Posts: 3
Threads: 1
Joined: Apr 2017
04-28-2017, 10:10 AM
(This post was last modified: 04-28-2017, 08:02 PM by wfcollins.
Edit Reason: Made more clear
)
I have a VirtualBox image that is encrypted that I have forgotten the password. I created a new test.vbox and found a PHP program - vboxdie-cracker that is able to find the correct password for the test from a wordlist. But it only guesses 2 passwords per second. Here is what the vboxdie-cracker extracts from the test.vbox file with a password of password:
[+] KeyStore contents:
Header 454e4353 (SCNE)
Version 1
Algorithm AES-XTS256-PLAIN64
KDF PBKDF2-SHA256
Key length 64
Final hash 592d0544669c3cfc4701544903cd94ff7a5e067be8ff0d9c9113ffb3d773367b
PBKDF2 2 Key length 32
PBKDF2 2 Salt 07d630d090896740baee6975d5540a7e837d3b410789924db21f7e1ebaa2120e
PBKDF2 2 Iterations 20000
PBKDF2 1 Salt ee9aa0d45159218cc493e1b8653ef34cdba5975bcf58c948b0565575b58b5f54
PBKDF2 1 Iterations 100000
EVP buffer length 64
PBKDF2 2 encrypted password 0520752245c51e7f5cc62e8397126f69eaa678a77727a991f4cebdf86ac52d28 2c06cc815b63ed5e38e455193ba7031725914242ae24a98577b53cce49d4ceb3
I have a usual pattern of characters I use and I wrote a C++ program to create a word list of several thousand permutations, but no luck so far. I need more speed. Any help on how to use hashcat to crack this would be much appreciated.
My confusion is how to use 2 salts with hashcat?
Posts: 259
Threads: 13
Joined: Jun 2016
(04-28-2017, 10:10 AM)wfcollins Wrote: I have a VirtualBox image that is encrypted that I have forgotten the password. I created a new test.vbox and found a PHP program - vboxdie-cracker that is able to find the correct password for the test from a wordlist. But it only guesses 2 passwords per second. Here is what the vboxdie-cracker extracts from the test.vbox file with a password of password:
[+] KeyStore contents:
Header 454e4353 (SCNE)
Version 1
Algorithm AES-XTS256-PLAIN64
KDF PBKDF2-SHA256
Key length 64
Final hash 592d0544669c3cfc4701544903cd94ff7a5e067be8ff0d9c9113ffb3d773367b
PBKDF2 2 Key length 32
PBKDF2 2 Salt 07d630d090896740baee6975d5540a7e837d3b410789924db21f7e1ebaa2120e
PBKDF2 2 Iterations 20000
PBKDF2 1 Salt ee9aa0d45159218cc493e1b8653ef34cdba5975bcf58c948b0565575b58b5f54
PBKDF2 1 Iterations 100000
EVP buffer length 64
PBKDF2 2 encrypted password 0520752245c51e7f5cc62e8397126f69eaa678a77727a991f4cebdf86ac52d28 2c06cc815b63ed5e38e455193ba7031725914242ae24a98577b53cce49d4ceb3
I have a usual pattern of characters I use and I wrote a C++ program to create a word list of several thousand permutations, but no luck so far. I need more speed. Any help on how to use hashcat to crack this would be much appreciated.
My confusion is how to use 2 salts with hashcat?
how did u encrypt the virtual hard drive in the first place?
isnt it LUKS ?
Posts: 3
Threads: 1
Joined: Apr 2017
(04-29-2017, 08:13 AM)kiara Wrote: (04-28-2017, 10:10 AM)wfcollins Wrote: I have a VirtualBox image that is encrypted that I have forgotten the password. I created a new test.vbox and found a PHP program - vboxdie-cracker that is able to find the correct password for the test from a wordlist. But it only guesses 2 passwords per second. Here is what the vboxdie-cracker extracts from the test.vbox file with a password of password:
[+] KeyStore contents:
Header 454e4353 (SCNE)
Version 1
Algorithm AES-XTS256-PLAIN64
KDF PBKDF2-SHA256
Key length 64
Final hash 592d0544669c3cfc4701544903cd94ff7a5e067be8ff0d9c9113ffb3d773367b
PBKDF2 2 Key length 32
PBKDF2 2 Salt 07d630d090896740baee6975d5540a7e837d3b410789924db21f7e1ebaa2120e
PBKDF2 2 Iterations 20000
PBKDF2 1 Salt ee9aa0d45159218cc493e1b8653ef34cdba5975bcf58c948b0565575b58b5f54
PBKDF2 1 Iterations 100000
EVP buffer length 64
PBKDF2 2 encrypted password 0520752245c51e7f5cc62e8397126f69eaa678a77727a991f4cebdf86ac52d28 2c06cc815b63ed5e38e455193ba7031725914242ae24a98577b53cce49d4ceb3
I have a usual pattern of characters I use and I wrote a C++ program to create a word list of several thousand permutations, but no luck so far. I need more speed. Any help on how to use hashcat to crack this would be much appreciated.
