is in reference to the path inside the docker container. your "outer" local ~/Library/Application Support/Signal/ is mounted to the "inner" docker container's ~/.config/Signal when you run the ./run.sh script.
obviously don't post it here, but does your ~/Library/Application Support/Signal/config.json have a key entry in it? mine looks like this:
{
"key": "[...my long key...]",
"mediaPermissions": true,
"mediaCameraPermissions": true
}
```
CONFIG_PATH = expanduser("~/.config/Signal/config.json")
```
is in reference to the path inside the docker container. your "outer" local `~/Library/Application Support/Signal/` is mounted to the "inner" docker container's `~/.config/Signal` when you run the ./run.sh script.
obviously don't post it here, but does your `~/Library/Application Support/Signal/config.json` have a `key` entry in it? mine looks like this:
```
{
"key": "[...my long key...]",
"mediaPermissions": true,
"mediaCameraPermissions": true
}
```
it looks like `encryptedKey` means that some OS keyring or something is handling decrypting the key that is then used to decrypt the DB https://www.reddit.com/r/signal/comments/1f76knr/comment/ll5dsg3/
% ./run.sh -c ~/Library/Application\ Support/Signal
Traceback (most recent call last):
File "/root/code/decode.py", line 85, in get_messages
host_uuid = get_signal_uuid(db, key)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 70, in get_signal_uuid
uuid = next(query_signal_db(db,
^^^^^^^^^^^^^^^^^^^^^^^^
StopIteration
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/root/code/main.py", line 30, in
func(**args, key=key)
File "/root/code/decode.py", line 220, in dump_message_count_table
v, convoIds, message_counts = get_message_counts(db, key, chat_list)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 187, in get_message_counts
for message in messages:
^^^^^^^^
RuntimeError: generator raised StopIteration
Latest on this, could be new issue, but ?
> % ./run.sh -c ~/Library/Application\ Support/Signal
> Traceback (most recent call last):
> File "/root/code/decode.py", line 85, in get_messages
> host_uuid = get_signal_uuid(db, key)
> ^^^^^^^^^^^^^^^^^^^^^^^^
> File "/root/code/decode.py", line 70, in get_signal_uuid
> uuid = next(query_signal_db(db,
> ^^^^^^^^^^^^^^^^^^^^^^^^
> StopIteration
>
> The above exception was the direct cause of the following exception:
>
> Traceback (most recent call last):
> File "/root/code/main.py", line 30, in <module>
> func(**args, key=key)
> File "/root/code/decode.py", line 220, in dump_message_count_table
> v, convoIds, message_counts = get_message_counts(db, key, chat_list)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/root/code/decode.py", line 187, in get_message_counts
> for message in messages:
> ^^^^^^^^
> RuntimeError: generator raised StopIteration
just to confirm, you are using the files that were generated by signal desktop, right? not copying the files from android?
Yes, not touching my phone in this process.
> just to confirm, you are using the files that were generated by signal desktop, right? not copying the files from android?
Yes, not touching my phone in this process.
yeah I get that same error if I feed it an incorrect key for decrypting my database, so I think this is part of the same issue. encryptedKey is a ciphertext that gets decrypted by your OS somewhere...
yeah I get that same error if I feed it an incorrect `key` for decrypting my database, so I think this is part of the same issue. `encryptedKey` is a ciphertext that gets decrypted by your OS somewhere...
when you have a chance can you poke around your macos keychain and see if you see an entry for Signal? I don't have a mac anymore so I have no insight into any of this at this point.
I need to think about what to do about this.
when you have a chance can you poke around your macos keychain and see if you see an entry for Signal? I don't have a mac anymore so I have no insight into any of this at this point.
https://support.apple.com/guide/keychain-access/view-the-information-stored-in-a-keychain-kyca1085/mac
Just poking around to see if I could possibly decrypt this via command line and then update a config file or something, came across this:
https://github.com/fjh658/signal-decryption-tool
hm interesting. can you see if Docker is selectable as an application you can grant access to?
Seems I can.
Can either add the symlink in /opt/homebrew/bin/
or the file in /Cellar/docker/27.3.1./bin/
This is of course weird stuff that most users won't be remotely familiar with, but it's not hard.
> hm interesting. can you see if Docker is selectable as an application you can grant access to?
