1Password - AgileBits
#1
A friend on mine has forgot his master password for his 1Password App on his iPhone( it's jailbroken) and asked if i could recover it, is it possible yet? I know it uses PBKDF2-HMAC-SHA1, is there anything out there to help recover it.
#2
Actually, this algo. is already implemented in oclHashcat, because it's needed for WPA/WPA2. But it's not available for stand-alone use. Maybe, if you could tell us some input parameters, such as number of iterations, and if it would use more than one user, let's say dozen of user, then I'm pretty sure atom would add it.
#3
I'd also very, very much like to see *Hashcat* support PBKDF2(HMAC-xxx, passphrase, salt, iterations, outputLengthInBits) for at least SHA-1, and preferably the entire SHA-1, SHA-2, and SHA-3 families. This is one of the major recommendations for modern web sites - I'm sure a version that takes so many input parameters (iterations and output length in addition to the usual passphrase and salt, for each HMAC type) won't be as optimized as purpose-built versions, but it should still be far faster than almost any alternate currently available!


For 1Password, however, I suspect that PBKDF2 is used in the traditional sense, to generate a symmetric encryption key that's used to encrypt and decrypt the data. The hashcat family has never supported the encryption steps at the end. In this case, perhaps John the Ripper 1.7.9 jumbo-8 (currently in development - your friend can try compiling from the unstable branch) is or will be a tool more appropriate to the target.
#4
Yes, JtR already supports PBKDF2-HMAC-SHA512. Be able to crack these hashes with oclHashcat would be amazing !
#5
PBKDF2-HMAC-SHA512 does not sound like fun Smile
#6
Hi, I download and complied the unstable-magum jumbo-8 and the openwall sample agile keychains file.

I am just scratching the surface with all this stuff, Please forgive any BS i type out, just looking for some pointers.

I don't want to get balls deep in all this as i said, I just want to try and recover his master password that's all.
He has a fair idea what it could have be, so i can build a wordlist on his ideas.

Benchmarking the agilekeychain format, is opencl possible? will need to read more....

./john -test -fo=agilekeychain
Benchmarking: 1Password Agile Keychain PBKDF2-HMAC-SHA-1 AES [32/32]... DONE
Raw: 1062 c/s real, 1062 c/s virtual

Extracting hash from openwall sample keychain. I saved this out to file named openwall-sample.txt

root@bt:~/tmp/jtr/run# ./agilekc2john.py openwall.agilekeychain
openwall.agilekeychain:$agilekeychain$2*1000*8*7146eaa1cca395e5*1040*e7eb81496717d35f12b83024bb055dec00ea82843886cbb8d0d77302a85d89b1d2c0b5b8275dca44c168cba310344be6eea3a79d559d0846a9501f4a012d32b655047673ef66215fc2eb4e944a9856130ee7cd44523017bbbe2957e6a81d1fd128434e7b83b49b8a014a3e413a1d76b109746468070f03f19d361a21c712ef88e05b04f8359f6dd96c1c4487ea2c9df22ea9029e9bc8406d37850a5ead03062283a42218c134d05ba40cddfe46799c931291ec238ee4c11dc71d2.........
//SNIP//


I do not know the sample password, there is no README inside openwall sample zip file. *sigh*


root@bt:~/tmp/jtr/run# ./john --format=agilekeychain --wordlist=/media/disk/Backtrack/pass/uniq.txt openwall-sample.txt
Loaded 1 password hash (1Password Agile Keychain PBKDF2-HMAC-SHA-1 AES [32/32])
guesses: 0 time: 0:00:00:04 0.00% c/s: 1049 trying: !0906!
guesses: 0 time: 0:00:00:06 0.00% c/s: 1053 trying: !612338
guesses: 0 time: 0:00:00:07 0.00% c/s: 1054 trying: !@#$%^&*adg
guesses: 0 time: 0:00:00:08 0.00% c/s: 1055 trying: !@#$%^&irish
guesses: 0 time: 0:00:00:09 0.00% c/s: 1055 trying: !@#$%^spring
guesses: 0 time: 0:00:00:10 0.00% c/s: 1054 trying: !@#abc&*()
Session aborted


Done, So i can now make attempts, aleast.

But.. yep the dreaded BUT..... When i try to extract the hash from my friends keychain i get an error i don't understand.

root@bt:~/tmp/jtr/run# ./agilekc2john.py jetstream.agilekeychain
error while opening the keychain, Incorrect padding

The openwall sample uses 1000 iterations but my keychain uses 91743 iterations and I believe these are random.

