markuta / bw-dump Goto Github PK

There is an issue with the latest version with how it searches for patterns in memory. I've realised that each master password has a unique prefix (4-bytes long) pattern that is just before the plaintext password. This is a problem because the tool currently searches for my old master password prefix, which obviously won't find other master passwords.

I need to figure out a better way to do this.

"A proof-of-concept tool that extracts the master password from a locked Bitwarden vault (must be unlocked at least once) from Windows systems, without requiring administrative privileges. Only Windows platforms have been tested."

Bolded section, does this mean for the CURRENT session ONLY, or will an existing session from prior restarts work (if so isnt working for me).

Had a system with .7.0 on it (downgraded to .2.0 when it didnt work the first time) but it didnt not work.
BW Desktop is currently signed in and the lock is with a pin no longer the master password.
Locking/Unlocking with the Pin doesnt work.

I think the wording meant to imply in the current session vs after a restart or with lock w/pin setup.

The tool currently includes ALL strings that match a specific pattern. This means other strings that are obliviously NOT the master password are also included. One quick solution is to retrieve all default strings from a Bitwarden.exe binary which are 8+ characters (minimum password length for registration), and do a compare and exclude.