My confusion is how to use 2 salts with hashcat?
how did u encrypt the virtual hard drive in the first place?
isnt it LUKS ?
So this is not the OS level encryption. It is the VirtualBox encryption of the actual .vbox image file. It is a feature when you create a VM before you even install an OS. I am not a crypto expert, but it is using two salts. Here is the PHP code that can correctly decrypt a test VM file. It makes two calls to hash_pbkdf2 and an intermediate call to openssl_decrypt. I have looked, but have not found a way to duplicate this in hashcat. I am willing to write C/C++ code to extend it if needed.
while (!feof($fp)) {
// Read each line of the file, it is the user password
$user_password = trim(fgets($fp));
// First call to PBKDF2
$EVP_password = hash_pbkdf2($hash, $user_password, $keystore['pbkdf2_1_salt'], $keystore['pbkdf2_1_iterations'], $keystore['generic_key_length'], true);
// Here, the password used for the second call to PBKDF2 is decrypted
$decrypted_password = openssl_decrypt(substr($keystore['pbkdf2_2_encrypted_password'], 0, $keystore['evp_decrypt_input_length']), $method, $EVP_password, OPENSSL_RAW_DATA, '');
if ($decrypted_password === false) {
continue;
}
// Final hash is computed
$final_hash = hash_pbkdf2($hash, $decrypted_password, $keystore['pbkdf2_2_salt'], $keystore['pbkdf2_2_iterations'], $keystore['pbkdf2_2_key_length'], true);
// If the computed hash is equal to the stored hash, then we have got the right user password
if ($final_hash === $keystore['final_hash']) {
return $user_password;
}
}
Posts: 2,936
Threads: 12
Joined: May 2012
We can probably be a lot smarter than the author of the PHP script.
We will need to look at the vbox code to verify a few things, but the second call to pbkdf2 is wholly unnecessary if $decrypted_password == $user_password. Can simply hash, decrypt, compare, done. However, if $decrypted_password is e.g. some randomly generated value, we still probably have an opportunity for an early reject here. Like if we know that $decrypted_password will always be e.g. a-zA-Z0-9 then we can reject the candidate if the trial decrypt results in values outside that range, and only do the second pbkdf2 call when we have a likely password.
What's also interesting is the "final hash." Again need to look at the source, but typically pbkdf2 is used to derive an encryption key, and the final hash is the key. If they're storing the final hash value, then are they actually storing the encryption key?? Definitely something to look into!
Posts: 3
Threads: 1
Joined: Apr 2017
(04-29-2017, 08:14 PM)epixoip Wrote: We can probably be a lot smarter than the author of the PHP script.
We will need to look at the vbox code to verify a few things, but the second call to pbkdf2 is wholly unnecessary if $decrypted_password == $user_password. Can simply hash, decrypt, compare, done. However, if $decrypted_password is e.g. some randomly generated value, we still probably have an opportunity for an early reject here. Like if we know that $decrypted_password will always be e.g. a-zA-Z0-9 then we can reject the candidate if the trial decrypt results in values outside that range, and only do the second pbkdf2 call when we have a likely password.
What's also interesting is the "final hash." Again need to look at the source, but typically pbkdf2 is used to derive an encryption key, and the final hash is the key. If they're storing the final hash value, then are they actually storing the encryption key?? Definitely something to look into!
Thanks, I am looking at the VirtualBox source code now...
Posts: 1
Threads: 0
Joined: Dec 2017
Sorry for the big necro, but the actual implementation in VirtualBox is part of their closed source extensions for some reason. But it turns out they had the code in the open source part of the software when it was first implemented. You can refer to these files for the keystore handling code:
https://github.com/mdaniel/virtualbox-or...yStore.cpp
https://github.com/mdaniel/virtualbox-or...KeyStore.h
I had stumbled upon this thread while searching for implementation details, and just thought it would be helpful to leave this info after I found that.
Posts: 930
Threads: 4
Joined: Jan 2015
[a necromancer appears]
Looks like a pull request for hashcat support for VirtualBox hashes has landed!
https://github.com/hashcat/hashcat/pull/2884
Added hash-modes: VirtualBox (PBKDF2-HMAC-SHA256 & AES-128-XTS) and VirtualBox (PBKDF2-HMAC-SHA256 & AES-256-XTS)
~