03-18-2023, 10:52 PM
I just found the format for the 1password.agilekeychain and 1password.cloudkeychain. Though I'm not sure if or how the information I currently have can be converted to this format.
The cloudkeychain one seems to be more similar based on to the amount of data I have. But I'm not sure how each of the pieces translates. Would it be something like this?
I hope this doesn't sound too silly.
I also have a question regarding the data I have. As I mentioned in my original post, I did manage to decrypt the enc_sym_key. I also decrypted enc_pri_key and enc_sign_key. However, I couldn't find the actual AUK (or MUK). I read that this information is in the accounts but I can't seem to decrypt any further information outside of those first three.
So my question would be, are the agilekeychain or cloudkeychain hashes formed with the information I already have or do I have to further decrypt the information in my database to be able to do that?
First keyset
The "enc_sym_key" did reveal this:
The "enc_pri_key" this:
And "enc_sign_key" this:
Accounts table
The still encrypted information in the accounts table has an "enc_srp_x":
And "enc_local_validation_key":
Which I don't know if I still need to do something with them to create a hash.
Thank you for reading me!
The hashes (file downloads):
https://hashcat.net/misc/example_hashes/...lekeychain
https://hashcat.net/misc/example_hashes/...udkeychain
The cloudkeychain one seems to be more similar based on to the amount of data I have. But I'm not sure how each of the pieces translates. Would it be something like this?
Code:
hkdf_salt:hkdf_secret_key:num_iterations:dataI hope this doesn't sound too silly.
I also have a question regarding the data I have. As I mentioned in my original post, I did manage to decrypt the enc_sym_key. I also decrypted enc_pri_key and enc_sign_key. However, I couldn't find the actual AUK (or MUK). I read that this information is in the accounts but I can't seem to decrypt any further information outside of those first three.
So my question would be, are the agilekeychain or cloudkeychain hashes formed with the information I already have or do I have to further decrypt the information in my database to be able to do that?
First keyset
The "enc_sym_key" did reveal this:
Code:
{
"alg": "A256GCM",
"ext": true,
"k": "",
"key_ops": [
"decrypt",
"encrypt"
],
"kty": "oct",
"kid": "same-kid"
}The "enc_pri_key" this:
Code:
{
"alg": "RSA-OAEP",
"d": "",
"dp": "",
"dq": "",
"e": "AQAB",
"ext": true,
"key_ops": [
"decrypt"
],
"kty": "RSA",
"n": "",
"p": "",
"q": "",
"qi": "",
"kid": "same-kid"
}And "enc_sign_key" this:
Code:
{
"crv": "P-256",
"d": "",
"ext": true,
"key_ops": [
"sign"
],
"kty": "EC",
"x": "",
"y": "",
"kid": "same-kid"
}Accounts table
The still encrypted information in the accounts table has an "enc_srp_x":
Code:
"enc_srp_x": {
"cty": "b5+jwk+json",
"kid": "srpxkey",
"enc": "A256GCM",
"iv": "",
"data": ""
}And "enc_local_validation_key":
Code:
"enc_local_validation_key": {
"cty": "b5+jwk+json",
"kid": "core-setting-authkey-wrapper",
"enc": "A256GCM",
"iv": "",
"data": ""
}Which I don't know if I still need to do something with them to create a hash.
Thank you for reading me!
The hashes (file downloads):
https://hashcat.net/misc/example_hashes/...lekeychain
https://hashcat.net/misc/example_hashes/...udkeychain