Keepass2john: Support newer format XML keyfile

magnumripper · magnumripper · commit 67aaeec0d05b · 2025-12-11T22:47:00.000+01:00
The existing support was keyfile v1 only (meaning xml keyfile v1 of
KeePass v2).

This adds support for xml keyfile v2, tested with a v4 database.
diff --git a/src/keepass2john.c b/src/keepass2john.c
@@ -847,7 +847,7 @@ static void process_database(char* encryptedDatabase)
 	}
 
 	if (keyfile) {
-		buffer = mem_alloc(filesize_keyfile * sizeof(char));
+		buffer = mem_alloc(filesize_keyfile + 1);
 		printf("*1*64*"); /* inline keyfile content or hash - always 32 bytes */
 		if (fread(buffer, filesize_keyfile, 1, kfp) != 1) {
 			warn("%s: Error: read failed: %s.",
@@ -857,20 +857,42 @@ static void process_database(char* encryptedDatabase)
 
 		/*
 		 * As in Keepass 2.x implementation:
-		 *  if keyfile is an xml, get <Data> content
+		 *  if keyfile is an Version 1 XML, get <Data> content in Base64
+		 *  if keyfile is an Version 2 XML, get <Data> content in hex
 		 *  if filesize_keyfile == 32 then assume byte_array
 		 *  if filesize_keyfile == 64 then assume hex(byte_array)
 		 *  else byte_array = sha256(keyfile_content)
 		 */
+		buffer[filesize_keyfile] = 0;
 
 		if (!memcmp((char*) buffer, "<?xml", 5) &&
+		    ((p = strstr((char*) buffer, "<Version>1.0")) != NULL) &&
 		    ((p = strstr((char*) buffer, "<Key>")) != NULL) &&
 		    ((p = strstr(p, "<Data>")) != NULL)) {
 			p += strlen("<Data>");
 			data = p;
 			p = strstr(p, "</Data>");
 			printf ("%s", base64_convert_cp(data, e_b64_mime, p - data, b64_decoded, e_b64_hex, sizeof(b64_decoded), flg_Base64_NO_FLAGS, 0));
 		}
+		else if (!memcmp((char*)buffer, "<?xml", 5) &&
+		         ((p = strstr((char*) buffer, "<Version>2.0")) != NULL) &&
+		         ((p = strstr((char*)buffer, "<Data")) != NULL) &&
+		         (p = strchr(p, '>'))) {
+			char hex[64 + 1];
+			int hidx = 0;
+			p++;
+			while (hidx < 64 && p - (char*)buffer < filesize_keyfile) {
+				if (*p >= '0' && *p <= 'F')
+					hex[hidx++] = *p++;
+				else if (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\n')
+					p++;
+				else
+					break;
+			}
+			hex[hidx] = 0;
+			strlwr(hex);
+			printf ("%s", hex);
+		}
 		else if (filesize_keyfile == 32)
 			print_hex(buffer, filesize_keyfile);
 		else if (filesize_keyfile == 64)