Seems I can.
Can either add the symlink in /opt/homebrew/bin/
or the file in /Cellar/docker/27.3.1./bin/
This is of course weird stuff that most users won't be remotely familiar with, but it's not hard.
hm interesting. can you see if Docker is selectable as an application you can grant access to?
yeah this would be towards the goal of getting that https://github.com/fjh658/signal-decryption-tool you linked to run in a docker container but idk if that would actually work. this is starting to get complicated.
> hm interesting. can you see if Docker is selectable as an application you can grant access to?
yeah this would be towards the goal of getting that https://github.com/fjh658/signal-decryption-tool you linked to run in a docker container but idk if that would actually work. this is starting to get complicated.
hm interesting. can you see if Docker is selectable as an application you can grant access to?
yeah this would be towards the goal of getting that https://github.com/fjh658/signal-decryption-tool you linked to run in a docker container but idk if that would actually work. this is starting to get complicated.
So a maybe gross but simple way is that the user can copy the password directly. It prompts for login pw, but then allows decrypted key to be copied to the buffer.
> > hm interesting. can you see if Docker is selectable as an application you can grant access to?
>
> yeah this would be towards the goal of getting that https://github.com/fjh658/signal-decryption-tool you linked to run in a docker container but idk if that would actually work. this is starting to get complicated.
So a maybe gross but simple way is that the user can copy the password directly. It prompts for login pw, but then allows decrypted key to be copied to the buffer.
https://basement.woodbine.nyc/asdoifwerion?view#keychain3-
the problem is that as far as I understand it, the process would look like this:
metaKey = getSignalSafeStorageKeyFromKeychain()
ciphertext = getCipherTextFromSignalConfigFile()
dbEncryptionKey = decrypt(metaKey, ciphertext) # decrypt the ciphertext into plaintext using the key provided
the key in the keychain is used to decrypt the key that's in the config file, and then that resulting decrypted key is what's used to decrypt the actual database.
so in addition to prompting the user for the "metaKey", we need to actually use it to decrypt the key, but we gotta figure out what algorithm to use to do that.
The core encryption mechanism relies on AES-128 in cipher-block-chaining (CBC) mode. The initialization vector (IV) is hard-coded to the string of 16 spaces (0x20 hex). No modifications are made to the user-provided plain text.
Once the cipher-text is produced, a prefix is added. The prefix
v11 - means encrypted with a randomly generated password. The value
v10 - means that the hard-coded key "peanuts" was used to encrypt the string, which is used as a fallback on Linux systems where the keyring or other secure storage is not available.
the problem is that as far as I understand it, the process would look like this:
```
metaKey = getSignalSafeStorageKeyFromKeychain()
ciphertext = getCipherTextFromSignalConfigFile()
dbEncryptionKey = decrypt(metaKey, ciphertext) # decrypt the ciphertext into plaintext using the key provided
```
the key in the keychain is used to decrypt the key that's in the config file, and then *that* resulting decrypted key is what's used to decrypt the actual database.
so in addition to prompting the user for the "metaKey", we need to actually use it to decrypt the key, but we gotta figure out what algorithm to use to do that.
Signal [recently started using](https://github.com/signalapp/Signal-Desktop/issues/6944#issuecomment-2243704263) Electron's [safe storage api](https://www.electronjs.org/docs/latest/api/safe-storage) which appears to store a per-application private key in the keyring for you.
I'm reading this now, I think it might have what we need https://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-2/#electron-safestorage
```
The core encryption mechanism relies on AES-128 in cipher-block-chaining (CBC) mode. The initialization vector (IV) is hard-coded to the string of 16 spaces (0x20 hex). No modifications are made to the user-provided plain text.
Once the cipher-text is produced, a prefix is added. The prefix
v11 - means encrypted with a randomly generated password. The value
v10 - means that the hard-coded key "peanuts" was used to encrypt the string, which is used as a fallback on Linux systems where the keyring or other secure storage is not available.
