SecureFolderFS icon indicating copy to clipboard operation
SecureFolderFS copied to clipboard

Published 20 hours ago verified publisher icon securefolderfs-community

I forgot the password any way to recover? 🥲 I have my personal family PICS in it.

Open uuc110 opened this issue 1 year ago • 17 comments

Description

I forgot my password and I don't know what is it

To Reproduce

just forgot the password

Evidence

No response

App Version

0.4.0.0

OS Version

Win 11 PRO

Diagnostic information

No response

uuc110 avatar Aug 20 '23 18:08 uuc110

SecureFolderFS is designed to put the encryption keys in users' hands. In other words, there's no central entity to manage the encryption keys which would create distrust among the users. Your best bet in this situation would be to guess or brute-force the password.

d2dyno1 avatar Aug 20 '23 18:08 d2dyno1

SecureFolderFS is designed to put the encryption keys in users' hands. In other words, there's no central entity to manage the encryption keys which would create distrust among the users. Your best bet in this situation would be to guess or brute-force the password.

I do have some GPT custom created list of password which might be possibe combination? is there any way to try that on SecureFolderFS? like using bruteforce automation

uuc110 avatar Aug 20 '23 18:08 uuc110

There are probably UI tools available that'd help automate the copying and pasting process, though I'm not aware of any. However, if you're familiar with coding, this is the place where the encryption key is derived. (If the method .UnwrapKey() throws, it means that the password was incorrect)

d2dyno1 avatar Aug 20 '23 19:08 d2dyno1

There are probably UI tools available that'd help automate the copying and pasting process, though I'm not aware of any. However, if you're familiar with coding, this is the place where the encryption key is derived. (If the method .UnwrapKey() throws, it means that the password was incorrect)

Oh that's totally great, hey do you think I can reverse engineer this? 😬like Going thought code and other process since after encrypting it give use c_encryptionKey, c_macKey, salt and this too hmacsha256mac, using this can I do this? or is it impossible?

and I asked GPT it said I need something nonce and tag?? does SecurefolderFS encryption follow that process ?

uuc110 avatar Aug 20 '23 19:08 uuc110

This is roughly the process that SFFS uses:

keystore = ReadDataFromFile("keystore.cfg");
kek = Argon2id.Derive(pass: password, salt: keystore.salt);

encKey = Rfc3394.Unwrap(key: kek, wrapped: keystore.c_encryptionKey);
macKey = Rfc3394.Unwrap(key: kek, wrapped: keystore.c_macKey);

Also, my friend has put together a simple console app that is a fork of this repo to help you with just that https://github.com/securefolderfs-community/SecureFolderFS/compare/master...taj-ny:SecureFolderFS:bruteforce

You can clone their fork and build the project :)

d2dyno1 avatar Aug 20 '23 19:08 d2dyno1

image here is for your better understanding

uuc110 avatar Aug 22 '23 17:08 uuc110

Do you have .NET 7.0 runtime installed? Or alternatively, you can try clearing nuget cache or clear the file found in %appdata%\NuGet\NuGet.Config

d2dyno1 avatar Aug 22 '23 18:08 d2dyno1

Do you have .NET 7.0 runtime installed? Or alternatively, you can try clearing nuget cache or clear the file found in %appdata%\NuGet\NuGet.Config

yea I have latest 7.0.4. though it wasn't installed, When I installed Jetbrain raider. I got 7.0.309 Version. and it wasn't detecting i guess. so I installed Manually 7.0.4 but still it was shoing same error.

and yea lemme try that.

uuc110 avatar Aug 22 '23 18:08 uuc110

yea I did. Nothing changed still same error, I asked chatGPT it says, "net7.0" is invalid way of writing framwork thing, can you check on your end by builing the brutforce fork repo

uuc110 avatar Aug 22 '23 18:08 uuc110

Did you clone recursively? Verify that folders inside the lib folder are not empty. But if you can't find the problem, I can send you pre-built binaries if you want 🙂

d2dyno1 avatar Aug 22 '23 20:08 d2dyno1

Sure do that, Coz yea my lib was empty. so I reclone the repo. But I'm still getting same issue. image

this is my Dot net info image

uuc110 avatar Aug 26 '23 06:08 uuc110

Can hou send me direct build release for brutforce? Please, seems I'm not able to do it

uuc110 avatar Aug 26 '23 06:08 uuc110

Sure! @uuc110

SecureFolderFS-bruteforce.zip

d2dyno1 avatar Aug 26 '23 12:08 d2dyno1

Thanks dude🙇🙏 I really appreciate your help. i gussed more than 500+ passwords still no reach. Seems I have to crack it, rather then guess it. by the way if there is a possible way to forgot password, by editing code or bypassing it. lemme know

uuc110 avatar Aug 26 '23 13:08 uuc110

as I said I have to crack it, can you tell me if I can know nonces ? it is require to decode it

uuc110 avatar Aug 26 '23 16:08 uuc110

I don't have any 'nonces' nor are there any backdoors to avoid the encryption

d2dyno1 avatar Aug 26 '23 20:08 d2dyno1

I don't have any 'nonces' nor are there any backdoors to avoid the encryption

Hey hi dude, I was trying to tinker with brutforcer, so was thinking does it support parallel Bruteforcing, or can i do something like that, like using rules and other stuff which we use in general for password cracking techniques

uuc110 avatar Mar 29 '24 20:03 uuc110