New to forum and hashcat, and in a hurry to crack a file.
#1
Hi guys, I've been an occasional lurker for years, though I haven't actually run a cracker since the L0phtcrack days. I still have a fascination with crypto and purpose-built rigs.  I'm a frequent listener to "Security Now!", which I think makes me a bit better informed than an average layperson when it comes to password cracking.

Very recently recently, through an unfortunate turn of events, I lost the master password to my 1Password file. The file had A LOT of passwords in it, a few of which were important, all but a few of those which were resettable. I'm working through resetting them all and while I do I'd like to determine if I can attempt to crack and/or speed up guessing this master password, or if I need to look into hiring this out. I'm not sure though, even if I can learn the techniques and acquire the hardware, that hashcat can do it.  I have a few questions toward that end:

1.) Does hashcat crack the master password on a 1Password file, or just all the contained passswords? Or both? Can I target the master?

2.) The 1Password database is the latest, (downloaded 1/29/1017) online-enabled version. Whether I select cloudkeychain or agilekeychain, I get "No hashes loaded". Does hashcat work on the latest and greatest 1Password files?

Just my initial few tries have resulted in failure to locate any hashes, but it's taking enough time that I thought I'd at least ask if I'm wasting my time. Two of the passwords I need out of this file are twenty-odd characters long and highly random, so cracking those on the target systems is not likely anytime soon. 

3.) Also, if hashcat is incompatible with this file, I remember enough about the master password to the file that I can generate a word list that will only be a few tens of thousands of words, maybe a couple hundred words at most that I'm 95% sure will get in fairly quickly, so I thought I might generate that wordlist, and then write a program that just tries to log in to the app all day, logging its progress so I know what worked. Does anybody here have experience with that kind of approach?

Any assistance with this is greatly appreciated.  I'm also interested in finding out if there are any resources I can turn to to farm this work out.  I can allocate a little budget for the work, but I know from asking a couple that the companies that do this work for law enforcement and government are unlikely to take the work, or even be very interested in taking my calls about it, though all have been very polite about it.

That's about it for my problem description.  Thanks for amassing such a tremendous amount of information on this subject! This forum is really a great resource!
#2
Example "hashes" can be found here: https://hashcat.net/wiki/doku.php?id=example_hashes
The input that you provide to hashcat ("the hashes") should look very similar to the example hashes.

Specifically for agilekeychain, you first need to extract the information, e.g. with this tool: https://github.com/philsmd/1password_agi...to_hashcat (I'm not sure if this tool is still up-to-date).
You can't just input the database or anything else, you need to feed hashcat with the "hashes".
#3
hi!
and welcome i guess

u should try agilekc2john.py and crack it with hashcat with -m 6600 , with a mask attack, if u know most of the letters.

Usage:

1. Run agilekc2john.py on 1Password Agile Keychain files.
2. Run hashcat on output of agilekc2john.py


update 1

or use philsmd script
Tongue
#4
Thank you so much for the replies! I did some searching around and found info. about the tools mentioned, did a little reading about their use. I got a little hung up on how to get the data out of my sqlite file, but I believe I have it now. I have no 'encryptionKeys.js' file, so I'm not sure that the script in the project '1password_agilekeychain_to_hashcat' applies to my use case. I believe this is 1Password 6, but in one of the places I looked, it said 1Password 4. I found agilekc2john.py and installed Python, but so far I'm having trouble deducing its syntax, and it looks like it needs an encryptionKeys.js as well. Is the encryptionKeys.js in my sqlite db, and I have to know what to extract to get it? Or does this version of 1Password just not have one? Is there a guide for using these scripts anywhere that I just haven't seen?

Also, is there a way I can determine if my sqlite dump is in the right format? Or determine for sure which format I have? I am inexpert at sqlite as well as at hashcat. Unfortunately my employer has had me working 100+ hour weeks, hence my rush to back up the password database on my phone and getting into this mess in the first place, and not having a lot of time to dedicate to getting this password, though I do sorely need it.

