03-20-2023, 06:42 AM
I was also going through the last AES in 1Password's process after getting the AUK to better understand what the hash needed really is and which “data” is needed actually needs. I’m now thinking that the “data” is not the one I found in the “enc_sym_key” part of the keyset by itself but rather a combination of the b’opdata01’ header, iv, data?
I see that the header is not present because the error presents itself inside the if statement. So maybe I could concatenate them like this? ciphertext = b’opdata01’ + iv + data? I was reading that I would need to append the Authentication Tag to the end of the ciphertext but the data I already have would already contain the Authentication
Tag, I would think.
I ran 1password2john using that as one of the fields that it gets from the sqlite table and and I finally got an output without errors. Based on the 1password2john.py source code it's structured like this (without the line breaks):
I was excited to get this output and tried running it with john but it wasn't working and it seems it doesn't recognize the hash using hashid.
So I'm going to finally try Hashcat now that I have something that looks like a real hash that just need some restructuring to match the example hash for agilekeychain or cloudkeychain. I've yet to download the right driver for my GPU but I hope it works.
I see that the header is not present because the error presents itself inside the if statement. So maybe I could concatenate them like this? ciphertext = b’opdata01’ + iv + data? I was reading that I would need to append the Authentication Tag to the end of the ciphertext but the data I already have would already contain the Authentication
Tag, I would think.
I ran 1password2john using that as one of the fields that it gets from the sqlite table and and I finally got an output without errors. Based on the 1password2john.py source code it's structured like this (without the line breaks):
Code:
$cloudkeychain
$16 (SALT LENGTH)
$SALT
$650000 (ITERATIONS)
$193 (MASTER KEY LENGTH)
$MASTER_KEY
$2558457051679353615 (PLAIN TEXT LENGTH...)
$16
$IV
$129
$CRYPTEXT
$32
$EXPECTED_HMAC
$161
$HMAC_D_DATAI was excited to get this output and tried running it with john but it wasn't working and it seems it doesn't recognize the hash using hashid.
So I'm going to finally try Hashcat now that I have something that looks like a real hash that just need some restructuring to match the example hash for agilekeychain or cloudkeychain. I've yet to download the right driver for my GPU but I hope it works.