Sorry if its not he place to discuss jtr software, just tell me and i'll feck off ;-)
#7
Figured out how to build OpenCL and for what its worth the agilekeychain supports OpenCL in JTR.

Benchmark

./john -t=60 --format=agilekeychain-opencl
OpenCL platform 0: AMD Accelerated Parallel Processing, 2 device(s).
Device 0: Juniper (AMD Radeon HD 6700 Series)
Local worksize (LWS) 64, Global worksize (GWS) 9216
Benchmarking: 1Password Agile Keychain PBKDF2-HMAC-SHA-1 AES [OpenCL]... DONE
Raw: 64047 c/s real, 131326 c/s virtual
#8
Ok i download and installed the Windows Version 1Password and created a master password call 'password' ironically.

I can extract the hash from and the keychain and JTR finds the master password.

It seems the iPhone app or more generically the mobile version of 1Pasword maybe of a slightly different than it's desktop cousin, back to the drawing board for now.

./agilekc2john.py 1Password.agilekeychain > myagilehash.txt

----------------------------------------------------------------------

./john --format=agilekeychain-opencl --wordlist=password.lst myagilehash.txt
OpenCL platform 0: AMD Accelerated Parallel Processing, 2 device(s).
Device 0: Juniper (AMD Radeon HD 6700 Series)
Local worksize (LWS) 64, Global worksize (GWS) 9216
Loaded 1 password hash (1Password Agile Keychain PBKDF2-HMAC-SHA-1 AES [OpenCL])
password (1Password.agilekeychain)
guesses: 1 time: 0:00:00:00 DONE (Tue Apr 2 23:05:11 2013) c/s: 8646 trying: 123456 - sss




