hashcat Forum
Viivo to hashcat - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Viivo to hashcat (/thread-9338.html)



Viivo to hashcat - Sondero - 06-25-2020

Hello,
i have to crack some *.viivo files from a onedrive image.

My research say it will be an AES256 encryption, but i dont know at what offset i can find the hash, or how it would be possible to extract it.

Do someone have an idea?
-are i‘m right, thatif i got the hash, i can crack it with hashcat mode AES256?


RE: Viivo to hashcat - philsmd - 06-25-2020

AES is not a hashing algorithm.
it's an encryption algorithm, a cipher.
Completely different things.

encryption is reversible... you still need to know a key

normally, you do not directly use a password for encryption algorithms (because of fixed key size etc)... most of the time there is a heavy key derivation function (KDF) in between the password and the key.
also there must be something to check if the password was correct... i.e. a decrypted data verification step.

That means that AES decryption is not directly possible with hashcat... because it's not a HASH... it's just a cipher that encrypts and decrypts data with a fixed length key size (and the keys most of the time are or look random, e.g. because determined with a KDF from a password, could have many iterations, salts etc).


RE: Viivo to hashcat - Sondero - 06-25-2020

(06-25-2020, 08:35 PM)philsmd Wrote: AES is not a hashing algorithm.
it's an encryption algorithm, a cipher.
Completely different things.

encryption is reversible... you still need to know a key

normally, you do not directly use a password for encryption algorithms (because of fixed key size etc)... most of the time there is a heavy key derivation function (KDF) in between the password and the key.
also there must be something to check if the password was correct... i.e. a decrypted data verification step.

That means that AES decryption is not directly possible with hashcat... because it's not a HASH... it's just a cipher that encrypts and decrypts data with a fixed length key size (and the keys most of the time are or look random, e.g. because determined with a KDF from a password, could have many iterations, salts etc).

Thanks for your detailed answer.
Do you know a Programm which can decrypt viivo files?

I also have passware, but it also wouödnt support viivo Undecided


RE: Viivo to hashcat - philsmd - 06-25-2020

I'm not aware of any such tool. I didn't even hear about .viivo files before.

There are for sure multiple pages that talk about PBKDF2-HMAC-SHA1 for the key derivation, see https://fileinfo.com/extension/viivo , https://web.archive.org/web/20191130170625/http://www.viivo.com/how-our-security-works


I don't think it's an open source tool and also on github you kind of find no cracking tool or other tool (maybe because it was already deprecated years ago, in 2017).

Without the algorithm details and file format details and key derivation details etc.. you can't do much.

What you could do is if you know the password is probably within a dictionary file or similar... write a simple script that just automates the decryption by automatically trying to open the file repeatedly with the different passwords from a password list: something like a AutoHotkey script or similar (you could also do it with a python script, for instance, but my guess is that AutoHotkey is the easiest one to get started, because you can simulate all the clicks and "typing" etc).
Of course this is not an ideal solution and won't work if the password is not present within a dictionary file or is really random etc...
without the exact algorithm details and code that shows how to decrypt and verify the data, it's not possible to implement anything here.

I would recommend that you first try to understand how feasible (and important) this is and how much you know about the password etc. Form the tools that are available on the internet, it doesn't look quite widely used (not even in the past ?), nor does it seem that there is any alternative software that can deal with those files (maybe exactly because it's proprietary format and without any open source code)