There is a section in the dump from the sqlite database file that reads as follows:

('EncryptedMasterKey','<<___Long_String_of_Garble_--_3_Lines_Or_So___>>');

Is the long string of garble my master password, encrypted? Or whatever 1Password uses to verify the master password was typed in right? Is there a way I can just drop that, or some other part of this sqlite dump in a file and create rules for hashcat to go to work on it? My password is pretty strong, but I use a pattern that has enough predictability to it that I think I could write a program or probably just a bash script that would produce a 50,000 or so word list that would be 99% likely to get it. I don't know any single character in the password, but it's one of several patters I use, and each has a way for me to create a lengthy wordlist I could use to crack it fairly quickly.  I might not even need a GPU given what I know, if I can just get the right information out of this file. Several of the passwords in that vault though, are over 20 characters long and highly random. Unfortunately, they're also the ones I need most. Sad

And I don't know if it's possible to hire someone to do this for me, since I'm really low on time and free cycles. The big companies I emailed and called all work for LEO-only. It'd be hard for any individual to be sure they're not doing something terrible, and I don't know how to offer to verify my identity in a way that can be verified before the cracking is done. Any suggestions along those lines are appreciated.

I also do have a backup of a phone with the app installed, if that makes getting in any easier. I'm not sure how to go about finding the app's files in the backup of the phone though.

Thanks again for your help with this.
#5
Any news here? I have the same problem. No .agilekeychain "file" (so no encryptionKey.js), just the OnePassword.sqlite. When I open the profiles table of the sqlite database, there are some entries like master_key_data, overview_data, overview_key_data, salt, uuid. But the data looks quite different to a encryptionKey.js file from another vault I have. There are lots of special character and unicode values.

Example:
Code:
"master_key_data": "opdata01\u0000\u0001\u0000����\r��…………"

Is there a way to use hashcat on this sqlite data? Or maybe convert the values of the sqlite data to the encryptionKey.js format?

Any help would be greatly appreciated!
#6
I think I read somewhere (a while ago) that the new file where the data is stored is just called profile.js

Are you able to locate a file file called profile.js ?

Update: I think this is just the difference between the Agilekeychain (which uses encryptionKeys.js, hashcat mode -m 6600) and the Cloudkeychain (which uses profile.js, hashcat mode -m 8200)

Update 2: it seems that there is even a 3rd variant that uses the file OnePassword.sqlite (see https://github.com/magnumripper/JohnTheR...ssues/2713 , https://github.com/mpage/onepassword/blo...go#L93-L94 and http://sosedoff.com/2015/05/30/exploring...rypto.html )

The tests here https://github.com/mpage/onepassword/blo....go#L9-L24 suggest that it uses the hashing+encryption algorithm used by Cloudkeychain (and therefore -m 8200 and therefore PBKDF2-HMAC-SHA512). This could mean that it could be easy to run the above linked sql command and convert the output to the -m 8200 format (I didn't test it yet, so you should definitely first try it with a test database for which you know the password)

update 3: I was lucky enough to get access to a mac where I was able to generate a similar .sqlite file (actually there are 2 versions, one stored in B5.sqlite which is mainly used for the "online" version which is synced with the "cloud" and the second variant of sqlite file can be generated by using the advanced option (not default) to only use a local file... it will be stored in OnePassword.sqlite instead of B5.sqlite).
After I got the OnePassword.sqlite file (which as said was generated with the local/offline settings, not the default cloud setting) I could simple extract the hash (for the master password) like this:

Code:
SELECT lower (hex (substr (master_key_data, length (master_key_data) - 32 + 1, 32))) || ":" || lower (hex (salt)) || ":" || iterations || ":" || lower (hex (substr (master_key_data, 1, length (master_key_data) - 32))) FROM profiles;
This SQL query needs to be run with sqlite3 on the OnePassword.sqlite file. If you have this hash you can crack it with hashcat mode -m 8200 (the SQL command already formats the output in the way hashcat expects it), i.e. $hash . ":" . $salt . ":" . $iterations . ":" . $data

note: the || is the sqlite syntax for concatenation

The hashcat command to crack it could be as easy as this one (for instance for -a 0 word list attack):
Code:
hashcat -m 8200 hash.txt dict.txt
where hash.txt contains the whole output line from the above sqlite command
#7
I tested that on a sample 1Password database and it worked! Thank you soooo much, biggest hugs! Smile Now I’m gonna run that on my real database, hope that won’t last thousands of years. 👍