```
somebody already wrote it for me! https://gist.github.com/flatz/3f242ab3c550d361f8c6d031b07fb6b1
if you pull and build now you should be able to do
./run.sh -c ~/Library/Application\ Support/Signal -p yourpassword
ok that means that after decoding from a hex string to byes the ciphertext does not start with v11 as expected. I dropped the error and made it just print a warning instead now, but I'm not super optimistic it will work.
ok that means that after decoding from a hex string to byes the ciphertext does not start with v11 as expected. I dropped the error and made it just print a warning instead now, but I'm not super optimistic it will work.
I'm ready to give up when you are.
Don't need to subject you to a maybe impossible task.
% ./run.sh -c ~/Library/Application\ Support/Signal -p <pass>
WARNING:utils:expected b'v11' in password prefix but saw b'v10'
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 45, in get_decryption_key
return decrypt_encrypted_key(password, config['encryptedKey'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 35, in decrypt_encrypted_key
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/Crypto/Util/Padding.py", line 92, in unpad
raise ValueError("Padding is incorrect.")
ValueError: Padding is incorrect.
I'm ready to give up when you are.
Don't need to subject you to a maybe impossible task.
```
% ./run.sh -c ~/Library/Application\ Support/Signal -p <pass>
WARNING:utils:expected b'v11' in password prefix but saw b'v10'
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 45, in get_decryption_key
return decrypt_encrypted_key(password, config['encryptedKey'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 35, in decrypt_encrypted_key
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/Crypto/Util/Padding.py", line 92, in unpad
raise ValueError("Padding is incorrect.")
ValueError: Padding is incorrect.
```
Honestly, just having an arch laptop we could wipe, and then have a few ppl do this on would work.
Me and you and one other person in a lot of groups would probably get 90%
But would be cool.
Honestly, just having an arch laptop we could wipe, and then have a few ppl do this on would work.
Me and you and one other person in a lot of groups would probably get 90%
v10 - means that the hard-coded key "peanuts" was used to encrypt the string, which is used as a fallback on Linux systems where the keyring or other secure storage is not available.
I just added handling for that case. if you pull and rebuild the image and rerun the command it's possible it'd actually work!
but if not, I'm ok to take a break from this. it would probably be easier to debug in person. thanks so much for testing this with me!
wait a sec!! you've got the v10 prefix!
v10 - means that the hard-coded key "peanuts" was used to encrypt the string, which is used as a fallback on Linux systems where the keyring or other secure storage is not available.
I just added handling for that case. if you pull and rebuild the image and rerun the command it's possible it'd actually work!
but if not, I'm ok to take a break from this. it would probably be easier to debug in person. thanks so much for testing this with me!
Same error I think, I don't have a quick diff tool (that I know how to use)
% ./run.sh -c ~/Library/Application\ Support/Signal -p <password>
WARNING:utils:expected b'v11' in password prefix but saw b'v10'
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 45, in get_decryption_key
return decrypt_encrypted_key(password, config['encryptedKey'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 35, in decrypt_encrypted_key
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/Crypto/Util/Padding.py", line 92, in unpad
raise ValueError("Padding is incorrect.")
ValueError: Padding is incorrect.
Yeah working live might be good.
Also wonder if there are other basement people who have interest? Maybe a little session...
Same error I think, I don't have a quick diff tool (that I know how to use)
```
% ./run.sh -c ~/Library/Application\ Support/Signal -p <password>
WARNING:utils:expected b'v11' in password prefix but saw b'v10'
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 45, in get_decryption_key
return decrypt_encrypted_key(password, config['encryptedKey'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 35, in decrypt_encrypted_key
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/Crypto/Util/Padding.py", line 92, in unpad
raise ValueError("Padding is incorrect.")
ValueError: Padding is incorrect.
```
Yeah working live might be good.
Also wonder if there are other basement people who have interest? Maybe a little session...
ok I fixed a stupid bug I introduced dealing with the default peanuts key. if you feel like running this one-liner one last time and seeing if there's any error
ok I fixed a stupid bug I introduced dealing with the default `peanuts` key. if you feel like running this one-liner one last time and seeing if there's any error
git pull; ./build.sh; ./run.sh -c ~/.config/Signal -p peanuts
% ./run.sh -c ~/.config/Signal -p peanuts
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 34, in get_decryption_key
with open(path) as fh:
^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/root/.config/Signal/config.json'
Looks like a maybe simple path error?
