Attempt to decrypt account URL as LastPass has started encrypting this field

[nineclicks]

Lastpass has started encrypting the URL field of sites.

https://www.bleepingcomputer.com/news/security/lastpass-is-now-encrypting-urls-in-password-vaults-for-better-security/

This field becomes encrypted once you update each entry so this may not be immediately apparent. However, once you do have an encrypted URL, the Vault open_remote call completely fails.

  File "/usr/local/lib/python3.7/site-packages/lastpass/vault.py", line 55, in parse_accounts
    account = parser.parse_ACCT(i, key)
  File "/usr/local/lib/python3.7/site-packages/lastpass/parser.py", line 53, in parse_ACCT
    url = decode_hex(read_item(io))
  File "/usr/local/lib/python3.7/site-packages/lastpass/parser.py", line 195, in decode_hex
    raise TypeError()
TypeError

This pull request attempts to decrypt the URL field and on failure performs the original decode. Both options need to exist as sites are only updated to an encrypted URL field as they are updated individually.

[mattiash]

Thanks for the CR. With the CR I can successfully parse my vault again. However, there seems to be something wrong with the extracted url:s for some entries. They end up as garbage (e.g. \x19\xb2\x12hq\x81B\x97d\x12\xd7]\xb7,S\xa9\xb4`) I have seen entries with url:s that are shorter than the actual unencrypted urls. This makes me think that the field does not contain the correct data at all. This happens for entries that I haven't touched in a long time, which makes me assume that the url is not encrypted for these fields.

I will try to dig more to understand what happens another day

[aavilla-riparian]

I am facing this as well and interested in what the solution may be. We are monkey patching with this PR for now. Thanks!