Code:
$agilekeychain$2*10000*8*abdcd67f777f98b4*1040*c42f4110b8b1e0b0dc10aab5801d524ef0ce36cb8d99aec0c6fdb3906ba104b249a2b7f4b9e9177542c3648f7d9467e046046705a072c0bb41a96ac55c12a6060e0c3cfeab52493b7cff5e3b3a164ef01bdfc0a6de23626cd04b32650a2968942802217334c8ef073180ad29fe214d06ff83e6dea62d2b2e2bef8ab5109de00bb34832497c987f3731df688256fb5d2517e0621736bc5b4503381fa7a8e42eab8e26412b502c4372e2b21a26acf8004cd4d298d03956820771fe3f92fef64f080292fb146b8c8d0f933695e2afccc4191528baf11290969b7c4fae050e8f11e4bc4fb42b17338d49d591063d9032eef6538a1e22d9141d0d2a4a6c2e91b44ab0e893e6d98970b4d9738730da3e6e67763570871465b524c8941798385249ebec7994f31d80299950ac21cc181598376a6a4f2f372253d1b77338ebd76ce71805b5a1c2dae41aedcf58a8831eb162417691c0ad907631a1b2e8536ee8438016d08b6bb03046106b7f552d6ea4781ed05f503060576e60f4da6ca323a284e78999bd3141c25bb2c4c91618ecd2fb107aefb45750319ef80e20cf9e6fa1c60f641b39f462de2725cc6340638ad6b7a851dbe9d183644248cd51bf7c340c7a60a2cc854aa0a3b1a9f5a4c4efc9b561519e711d5d3a04138d0bd87d0f08c7a92fec0a9984903ee50bc5ec6c99f3935562ba7bd81d3aeaafe4abbbead340348cb11918af801080b40e539f9506cbcff7750c0e0d3489d21e7d756b65c434590ed7725943836c2b16d2159a1b93151eedda4e6e177b858a215f765251e7beec5c14f622204582c762c2ab989373b286e376b1531644054f3125799f5e64b548d5f339f06e0384330d2f588cacea8154c40aac98e44411fbaa53fa4f3b65bf0ebca327545a9a9fd7b9b1d678639742849b87bedabfea13a0ef4ab29dfdc80b509e15a13cf7e4fdce2f68d9d8135d3b64e52c9c186de8dfd1deaee945bc963a88d6a0997bc2989d1eb6366a6994c77897839b7894feb506bc69ecd6e4acc9b67565cb57ee9ccccf713b7029115357a0e4fd89aac9af2a8cf0873dee9feaa5deafe5d5adecb4226d6a46f69938407ac8eb84f8f0571af42a77252bd5ca3899b53df267874ff3629d06025b581cb94d966a82c5cc8712c11274e8113507229ee77543fae5f4bd34c3d051e3e00e752bf29000d63886d64e02ecb4a8d64f605edda45dcc21c7c51bc6edf4aad4c07f34f61d157ef82c85e4f2bb0943ecd1b0f4d6ea8508037afc6bd5589b19e3087d8a3e91e485ee84d5afeb72bc34f812eede57857d019cc7815c7ad850c8f13eaa9b413ffe504948d519ae682a0b38290b042406c2268b6852fb0fd30426b1d3a129525cf01314ecffcc1029b4ea59b8d93b04f0daa2c274e97a56a7840754e34ca1a52591f1b41b9b6b84547093b5c68c3232296a7838b776031a836189c06ad768964ffca65a41*10000*8*86c1647dcf8d0696*1040*7b1c589035a322690bc7b83c1864b01ec4e792164af78d5c850a64d537383a4cabc91699a5e40d1a2535de3359efdd298fcd1dd83f5a4a34e50451b6552b239513d5bf2aadb7d6b9c4222d47c20eeece06df9f7680b65b217daae38daf7da2f6b9a8de792452eb101bc4ec19cb8657ca1dcad88b012f47fd15359c3323c37c27e056c560a8ab4a63e882e3bcad307e2a67f7be657c930ca7587f8e8c9020490544d940c3263a36ebf7a3e74febd5aad94ac3b81bbfe0a4deb7440775ef328a8cdf2fe09218771c1b960ba6ad61f001d88a99076043cb93a2ef111f1372609c1332368242b07b032a4c8bcb0e89fc42043c1d4b194a0426480dc1e6fe3adfcf96c049ef1766a62290064c50355dd7ef72d969be329a0d2ddc6325c8d163c455c054e24750dc5af41a867764d26133415d86ea6d712e0c1bf95ecb2125d87da720f8490505c2dbd4e262ec85c0f8349129f9bb5297be3e1bac53a6b21c85f2afbd2caa7103e9ed12dc4e9e6c24868fcf58dbd151a39eaa39f319197b0637435d0b5960fbf94b539ae09000ad6b03c6813c52c76e2e33c3236ee99957c03d17d534504bc77b32731dbbcca15eccc49d0f45daf8bd4a2c8264589070543206a070085cc21249e62debc4b3c74a36b9d82f16e026d7c93b504cd72378db489b0eaf60fe23442e71204a868a1a231497586c8d9221ca3a4c9e1c5ff6ebc90b93a58f67cbe902fb72ee8b9fc10c94bc1ebe834979691049f553b1ee58cdc801aac251c7f66363229135f2ff082f151ac50f2e3e09f1ad633e3d5c93f3e2e70d95c57d1afd00eb147a05e4ce76ba1e8548f89d8e796bff237f28cbcf8dfbd2b4c31fc65cf5ae8f7391de8e0fc8f2268fb1e89a30f8fd2309689805aa9af79cc3160c248de41cfa67e484807c6908a1ae28c635d53f074fb37b6739cc2fedcde3a055d90f6f1636e5fa3188120b80bbdb8b7b780745cbf6521521a98786a195459c63d68a713c440948d0dcee2c9b3cda66c9da4daedce8dde009f4e967a2c297c98bc4e929ec3bc8ba6532debf50e71eb056461f5d01d0fcda37054e753c13453a9e8e703ba62295245ca2962dc410595551b57cae3c416c052c0734a4845e3fa288849533f9d7d87fd651679dddb0852dad2d4858db414d8fe08b7068b1520f1acb4d575a2630db82bd375b9e08236e7501943c41fb339fac086e8044bedede8e770bd4976d0765c95e7eb71e725f568f227051832a7e67c9bbac83cbaab654da5579f9d3d34c83299a11f428951d2cb47c65d6c58de6722a63c790a1e5bae2319680d8807e9903a821ea69032b996bffed4beaa3fcbb7020838e796772d4b39153828b5b0df6073b79184a7bbb22a924c0d075baca585e6784f7a5ba88b1ce5c2af09a772afb6ecfafd8fc5f581b7867b5063bd98a45870507d0271beda3c479ecce16651aa0c81e9a5c19141dff68846fbaec:password

--------------------------------------------------------------

Edit...

Here are the encrypted keychains for Windows and iPhone Version master password, as you can see they are different, well in a way the key is stored in file.

Windows 1Password

http://pastebin.com/id2tDXLv

iPhone 1Password (Latest Version 4.1.2)

http://pastebin.com/YKcATm1N
#9
Latest JtR-jumbo supports "Cloud Keychain" files (I just added support for it and the speeds are simply awesome!).

Also, a bug in parsing of "Agile Keychain" format has been fixed.

And the password for openwall.keychain is "openwall" Wink
#10
I've added PBKDF2-HMAC-SHA512 for a different algorithm. If you add a request for 1Password Agile Keychain to Trac I might add it.