Hacking KeePass, is it possible? Secure password storage in KeePass Professional

Is it possible to somehow hack KeePass and leak passwords?

If anyone doesn’t know what KeePass is, then in short, it’s a password manager program that allows you to store a master password by remembering one. You can read more about password managers on our website.

Until recently, hacking KeePass was impossible, but recently a certain Denis Andzakovic posted it online free utility KeeFarce, which allows an attacker to steal passwords from a popular password manager.

You can download KeeFarce for free using this direct link.

Hacking KeePass using KeeFarce

In order to hack the KeePass password manager and leak passwords, it must be open, i.e. so that the user who logs in using the master password does not close the program for some time.

Using KeeFarce is very simple. Just copy the following files to the KeePass folder:

• BootstrapDLL.dll
• KeeFarceDLL.dll
• Microsoft.Diagnostic.Runtime.dll

And run the KeeFarce.exe executable

After launch, the program injects KeePass into the running process. The utility then exports all passwords to csv file to the appdata folder.

How to protect yourself from KeePass hacking

First of all, check your computer for Trojans (), since this scheme can be implemented if the attacker has remote access to your computer or is physical access while you're leaving open manager passwords were briefly removed from the computer.

Second and most importantly, do not leave your password manager open for a long time. We went into the program, pulled out the required username and password, logged in to the site and immediately closed the manager. More details about correct setting You can read KeePass in the article ““. By the way, there I talked about this threat and advised reducing the time the program automatically closes when idle, even before this utility appeared.

What about other password managers?

This vulnerability (not this particular utility) can also be used to steal passwords from other password storage programs. I think there will soon be quite a number of similar tools, both individual and built into various malicious programs.

Should we stop using password managers?

You decide. Personally, I think that if you use KeePass correctly and have good computer hygiene, there shouldn't be any problems.

In one of the previous videos, I already talked about a program for securely storing passwords. But, as a result of certain experiments, it turned out that storing passwords in it is not so safe, but this applies classic version programs. Therefore, in this video, we will look at the professional version of KeePass. Moreover, it is as free as the classic version. If this is your first time hearing about this program, I advise you to first look at my review of the classic version so that unnecessary questions do not arise.

So, what we will do in this lesson:

Let's hack the classic version of KeePass Password Safe using Key logger;

We import the database from the classic version to the professional one;

Let's look at the main differences and innovations;

And let's try to hack the professional version with Key logger.

And first of all, let’s go to the website of the program developers www.keepass.info \ download. Let's download both versions in a portable format, since I carry a database with passwords on a flash drive, the program for viewing them should also be launched from a flash drive, without installation into the operating system.

I have already done this, and also created a test database for the classic version. On this moment, I have LanAgent spyware running on my system. This program belongs to Key loggers, i.e. programs that record all user actions on the computer. So, now we’ll find out how reliable it is this program protects our passwords!

We launch the classic version and open the created database in it, enter the password for the database and log in to the Rutracker.org website.

Now let’s see what LanAgent was able to intercept, update the logs and see that the program intercepted both the master key and the login and password for the Rutracker website. Even if we try to enter data through the clipboard, the program will also intercept the contents of the buffer. On the other hand, the password to the database is useless if the attacker has nothing to use it for, i.e. The database is located on our flash drive. But in this situation, programs can background copy the contents of a flash drive or files that have been accessed, and therefore, unnoticed by us, the database can be copied and all passwords can be revealed using the master key!

In general, we can draw the following conclusion: the classic version is suitable for not storing passwords in clear text, but when using spyware, it will not help. And the professional version will help us get rid of this gap!

1) Let's Russify the program for more comfortable work (www. keepass. info \ Translations \ Russian\ 2.28 \ unzip to the folder with the program \View \ Change Language \ Russian)

2) Create a new database ( File \ New \ Specify the path and name \ Set the main password)

3) Let’s transfer data from the old database so as not to enter everything manually ( File\Import\KeepPass 1. x\ Specify the path to old base\ OK \ Enter the password for the database \ New identifiers)

Now let's look at what's new and interesting in this version. I will not consider all the innovations, it will take a lot of time, but I will focus on the most interesting, in my opinion:

1) Entering the main password in protected mode, which allows you to block the operation of the Key logger when you enter the main password ( Tools\Settings\Security\Entering the main password in protected mode)

2) The password generator creates 30 passwords at once, according to the selected complexity. From which you can choose, in your opinion, the most difficult one.

