hashcat Forum

Full Version: Hash from Electrum wallet
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello,
i'm trying to test and find the fastest method to recover password from Electrum wallet file. I tried btcrecover and it's okay to recover but with speed of CPU only. 
However after suppling --enable-opencl it does not speed up process at all but finds password too.
Code:
python btcrecover.py --wallet ./wallets/default_wallet --passwordlist ./btcrecover/wordlists/electrum1-en.txt
 
So i tried hashcat approach, the first got wallet hash with electrum2john.py
Code:
python electrum2john.py ./wallets/default_wallet
then supplied it to hashcat 
Code:
.\hashcat.exe -a 3 hash.txt test?l?l?d
The password is: testme1 so I pass mask to find "me1", and the result was misunderstanding, not a real password but range.

Code:
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 21700 (Electrum Wallet (Salt-Type 4))
Hash.Target......: $electrum$4*02bb51f843d9972621fc3e4ac66cc8d1e3d6901...76ddc5
Time.Started.....: Sat Sep 02 18:48:55 2023 (0 secs)
Time.Estimated...: Sat Sep 02 18:48:55 2023 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: test?l?l?d [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  138.5 kH/s (0.18ms) @ Accel:64 Loops:31 Thr:128 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 3840/6760 (56.80%)
Rejected.........: 0/3840 (0.00%)
Restore.Point....: 0/6760 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:992-1023
Candidate.Engine.: Device Generator
Candidates.#1....: tester1 -> testwt4
Hardware.Mon.#1..: Temp: 58c Fan:  0% Util: 21% Core: 998MHz Mem:1992MHz Bus:16

