FilesExpand file tree

 bionic

/

1password2john.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

executable file

·

337 lines (292 loc) · 11.3 KB

 bionic

/

1password2john.py

Top

File metadata and controls

• Code
• Blame

executable file

·

337 lines (292 loc) · 11.3 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

#!/usr/bin/env python2

# Written by Dhiru Kholia <dhiru at openwall.com> in July 2012 for JtR project.

# Copyright (c) 2012-2013, Dhiru Kholia.

#

# Permission to use, copy, modify, and/or distribute this software for any

# purpose with or without fee is hereby granted, provided that the above

# copyright notice and this permission notice appear in all copies.

#

# Code borrowed from https://github.com/Roguelazer/onepasswordpy

#

# Copyright (c) 2013, James Brown

#

# Permission to use, copy, modify, and/or distribute this software for any

# purpose with or without fee is hereby granted, provided that the above

# copyright notice and this permission notice appear in all copies.

#

# Code borrowed from https://bitbucket.org/gwik/agilekeychain

#

# Copyright (c) 2009 Antonin Amand <[email protected]>

#

# Permission to use, copy, modify, and distribute this software and its

# documentation for any purpose and without fee is hereby granted,

# provided that the above copyright notice appear in all copies and that

# both that copyright notice and this permission notice appear in

# supporting documentation.

#

# THE AUTHOR PROVIDES THIS SOFTWARE 'AS IS' AND ANY EXPRESSED OR IMPLIED

# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO

# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;

# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#

# References,

#

# https://support.1password.com/agile-keychain-design/

# https://support.1password.com/opvault-design/ (formerly called "Cloud Keychain")

#

# August 2017 notes,

#

# In December 2012, AgileBits introduced the OPVault format to replace the

# Agile Keychain format, which had been introduced in 2008. OPVault format is

# used by default when syncing with iCloud or Dropbox.

#

# December 2017 notes,

#

# Thanks goes to Matt Page and philsmd for figuring out the details related to

# 1Password 6 for macOS.

#

# https://github.com/mpage/onepassword/blob/master/vault.go has some new

# "attack vectors" as well.

#

# https://github.com/mpage/onepassword/blob/master/notes.md is useful too.

#

# Agile Keychain format uses encryptionKeys.js file. Cloud Keychain (and

# OPVault) format uses profile.js file. However, 1Password 6 (and 1Password 4)

# for macOS stores data in .sqlite files.

#

# $ ls -l ~/Library/Application\ Support/1Password\ 4/Data/ # macOS 10.13.2 + 1Password 6.8.5

# -rw-r--r-- 1 lulu staff 4096 Dec 29 15:29 B5.sqlite

# -rw-r--r-- 1 lulu staff 4096 Dec 29 15:29 OnePassword.sqlite

#

# From https://blog.elcomsoft.com/2017/08/attacking-the-1password-master-password-follow-up/,

#

# B5.sqlite -> this database is used in macOS for synchronizing with 1Password

# proprietary cloud service.

#

# We can only extract the "hash" from the OnePassword.sqlite file (and not the

# B5.sqlite file) at the moment.

#

# Please note that the "profiles" table in OnePassword.sqlite can be empty,

# unless the "Local Vaults" option under 1Password 6 -> Preferences -> Advanced

# is selected.

import os

import sys

import struct

import base64

import sqlite3

PY3 = sys.version_info[0] == 3

if not PY3:

reload(sys)

sys.setdefaultencoding('utf8')

try:

import json

assert json

except ImportError:

try:

import simplejson as json

except ImportError:

sys.stderr.write("Please install json / simplejson module which is currently not installed.\n")

sys.exit(-1)

from base64 import b64decode

import binascii

OPDATA1_MINIMUM_SIZE = 80

DEFAULT_PBKDF_ITERATIONS = 1000

MINIMUM_PBKDF_ITERATIONS = 1000

A_AES_SIZE = 128

C_AES_SIZE = 256

KEY_SIZE = {

128: 16,

192: 24,

256: 32,

}

INITIAL_KEY_OFFSET = 12

PY3 = sys.version_info[0] == 3

PMV = sys.version_info[1] >= 6

class Key(object):

""" A Key in the keyring

"""

if PY3 or PMV:

exec("SALTED_PREFIX=b'Salted__'")

else:

SALTED_PREFIX = 'Salted__'

ZERO_IV = "\0" * 16

ITERATIONS = 1000

BLOCK_SIZE = 16

Nr = 14

Nb = 4

Nk = 8

def __init__(self, identifier, level, data, validation, iterations):

""" initialize key

"""

self.identifier = identifier

self.level = level

self.validation = validation

bin_data = data

if self.__is_salted(bin_data):

self.salt = bin_data[8:16]

self.data = bin_data[16:]

else:

self.salt = self.ZERO_IV

self.data = bin_data

self.iterations = iterations

def __is_salted(self, data):

return self.SALTED_PREFIX == data[:len(self.SALTED_PREFIX)]

def opdata1_unpack(data):

HEADER_LENGTH = 8

TOTAL_HEADER_LENGTH = 32

HMAC_LENGTH = 32

if data[:HEADER_LENGTH] != b"opdata01":

data = base64.b64decode(data)

if PY3 or PMV:

MAGIC = b"opdata01"

else:

