07-11-2023, 02:53 PM
Hi all,
I've got one of these famous ETH Presale-Wallets and will give it a try...
However, there are some questions that occured.
First, I wanted to test Hashcat to get comfortable with using it. For this purpose, I created on a Linux Debian system an MF5-hash of the word "test". The hash I got was d8e8fca2dc0f896fd7cb4cb0031ba249.
Tested it with a wordlist which had the word "test" in it with no success. Eventually, I went on the site https://www.md5.cz/ and the MD5sum for "test" was 098f6bcd4621d373cade4e832627b4f6.
So now Hashcat worked like a charm. So I frankly don't know why the md5sum-program gave a different hash than the one on the site. Has anybody an explanation for this?
In the next step, I created a wordlist with all the possible passwords and ran Hashcat with the following command:
hashcat -m 16300 -o cracktest.txt wallethash.txt passwords.txt
Using the example from this site:
https://github.com/hashcat/hashcat/issues/1279
I indeed get the correct password for the test hash.
Now, as expected, I didn't get any result when trying my custom wordlist with my real pre-sale-wallet.
Then I see the following text on the site quoted above:
Now frankly: This sounds reasonable - but I don't understand what it means. If I want to write a rule or apply a hex wordlist with those characters applied to the plaintext - what would I be looking for? KDF (I have no idea what this means, and aunt Google wasn't of much help).
If anybody could direct me to the right direction, I would be very glad. Thank you!
Edit:
I just put 0x0a at the end of every potential password. Would this be the correct way to do it? (With no success so far, however)
I've got one of these famous ETH Presale-Wallets and will give it a try...
However, there are some questions that occured.
First, I wanted to test Hashcat to get comfortable with using it. For this purpose, I created on a Linux Debian system an MF5-hash of the word "test". The hash I got was d8e8fca2dc0f896fd7cb4cb0031ba249.
Tested it with a wordlist which had the word "test" in it with no success. Eventually, I went on the site https://www.md5.cz/ and the MD5sum for "test" was 098f6bcd4621d373cade4e832627b4f6.
So now Hashcat worked like a charm. So I frankly don't know why the md5sum-program gave a different hash than the one on the site. Has anybody an explanation for this?
In the next step, I created a wordlist with all the possible passwords and ran Hashcat with the following command:
hashcat -m 16300 -o cracktest.txt wallethash.txt passwords.txt
Using the example from this site:
https://github.com/hashcat/hashcat/issues/1279
I indeed get the correct password for the test hash.
Now, as expected, I didn't get any result when trying my custom wordlist with my real pre-sale-wallet.
Then I see the following text on the site quoted above:
Quote:It sounds like return characters were incorrectly considered during the KDF portion instead of being stripped, which caused wallets that implement the KDF correctly to fail to decrypt due to the lack of the return characters? If so, it should be trivial to apply those characters using a rule or a hex wordlist with those characters applied to the ends of the plaintexts.
Now frankly: This sounds reasonable - but I don't understand what it means. If I want to write a rule or apply a hex wordlist with those characters applied to the plaintext - what would I be looking for? KDF (I have no idea what this means, and aunt Google wasn't of much help).
If anybody could direct me to the right direction, I would be very glad. Thank you!
Edit:
I just put 0x0a at the end of every potential password. Would this be the correct way to do it? (With no success so far, however)