|
ForgotPassword
What to do if you forget your password
Featured If you forget your password, your data is not recoverable. Encryption and Authentication is different - encryption uses your password to generate an encryption key (or keys for asymetric encryption, however Lockbox uses symmetric AES128) to encode and decode your data. The key can't be generated w/o the password - hence the security of encryption. For authentication like logging in to a website, you can often reset your password. This is because you simply need to prove knowledge of what it is, which is accomplished through various methods, but not necessary to retrieve the data. If such a reset method existed, it would be a huge security hole. Currently in 0.5 of Lockbox, you have to delete your data to reset your password. If you installed from the repository here, upon uninstall, it asks you if you want to uninstall. Ste's repository doesn't at the moment. |
► Sign in to add a comment
How about if you remember your password and backed up the Lockbox_v1.dat file. How can you get at this data? Because, if you uninstall and then reinstall (like, say, if you restore your iphone or upgrade to a different firmware) there doesn't seem to be any way of getting at the data! I have reinstalled a fresh copy of Lockbox and then replaced the Lockbox_v1.dat file from backup and then tried to open Lockbox. It continually gives me an "Invalid Password" error.
Through much trial and tribulation, reading the source to Lockbox, SSCrypto and the OpenSSL docs, I have confirmed that the following command on any UNIX box where you have OpenSSL installed will dump your data file out in plain text (albeit very ugly, unformatted, binary-ish looking, but at least your data will be readable in between the gobbly-gook):
# openssl aes-128-cbc -d -nosalt -in Lockbox_v1.dat -k <yourpassword>
Of course, you still need to remember your password. But this may help someone trying to hack.
Not so much a lost password problem, but Lockbox just collapses back to Springboard after I've entered the correct password. I've checked the permissions are set to 755 at both Applications directory, and within var/root/library/ directory. I am on firmware1.1.1 I have also tried uninstalling , and reinstalling Lockbox 0.5 but the problem remains. Please help! thanks
here is some crude code to find Lockbox_v1.dat on raw data partiotion (if you remember you password): ftp://dimonb.selfip.net/lockdecrypt.c compile it: gcc -o lockdecrypt -O2 -lssl lockdecrypt.c and use it at your own risk.
This script could help you in situation where you have to restore you iPhone and have no backed up Lockbox_v1.dat (backup your data!!!) after restoring iphone, install ssh and bsd subsystem.. then copy user partition to your desktop (using dd + ssh). And use this tool to find encrypted data through 8 (or 16Gb) of user partition... it could take some long time.
sample: $ ./lockdecrypt -p "123" -f ~/var.img >scan.log $ cat scan.log | grep found
should printout found values
then use for each found value: $ dd if=~/var.img bs=1 count=4096 skip=<found value> | openssl aes-128-cbc -d -nosalt -k "123" you could see some decrypted data
mdotcheung, you were seeing another issue unrelated to forgetting a password. It's fixed now in 0.7.1.
dimonb and hockeysk8, thanks alot for those useful tips.
Can anybody verify that the raw openssl decryption trick from hockeysk8 still works with v0.7.1? I am getting an error1? and can't see any recognizable passwords in the dump. I hope this doesn't mean that Lockbox_v1.dat is truly corrupted beyond repair...
1? bad decrypt 14232:error:06065064:digital envelope routines:EVP_DecryptFinal?_ex:bad decrypt:evp_enc.c:461:
I love lockbox! Any chance of seeing it on the version 2.0?
@kroesjnov: Similar error message on my iPhone. But then I've installed openssl (and the redistributables) on my Laptop. Using this I was able to decrypt (I remembered the passwort fortunately) the V0.7.1 Lockbox_v01.dat. The output-format is very scrambled (the keys/values/notes are in the middlepart of the file), but with a little work and some tools I was able to recover my passwords.
Hi, ursus, can you teach me how to decrypt my lockbox v0.7.1 .dat file? what program i need to install, if you don't mind, please help! Thanks! _
@jennycylam:
- download openssl from the net (for Windows e.g. Win32OpenSSL-0_9_8i.exe) and install it
- put the dat-file from the iPhone to your computer
- run this command (as mentioned by hockeysk8):
openssl aes-128-cbc -d -nosalt -in Lockbox_v1.dat -k <yourpassword> >output.txt
- open output.txt with a text editor and search for your secret data (as mentioned, the data are hidden somewhere in this file, you have to look carefully to find them)
- then you can reformat the data to create a new csv-import file (see the Wiki tab on this page). Then copy this csv-file to the iphone, import this file to Lockbox and the data are recovered.
- Good luck!