new format of keepass (2) database file and hashcat

Question

I created test DB file (.kdbx) using KeePassX, after that used keepass2john Python port from this site, but changed line 88:

index += 2

to

index += 4

because the size of this field is 4 bytes instead of 2 (program will show wrong results without this change). It outputs test.hash:

$keepass$*2*0*253*e73cfb2502b6e543902ec7db45c751195c3dd8b8531b744537cbeebd8c641ecd**59ac17e7e0a201e1fae906371d65f6c6**8753d87e52c88988d168c9a4c75e76febecc74fd6ba40c7254d1c47f672d5bbf

After that, I used hashcat, v. 5.1.0 with:

hashcat -a 0 -m 13400 test.hash example.dict

In output i see an error:

Hashfile 'test.hash' on line 1 ($keepa...becc74fd6ba40c7254d1c47f672d5bbf): 
Token length exception
No hashes loaded.

What's wrong? Keepass changed format of DB file and hashcat can't correctly crack it?

In this case, you need to know what hashcat expects to be the length. They provide examples for the different formats here: https://hashcat.net/wiki/doku.php?id=example_hashes — schroeder, Sep 25 '19 at 09:45
yeah, and i 've changed `*0*` to `*6000*`. like they advice but still got this error. — MrSetplus, Sep 25 '19 at 09:54
are the rest of the fields within the size expectations? one of them won't be — schroeder, Sep 25 '19 at 09:55
unfortunately, no, cause some fields are empty (there are no such parameters in `.kdbx` file) — MrSetplus, Sep 25 '19 at 09:58
either the Python port messed up or hashcat doesn't have a format for this — schroeder, Sep 25 '19 at 09:59
but how can i correctly provide correct string to haschat without some parameters? — MrSetplus, Sep 25 '19 at 09:59

score 3 · Answer 1 · edited Dec 23 '20 at 18:00

3

This question was cross-posted on the hashcat GitHub and answered here.

The relevant keepass2john comments say that only versions prior to KeePass 2.36 are supported for conversion.

Newer versions may use Argon2 or ChaCha20, but hashcat does not support these at this writing. See also related posts on the John the Ripper GitHub issue.

edited Dec 23 '20 at 18:00

Ben

3,846
1
9
22

answered Sep 26 '19 at 18:30

Royce Williams

9,128
1
31
55

new format of keepass (2) database file and hashcat

1 Answers1