search

securefolderfs-community / SecureFolderFS

Powerful, secure, modern way to keep your files protected.
MIT License
181 stars 14 forks source link

I forgot the password any way to recover? 🥲 I have my personal family PICS in it. #55

Open uuc110 opened 1 year ago

uuc110 commented 1 year ago

Description

I forgot my password and I don't know what is it

To Reproduce

just forgot the password

Evidence

No response

App Version

0.4.0.0

OS Version

Win 11 PRO

Diagnostic information

No response

d2dyno1 commented 1 year ago

SecureFolderFS is designed to put the encryption keys in users' hands. In other words, there's no central entity to manage the encryption keys which would create distrust among the users. Your best bet in this situation would be to guess or brute-force the password.

uuc110 commented 1 year ago

SecureFolderFS is designed to put the encryption keys in users' hands. In other words, there's no central entity to manage the encryption keys which would create distrust among the users. Your best bet in this situation would be to guess or brute-force the password.

I do have some GPT custom created list of password which might be possibe combination? is there any way to try that on SecureFolderFS? like using bruteforce automation

d2dyno1 commented 1 year ago

There are probably UI tools available that'd help automate the copying and pasting process, though I'm not aware of any. However, if you're familiar with coding, this is the place where the encryption key is derived. (If the method .UnwrapKey() throws, it means that the password was incorrect)

uuc110 commented 1 year ago

There are probably UI tools available that'd help automate the copying and pasting process, though I'm not aware of any. However, if you're familiar with coding, this is the place where the encryption key is derived. (If the method .UnwrapKey() throws, it means that the password was incorrect)

Oh that's totally great, hey do you think I can reverse engineer this? 😬like Going thought code and other process since after encrypting it give use c_encryptionKey, c_macKey, salt and this too hmacsha256mac, using this can I do this? or is it impossible?

and I asked GPT it said I need something nonce and tag?? does SecurefolderFS encryption follow that process ?

d2dyno1 commented 1 year ago

This is roughly the process that SFFS uses:

keystore = ReadDataFromFile("keystore.cfg");
kek = Argon2id.Derive(pass: password, salt: keystore.salt);

encKey = Rfc3394.Unwrap(key: kek, wrapped: keystore.c_encryptionKey);
macKey = Rfc3394.Unwrap(key: kek, wrapped: keystore.c_macKey);

Also, my friend has put together a simple console app that is a fork of this repo to help you with just that https://github.com/securefolderfs-community/SecureFolderFS/compare/master...taj-ny:SecureFolderFS:bruteforce

You can clone their fork and build the project :)

uuc110 commented 1 year ago

image here is for your better understanding

d2dyno1 commented 1 year ago

Do you have .NET 7.0 runtime installed? Or alternatively, you can try clearing nuget cache or clear the file found in %appdata%\NuGet\NuGet.Config

uuc110 commented 1 year ago

Do you have .NET 7.0 runtime installed? Or alternatively, you can try clearing nuget cache or clear the file found in %appdata%\NuGet\NuGet.Config

yea I have latest 7.0.4. though it wasn't installed, When I installed Jetbrain raider. I got 7.0.309 Version. and it wasn't detecting i guess. so I installed Manually 7.0.4 but still it was shoing same error.

and yea lemme try that.

uuc110 commented 1 year ago

yea I did. Nothing changed still same error, I asked chatGPT it says, "net7.0" is invalid way of writing framwork thing, can you check on your end by builing the brutforce fork repo

d2dyno1 commented 1 year ago

Did you clone recursively? Verify that folders inside the lib folder are not empty. But if you can't find the problem, I can send you pre-built binaries if you want 🙂

uuc110 commented 1 year ago

Sure do that, Coz yea my lib was empty. so I reclone the repo. But I'm still getting same issue. image

this is my Dot net info image

uuc110 commented 1 year ago

Can hou send me direct build release for brutforce? Please, seems I'm not able to do it

d2dyno1 commented 1 year ago

Sure! @uuc110

SecureFolderFS-bruteforce.zip

uuc110 commented 1 year ago

Thanks dude🙇🙏 I really appreciate your help. i gussed more than 500+ passwords still no reach. Seems I have to crack it, rather then guess it. by the way if there is a possible way to forgot password, by editing code or bypassing it. lemme know

uuc110 commented 1 year ago

as I said I have to crack it, can you tell me if I can know nonces ? it is require to decode it

d2dyno1 commented 1 year ago

I don't have any 'nonces' nor are there any backdoors to avoid the encryption

uuc110 commented 5 months ago

I don't have any 'nonces' nor are there any backdoors to avoid the encryption

Hey hi dude, I was trying to tinker with brutforcer, so was thinking does it support parallel Bruteforcing, or can i do something like that, like using rules and other stuff which we use in general for password cracking techniques