10-22-2023, 06:55 PM
(10-22-2023, 12:54 AM)damnusernames Wrote: Did you ever get anywhere with this? My gf’s in a real bind right now. The genius forgot her password, and even though I told her to write it down on a post it and hide it in our apartment a few months ago, what she wrote down isn’t working. I’m so frustrated (her not paying attention while doing things drives me up the wall). I’m not nearly as well versed in this as you; hoping you figured out the process so that I can just copy it :-)
Was just gonna use what she wrote on the post it to generate a ton of similar things. For example moving the words around, changing the word “locked” to “lock”, alternative capitalizations, changing the symbol from ! to . etc.
I’m not even sure where to find her vault to begin. Extract it from a phone backup maybe?
Couldn't crack the password. It was pretty long and complicated and would take too long it seems.
I got the vault by extracting a backup and looking at the app's directory where all its files were. I then used this to extract the hash from the information on the sqlite file: https://github.com/GonnZerg/extractor-de...ecret-key/
However, to use this extractor, it's important that you know or have the Secret Key because on iOS it is obfuscated and I just wrote the extractor to take the value from that field supposing it's already in plain text. There could be a way to retrieve the Secret Key but it's not something I researched since I did have it. So I just replaced the obfuscated Secret Key field with the one I already knew on the database file for the extractor to use.
After you get the hash you can use the module -m 31800 in Hashcat with whatever attack you choose. That part is whole other subject and would recommend going through the FAQs and Wiki first.