3) The autodialing language is easier to use than in the classic version. I didn’t talk about it in the review of the classic version, so let’s look at how it can help!

By default, the following sequence of commands is triggered during automatic input. Enter login, TAB, password and ENTER into the active field. This sequence can be seen if open entry\Auto dial\Use following sequence. AND this option suitable in most cases, as it approached the entrance to rutracker.

However, it is not suitable for logging into mail through the website www.mail.ru. Since my test box is not on mail.ru, but on bk.ru, I can enter an individual input algorithm for this site (USERNAME) (TAB) (PASSWORD) (TAB) (DOWN) (DOWN) (DOWN) (TAB) (ENTER).

The list of commands is given here, there is also help, although it is in English, you can figure it out if you wish. From my own experience, I would advise sometimes using the command (DELAY 1000), this is the delay command between commands. It just happens that with a slow Internet, the browser does not have time to accept the sequence of commands, so it needs time to think, in this situation this command will help out (5000 - 5 seconds of delay).

4) Double complication of the set - with this method, the program does not enter data explicitly; it takes part of the login and password from the clipboard, and enters part in symbols.

Now let's check if LanAgent can reveal our passwords!? As you can see, nothing was pulled out, and, therefore, the program worked perfectly and now your passwords are maximally protected!

• Tutorial

The other day I needed to implement decryption of the KeePass database. I was amazed that there is not a single document or article with comprehensive information about the algorithm for decrypting .kdb and .kdbx files, taking into account all the nuances. This prompted me to write this article.

At the moment there are 2 versions of KeePass:

• KeePass 1.x (generates .kdb files);
• KeePass 2.x (generates .kdbx files).

The structure of the KeePass database file (.kdb, .kdbx) consists of 3 parts:

• Signature (not encrypted);
• Header (not encrypted);
• Data (encrypted).

Decrypting the KeePass database

Sequencing:

1. Reading the database signature.
2. Reading the database header.
3. We generate a master key.
4. Decrypting the database.
5. We check the integrity of the data.
6. If the file has been compressed, unpack it.
7. Decrypting passwords.

Points 5, 6 and 7 apply only to .kdbx files!

Signature

BaseSignature (4 bytes)

The first signature is the same for .kdb and .kdbx files. She says that this file is a KeePass database:

• 0x9AA2D903

VersionSignature (4 bytes)

The second signature indicates the KeePass version and is therefore different for .kdb and .kdbx files:

• 0xB54BFB65 - KeePass 1.x (.kdb file).
• 0xB54BFB66 - KeePass 2.x pre-release (.kdbx file).
• 0xB54BFB67 - KeePass 2.x post-release (file.kdbx).

FileVersion (4 bytes)

The third signature is only available for .kdbx files and contains the file version. For .kdb files this information contained in the database header.

Thus, in KeePass 1.x the signature length is 8 bytes, and in KeePass 2.x it is 12 bytes.

Heading

After the database signature, the header begins.

KeePass 1.x header

The header of the .kdb file consists of the following fields:

1. Flags (4 bytes): this field indicates what types of encryption were used when creating the file:
   • 0x01 - SHA256;
   • 0x02 - AES256;
   • 0x04 - ARC4;
   • 0x08 - Twofish.
2. Version (4 bytes): file version.
3. Master Seed (16 bytes): used to create a master key.
4. Encryption IV (16 bytes): used to decrypt data.
5. Number of Groups (4 bytes): The total number of groups in the database.
6. Number of Entries (4 bytes): The total number of entries in the database.
7. Content Hash (32 bytes): hash of the decrypted data.
8. Transform Seed (32 bytes): used to create a master key.
9. Transform Rounds (4 bytes): used to create a master key.

