1Password with 15/16 characters - *most likely* known - how to start?
#1
Question 
Hello,

It is my first post over here as I was "redirected" to hashcat from Hash Suite.

My story:
Because of some technical issues (and the fact that I was stupid) in Sept. 2015 my smartphone reset, causing the loss of all the data including 1Password database. Luckily, it was stored on Dropbox... and my Dropbox password was saved in 1Password. I know! I was changing my daily driver etc and somehow ended up with that scenario... Murphy's law worked.

After 6 months of struggles I have managed to recover Dropbox. While its purely personal, non-business, stuff I was happy to have it back. But now the fun part -  I don't remember by 1Password's password. Strange, cause I remember literally all other password I had to remember, but ok.

Current situation:
Since Mar. 2016 I have tried to recall "The Password". The thing about it is that:
- "random" - it is not a word, but I have some "rules" I use

- it is 15-16 chars long
- 2 digits
- 1 non-alphanum character

My biggest problem, except of being in completely wrong spot, is that I have multiple combinations because of UPPER/lower case and possible different letters on few spots.

I have generated list of password in Excel and using some automation solution try them one by one via GUI. But as you know it is far from perfect. I googled and via JohnTheRipper -> Hash Suite landed here

Please help part:
While I am able to do some stuff on my own this subject is new to me. I am trying to read in spare time but I feel I need some help. It would be great if someone could provide some tutorial links - or maybe write something here - on following:

0. Am I even looking at right place? I mean should I try hashcat or just do it "manually"?

1. How to start? I do believe I need to proceed with dictionary method and that my hashtype is 1Password... But which file from 1password.agilekeychain should I "process"?


2. What should I know/avoid during the job? You know... not to miss something.

3. Dictionary - dont laugh, but Excel was there so I started with it. Based on your expertise - should I stick to it or try something else? 
I have briefly tried crunch and mask-processor tools but I wasn't able to find solution for my scenario easily. Password-wannabe goes as follows:

u | s or c | c or s | r | a | m | 6 | # or @ | 3 | c | o | m or r | p or nothing | n | e | t

what I want to achieve is list of all possible combinations of lower case/ upper case plus the variants.


Thank you in advance for any tips. If anyone is willing to spend time explain this to me/holding my hand;-) - I will deliver reasonable priced alcohol of choice to your destination.

PS: as mentioned before my knowledge is limited here, please let me know if I missed some critical info which might have impact on the thread.
#2
welcome.
The hashcat documentation is here: https://hashcat.net/wiki/ and/or https://hashcat.net/faq/

1. you can use 1password2john.py (https://raw.githubusercontent.com/magnum...rd2john.py) to extract the hash from you agile keychain file to a file (let's call it output_from_1password2john.txt)
2. you can extract the data from your excel tabel to a wordlist (1 password per line, make sure there is no extra whitespace/spaces): let's call it output_from_excel.txt
3. run hashcat with: hashcat -m 6600 -a 0 -w 3 output_from_1password2john.txt output_from_excel.txt

If you are sure that the excel table contains the password, it should crack
good luck
#3
Thank you!

While I have reviewed the wiki I felt that my "problem" is less typical.
But this is a great starting point - that python script was the "missing link". I will come back to you with the results - hope no doubts for now.

PS: well, I hope it is there... if not i will play with my characters/numbers. I think it all depends on the speed, right now my desktop solution allows me to test 0.5pwd/sec... unfortunately it is all time, not event, -based so I have to be fairly slow not to paste into the "incorrect pwd" message.
#4
Progress update #1

I don't know if it is my vault or something python-ish but it doesn't work.

The script ends with:
Code:
Error while opening the keychain, Incorrect padding

Worse thing, for me, is that on other, newly created vault it works fine.

I am running default python 3.6 on W10 and Linux 4.9.13-1-lts x86_64.


Progress update #2

On W10 machine I have uninstalled python 3.6 and installed 2.6.2 instead. It seems we have a go.
I plan to do a test run with a known password to check if my process works.