Bitwarden module 23400: Salt-iteration length exception
#1
Exclamation 
Hi,


I'm trying to recover my Bitwardens master password.

With tutorials from the internet I was able to get my Bitwarden hash and I still remember some part of the password.

From the Bitwarden data.json I have an iteration count of 1.000.000

Whenever I try to crack my password I get Salt-iteration length exception

Whenever I try my Bitwarden hash with an iteration count of 100.000 it works, but of course it can't crack the password.

The same is for the example hash from 
https://github.com/hashcat/hashcat/blob/...le_23400.c
on line 30

Code:
$bitwarden$2*100000*2*bm9yZXBseUBoYXNoY2F0Lm5ldA==*+v5rHxYydSRUDlan+4pSoiYQwAgEhdmivlb+exQX+fg=

This hash works fine with an iteration of 100.000 but not with 1.000.000 and I unfortunately salted my Bitwarden with 1.000.000.

Is there any suggestion to modify this limitation?

I've already checked this
https://hashcat.net/forum/thread-10116.html
but unfortunately it did not work - could be me because I'm not sure I did it right.

I'm able to understand basic C, but Hashcat code is already a little bit to advanced. I was able to compile it myself but not to debug it myself to trace where the exception is being thrown. 

I'm very grateful for any help.

Thanks in advance!

Tom
Reply
#2
Hashcat has a safety check for if the iteration count is over 999,999, which is where this is failing. I'll likely just remove this check as I don't really see the value in it, can I ask how you managed to get such a high iteration count? Is this something that is changeable in Bitwarden itself or did you change Bitwarden's code to achieve this?
Reply
#3
(04-02-2024, 10:21 PM)penguinkeeper Wrote: Hashcat has a safety check for if the iteration count is over 999,999, which is where this is failing. I'll likely just remove this check as I don't really see the value in it, can I ask how you managed to get such a high iteration count? Is this something that is changeable in Bitwarden itself or did you change Bitwarden's code to achieve this?

It was several years ago that I did setup Bitwarden. I'm using their cloud so I guess I could choose that once I did that setup long time ago. Atleast I have
Code:
"kdfIterations": 1000000
in my data.json I thankfully recovered from my PC.

Thank you very very much, will that change be released on GitHub or is it a quick fix I can do and compile it myself?

Thanks again
Reply
#4
I'll PR it into the github in a little while and reply to the thread but it's unlikely to be pulled in for a while due to some big changes that have been piling up so you will have to compile yourself. Please consult the "BUILD.md" file on github if you have any problems but feel free to ask here if you get stuck
Reply
#5
PR created: https://github.com/hashcat/hashcat/pull/3980

If you want to use it:
1) Go here https://github.com/PenguinKeeper7/hashca...ration-Cap
2) Click "Code" then "Download ZIP"
3) Extract it
4) Use the compile instructions in BUILD.md

Good luck!
Reply
#6
(04-02-2024, 11:36 PM)penguinkeeper Wrote: PR created: https://github.com/hashcat/hashcat/pull/3980

If you want to use it:
1) Go here https://github.com/PenguinKeeper7/hashca...ration-Cap
2) Click "Code" then "Download ZIP"
3) Extract it
4) Use the compile instructions in BUILD.md

Good luck!

Thanks for your help and quick reply. I somehow had those already similarly configured. Unfortunately, I was not able to  get it working. I commented out those two lines

Code:
// lines 170 and 177 in module_23400.c
if (iter1 > 999999) return (PARSER_SALT_ITERATION);
if (iter2 > 999999) return (PARSER_SALT_ITERATION);

I understand that it is important to check users input. For my purpose I commented it out. I have no deep knowledge about either programming or hashcat but I figure this error somehow happens in the input_tokenizer on line 151.

Thank you again. I still need to hack my password, but you helped me to get my hashcat running. Now I'll need to figure out masks and stuff. Hashcat is really nice.

T.
Reply
#7
While running this code in windows - hashcat.exe -m 2500 -a 3 wpa2.hccapx ?d?d?d?d?d?d?d?d
I encounter below problem can u help 
hashcat (v6.2.6) starting

hiprtcCompileProgram is missing from HIPRTC shared library.

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
ADL2_Overdrive_Caps(): -8

ADL2_Overdrive_Caps(): -8

nvmlDeviceGetFanSpeed(): Not Supported

ADL_Overdrive5_FanSpeed_Get(): -100

ADL_Overdrive5_Temperature_Get(): -100

CUDA API (CUDA 12.4)
====================
* Device #1: NVIDIA GeForce GTX 1650, 3298/4095 MB, 14MCU

OpenCL API (OpenCL 3.0 CUDA 12.4.131) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1650, skipped

OpenCL API (OpenCL 2.1 AMD-APP (3584.0)) - Platform #2 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #3: AMD Radeon(TM) Graphics, 6144/12356 MB (5033 MB allocatable), 7MCU

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63

The plugin 2500 is deprecated and was replaced with plugin 22000. For more details, please read: https://hashcat.net/forum/thread-10253.html

Started: Tue Apr 30 12:39:59 2024
Stopped: Tue Apr 30 12:40:04 2024
Reply