KeePass 2.x header

In .kdbx files, each header field consists of 3 parts:

1. Field ID (1 byte): possible values ​​from 0 to 10.
2. Data length (2 bytes).
3. Data ([data length] bytes)

The header of the .kdbx file consists of the following fields:

• ID=0x01 Comment: This field can be present in the header, but it was not present in my database.
• ID=0x02 Cipher ID: UUID indicating the encryption method used (for example, for AES 256 UUID = ).
• ID=0x03 Compression Flags: ID of the algorithm used to compress the database:
  • 0x00: None;
  • 0x01: GZip.
• ID=0x04 Master Seed: used to create a master key.
• ID=0x05 Transform Seed: used to create a master key.
• ID=0x06 Transform Rounds: used to create a master key.
• ID=0x07 Encryption IV: used to decrypt data.
• ID=0x08 Protected Stream Key: used to decrypt passwords.
• ID=0x09 Stream Start Bytes: first 32 bytes of the decrypted database. They are used to verify the integrity of the decrypted data and the correctness of the master key. These 32 bytes are randomly generated every time changes are made to the file.
• ID=0x0A Inner Random Stream ID: ID of the algorithm used to decrypt passwords:
  • 0x00: None;
  • 0x01:ARC4;
  • 0x02: Salsa20.
• ID=0x00 End of Header: the last field of the database header, after which the database itself begins.

Master key generation

Master key generation occurs in 2 stages:

1. Composite key generation;
2. Generating a master key based on a composite key.

1. Composite key generation

The SHA256 hash algorithm is used to generate a composite key. The tables below provide pseudocode for generating a composite key based on which version of KeePass is used and what input is required to decrypt the database (password only, key file only, or both):

KeePass 1.x

KeePass 2.x

Please note that if several entities are needed to decrypt a database (for example, a password and a key file), then you first need to get a hash from each entity, and then connect them together (concat) and take the hash from the combined sequence.

2. Generating a master key based on a composite key

1. Need to encrypt the composite key obtained above using the AES-256-ECB algorithm.
   • You need to use the Transform Seed from the header as the key.
   • This encryption needs to be done Transform Rounds (from the header) times.
2. Using SHA256 we get the hash of the encrypted composite key.
3. We connect the Master Seed from the header with the resulting hash.
4. Using SHA256 we get the hash from the concatenated sequence - this is our master key!

Pseudocode

void GenerateMasterKey() ( //encrypt the composite key TransformRounds times for(int i = 0; i< TransformRounds; i++) { result = encrypt_AES_ECB(TransformSeed, composite_key); composite_key = result; }

//get the hash from the encrypted composite key hash = sha256(composite_key); //merge the resulting hash with the MasterSeed field from the header key = concat(MasterSeed, hash); //get the hash from the sequence combined above master_key = sha256(key);

KeePass 1.x data decryption

Immediately after the header, the encrypted database itself begins. The decryption algorithm is as follows:

1. The rest of the file decrypt
2. Using SHA256 we get a hash from the decrypted data ( we do not take into account the bytes from the previous paragraph).
3. We check that the resulting hash matches the Content Hash field from the header:
   • If the hash matches, then we have successfully decrypted our database! You can save the decrypted data as an .xml file and make sure that all logins and passwords are decrypted correctly,
   • If the hash does not match, it means that either the password or key file was provided incorrectly, or the data was corrupted.

