john icon indicating copy to clipboard operation
john copied to clipboard

Published 20 hours ago verified publisher icon openwall

Add support for Kaspersky Vault

Open Mrincred opened this issue 7 years ago • 10 comments

Feature request to add cracking for support of the .kde file extension of Kaspersky Vault. Details of the vault can be found at the below links.

https://support.kaspersky.com/11404 https://fileinfo.com/extension/kde

Mrincred avatar Feb 26 '18 18:02 Mrincred

No real technical information (e.g. KDF, file layout) is available on those links (or on the internet?). This task will likely involve non-trivial amount of reverse engineering work.

kholia avatar Feb 27 '18 04:02 kholia

One of the products supporting this stuff, Kaspersky PURE 3.0, was EOL'ed in 2016.

kholia avatar Feb 27 '18 04:02 kholia

Kaspersky PURE 3.0 EOL'ed but it has been permanently added to Kaspersky Total Security 2016, Kaspersky Total Security 2017, and future Kaspersky products.

Mrincred avatar Mar 01 '18 13:03 Mrincred

Thanks for this information. Since, it is a relatively obscure proprietary file format, I don't think that anyone will volunteer to add such support anytime soon.

kholia avatar Mar 01 '18 14:03 kholia

Since, it is a relatively obscure proprietary file format, I don't think that anyone will volunteer to add such support anytime soon.

I agree, although if anyone does a bit of research or reverse-engineering we'd likely be interested to help, try theories or just act as your rubber duck.

BTW, from https://support.kaspersky.com/11404: "Vaults are encrypted with the 256-bit Advanced Encryption Standard (AES) block cipher with the effective key length of 56 bit."

That's an odd, and short, key length these days. I wonder what that tells us.

magnumripper avatar Mar 01 '18 15:03 magnumripper

I hope this bit of information helps.

Just from searching the product forum I found, "encrypted with the AES XTS 256 block cipher with the effective key length of 56 bit."

https://support.kaspersky.com/12731

Mrincred avatar Mar 02 '18 10:03 Mrincred

What about the details of the file format, KDF (key derivation function), and the password verifier involved? Someone would need to reverse-engineer all these low-level exact details. Without such work, there won't be any progress on this task.

kholia avatar Mar 02 '18 11:03 kholia

Hi ! Does anyone has investigated further on this .kde KryptoStorage Kaspersky format please ?

BrianEARTH avatar Aug 26 '23 18:08 BrianEARTH

@BrianEARTH As far as I'm aware, no progress on this has been made, and I wouldn't expect it to be made unless someone new joins the effort and contributes.

solardiz avatar Aug 26 '23 20:08 solardiz

@solardiz Thx for your answer ... I will keep my old file on my hdd if one day someone find a solution !!!

BrianEARTH avatar Aug 26 '23 20:08 BrianEARTH