smc_decode: "Couldn't parse password for..." - fails to decode 45%+ of my passwords #430
Description
Expected behavior
I expected smc_decode.py to decode 100% of my passwords without fail.
Actual behavior
smc_decode.py runs, and ~55% of my passwords are correctly printed in plaintext by the script. However, the script fails to decode ~45% of my passwords. I have a lot, so this means over 100 passwords fail to decode.
In these failure cases, the script will simply say:
example.com: MY_USER / Couldn't parse password for example.com / MY_USER
There are over 100 of these failures.
In ~20 other failure cases, the password "decodes" with no error, but it is garbage Chinese/Japanese text that is not my password.
Notably, none of these failure cases are an issue in Moolticute; if I look at these failures in Moolticute, or have my device type the password out, the password is retrieved successfully. So I can safely assume that my device memory is not corrupted. Instead, I think it is likely that smc_decode.py is not decoding 1:1 like Moolticute does. About half my passwords are decoded properly, so I don't think there are any issues with my Linux distro or Python libraries.
Step by step guide to reproduce the problem
- Use the Synchronization tab in Moolticute to create an encrypted backup.
- Use
smc_decode.pyand a smart card reader to decode the encrypted backup. - Wait for the script to run, and see that some passwords fail to decode.
Firmware Version
AUX MCU version: 0.74
Main MCU version: 0.86
Bundle version: 13
Moolticute Version - If Involved
v1.04.0
Operating System
Bazzite (Fedora-based, likely not relevant to this issue)
I'm moving me and my family to a different password manager since the Mooltipass had become too difficult for elderly family to use. Since I am a power user, I had invested a lot more time and usage into the Mooltipass, so I have a lot stored on this device - notes, passwords, files, you name it. It has served me well for many years and I do lament leaving the Mooltipass system, but ultimately I think it's the best choice for my situation.
While I understand exporting things "break" the security model of the Mooltipass, I have a fresh install of Linux that I can be reasonably certain is secure and has no malware, so I feel safe exporting the Mooltipass like this. Once I'm done, this drive will be securely wiped.
But since I have so much data on the Mooltipass, I really need a reliable way to export everything all at once. Sadly smc_decode.py has not been reliable for my passwords, and it also doesn't support non-password data which poses a significant challenge for me. It will take many, many hours for me to manually export all of this data, and the data is right there, just encrypted, so I am really looking for a solution that will save me time.
(Related: #385)
Any help would be greatly appreciated!