Pseudocode

bool DecryptKeePass1x() ( //determine the length of the encrypted database //(file size - signature size - header size) db_len = file_size - signature_size - header_size;

//decrypt the data decrypted_data = decrypt_AES_256_CBC(master_key, EncryptionIV, encrypted_data); //find out the number of “extra” bytes extra = decrypted_data; //get the hash from the data (excluding extra bytes!) content_hash = sha256(decrypted_data[:(db_len - extra)]); //check that the received hash matches the ContentHash field from the header if (ContentHash == content_hash) return true; else return false;

KeePass 2.x data decryption

Immediately after the End of Header field of the header, the encrypted database itself begins. The decryption algorithm is as follows:

1. The rest of the file decrypt using the AES-256-CBC algorithm.
   • We use the master key generated above as the key.
   • We use Encryption IV from the header as the initialization vector.
2. The last few bytes of the decrypted database are redundant - these are several identical bytes at the end of the file (padding). To eliminate their influence, you need to read the last byte of the decrypted database - this is the number of “extra” bytes that do not need to be taken into account in the future.
3. We check that the first 32 bytes of the decrypted database match the Stream Start Bytes field of the header:
   • if the data matches, then we have generated the correct master key,
   • If the data does not match, it means that either an incorrect password, key file or WUA was provided, or the data was corrupted.
4. If the previous step was completed successfully, discard the first 32 bytes. Check the Compression Flags field of the header. If GZip file compression was used, then unpack the data.
5. Let's start checking data integrity. The data is divided into blocks, the maximum block size is 1024*1024. Each data block begins with a header. The header structure is as follows:
   • Block ID (4 bytes): block number starting from 0;
   • Block data hash (32 bytes);
   • Block size (4 bytes).
6. Therefore, the procedure is as follows:
   • Read the block header.
   • We read the block data.
   • Using SHA256 we get a hash from the block data.
   • We check that the hash matches the hash from the header.
7. We carry out the sequence of actions from the previous paragraph for each data block. If the data in all blocks is safe, then we cut out all the block headers, and the resulting sequence is the decrypted database.
8. ATTENTION: Even in a decrypted .kdbx file, passwords may be encrypted.
9. We save the decrypted and headless data as an .xml file.
10. We find in it all the nodes with the name “Value”, the attribute “Protected”, the value of this attribute “True” and take the values ​​of these nodes. These are still encrypted passwords.
11. We decode all encrypted passwords using the base64decode algorithm.
12. In the Inner Random Stream ID header field, we look at what algorithm was used to encrypt the passwords. In my case it was Salsa20.
13. We generate a pseudo-random 64 byte sequence using the Salsa20 algorithm:
    • As a key, we use the hash of the header's Protected Stream Key field, obtained using SHA256.
    • We use the constant 8-byte sequence 0xE830094B97205D2A as the initialization vector.
14. IMPORTANT: Using this 64 byte sequence you can decrypt exactly 64 characters in order of decoded passwords concatenated together. If this is not enough to decrypt all passwords, you need to generate the next pseudo-random sequence and continue decrypting passwords, etc. to end.
15. To obtain the final password, you need to XOR the password decoded using base64decode with the pseudo-random sequence obtained in the previous paragraph (the sequence of actions is more clearly presented in the pseudo-code below).
16. VERY IMPORTANT: Passwords must be decrypted in order! Exactly in the order in which they are presented in xml file.
17. We find in the xml file all nodes with the name “Value”, the attribute “Protected”, the value of this attribute “True”:
    • Replace the attribute value with “False”.
    • We replace the node value with the decrypted password.
18. And only now we have a fully decrypted KeePass 2.x database! Hurray! =)

Pseudocode

bool DecryptKeePass2x() ( //determine the length of the encrypted database //(file size - signature size - header size) db_len = file_size - signature_size - header_size;

