Hacking KeePass, is it possible? Secure password storage in KeePass Professional
Is it possible to somehow hack KeePass and leak passwords?
If anyone doesn’t know what KeePass is, then in short, it’s a password manager program that allows you to store a master password by remembering one. You can read more about password managers on our website.
Until recently, hacking KeePass was impossible, but recently a certain Denis Andzakovic posted it online free utility KeeFarce, which allows an attacker to steal passwords from a popular password manager.
You can download KeeFarce for free using this direct link.
Hacking KeePass using KeeFarce
In order to hack the KeePass password manager and leak passwords, it must be open, i.e. so that the user who logs in using the master password does not close the program for some time.
Using KeeFarce is very simple. Just copy the following files to the KeePass folder:
BootstrapDLL.dll
KeeFarceDLL.dll
Microsoft.Diagnostic.Runtime.dll
And run the KeeFarce.exe executable
After launch, the program injects KeePass into the running process. The utility then exports all passwords to csv file to the appdata folder.
How to protect yourself from KeePass hacking
First of all, check your computer for Trojans (), since this scheme can be implemented if the attacker has remote access to your computer or is physical access while you're leaving open manager passwords were briefly removed from the computer.
Second and most importantly, do not leave your password manager open for a long time. We went into the program, pulled out the required username and password, logged in to the site and immediately closed the manager. More details about correct setting You can read KeePass in the article ““. By the way, there I talked about this threat and advised reducing the time the program automatically closes when idle, even before this utility appeared.
What about other password managers?
This vulnerability (not this particular utility) can also be used to steal passwords from other password storage programs. I think there will soon be quite a number of similar tools, both individual and built into various malicious programs.
Should we stop using password managers?
You decide. Personally, I think that if you use KeePass correctly and have good computer hygiene, there shouldn't be any problems.
In one of the previous videos, I already talked about a program for securely storing passwords. But, as a result of certain experiments, it turned out that storing passwords in it is not so safe, but this applies classic version programs. Therefore, in this video, we will look at the professional version of KeePass. Moreover, it is as free as the classic version. If this is your first time hearing about this program, I advise you to first look at my review of the classic version so that unnecessary questions do not arise.
So, what we will do in this lesson:
Let's hack the classic version of KeePass Password Safe using Key logger;
We import the database from the classic version to the professional one;
Let's look at the main differences and innovations;
And let's try to hack the professional version with Key logger.
And first of all, let’s go to the website of the program developers www.keepass.info \ download. Let's download both versions in a portable format, since I carry a database with passwords on a flash drive, the program for viewing them should also be launched from a flash drive, without installation into the operating system.
I have already done this, and also created a test database for the classic version. On this moment, I have LanAgent spyware running on my system. This program belongs to Key loggers, i.e. programs that record all user actions on the computer. So, now we’ll find out how reliable it is this program protects our passwords!
We launch the classic version and open the created database in it, enter the password for the database and log in to the Rutracker.org website.
Now let’s see what LanAgent was able to intercept, update the logs and see that the program intercepted both the master key and the login and password for the Rutracker website. Even if we try to enter data through the clipboard, the program will also intercept the contents of the buffer. On the other hand, the password to the database is useless if the attacker has nothing to use it for, i.e. The database is located on our flash drive. But in this situation, programs can background copy the contents of a flash drive or files that have been accessed, and therefore, unnoticed by us, the database can be copied and all passwords can be revealed using the master key!
In general, we can draw the following conclusion: the classic version is suitable for not storing passwords in clear text, but when using spyware, it will not help. And the professional version will help us get rid of this gap!
1) Let's Russify the program for more comfortable work (www.
keepass.
info \
Translations \
Russian\ 2.28 \ unzip to the folder with the program \View \
ChangeLanguage \
Russian)
2) Create a new database ( File \ New \ Specify the path and name \ Set the main password)
3) Let’s transfer data from the old database so as not to enter everything manually ( File\Import\KeepPass 1.
x\ Specify the path to old base\ OK \ Enter the password for the database \ New identifiers)
Now let's look at what's new and interesting in this version. I will not consider all the innovations, it will take a lot of time, but I will focus on the most interesting, in my opinion:
1) Entering the main password in protected mode, which allows you to block the operation of the Key logger when you enter the main password ( Tools\Settings\Security\Entering the main password in protected mode)
2) The password generator creates 30 passwords at once, according to the selected complexity. From which you can choose, in your opinion, the most difficult one.
3) The autodialing language is easier to use than in the classic version. I didn’t talk about it in the review of the classic version, so let’s look at how it can help!
By default, the following sequence of commands is triggered during automatic input. Enter login, TAB, password and ENTER into the active field. This sequence can be seen if open entry\Auto dial\Use following sequence. AND this option suitable in most cases, as it approached the entrance to rutracker.
However, it is not suitable for logging into mail through the website www.mail.ru. Since my test box is not on mail.ru, but on bk.ru, I can enter an individual input algorithm for this site (USERNAME) (TAB) (PASSWORD) (TAB) (DOWN) (DOWN) (DOWN) (TAB) (ENTER).
