Lost backup passphrase

When I first started making backups with Duplicati several years ago, I used a system-generated very strong passphrase on the backups.

I did not write it down on paper (but rather saved it in a database on my laptop). Windows updated to the latest feature update and apparently erased all of my app data including the password database.

I cannot find any of my files in the windows.old folder, and apparently if I saved saved a configuration file, I don’t know where it is.

Is there any way to recover or reset the backup passphrase? It’s not something I can guess as I used Duplicati’s generated very strong password.

Thank you.

Unfortunately no, there’s no practical way to successfully brute force a strong AES password.

Your only hope is probably to recover that database file where you stored the password. Alternatively if you had Duplicati installed as a service you may be able to find the Duplicati-server.sqlite file in Windows.old.

1 Like

Thank you – good that my cloud-stored backups will be good for the ages (or at least until someone figures out how to find and crack them open).

Lesson for all: Be sure to keep that passphrase written down or stored in a location that will always be accessible. Never leave it in the same place or on the same device as the original source.

Not looking too good, but if you think you might have a configuration file, you can use File Explorer search

file:*duplicati-config*

Also C:\Users\<user>\AppData is a hidden folder, so if somehow Explorer lost setting to see, might hide.
If you installed as a Windows Service, Duplicati data is in profile for SYSTEM user, not for your own user.

There’s an outside chance that if your File Explorer right click says previous versions, it might have files.
This method of keeping file history got somewhat replaced by the “File History” method, manually set up.

EDIT:

Another long-shot is sometimes people have their web browsers collect and/or fill passwords, which will sometimes break Duplicati by putting a password for one spot (e.g. UI login) in inappropriate passwords.
Browsers save the passwords locally, so maybe AppData kill got them, but sometimes will cloud-sync…

1 Like

Hi Vadeltachi, if you go to your job’s config and select ‘export’, you’re getting asked to include your passphrase. In the subsequently created .json open it with a texteditor and move to tag ‘passphrase’ where you will find your forgotten key :slight_smile:

1 Like

Thank you for that advice. I’ve searched the recovered files, as ts678 suggested, for a file containing “duplicati-config” and have not been successful. Lots of other files ending in “config,” but not this one.

I’ve looked in the user account AppData locations (which were not hidden), in the public and SYSTEM user area, all over Windows.Old, in my stored passwords, and been unsuccessful.

I do have a cloned image of the disk after windows was re-installed. There was lots of disk activity I am sure in re-installing Windows, so the file names, contents, or both could have been overridden.

Is there a grep-like tool in Windows or elsewhere that will allow me to search the cloned disk’s raw data for the phrase “passphrase”? I know that it was in at least two places: the config file and in a Thunderbird draft email file in which I stored all of my passwords.

This is all very embarrassing (especially considering I work in IT), but I am not too to proud to ask, heck, beg, for help :slight_smile:

Though I worry about overwrites (which can interfere with search idea), I’d note this tool just came out:

Microsoft’s new Windows File Recovery tool lets you retrieve deleted documents.

It does need Windows 10 version 2004, but if you got the latest feature update, that’s what you have…

There are a lot of other data recovery programs, though I can’t personally vouch for any based on use.
It’s also tough to know whether they do the exact sort of search that you want, which is content-based.

Autopsy claims to use grep after using strings. You could do such work yourself if you can get to Linux.
Getting to the raw drive at a sector level is usually pretty easy. You don’t even have to mount a partition.

Comparison of hex editors shows some that can operate on drives at a sector level, maybe searching.
HxD - Freeware Hex Editor and Disk Editor seems quite popular and sounds like it can search sectors.

On Windows, Duplicati weakly encrypts Duplicati-server.sqlite unless you use --unencrypted-database.
This is a security feature to make it harder for attackers to scan files (or maybe sectors) to find secrets.

So it’s good that you might have a draft email where the password is presumably present in clear text…
That file probably has a known name, so in addition to content scan, you could try to recover it by name.

Advise: export the configuration as json, make a qr-code of it, print this and put it a safe location (eg. at the office, …)
Using asymmetric encryption? Do the same with your private key.