//decrypt the data decrypted_data = decrypt_AES_256_CBC(master_key, EncryptionIV, encrypted_data); //find out the number of “extra” bytes extra = decrypted_data; db_len -= extra; //check that the first 32 bytes of the decrypted database //match the StreamStartBytes header field if (StreamStartBytes != decrypted_data) return false; //discard these 32 bytes db_len -= 32; decrypted_data += 32; //check the CompressionFlag field of the header //if the file was compressed, unpack it if (CompressionFlag == 1) unzip(decrypted_data); //check the integrity of the data while (db_len > (BlockHeaderSize)) ( //read the database header block_data = decrypted_data; decrypted_data += BlockHeaderSize; db_len -= BlockHeaderSize; if (block_data.blockDataSize == 0) ( break; ) //get block data hash hash = sha256(decrypted_data); //check that the received hash matches the hash from the header if(block_data.blockDataHash == hash) ( pure_data += decrypted_data; decrypted_data += block_data.blockDataSize; db_len -= block_data.blockDataSize ; ) else ( return false; ) ) //save the decrypted and headless data as an xml file xml = pure_data.ToXml(); //get the hash from the header's ProtectedStreamKey field key = sha256(ProtectedStreamKey); //initialize the Salsa20 algorithm IV_SALSA = 0xE830094B97205D2A; salsa.setKey(key); salsa.setIv(IV_SALSA); stream_pointer = 0; key_stream = salsa.generateKeyStream(); //decrypt passwords while(true) ( ​​//find the next node in order with the name "Value", //attribute "Protected", attribute value "True" node = xml.FindNextElement("Value", "Protected", "True" ); if (node ​​== NULL) ( break; ) //take the node value and decode using the base64decode algorithm decoded_pass = base64decode(node.value); //decrypt the password using a pseudo-random sequence key_stream for (int i = 0; i< len(decoded_pass); i++) { decoded_pass[i] = decoded_pass[i] ^ key_stream; stream_pointer++; //если 64 байтной псевдослучайной последовательности не хватило, //генерируем еще одну последовательность if (stream_pointer >= 64) ( key_stream = salsa.generateKeyStream(); stream_pointer = 0; ) ) //replace the value of the "Protected" attribute with "False" node.attribute.value = "False"; //заменяем зашифрованный пароль дешифрованным node.value = decoded_pass; } return true; !}

That's basically all I wanted to tell you. I hope this guide will save someone from unnecessary headaches and will be educational and informative =)

Tags:

• cryptography
• keepass
• aes-256
• sha256

Add tags

Using the Internet and computers, we have more and more passwords. These are passwords and logins for the mailbox, for Skype, for the sites on which we registered (VKontakte, Odnoklassniki, etc.), and more advanced users also use passwords for different programs, FTP passwords, license keys and this list can go on for a long time. The more passwords we have (of course, also logins for them), the more obvious it is that we need some kind of reliable storage for them. Of course, we can create a .txt document and record and store everything there. Perhaps, reading these lines, you think: “I’m doing just that, why is this bad?” It may not be bad, but it’s not convenient, and besides, there are more The best way storing passwords. I'm sure you'll like it. This method is using a password manager called KeePass. What are its advantages?

1) All your passwords are in a program that is reliably protected from password hacking and they are encrypted with the AES algorithm (128-bit block cipher using a 256-bit key). When entering the program, you must enter a password, otherwise you will not be able to gain access. It is recommended that the password consist of at least 20 characters; if an attacker wants to guess such a password, it will take him decades; It’s unlikely that anyone will be interested in guessing such a long password;
2) Convenient program interface, you can combine groups into passwords (for example, the group “ Social media", group "Mail");
3) Auto-dial function - the program can automatically enter your login and password;
4) Portable version KeePass allows you to conveniently carry all your passwords with you on a flash drive;
5) KeePass includes a password generator, so now you don’t have to come up with them yourself. The password generator also contains additional settings, allowing you to specify which characters to use or not to use and how many times they should appear in one password.

These are the main advantages. Now let's look at how to work with the KeePass program. Let's start with the installation and Russification of KeePass. (Download the KeePass program at the end of this article). The installation is intuitive, so we won’t dwell on it. After installation, the program needs to be Russified. To do this, in the archive that you downloaded, find the “Russian” file and copy it to the folder with installed program. Typically the path is: “C /Programm Files/KeePass Password Safe”. But there may be another way, depending on your settings.

Then we launch the program. When you launch it for the first time, you will see the following window:

We are asked whether to enable automatic update. Of course, this needs to be done, so we select the first option: “Enable (recommend)”. We will see the main window of the program:

KeePass is still in English and Russification needs to be completed. To complete it, go to: View/Change Language. Screenshot:

Here we select Russian language

This is how the Russification of KeePass takes place.

