My friend has lost the master password to their Bitwarden account. He has a set of possible passwords that could work, but not certain of its ordering, casing, or spacing. Both of us have tried different combinations but there is a limit to it thanks to the captcha on the web interface.
I was considering whether it is possible to extract the encrypted data from his phone, and try decrypting it with a larger combination of possible passwords using a data list. This is however foiled by the Android app’s allowBackup=false in its manifest XML file. This prevents adb backup and adb pull also doesn’t work without root access.
The only way forward I believe is to root the phone, which runs the risk of deleting data, and introducing unvetted, possibly hostile software to the phone.
If anyone has any ideas on how to proceed here, that would be very much appreciated. Thanks.
I don’t believe there is any way to recover the password if it has been forgotten - in fact, I’d be concerned if there was! Does your friend have a backup of their vault?
Does your friend have bitwarden on his PC like windows ? Apparently if you had used “remember me” while signing in from dektop client , it does allow a lot more tries than the mobile client without captcha
Regarding your theory of extracting the db file and then possibly using a different client also looks highly doubtful to me as you will still need to connect to the internet to unlock the vault. The reason for this is because you will also need the “symmetric key” which actually decrypts the vault and not your master password. You master password encrypts the symmetric key in turn. So in addition to the Db file you’ll also need the protected symmetric key which i also don’t know where it gets stored in mobile client. In case of desktop its gets stored in a file “lcoal state” , though not sure.
Refer the screenshot from Bitwarden whitepaper for more info
Thanks @Gaurav, @danmullen. He has used BitWarden from his mobile phone alone, and never wrote down the master password.
He doesn’t recollect using the password in the last year or two - he says unlocking using his fingerprint in Android used to be enough.
A few days ago he had a scrape on his finger, and his fingerprint stopped working. It has healed and has returned to normal and other apps are now unlocking with fingerprint now. But by then he had exhausted his invalid attempts in BitWarden mobile app, and now it is asking for his master password.
Since he don’t even recollect typing the master password in a long time, the only thing we have got going is his password hint. The hint sounds very straightforward, but following it in the obvious ways is not unlocking anything.
So we’re only trying to recover the master password based on the hint, and not to fully decrypt the vault. I was hoping to possibly generate about 10k combinations of possible passwords using the hint.
The hint is, paraphrased and anonymized: “(a certain word) [at] (a certain date)”. I’m thinking I’ll try generating combinations with sentence casing, title casing etc. and different date formats and different portions of the date and so on.
Okay , thanks for sharing the github project link. So apparently the 2fA token and the protected symmetric key are included in the database file itself, so in theory you could decrypt the vault using the given python tool. Though you still need to figure out how to extract the database file
@andora - The Python tool that you found only lets you decrypt the local vault if you still know the master password. To do brute force cracking, you need a tool like Hashcat. If you just want to try some combinations manually, you can also use Bitwarden’s interactive cryptography tool. In both cases, you will need the Master Key Hash, which is stored in the field keyHash in the data.json file. If you use Bitwarden’s interactive tool, you will need to first save a local copy of the HTML and edit it to increase the number of iterations in the final PBKDF2-HMAC-SHA256 hashing from 1 to 2.
So the problem that remains is that you still need a way to at the very least open the local data.json file in a text editor (to get the keyHash value).
Thank you @grb - that’s very helpful. Since the page is in JS, I can simply edit it to try different master passwords until the master password hash is the one that is stored in his phone.
I believe the next step is to then root the Android phone without losing any data, and see what is inside the /data/com.x8bit.bitwarden folder. If it contains data.json in an accessible manner, we’re one step closer.
The likelihood of all this working is miniscule, but if anything comes out of it, I’ll let you folks know here.
Do you need to “root” the phone? Can’t you just connect the phone by USB cable to a PC? When I do that on mine, I can see a drive called Internal shared storage. Perhaps you can look around there (I don’t have Bitwarden installed on my phone, but I can see that there are other application data directories called com.XXXX under the \Android\data\ directory).
If you can get the data.json file, and if the master password is as knowable as you say it is, then I say you have a high likelihood of success.
I haven’t done any Android development, so maybe this is wrong. But what I saw in \Android\data\com.x8bit.bitwarden (suffixed with a random unique string, which can be found by running adb shell pm list packages) are just the .apk files, and not the data.
The data is in the root: \data\com.x8bit.bitwarden. This is not accessible without root permission. The other way is to use adb run-as so that we can act as the package and have access to its private data. However it doesn’t work on production builds, only on debug builds.
Rooting the phone however will give sudo/su which should let me use adb shell to go inside the actual data folder. I’ve never done rooting, and it seem to require downloading and installing a lot of untrusted software from random sources. I think I’ll do all that in a throwaway device first.
Then I’ll get the data.json of a known master password, setup a JS script to run a bunch of combinations and see if it finds the known password. If all that works, then we have a prayer of getting it to work in the main device (assuming my friend wrote a valid hint that does represent the password).
OK, looks like you’ll need to root the phone then.
If you are also able to code in Python, you can adapt the skeleton script found in this old Reddit post. However, as I noted above, Bitwarden’s encryption scheme has changed slightly for locally stored vault copies (changing the iteration count for the final hashing of the master key), so the second call to hashlib.pbkdf2_hmac needs to have 2 instead of 1 as its fourth argument:
masterkeyhash = hashlib.pbkdf2_hmac(
'sha256',
masterkey,
password.encode('utf-8'),
2 #This value was changed
)
In Bitwarden’s Javascript tool, the command that you need to change is on Line 481 — change the third argument from 1 to 2:
I have no relevant experience with this either, but I was interested, so I did some googling… Seems it is not possible to root without wiping the device. However, the information provided in the page linked below indicates that you can first backup your system data using adb, then root the device (wiping the data), and finally restore the backup onto your now rooted device:
However, please note that the linked guide is from 2014, so you may want to do some due diligence to check that the information is still valid in 2022.
For backing up the app data , i had an idea about the google one app which could possibly allow you backing up app data.
You can try backing up your device , and if bitwarden supports that google backup iy might copy the data.
Then you can actually try to restore this data on a separate device which you can root , maybe even on an emulator with root first to avoid wiping your existing data on your phone in order to root it.
Neverthless this is a reminder that you should never forget your master password and take unencrypted backups at a secure place on a regular basis
@andora did you have any luck? I find myself in a similar situation (I use variations on a master passphrase, no case sensitivity though just a pool of words that fit a particular pattern) and if your plan worked I’d be interested in learning what exactly you did.
@ddejohn The approach described in this thread only works if you still have a Bitwarden app that is logged in (which you don’t).
However, since you were apparently using Chrome, you can try to use Steps 4-6 of the method described in this bug report to see if you are able to find the value of the keyHash parameter for your cached vault. If so, there may be hope.
