DEF CON 32 - Joe & Bruno Hack Time: Regenerate PWs from RoboForm's PW Generator - J Grand, B Krauss

Imagine if you could go back in time to precompute all passwords that could have been generated by an off-the-shelf password generator? With RoboForm versions prior to June 2015, you can! In Joe and Bruno's Guide to Hacking Time, Joe and Bruno share their story, process, and experiences of reverse engineering RoboForm, finding a weakness in the randomness of the password generation routine, and creating a wrapper to generate all possible passwords that could have been generated within a specific time frame. Their work, using Cheat Engine, Ghidra, x64dbg, and custom code, was done specifically to help someone recover over $3 million of Bitcoin locked in a software wallet, but the attack could be exploited against any account or system protected by a password generated by RoboForm before their 7.9.14 release when this problem was fixed.