Hi all, Linux user here. Was migrating to a new laptop and had no idea cryptomator keys were stored in Gome Seahorse keyring. (I don’t use Gnome) So that got blown away, and i only discovered after. I was careful to bring all cryptomator files and settings folders across, but had NO idea the passwords were stored elsewhere… Ouch guys. I even remember seeing the gnome keyring and not copying it because i though “nobody uses that dumb thing”… (horror)
I’ve tried to recover the old GNU keyring but the old laptop is already nuked in prep for a new user.
I also was an idiot and left the default “remember password” on, so Cryptomator never trained me on the password. When migrating from ENCFS i changed the old PW for good opsec. But I knew I should have turned that “remember” feature off. But i was lazy, it was super convenient, and 1.5 years later, I have no idea what the PW for the most vital volume is. (Feature suggestion: Like signal messenger, challenge users to make sure they know their PW if the “remember PW” feature is on. They might be storing their recovery keys in a Cryptomator volume… I would laugh at my stupidity if i wasn’t so screwed…)
So i’m forced to ask for help on something unconventional: Any tips on how to get “john” or a similar tool to help me find the password? The lost password wasn’t a very good one, and i have a short dictionary which i’ve built with about 20 “password fragments” I tend to use. Shouldn’t be hard for a robot to crack it armed with my dictionary.
If anyone is interested in helping, i’d also like to point out that I do not expect free help. I’d be more than happy to pay handsomely for the help. In this critical volume is my password manager for my whole life, plus basically every personal photo I’ve ever taken… Cryptomator was automaticlaly opening it for many months since i paid for a support key and switched from ENCFS…
Hey guys, finally working on this, but have hit a stumbling block. Just to test I’ve made a masterkey.cryptomator file with a known password, and after some monkeying about, was able to convince the tool to produce “Success: testpassword”. Huzzah.
I’m not sure though how best to generate password permutations to feed into thie tool… I have a text file with my PW ingredients, but it does not generate success. Where I’m at:
Peeking in the source code, the tool appears quite straightforward and doesn’t seem to be doing any permutations internally as far as i can tell.
Looking online, i found a few tools, but i can’t quite make them behave. Capp is close but can’t figure how to get it to do what i need. Crunch seems closer, but the -p permutation argument seems to always combine ALL words in a list with no way to limit permutations to sequences of only X words. If i put 25 words in my recipe list, it really doesn’t help that crunch only permutes ALL 25 into mega long strings.
What’s needed: To go through my recipe word ingredient list and generate combos of between 1 and 4 words, with case and 1337 substitutions. I’m 99.9% sure this will catch my lost PW while generating a list that is short enough to process before the heat death of the universe.
Sorry to answer myself but disregard the above. I managed to write a script in Python to generate decent wordlists using the itertools library. Good stuff, just cranked out 1.4 million permutations which should get the job done after a bit of testing. If anyone’s interested, I can share my ugly code.
However now the cryptomator cracker is reporting only 2 guesses per second…
Before i settle in for a long grind, Is this low speed to be expected? Or am i being dumb about something? If i sit in the cryptomator client pecking in the password field like a mad man, i can almost make the same speed by hand, without any noticeable CPU spike, so it doesn’t seem like the key test is very intensive to my naive eye… There’s a file called “cracker-linux” but i couldn’t convince it to do anything, so am using the “cracker-0.1.1-fat.jar” file.
No. When i use the jar with a big password list (the known rockyou.txt with ~14mil entries), i still get full CPU load and 40 guesses per second. (Ryzen 5 3600, 6 Cores)
Are you generating the password guesses on the fly? Depending on your computation method this could take long.
Hi there Infeo, and thanks for the tip. Not sure why it was so slow on my box - java is an inscrutable pile of woe to my feeble mind with its forks and environments. I’m more of a python guy. But the good news is that i just hacked on my list generator (python) for a few hours to narrow it down to around a million “most likely guesses”…
And low and behold it worked! You guys rock!! Data is back in my possession, and my forehead is still red from the thunderous face-palm when i saw the lost password… Not feeling super smart, but very happy none the less! Major learning moment, i’ve restructured where my PW and key files reside so that they aren’t IN the freaking container. Bloody 'ell. 8-| And I will NEVER tick that damn “remember password” box, gotta train the brain.
For info, it took somewhere between 3 and 14 days. (I stopped checking on it after a few days, forgot about it till last night.) On the speed point speed, I tried it on 2 random linux boxes here and it was dog slow on both. Env: Linux mint mate, with a pre-made guess file. Showed CPU load, but the tool just reported very slow guess rates between .5 and 2 per second. Maybe it was untruthful / buggy about the guess rate, or maybe something about my environment is funky, no idea, though it’s all very vanilla… But who cares, thanks a zillion all!
I would laugh at my stupidity if i wasn’t so screwed…)
,