The list of commands is given here, there is also help, although it is in English, you can figure it out if you wish. From my own experience, I would advise sometimes using the command (DELAY 1000), this is the delay command between commands. It just happens that with a slow Internet, the browser does not have time to accept the sequence of commands, so it needs time to think, in this situation this command will help out (5000 - 5 seconds of delay).
4) Double complication of the set - with this method, the program does not enter data explicitly; it takes part of the login and password from the clipboard, and enters part in symbols.
Now let's check if LanAgent can reveal our passwords!? As you can see, nothing was pulled out, and, therefore, the program worked perfectly and now your passwords are maximally protected!
Tutorial
The other day I needed to implement decryption of the KeePass database. I was amazed that there is not a single document or article with comprehensive information about the algorithm for decrypting .kdb and .kdbx files, taking into account all the nuances. This prompted me to write this article.
At the moment there are 2 versions of KeePass:
KeePass 1.x (generates .kdb files);
KeePass 2.x (generates .kdbx files).
The structure of the KeePass database file (.kdb, .kdbx) consists of 3 parts:
Signature (not encrypted);
Header (not encrypted);
Data (encrypted).
Decrypting the KeePass database
Sequencing:
Reading the database signature.
Reading the database header.
We generate a master key.
Decrypting the database.
We check the integrity of the data.
If the file has been compressed, unpack it.
Decrypting passwords.
Points 5, 6 and 7 apply only to .kdbx files!
Signature
BaseSignature (4 bytes)
The first signature is the same for .kdb and .kdbx files. She says that this file is a KeePass database:
0x9AA2D903
VersionSignature (4 bytes)
The second signature indicates the KeePass version and is therefore different for .kdb and .kdbx files:
The third signature is only available for .kdbx files and contains the file version. For .kdb files this information contained in the database header.
Thus, in KeePass 1.x the signature length is 8 bytes, and in KeePass 2.x it is 12 bytes.
Heading
After the database signature, the header begins.
KeePass 1.x header
The header of the .kdb file consists of the following fields:
Flags (4 bytes): this field indicates what types of encryption were used when creating the file:
0x01 - SHA256;
0x02 - AES256;
0x04 - ARC4;
0x08 - Twofish.
Version (4 bytes): file version.
Master Seed (16 bytes): used to create a master key.
Encryption IV (16 bytes): used to decrypt data.
Number of Groups (4 bytes): The total number of groups in the database.
Number of Entries (4 bytes): The total number of entries in the database.
Content Hash (32 bytes): hash of the decrypted data.
Transform Seed (32 bytes): used to create a master key.
Transform Rounds (4 bytes): used to create a master key.
KeePass 2.x header
In .kdbx files, each header field consists of 3 parts:
Field ID (1 byte): possible values from 0 to 10.
Data length (2 bytes).
Data ([data length] bytes)
The header of the .kdbx file consists of the following fields:
ID=0x01 Comment: This field can be present in the header, but it was not present in my database.
ID=0x02 Cipher ID: UUID indicating the encryption method used (for example, for AES 256 UUID = ).
ID=0x03 Compression Flags: ID of the algorithm used to compress the database:
0x00: None;
0x01: GZip.
ID=0x04 Master Seed: used to create a master key.
ID=0x05 Transform Seed: used to create a master key.
ID=0x06 Transform Rounds: used to create a master key.
ID=0x07 Encryption IV: used to decrypt data.
ID=0x08 Protected Stream Key: used to decrypt passwords.
ID=0x09 Stream Start Bytes: first 32 bytes of the decrypted database. They are used to verify the integrity of the decrypted data and the correctness of the master key. These 32 bytes are randomly generated every time changes are made to the file.
ID=0x0A Inner Random Stream ID: ID of the algorithm used to decrypt passwords:
0x00: None;
0x01:ARC4;
0x02: Salsa20.
ID=0x00 End of Header: the last field of the database header, after which the database itself begins.
Master key generation
Master key generation occurs in 2 stages:
Composite key generation;
Generating a master key based on a composite key.
1. Composite key generation
The SHA256 hash algorithm is used to generate a composite key. The tables below provide pseudocode for generating a composite key based on which version of KeePass is used and what input is required to decrypt the database (password only, key file only, or both):
KeePass 1.x
KeePass 2.x
Please note that if several entities are needed to decrypt a database (for example, a password and a key file), then you first need to get a hash from each entity, and then connect them together (concat) and take the hash from the combined sequence.
2. Generating a master key based on a composite key
Need to encrypt the composite key obtained above using the AES-256-ECB algorithm.
You need to use the Transform Seed from the header as the key.
This encryption needs to be done Transform Rounds (from the header) times.
Using SHA256 we get the hash of the encrypted composite key.
We connect the Master Seed from the header with the resulting hash.
Using SHA256 we get the hash from the concatenated sequence - this is our master key!
Pseudocode
void GenerateMasterKey() ( //encrypt the composite key TransformRounds times for(int i = 0; i< TransformRounds; i++) {
result = encrypt_AES_ECB(TransformSeed, composite_key);
composite_key = result;
}