Show Posts
1
Scripting Languages / Re: Crack Firefox passwords with python
« on: October 29, 2013, 10:04:59 pm »
I do apologize for reviving this thread, but I figure I would speak a bit on this and also ask a question.
I agree that you are really not doing an effective job reading through the document. As per the raidersec article that was linked to by Kulverstukas, it is mentioned that the information stored in key3.db uses Triple DES encryption. (In particular, look for 3DES (DES-EDE-CBC) in the article.) When a master password is used, that value is used as the salt for it. When no master password is provided though, a null value is used for the encryption. With this in mind, Retrieving the necessary information from this file would requre Decrypting the Triple DES encryption with the matching master password as the salt. What I have seen of the proof of concept in python though is that it is not really the best way to handle this for Windows.
Based on this information and my own experiences of working on a proof of concept for Windows, it may be more worthwhile to handle Triple DES decryption in Python. In particular, if I am not mistaken, what I have seen of the source for the recovery solution made by evilzone uses similar tactics in Java and may be a good point of reference. (If I am wrong on this please do tell me so that I can correct this post.)
This does bring me to my main question. Does anybody have any recommendations on libraries for Triple DES decryption in Python? I wish to get some good insight on this so I can have an effective proof of concept.
I agree that you are really not doing an effective job reading through the document. As per the raidersec article that was linked to by Kulverstukas, it is mentioned that the information stored in key3.db uses Triple DES encryption. (In particular, look for 3DES (DES-EDE-CBC) in the article.) When a master password is used, that value is used as the salt for it. When no master password is provided though, a null value is used for the encryption. With this in mind, Retrieving the necessary information from this file would requre Decrypting the Triple DES encryption with the matching master password as the salt. What I have seen of the proof of concept in python though is that it is not really the best way to handle this for Windows.
Based on this information and my own experiences of working on a proof of concept for Windows, it may be more worthwhile to handle Triple DES decryption in Python. In particular, if I am not mistaken, what I have seen of the source for the recovery solution made by evilzone uses similar tactics in Java and may be a good point of reference. (If I am wrong on this please do tell me so that I can correct this post.)
This does bring me to my main question. Does anybody have any recommendations on libraries for Triple DES decryption in Python? I wish to get some good insight on this so I can have an effective proof of concept.