MAGIC = "opdata01"

if data[:HEADER_LENGTH] != MAGIC:

raise TypeError("expected opdata1 format message")

plaintext_length, iv = struct.unpack("<Q16s",

data[HEADER_LENGTH:TOTAL_HEADER_LENGTH])

cryptext = data[TOTAL_HEADER_LENGTH:-HMAC_LENGTH]

expected_hmac = data[-HMAC_LENGTH:]

hmac_d_data = data[:-HMAC_LENGTH]

return plaintext_length, iv, cryptext, expected_hmac, hmac_d_data

class CloudKeychain(object): # also handles "OPVault format"

def __init__(self, path, name='default'):

self.path = path

self.keys = list()

self.name = name

self.entries = None

self.processed = False

self.__open_keys_file()

def __repr__(self):

return '<%s.CloudKeychain path="%s">' % (self.__module__, self.path)

def __open_keys_file(self):

try:

keys_file_path = \

os.path.join(self.path, 'default', 'profile.js')

if os.path.exists(keys_file_path):

self.processed = True

else:

return

f = open(keys_file_path, 'rb')

ds = f.read()[INITIAL_KEY_OFFSET:-1]

data = json.loads(ds)

salt = base64.b64decode(data['salt'])

masterKey = base64.b64decode(data['masterKey'])

sys.stdout.write("$cloudkeychain$%s$%s$%s$%s$%s" % (len(salt),

binascii.hexlify(salt).decode("ascii"),

data["iterations"],

len(masterKey),

binascii.hexlify(masterKey).decode("ascii")))

plaintext_length, iv, cryptext, expected_hmac, hmac_d_data = \

opdata1_unpack(data['masterKey'])

sys.stdout.write("$%s$%s$%s$%s$%s$%s$%s$%s$%s\n" %

(plaintext_length, len(iv),

binascii.hexlify(iv).decode("ascii"), len(cryptext),

binascii.hexlify(cryptext).decode("ascii"),

len(expected_hmac),

binascii.hexlify(expected_hmac).decode("ascii"),

len(hmac_d_data),

binascii.hexlify(hmac_d_data).decode("ascii")))

except (IOError, KeyError, ValueError, TypeError):

e = sys.exc_info()[1]

sys.stderr.write('Error while opening the keychain, %s\n' % str(e))

class AgileKeychain(object):

def __init__(self, path, name='default'):

self.path = path

self.name = name

self.entries = None

self.keys = list()

ret = self.__open_keys_file()

if ret:

self.john_output()

def __repr__(self):

return '<%s.AgileKeychain path="%s">' % (self.__module__, self.path)

def __open_keys_file(self):

"""Open the json file containing the keys for decrypting the

real keychain and parse it

"""

try:

keys_file_path = \

os.path.join(self.path, 'data', self.name, 'encryptionKeys.js')

keys_file = open(keys_file_path, 'r')

try:

keys = json.loads(keys_file.read())

self.keys = []

for kd in keys['list']:

try:

key = Key(kd['identifier'],

kd['level'],

b64decode(kd['data'][:-1]),

b64decode(kd['validation'][:-1]),

kd.get('iterations', Key.ITERATIONS))

self.keys.append(key)

except TypeError:

key = Key(kd['identifier'],

kd['level'],

b64decode(kd['data']),

b64decode(kd['validation']),

kd.get('iterations', Key.ITERATIONS))

self.keys.append(key)

finally:

keys_file.close()

except (IOError, KeyError, ValueError, TypeError):

e = sys.exc_info()[1]

sys.stderr.write('Error while opening the keychain, %s\n' % str(e))

return False

return True

def john_output(self):

sys.stdout.write("%s:$agilekeychain$%s" % (self.path, len(self.keys)))

for i in range(0, len(self.keys)):

sys.stdout.write("*%s*%s*%s*%s*%s" % (self.keys[i].iterations,

len(self.keys[i].salt),

binascii.hexlify(self.keys[i].salt).decode("ascii"),

len(self.keys[i].data),

binascii.hexlify(self.keys[i].data).decode("ascii")))

sys.stdout.write("\n")

def process_sqlite(filename):

db = sqlite3.connect(filename)

cursor = db.cursor()

rows = cursor.execute('SELECT master_key_data, salt, iterations FROM profiles')

found = False

for row in rows:

masterKey, salt, iterations = row

sys.stdout.write("$cloudkeychain$%s$%s$%s$%s$%s" % (

len(salt),

binascii.hexlify(salt).decode("ascii"),

iterations,

len(masterKey),

binascii.hexlify(masterKey).decode("ascii")))

plaintext_length, iv, cryptext, expected_hmac, hmac_d_data = \

opdata1_unpack(masterKey)

sys.stdout.write("$%s$%s$%s$%s$%s$%s$%s$%s$%s\n" % (

plaintext_length, len(iv),

binascii.hexlify(iv).decode("ascii"), len(cryptext),

binascii.hexlify(cryptext).decode("ascii"),

len(expected_hmac),

binascii.hexlify(expected_hmac).decode("ascii"),

len(hmac_d_data),

binascii.hexlify(hmac_d_data).decode("ascii")))

found = True

return found

def process_file(keychain):

found = False

if "sqlite" in keychain: # XXX weak hack

found = process_sqlite(keychain)

if found:

return

keychainobj = CloudKeychain(keychain)

if not keychainobj.processed:

keychain = AgileKeychain(keychain)

if __name__ == "__main__":

if len(sys.argv) < 2:

sys.stderr.write("Usage: %s <1Password Agile Keychain(s) / Cloud Keychain(s)> / OnePassword.sqlite\n" %

sys.argv[0])

sys.exit(-1)

for j in range(1, len(sys.argv)):

process_file(sys.argv[j])