After meeting up @FlUxIuS at Disobey some weeks ago I got inspired to buy some BLE dongles.
They arrived today!
Clones from AliExpress where one of the dongles doesn't get recognized by Windows 11..
80% success!
#HackingTime
-2-
Joe and Bruno's Guide to Hacking Time: Regenerating Passwords from RoboForm's Password Generator
When Joe started talking about RoboForm and cracking password generators, something clicked — I remembered watching a Youtube video about abusing random number generation to unlock a bitcoin wallet worth millions...
Turns out, it was Joe and Bruno’s video! It’s incredibly well-edited, and you should definitely watch it right after the DEFCON talk (though it spoils the ending a little 😉): https://www.youtube.com/watch?v=o5IySpAkThg
The talk dives into pseudo-random number generators (PRNGs) — software that takes an initial seed to generate a sequence of random numbers. If the generator doesn’t use real randomness (like lava lamps, for example), knowing the initial seed lets you predict all the numbers it will generate, including passwords.
RoboForm, a well-known password generator, used to rely on the current time as its seed — specifically a Unix timestamp in seconds. Unfortunately, this means that the number of passwords that can possibly be generated given a time frame is relatively small. This means that if you know roughly when a password was generated and its options (like length, capitals, symbols), you could easily brute-force all possible passwords in that timeframe.
Joe and Bruno exploited this exact idea! They knew (from the wallet’s owner) when the password was generated and the generation options. They reverse-engineered the RoboForm app, found a way to iteratively change the system time, and hooked into the code to regenerate the password as if it was created back then.
They managed to generate around 1,000 passwords per second, and within hours, they cracked open the wallet!
https://www.youtube.com/watch?v=N2eKCAzM2kw
#DEFCON
#Passwords
#RoboForm
#HackingTime
Morgen ist wieder #HackingTime. Wenn ihr morgen Abend noch nichts vor habt, dann schaut beim Cyberland Code Camp vorbei.
Mehr Infos unter: https://cyberland.ijug.eu/2023-12-open-source-camp/
Last opportunity to join our 2️⃣ round of Youth Hacking 4 Freedom! Register until the 31 of December and join other 🇪🇺 teenagers who love to code and tinker!
💻yh4f.org
For any of y'all who are interested, I published a #TryHackMe writeup discussing me #hacking into their most popular boot2root system https://infosecwriteups.com/tryhackme-writeup-basic-pentesting-49fb45e97058 no injection, just basic recon and chaining leaked info #100DaysOfHacking #100DaysOfHomeLab #Hackingtime #infosec
The lab has been enLIGHTened this week !!!
Amazing collaborative work from our members!
#Hacking #makers #DIY #HacklabTo #Toronto #opensource #OpenScience #Hackingtime
Productive Sunday at the lab! ⚙️
♲ @9to5linux@twitter.com:
Kali Linux 2021.2 Released for Ethical Hackers with New Tools, #RaspberryPi Improvements, and Much More 9to5linux.com/kali-linux-202…
@kalilinux #infosec #infosecurity #Linux #opensource #Hackingtime
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst