Decoding database

54 views
Skip to first unread message

Max Mopp

unread,
Jul 9, 2017, 10:16:31 AM7/9/17
to mooltipass
I know you deem that as a mistake, but I want to be able to decode passwords in my multipass.

with correct PIN the response is from mooltipass_libusb.py :
AES key extracted: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

and the passwords to my account are not the ones I entered.

the "AES extraced key" seems to get used, because when I change one byte the decoded passwords are different.

Can you please point me in a direction where I am off

Thanks
Max

mathieu...@gmail.com

unread,
Jul 9, 2017, 10:21:25 AM7/9/17
to Max Mopp, mooltipass
Hello Max,

I wouldn't say it's a mistake, I'd say it goes directly against the security model of the Mooltipass. By using this script, If your computer is compromised, your Mooltipass is basically useless.
Are you sure you are using the correct smartcard reader?
We know this script is working with the following readers:

Regards,
Mathieu


--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.
To post to this group, send email to moolt...@googlegroups.com.
Visit this group at https://groups.google.com/group/mooltipass.
For more options, visit https://groups.google.com/d/optout.

Max Mopp

unread,
Jul 9, 2017, 10:31:22 AM7/9/17
to mooltipass, max.m...@gmail.com
Hello Mathieu,


Just realized, that whatever 4 digit PIN I enter the result is "Correct PIN"

Means I should et another reader

Thanks
Max


On Sunday, July 9, 2017 at 4:21:25 PM UTC+2, Mathieu Stephan wrote:
Hello Max,

I wouldn't say it's a mistake, I'd say it goes directly against the security model of the Mooltipass. By using this script, If your computer is compromised, your Mooltipass is basically useless.
Are you sure you are using the correct smartcard reader?
We know this script is working with the following readers:

Regards,
Mathieu

On Sun, Jul 9, 2017 at 4:16 PM, Max Mopp <max.m...@gmail.com> wrote:
I know you deem that as a mistake, but I want to be able to decode passwords in my multipass.

with correct PIN the response is from mooltipass_libusb.py :
AES key extracted: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

and the passwords to my account are not the ones I entered.

the "AES extraced key" seems to get used, because when I change one byte the decoded passwords are different.

Can you please point me in a direction where I am off

Thanks
Max

--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.

mathieu...@gmail.com

unread,
Jul 9, 2017, 10:32:49 AM7/9/17
to Max Mopp, mooltipass
Hello Max,

This script will not work with this reader (because of a firmware problem on the reader itself)

Regards,
Mathieu

To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+unsubscribe@googlegroups.com.

Max Mopp

unread,
Jul 9, 2017, 10:37:24 AM7/9/17
to mooltipass, max.m...@gmail.com
Hello Mathieu,

thanks for the response, I will get one of the 2 recommended readers!

Regards
Max
Reply all
Reply to author
Forward
0 new messages