02-10-2017, 07:52 PM
Thank you so much for the replies! I did some searching around and found info. about the tools mentioned, did a little reading about their use. I got a little hung up on how to get the data out of my sqlite file, but I believe I have it now. I have no 'encryptionKeys.js' file, so I'm not sure that the script in the project '1password_agilekeychain_to_hashcat' applies to my use case. I believe this is 1Password 6, but in one of the places I looked, it said 1Password 4. I found agilekc2john.py and installed Python, but so far I'm having trouble deducing its syntax, and it looks like it needs an encryptionKeys.js as well. Is the encryptionKeys.js in my sqlite db, and I have to know what to extract to get it? Or does this version of 1Password just not have one? Is there a guide for using these scripts anywhere that I just haven't seen?
Also, is there a way I can determine if my sqlite dump is in the right format? Or determine for sure which format I have? I am inexpert at sqlite as well as at hashcat. Unfortunately my employer has had me working 100+ hour weeks, hence my rush to back up the password database on my phone and getting into this mess in the first place, and not having a lot of time to dedicate to getting this password, though I do sorely need it.
There is a section in the dump from the sqlite database file that reads as follows:
('EncryptedMasterKey','<<___Long_String_of_Garble_--_3_Lines_Or_So___>>');
Is the long string of garble my master password, encrypted? Or whatever 1Password uses to verify the master password was typed in right? Is there a way I can just drop that, or some other part of this sqlite dump in a file and create rules for hashcat to go to work on it? My password is pretty strong, but I use a pattern that has enough predictability to it that I think I could write a program or probably just a bash script that would produce a 50,000 or so word list that would be 99% likely to get it. I don't know any single character in the password, but it's one of several patters I use, and each has a way for me to create a lengthy wordlist I could use to crack it fairly quickly. I might not even need a GPU given what I know, if I can just get the right information out of this file. Several of the passwords in that vault though, are over 20 characters long and highly random. Unfortunately, they're also the ones I need most.
And I don't know if it's possible to hire someone to do this for me, since I'm really low on time and free cycles. The big companies I emailed and called all work for LEO-only. It'd be hard for any individual to be sure they're not doing something terrible, and I don't know how to offer to verify my identity in a way that can be verified before the cracking is done. Any suggestions along those lines are appreciated.
I also do have a backup of a phone with the app installed, if that makes getting in any easier. I'm not sure how to go about finding the app's files in the backup of the phone though.
Thanks again for your help with this.
Also, is there a way I can determine if my sqlite dump is in the right format? Or determine for sure which format I have? I am inexpert at sqlite as well as at hashcat. Unfortunately my employer has had me working 100+ hour weeks, hence my rush to back up the password database on my phone and getting into this mess in the first place, and not having a lot of time to dedicate to getting this password, though I do sorely need it.
There is a section in the dump from the sqlite database file that reads as follows:
('EncryptedMasterKey','<<___Long_String_of_Garble_--_3_Lines_Or_So___>>');
Is the long string of garble my master password, encrypted? Or whatever 1Password uses to verify the master password was typed in right? Is there a way I can just drop that, or some other part of this sqlite dump in a file and create rules for hashcat to go to work on it? My password is pretty strong, but I use a pattern that has enough predictability to it that I think I could write a program or probably just a bash script that would produce a 50,000 or so word list that would be 99% likely to get it. I don't know any single character in the password, but it's one of several patters I use, and each has a way for me to create a lengthy wordlist I could use to crack it fairly quickly. I might not even need a GPU given what I know, if I can just get the right information out of this file. Several of the passwords in that vault though, are over 20 characters long and highly random. Unfortunately, they're also the ones I need most.
And I don't know if it's possible to hire someone to do this for me, since I'm really low on time and free cycles. The big companies I emailed and called all work for LEO-only. It'd be hard for any individual to be sure they're not doing something terrible, and I don't know how to offer to verify my identity in a way that can be verified before the cracking is done. Any suggestions along those lines are appreciated.
I also do have a backup of a phone with the app installed, if that makes getting in any easier. I'm not sure how to go about finding the app's files in the backup of the phone though.
Thanks again for your help with this.