Thorchain Wallet Support with lost passphrase
#1
Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.

Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.

fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.

here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.


Code:
{"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}


FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!

Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
Reply
#2
sorry to hear that. ill try to help. do the you have the dat file?



(04-19-2021, 04:20 AM)bhi56 Wrote: Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.

Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.

fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.

here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.


Code:
{"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}


FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!

Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
Reply
#3
[
Its not a .dat file, its the keystore.json and below is a known keystore.json. Its an empty wallet but if we can get hashcat to run on this, i can take it from there.

quote="hm-001" pid='52245' dateline='1618808228']
sorry to hear that. ill try to help. do the you have the dat file?



(04-19-2021, 04:20 AM)bhi56 Wrote: Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.

Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.

fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.

here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.


Code:
{"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}


FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!

Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
[/quote]
Reply
#4
I can do this, but it'll take me a bit to make sure all tests pass. The password to that example is just "bit"? all lowercase, 3 letters?
Reply
#5
yes, the password is just bit

(04-19-2021, 07:11 AM)Chick3nman Wrote: I can do this, but it'll take me a bit to make sure all tests pass. The password to that example is just "bit"? all lowercase, 3 letters?
Reply
#6
obviously the password for the real keystore is longer, but I think I can omit a bunch of special characters and a few letters since i hand-typed a random strong.

Looking forward to hearing back.

(04-19-2021, 07:21 AM)bhi56 Wrote: yes, the password is just bit

(04-19-2021, 07:11 AM)Chick3nman Wrote: I can do this, but it'll take me a bit to make sure all tests pass. The password to that example is just "bit"? all lowercase, 3 letters?
Reply
#7
If it helps, i also posted on thorchain and they provided a response here: https://github.com/thorchain/asgardex-el...ssues/1351
Reply
#8
(04-19-2021, 06:57 AM)hm-001 Wrote: sorry to hear that. ill try to help. do the you have the dat file?



(04-19-2021, 04:20 AM)bhi56 Wrote: Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.

Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.

fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.

here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.

eyah we cab takke it fro there
Code:
{"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}


FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!

Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
Reply
#9
@chick3nman i saw your post about length in the thorchain thread. FWIW, here is another keystore, this time using the password hashcat for comparison.

Code:
{"crypto":{"cipher":"aes-128-ctr","ciphertext":"d48ed238871a842a8a60740cd48f9c49773867cdb49be6d2ebd918f200a83e66c988fa9490bc977f975de455d1352e5090dcd6b4df17514ade04a2587825a2eba15c96c0f75b0b01aac611","cipherparams":{"iv":"13735bfc06a3539031f674f0676998dc"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"58ee9379348b36e6acd5c123f242d805c6a02659a2b85e58f387d0282261ca36","c":262144},"mac":"781ecc3a5aa4f3e975a58f03807151fb6855cd1ea609802819a6b69d7538785a"},"id":"128b845e-ac91-4baa-9a28-e2e61999de9a","version":1,"meta":"xchain-keystore"}
Reply
#10
Interesting, that one is a different length. I will need to handle variable length.
Reply