denandz just posted a tool in github that can break your KeePass password safe. Yeah, as they say, for the lulz, Anti-hacking tools (or teams like Hacking Team) are now getting hacked.
Rightly so, this tool is named KeeFarce. It allows extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData%.
URL: https://github.com/denandz/KeeFarce
KeePass provides process memory protection that encrypts master password keys and other sensitive data when stored in computer memory. That system goes a long way to preventing malicious apps from scraping random access memory and retrieving the credentials. KeeFarce obtains passwords using a different technique, known as DLL injection. The injected dynamic link library code calls an existing KeePass export method to copy the contents of a currently open database to a CSV file. The resulting file contains user names, passwords, notes, and URLs all in cleartext.
http://www.blackmoreops.com/2015/11/04/anti-hacking-tool-got-hacked-keefarce-can-break-your-keepass-password-safe/
So the target machine would need to get infected first, big whoop.
>>52084555
Spot the retard.
>>52084699
>>52084633
linuxfags on denial and suicide watch!
lol.. this is 1000x less severe than the lastpass situation we had a couple of months ago and all those freetards here went nuts.
lastpass is superior.
>>52084738
0/10 try harder
>>52084555
>break your KeePass password safe
>calls an existing KeePass export method to copy the contents of a currently open database
>>52084633
not only it would need to be infected but also, keepass database had to be opened, literally you sit on somebodys pc and it have keepaas opened, thats how it works
>>52084781
Exactly what I thought when I read this.
Literally an automated database export tool.
>ITT someone just implemented attack that has no fix
this shit applies to all password managers, retard
>>52084555
So I would have to enter my password in the first place before it can be stolen.
You're fucking stupid OP
It's one aspect of Keepass being broken and it's not a critical one.
I've discovered another exploit OP. If someone logs into their KeePass database and then someone else uses their computer they can access all their passwords. Even change or remove them.
I don't know why /g/ uses this shit when it's so obviously broken.
>>52084922
xpass doesnt have this problem
op is retarded.
its not like this is a wild trojan that goes around cracking keypass databases and then uploading that stolen info online.
i mean someone could technically do that, but now itll probably get patched in a few days
>>52085277
There's nothing to patch. If you get your machine infected you're fucked no matter what.
i use passwordcard instead
What about keepassx and the 1.x DB?
I always found the idea of a password manager utterly retarded, why would i want to reduce the amount of passwords to be guessed to just 1?
Just stop being a fucking mongoloid and remember your important passwords.
>>52085557
My one password is literally 20+ characters long.
I have over 100 passwords in the database.
Fuck off.
>all these keepasscucks defending this
>>52085557
So you're going to use the same password for every website? Choose the lesser of all evils, use a password manager.
do cards get nerfed
>>52085557
Because 1) the hash is kept on your machine, not someone else's server you have no control over, and 2) it allows you to pick one very difficult password instead of 20 kinda difficult/similar ones.
>>52085627
>not using the same password for every website
>When the keepass database is unlocked you can grab the passwords right from memory
Duh? that's what the user is doing.
>>52084555
>It allows extraction of KeePass 2.x password database information from memory
For a moment i thought this thread was serious
>>52085677
Apparently there was a security measure that prevented this.
Which doesn't fucking work with .net
>>52085583
Is your fault for having aspergers.
>>52085627
Nobody is interested in having your pass for your homoerotic anime bbs, the only passwords you should care about are paypal/steam/mail, if you can't remember 3 passwords you need to stop buying companion pillows and invest in some hormone treatment or something.
>>52085649
Since when is your machine an impenetrable fortress like your virginity?
>it allows you to pick one very difficult password
What are you even talking about, its the same shit.
>>52085665
I used to do this but then one old site got hacked and I had to start using different passwords.
>>52085711
>steam
>>>/v/
>>52084555
This shit is retarded and most importantly only applies to windows (no one here use it anyway).
>>52085743
Thanks for giving me a good example of your aspergers.
>>52085711
I think you may be retarded anon
Its times like these when I wonder if 4chan has always been filled with retards or if they all came from somewhere else.
>>52085763
>le ad hominem man
>>52085711
I have way more than just a few important passwords that aren't lame forum paswords.
>car insurance
>home owners insurance
>mortgage company
> 3 banks
>2 401ks
>2 brokerage accounts
>health insurance
>several medical providers
>multiple email accounts
Adults have a lot of passwords. Didn't even mention all of my passwords for work.
>>52085814
Did you not read your own post?
>>52085711
>Since when is your machine an impenetrable fortress like your virginity?
Are you really this dense? First of all, unlike you most people on /g/ don't download the first furrygangbang.mp4.exe they encounter on the internet. Also, how many attackers try to capture a known company's database with literal millions of passwords vs how many dream of capturing one lonely basement dweller's?
>What are you even talking about, its the same shit.
How long are your passwords? Mine is 30 characters. Yours are not, because who goes through the hassle of remembering 20 different pws with 30 chars each?
>>52085759
Video games are toys, not technology.
>>52085693
>>52085757
Nothing to do with .net or anything wrong with Keepass. The security measure is still there it prevents other programs easily grabbing master password from the memory. But dll injection or its equivalent LD_PRELOAD in Unix systems roughly man-in-the-middles the program, it sits between it and system calls. You can't prevent that for ANY program unless you have full DRMed system, from hardware to kernel to application layer.
tl;dr Nothing to see here, if somebody can install a malware on your system and got admin rights you are fucked no matter what.
If anyone is interested in striving to have a full secure system starting from the hardware read:
http://blog.invisiblethings.org/2015/10/27/x86_harmful.html
>>52085870
But it doesn't affect keepass without .net implementation
>>52085896
Because nobody wrote a program to grab the master password from the non .net version yet. I am talking about a style of attack here, not the specific attack.
>>52085870
>Intel x86 considered harmful
a paper needed to be written on this. lol.
this is nothing new, extracting keys from memory has always been a thing in terms of disk encryption
gtfo nub
So, if the PC has to be infected and the keepass db exported, then why the fuck wouldn't they just keylog your password for keepass and just use that? Sounds like a load of horse shit for no good reason.
>Inb4 keyscrambler but who the fuck really uses it.
>>52085855
in the context used it was relevant to the discussion.
either way maybe you would feel more at home on tumblr if words trigger your little head too much
>>52084555
>dll injection
At that point everything of value has already been lost.
>>52084555
I like the way that 90% of that article is just the read.me file on the github with a bit of a blurb.
