Learn about a fascinating security research presentation from DEF CON that reveals how two researchers reverse engineered RoboForm's password generator to recreate passwords generated before June 2015. Follow along as Joe Grand and Bruno Krauss detail their methodical process of using tools like Cheat Engine, Ghidra, and x64dbg to exploit weaknesses in RoboForm's random number generation. Discover how they developed custom code to regenerate all possible passwords within specific timeframes - a technique originally used to help recover $3 million in lost Bitcoin but potentially applicable to any system using RoboForm-generated passwords prior to version 7.9.14. Gain insights into reverse engineering methodology, cryptographic vulnerabilities, and the real-world implications of seemingly minor implementation flaws in security tools.
Overview
Syllabus
DEF CON 32 - Joe & Bruno Hack Time: Regenerate PWs from RoboForm's PW Generator - J Grand, B Krauss
Taught by
DEFCONConference