floralys Posted October 12, 2016 Posted October 12, 2016 Hi, I purchased mSecure for Android. Now I don't own an Android device anymore and I want to import my msecurebackupfile to mSecure for windows. But I'm an idiot and i forgot my password. I remember the first 12 letters but I remember that I once thought "12 letters is not enough" and put 3 or 4 letters more. Now I'm looking for a way to brute-force it. when msecure for windows starts, you can enter the password, hit Return and if it is wrong then you can enter again, don't have to click an okay button. I hope anyone can help me ! Regards Flora Quote
0phoi5 Posted October 12, 2016 Posted October 12, 2016 (edited) I was not able to find the file structure for mSecure on the internet, however if you access your Androids root folder structure and go in to /usr, you may be able to find a file in there you can run an attack against. *Edit* Looks like the file extension is .mscx *Edit* Correction, it was replaced by .msim - Try searching for this file extension within your Android file structure. mSecure uses 256 bit Blowfish Encryption. The hashes should look like '$2a$12$.Wrdfw4P534krDPfBr7RDulHxAbDFIfwXBK9K8ndFXDPHyDSu8SIW' You may be able to crack this in Hashcat using mode 3200, but I am not certain. Edited October 12, 2016 by haze1434 Quote
0phoi5 Posted October 12, 2016 Posted October 12, 2016 3 hours ago, floralys said: Now I don't own an Android device anymore and I want to import my msecurebackupfile to mSecure for windows. Just re-read. You can't import your mSecure backup file from thin air, you'd need the phone with the file on it. You will need to contact their customer support. Quote
floralys Posted October 14, 2016 Author Posted October 14, 2016 Thank you! I have the *.msim file from my dropbox drive to which I was sync'ing and auto-backup'ing. I also have access to the msecure.db sql-database itself. Is this heplful? Quote
floralys Posted October 14, 2016 Author Posted October 14, 2016 But as far as I understand I need to have the hash file, right? Quote
0phoi5 Posted October 14, 2016 Posted October 14, 2016 (edited) Hmm, found this; "We cannot decrypt an mSecure or mBackup backup file. 256bit Blowfish encryption has never been decrypted." https://support.msecure.com/forums/topic/how-can-i-recover-my-forgotten-itunes-backup-password Looks like my reference in the post on Wednesday 12/10/16 was incorrect, mode 3200 must be an older version of the same type of encryption. Edited October 14, 2016 by haze1434 Quote
floralys Posted October 14, 2016 Author Posted October 14, 2016 I found this: " mSecure stores data in NSKeyArchiver files at Documents/msecure.db Data encrypted with Blowfish Master key is SHA-256 of master password Fixed string encrypted on master key is stored for password verification" So the password is encrypted with SHA and there is no hash file for that nor for the database? Quote
livialivia Posted December 8, 2016 Posted December 8, 2016 My windows passwords are provided by password manager Password Manager Windows 7 which are powerful in cracking resetting and recovery and I don`t need to remember by myself..if you need hope to give you some help and it is free.. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.