The full hash is:
Code:
$electrum$4*02bb51f843d9972621fc3e4ac66cc8d1e3d69014ec02914dad01dd9d4a57cfba7e*4249453102bb51f843d9972621fc3e4ac66cc8d1e3d69014ec02914dad01dd9d4a57cfba7e9e6b566b14bd73e9ebc12dcf1e34e25305e4d9961696076d94647685ca0026683b0ff848700c643f8e162427f12b21ca40137a692c7eece9d5e4efe5098622717cf05abde93d2d52179a725e67e5685a6ebef97c1bd3a30ccd9bb711e288d24728f9380b6e80f75346e47de07ec89dba8db8aac64ccc64d847cb31f69b0f15f4d8a7375b915daa9af32165cb2c91f5822780bfb1b704b9b290d0eb18e51133b4ae5f34ba1cd99a72ea5f62c5959ed172f3f3a19119e21202e04c8a40ca76f5e9dba0d93bdf105ec5283c8280e85cab1c02c09f499c145aaddeabb52d909d17f20305b97353cdc52e1c2efc48657b840946985c8e6701ea19def79d1d5c97772a90d3539fbda680c96ed7e4317d7656e42fea6c072ea3ee419bbf640cf058f3d8d82d6d595ba169b992f9ac990b04d24769bea877c3bbbe9f28e0e89a3c209950a6ad96095bf0d32c4748cb9ee15728a4f7b4cf4aae7d1d225361fc2c9000c8b43c99e389971c63974ad93ab9c03c5058564d33af208389149d49fd70523d0ab5835306692d75693d922a63fff5b30f6adb6893574a4cf3f0a8fa40bcd2eacd135319759cd210dadbb371fb499f3522db1c069c455063b755246f73f42bbe93962072343b624f50f18aaac459775d1d0c39caf6cea9b22392d0a78417d7dee45dffd38f47b24097c87bfacd984f2759855a4450c51602103b8b1dd74abd500ae6318737294ae9129b42c033d69b368bddebe8e3ee88543f5c884a75c966a5c0761a3c2b737a5c349a64dbd6a2d86999c552e9f0e6011b3c3eef1cc2f106bef2dc5b0cabb74492d05eef86068971e9627fd17d286618e10d97f86a70891cb08d4dc35100cd8499a4385ecc44314aa43cef214e92252eef2388a4725dd2436a9ee88cc7553e757347b6f65d846d8d17f10117d2645d6d2161bceea272251e741eef328c5fbfbefef39f8ceaf3ae142055c674700d2565850f37b04eb877c4179a2e0dc940966c5007e0a2335391e846841ef737bad1445463d2ea999e0201dc4a65de8c251a08567fe191977b96a0a0eaaa09c9f2433ba85fc59f22784ab8d51d43519637029dfb748b7f2b6f98418a6673c60ec99ed189aeff4a915e11d82e33c27e545f5064a82ce1f8089227bec1b3603d7ac009b5ed34b933f52b267f853b5244348dc5682bc6abc39827fe7edf468dfbb7a0ba76bf8d550751f08e036da7252d9586a92624dc35c72e88509f4aba4d0305566da9b0159df83fe16f4183c23630a76acac9aedb8dfa9474408f039362777d8c0d6f099ac2cf6523840561ae2ab5e9fa0653b47a08630e027e7c958b4842d78e4d9b874c6404c4e846283529b46bdbb20dd3873d67dce184972853d907ad89fb09218a9bf4d0d63d469f3f0b5eda990a04bfe10f1dbce9238c81cf6e884f101606a01ba0429fdc346eed1bd5b2f94cb82bd346f52829d6dc1556ebd38206b3cf92106a89f48ac7dde78121f0e70ab946f9cb692aab1ce2a7ec0736a2bf41a22264909ac11cc4e86592229acd089be2761711fb9448a1ea146390a2141f9f2f5fd74ddcf622eece51d97b61ddf20b26f1295b30f9fb8318feb03d6bd63bd649056069039691a9571da7f4481a5cf3249551706e1ed2f74f4a917c7937a4e3271b1ad8d3b59228b44cbbebd12bb1358796f50c3ad69d0904e418aae2b64b6191f4fb736d1fc9c841f70788389771d55d316f3dde714c8606e1cddf8aa4dcd9d89fd550f24f0416bca8b68758d7df13fdc4e23796bd0e1aa04de08ce91a83765500bc2bf8d726bdd693f61a1c18a009b76195cd41d2dcb59d50f3985a1ec2ff5581b6653e29b647bd4073a412ed2281d6e93188412d89acd42abfecf2da1b339e992d1296672eb74d700e215697f32e179ff365cd12034639bb1a4f772ffb2540290b58d03b3cffe357672661e225925020d2c8997fdd1aa6c402b1dc3ebf30304f2c20798306826a09cf325394711ceef1c724a5e9383d33a4b6af7b29eec5d44b959bf04358ab5b82f8de14576c8ecfe14e8089e114571aa386a2db70cf14e16121734f8e08173236de6c0ee75d6315684d6310c4b6f4ae1fb66729bba0d568ec8069131a05d67ae959e6baa8edd9a92dd6cf90585de6cbe1f1c3d3765889d8f0deaf8ceda7ccd3e31391c1e078a7039e0f55b7170d598938585af942ab5687521a6bbd65d0968987f8cc42e295f470cd8fc933c21c892ac89d0274cfedc01de180f42978a5b7fca640643fbadcb350ae622840319535c9a0d2699e5b8da01711a76d76ded2ee97b21525bab0b93b1fff27701e94a13621b8aedb3e7e6cc0c32819a7ce9ed513051430d058a936bc741ddd2beccb0e7be94772a61b81e5a2dc05dba6219230b6aa3089d2c9ca4450d5b0d581f5284304a26bb068114311aef128c55e7decc397ff5542f9a2dbb77fd8c22b137d41be00934a798b964b951363899cfea64ccd12df27fd46ec60cd715974fd69526746cf6e0107e2dec7d8b604bab523669b8d5037e553c813f2a90cf641eb4e1349f683d321e24e387e783fe0192dbb28b44db5161fc1ce5545811d18e9e2888831201eefe4ddc3af797b5cacd532744594b75c7ec469fbd15211279cf258acbc586dd12ce56ec73c8b95f490a551ba7ae31a37eb5267e9403eda46863d5ded16b045df32492a10309536d5e67daa9eeeccd7a435e5bca87491dd76f6067dc14eaabc17b468d14529860fe417ed22cae44fbffce0968ce7250da0d95fa5db1c687b5528e55ff1886dc79b*a9cad7cfa4cfd90a6b2b1bdce98d24831ce137758f86571515d9d0544176ddc5
It cracked your hash, you're simply not looking in the right place for the output. Add --show to your command to retrieve the already cracked hashes from your potfile.
OMG!, yes . I was not looking on the end of the hash in the terminal, password was there already. Thanks!
I want to continue this topic. I won't start a new one... The password for the electrum hash was found earlier. It has been verified on versions 6.2.3, 6.2.5, 6.2.6, but now that verification of this password is needed again on the latest version of hashcat, it is not confirmed. I've already tried it a few times... What could have happened?