Now let's start creating our password database. To do this, press: File/New, or simply Ctrl+N.

We come up with a name for our database and click “Save”. Pay attention to where you save the password database, since from now on all your passwords will be stored here. For example, if you want to transfer your password database to another computer, you will need to copy this file. There may be some other situations where you will need a password database file. So keep it where you can easily find it. Take it to heart important point extremely carefully.

Here we need to come up with a main password that will be used when logging into the program. It must be at least 20 characters, as mentioned at the beginning of the article. A password of less than 20 characters should not be used; Don't skimp on the number of characters in your password. Now this will be the only password you need to remember; others will be stored in the program. Also check the box next to “Key file”; without it, even if you know the password, you will not be able to enter the program. This step will make it more difficult to hack your password database if someone tries to do so. This is the kind of protection used in KeePass. Click “New”.

Here we set the name of the key file and save it. Remember where you save it. The password database file and the key file are the two main files that are required to log into the password database. You must not lose them, otherwise you will regain access to those saved in KeePass passwords will not work.

In this window you need to generate random numbers. Although it sounds complicated, it is very simple to do. Move your mouse cursor over the gray area and random numbers will be generated. “How long will it take to move the mouse over the gray area?” - you ask. Please note that there is an empty area at the bottom (the second arrow points to it). Move the mouse randomly until this area is filled.

What should be the result? Let's look at the screenshot:

We see that the number of bits is 256, this means that we did everything correctly and now click “OK”. Our key is ready!

Now everything is ready here too. Click "OK".

In the "Create" window new base passwords" click "OK".

Everything is ready and in the screenshot we can see what KeePass looks like.

As mentioned at the beginning of the article, in this program passwords can be sorted into groups. By default, it already contains groups for storing passwords and test password records. Groups are on the left and passwords are on the right. Of course, we don't need test records. We delete them.

We also delete groups. If the groups that already exist suit you, you don’t have to delete them. We will delete existing groups and create other, new ones. To delete a group, click on it right click mouse and select “Delete group”.

So, the groups have been deleted, and now we are creating new ones. To do this, go to Edit/Add group

Enter the name of the group. Let us store passwords to our mailboxes. Let’s call this group of passwords “Mail”. Screenshot:

As you can see, we have a group of passwords we created called “Mails”. A correctly chosen name makes it easier to understand what the passwords that are stored there refer to. Conclusion: give clear names and you will find the desired entry easier and faster.

The next task is to make a post in the group. As you may have guessed, the record will store your email login and password, as well as some other useful things. Let's talk about them a little further. Now let's see how to add an entry to a group. To do this, go to “Edit/Add entry...”

The “Add Entry” window has opened.

We fill out the form, 1) come up with a name for the entry, 2) the name is the login, 3) erase the password that we already have and enter the one that we use for mail, you can also set a link to the page on which you will need to enter the login and password and write comments as well. In the comments we can indicate the answer to Security Question or some other data that we provided during registration, in general, everything we need. Here's an example:

This is what the created entry looks like.

By the way, the login (in KeePass it is called Name) can be hidden with asterisks, similar to how a password is hidden. To do this, go to the View tab and select the appropriate item.

Let's summarize the work done. We have added one entry and this is quite enough to understand how this process works. Now you can similarly transfer all your passwords to this program. This way, you will create your own database and be able to conveniently and quickly find the combinations of logins and passwords you need.

How now to “pull” the login and password from the record? Right-click on the entries. Let's look at the screenshot:

A menu appeared. Having looked at it carefully, you can see that you can copy the name, copy the password, change and delete the entry. These are the most basic functions. But there is another very useful feature here, which is called “Start Auto-Dialing”. How to use it? First, place the cursor in the login field in the form on the website, and then go to the entry and select “Start autodialing.” The program will automatically enter your login and password.

Another one useful thing, which is available in KeePass - a password generator. I hope everyone understands what it is and why it is needed. It is located in the tools tab. Everything is intuitive there, I think it won’t be difficult to figure it out.

This is where we can finish. Best wishes to you.