```
% ./run.sh -c ~/.config/Signal -p peanuts
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 34, in get_decryption_key
with open(path) as fh:
^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/root/.config/Signal/config.json'
```
% git pull; ./build.sh; ./run.sh -c ~/Library/Application\ Support/Signal -p peanuts
Already up to date.
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 192.5kB
Step 1/11 : FROM debian:testing
---> e2547c521d60
Step 2/11 : WORKDIR /root
---> Using cache
---> 5be30158a13a
Step 3/11 : RUN apt-get update
---> Using cache
---> beedc59abf0f
Step 4/11 : RUN apt-get -y install python3
---> Using cache
---> 57eca8424162
Step 5/11 : RUN apt-get -y install python3-pip
---> Using cache
---> cbfb05591cd9
Step 6/11 : RUN apt-get -y install sqlcipher
---> Using cache
---> a34467ebb8b7
Step 7/11 : COPY code/requirements.txt ./code/
---> Using cache
---> 5a96a8b64b2c
Step 8/11 : RUN pip install -r code/requirements.txt --break-system-packages
---> Using cache
---> 853aa8a0ae90
Step 9/11 : COPY code/ ./code/
---> Using cache
---> e9ab9db3b80e
Step 10/11 : RUN mkdir output
---> Using cache
---> 8aa5b2b27bc5
Step 11/11 : ENTRYPOINT ["python3", "code/main.py", "table", "--output", "/output/table.csv"]
---> Using cache
---> cc21d29760d7
Successfully built cc21d29760d7
Successfully tagged sigint:latest
WARNING:utils:encryptedKey in config.json is encrypted using the default `peanuts` key
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 45, in get_decryption_key
return decrypt_encrypted_key(password, config['encryptedKey'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 38, in decrypt_encrypted_key
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 19, in aes_decrypt_cbc
return cipher.decrypt(data)
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/Crypto/Cipher/_mode_cbc.py", line 246, in decrypt
raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
ValueError: Data must be padded to 16 byte boundary in CBC mode
```
% git pull; ./build.sh; ./run.sh -c ~/Library/Application\ Support/Signal -p peanuts
Already up to date.
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 192.5kB
Step 1/11 : FROM debian:testing
---> e2547c521d60
Step 2/11 : WORKDIR /root
---> Using cache
---> 5be30158a13a
Step 3/11 : RUN apt-get update
---> Using cache
---> beedc59abf0f
Step 4/11 : RUN apt-get -y install python3
---> Using cache
---> 57eca8424162
Step 5/11 : RUN apt-get -y install python3-pip
---> Using cache
---> cbfb05591cd9
Step 6/11 : RUN apt-get -y install sqlcipher
---> Using cache
---> a34467ebb8b7
Step 7/11 : COPY code/requirements.txt ./code/
---> Using cache
---> 5a96a8b64b2c
Step 8/11 : RUN pip install -r code/requirements.txt --break-system-packages
---> Using cache
---> 853aa8a0ae90
Step 9/11 : COPY code/ ./code/
---> Using cache
---> e9ab9db3b80e
Step 10/11 : RUN mkdir output
---> Using cache
---> 8aa5b2b27bc5
Step 11/11 : ENTRYPOINT ["python3", "code/main.py", "table", "--output", "/output/table.csv"]
---> Using cache
---> cc21d29760d7
Successfully built cc21d29760d7
Successfully tagged sigint:latest
WARNING:utils:encryptedKey in config.json is encrypted using the default `peanuts` key
Traceback (most recent call last):
File "/root/code/main.py", line 30, in <module>
key = get_decryption_key(args['config'], password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/decode.py", line 45, in get_decryption_key
return decrypt_encrypted_key(password, config['encryptedKey'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 38, in decrypt_encrypted_key
decrypted_key = unpad(aes_decrypt_cbc(kek, iv, encrypted_key), block_size = 16).decode('ascii')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/code/utils.py", line 19, in aes_decrypt_cbc
return cipher.decrypt(data)
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/dist-packages/Crypto/Cipher/_mode_cbc.py", line 246, in decrypt
raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
ValueError: Data must be padded to 16 byte boundary in CBC mode
```
p
Poking around:
My config.json appears to be at:
~/Library/Application Support/Signal/config.json
is in reference to the path inside the docker container. your "outer" local
~/Library/Application Support/Signal/is mounted to the "inner" docker container's~/.config/Signalwhen you run the ./run.sh script.obviously don't post it here, but does your
~/Library/Application Support/Signal/config.jsonhave akeyentry in it? mine looks like this:gotcha.
ok I added support for that entry in the config. I am now concerned that the format of the key itself might differ but we'll see
just to confirm, you are using the files that were generated by signal desktop, right? not copying the files from android?
it looks like
encryptedKeymeans that some OS keyring or something is handling decrypting the key that is then used to decrypt the DB https://www.reddit.com/r/signal/comments/1f76knr/comment/ll5dsg3/Latest on this, could be new issue, but ?
