Presented at
DEF CON 32 (2024),
Aug. 9, 2024, 2:30 p.m.
(45 minutes).
Imagine if you could go back in time to precompute all passwords that could have been generated by an off-the-shelf password generator? With RoboForm versions prior to June 2015, you can!
In Joe and Bruno's Guide to Hacking Time, Joe and Bruno share their story, process, and experiences of reverse engineering RoboForm, finding a weakness in the randomness of the password generation routine, and creating a wrapper to generate all possible passwords that could have been generated within a specific time frame. Their work, using Cheat Engine, Ghidra, x64dbg, and custom code, was done specifically to help someone recover over $3 million of Bitcoin locked in a software wallet, but the attack could be exploited against any account or system protected by a password generated by RoboForm before their 7.9.14 release when this problem was fixed.
- Kung Fury, [link](https://www.youtube.com/watch?v=fQGbXmkSArs)
- Cheat Engine
- Ghidra
- x64dbg
Presenters:
-
Joe Grand / Kingpin
as Joe "Kingpin" Grand
Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, teacher, daddy, honorary doctor, occasional YouTuber, creator of the first electronic badges for DEFCON, member of L0pht Heavy Industries, and former technological juvenile delinquent.
-
Bruno Krauss
Bruno Krauss is a software engineer and Bitcoin enthusiast. He demonstrated his knack for password cracking at the age of 13 by bypassing his secondary school's IT security to mine BTC on their PCs and now specializes in cryptocurrency recovery.
Similar Presentations: