          reject(err);
        } else {
          resolve(new Uint8Array(derivedKey));
        }
      });
    });
  }

if I found the right place, which I'm not sure of. If so, v2 can be efficiently crackable on GPUs, unlike v1.

I am not going to proceed further. Just writing this down for later.