Yes, not touching my phone in this process.
yeah I get that same error if I feed it an incorrect
keyfor decrypting my database, so I think this is part of the same issue.encryptedKeyis a ciphertext that gets decrypted by your OS somewhere...I need to think about what to do about this.
when you have a chance can you poke around your macos keychain and see if you see an entry for Signal? I don't have a mac anymore so I have no insight into any of this at this point.
https://support.apple.com/guide/keychain-access/view-the-information-stored-in-a-keychain-kyca1085/mac
Just poking around to see if I could possibly decrypt this via command line and then update a config file or something, came across this:
https://github.com/fjh658/signal-decryption-tool
There is an entry in keychain:
https://basement.woodbine.nyc/asdoifwerion
Also appears to be a way to add other applications to have access to it.
hm interesting. can you see if Docker is selectable as an application you can grant access to?
background:
https://candid.technology/signal-encryption-key-flaw-desktop-app-fixed/
Seems I can.
Can either add the symlink in /opt/homebrew/bin/
or the file in /Cellar/docker/27.3.1./bin/
This is of course weird stuff that most users won't be remotely familiar with, but it's not hard.
Added symlink:
yeah this would be towards the goal of getting that https://github.com/fjh658/signal-decryption-tool you linked to run in a docker container but idk if that would actually work. this is starting to get complicated.
Added both sym and directly added binary same result
So a maybe gross but simple way is that the user can copy the password directly. It prompts for login pw, but then allows decrypted key to be copied to the buffer.
https://basement.woodbine.nyc/asdoifwerion?view#keychain3-
the problem is that as far as I understand it, the process would look like this:
the key in the keychain is used to decrypt the key that's in the config file, and then that resulting decrypted key is what's used to decrypt the actual database.
so in addition to prompting the user for the "metaKey", we need to actually use it to decrypt the key, but we gotta figure out what algorithm to use to do that.
Signal recently started using Electron's safe storage api which appears to store a per-application private key in the keyring for you.
I'm reading this now, I think it might have what we need https://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-2/#electron-safestorage
@lp does the password stored in your keychain have the v11 prefix?
has no prefix
22 or 24 char hash, can't tell, trailing chars might be part of block or meta-ish or something.
oh wait I think the prefix would actually appear in the config.json
encryptedKeyentryDoesn't appear to be there. No apparent prefix/suffix.
somebody already wrote it for me! https://gist.github.com/flatz/3f242ab3c550d361f8c6d031b07fb6b1
if you pull and build now you should be able to do
close.. feels like it's not handling the -p flag arguments properly somehow?
rebuilt container:
ok that means that after decoding from a hex string to byes the ciphertext does not start with v11 as expected. I dropped the error and made it just print a warning instead now, but I'm not super optimistic it will work.
I'm ready to give up when you are.
Don't need to subject you to a maybe impossible task.
But would be cool.
Honestly, just having an arch laptop we could wipe, and then have a few ppl do this on would work.
Me and you and one other person in a lot of groups would probably get 90%
wait a sec!! you've got the v10 prefix!
I just added handling for that case. if you pull and rebuild the image and rerun the command it's possible it'd actually work!
but if not, I'm ok to take a break from this. it would probably be easier to debug in person. thanks so much for testing this with me!
Same error I think, I don't have a quick diff tool (that I know how to use)
Yeah working live might be good.
Also wonder if there are other basement people who have interest? Maybe a little session...
ok I fixed a stupid bug I introduced dealing with the default
peanutskey. if you feel like running this one-liner one last time and seeing if there's any errorLooks like a maybe simple path error?
whoops I gave you the path for a linux system.