Jump to content

how enter passwords on msecure database (brute-force)


Recommended Posts

Posted

Hi,

I purchased mSecure for Android.

Now I don't own an Android device anymore and I want to import my msecurebackupfile to mSecure for windows.

 

But I'm an idiot and i forgot my password.

I remember the first 12 letters but I remember that I once thought "12 letters is not enough" and put 3 or 4 letters more.

Now I'm looking for a way to brute-force it.

when msecure for windows starts, you can enter the password, hit Return and if it is wrong then you can enter again, don't have to click an okay button.

I hope anyone can help me !

Regards

 

Flora

Posted (edited)

I was not able to find the file structure for mSecure on the internet, however if you access your Androids root folder structure and go in to /usr, you may be able to find a file in there you can run an attack against.

*Edit* Looks like the file extension is .mscx

*Edit* Correction, it was replaced by .msim - Try searching for this file extension within your Android file structure.

mSecure uses 256 bit Blowfish Encryption. The hashes should look like '$2a$12$.Wrdfw4P534krDPfBr7RDulHxAbDFIfwXBK9K8ndFXDPHyDSu8SIW'

You may be able to crack this in Hashcat using mode 3200, but I am not certain.

Edited by haze1434
Posted
3 hours ago, floralys said:

Now I don't own an Android device anymore and I want to import my msecurebackupfile to mSecure for windows.

Just re-read. You can't import your mSecure backup file from thin air, you'd need the phone with the file on it. You will need to contact their customer support.

Posted

Thank you!

I have the *.msim file from my dropbox drive to which I was sync'ing and auto-backup'ing.

I also have access to the msecure.db sql-database itself. Is this heplful? 

 

 

 

Posted (edited)

Hmm, found this;

"We cannot decrypt an mSecure or mBackup backup file. 256bit Blowfish encryption has never been decrypted."

https://support.msecure.com/forums/topic/how-can-i-recover-my-forgotten-itunes-backup-password

 

Looks like my reference in the post on Wednesday 12/10/16 was incorrect, mode 3200 must be an older version of the same type of encryption.

Edited by haze1434
Posted

I found this:

" mSecure stores data in NSKeyArchiver files at Documents/msecure.db

Data encrypted with Blowfish

Master key is SHA-256 of master password

Fixed string encrypted on master key is 
stored for password verification"

So the password is encrypted with SHA  and there is no hash file for that nor for the database?

 

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...