Posts: 7
Threads: 1
Joined: Apr 2021
Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.
Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.
fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.
here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.
Code: {"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}
FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!
Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
Posts: 4
Threads: 0
Joined: Apr 2021
sorry to hear that. ill try to help. do the you have the dat file?
(04-19-2021, 04:20 AM)bhi56 Wrote: Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.
Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.
fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.
here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.
Code: {"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}
FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!
Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
Posts: 7
Threads: 1
Joined: Apr 2021
[
Its not a .dat file, its the keystore.json and below is a known keystore.json. Its an empty wallet but if we can get hashcat to run on this, i can take it from there.
quote="hm-001" pid='52245' dateline='1618808228']
sorry to hear that. ill try to help. do the you have the dat file?
(04-19-2021, 04:20 AM)bhi56 Wrote: Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.
Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.
fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.
here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.
Code: {"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}
FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!
Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this. [/quote]
Posts: 407
Threads: 2
Joined: Dec 2015
I can do this, but it'll take me a bit to make sure all tests pass. The password to that example is just "bit"? all lowercase, 3 letters?
Posts: 7
Threads: 1
Joined: Apr 2021
yes, the password is just bit
(04-19-2021, 07:11 AM)Chick3nman Wrote: I can do this, but it'll take me a bit to make sure all tests pass. The password to that example is just "bit"? all lowercase, 3 letters?
Posts: 7
Threads: 1
Joined: Apr 2021
obviously the password for the real keystore is longer, but I think I can omit a bunch of special characters and a few letters since i hand-typed a random strong.
Looking forward to hearing back.
(04-19-2021, 07:21 AM)bhi56 Wrote: yes, the password is just bit
(04-19-2021, 07:11 AM)Chick3nman Wrote: I can do this, but it'll take me a bit to make sure all tests pass. The password to that example is just "bit"? all lowercase, 3 letters?
Posts: 7
Threads: 1
Joined: Apr 2021
If it helps, i also posted on thorchain and they provided a response here: https://github.com/thorchain/asgardex-el...ssues/1351
Posts: 4
Threads: 0
Joined: Apr 2021
(04-19-2021, 06:57 AM)hm-001 Wrote: sorry to hear that. ill try to help. do the you have the dat file?
(04-19-2021, 04:20 AM)bhi56 Wrote: Hello - I did something really stupid for a friend and lost their funds. I was on their windows machine and has temporarily written their seed and password in a notepad to be transferred later.
Right in the middle as we weren't paying attention for 5 min after funds were transferred, the machine decided to do an auto-update. It restarted and we lost the notepad doc.
fortunately, i have the keystore but being that it's a thorchain wallet I'm not sure how to get this into a useable format for hashcat.
here is a sample empty wallet hash and was wondering if someone could help me get this into a usable file so i can process with hashcat.
eyah we cab takke it fro there
Code: {"crypto":{"cipher":"aes-128-ctr","ciphertext":"4f1464c43704d6d4eb655aae2f1adb31d4ebe53fbdffdd88ef9debfdd51b96ba6d399847e04e2a66cd60a2d95c721f9cdf4c3d107dfec61e4d95d6b2bd1ff1130bf7c715da6f5c39c9b61e92b5d5","cipherparams":{"iv":"f07c8793a54e4d413a3ae0bf0e26570a"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"49d7cca0ad195b43bc48fa3581018b59a27d5a1ed3bf83e8fbe349868fabc850","c":262144},"mac":"7179d6b1eb3bcd36db74cee64d11682b720ec643f58367cf592ac351842fee24"},"id":"8c3a7bde-30a2-49c1-9bae-0ab2d7a7ebe6","version":1,"meta":"xchain-keystore"}
FWIW - the password to this is bit and its an empty wallet to see if i could break a simple password first. If someone should use this to test the right format and tell me which hashmode to run, that would be great!
Promise to somehow repay a favor and send a box of Hawaii snacks and stuff to the person/people that help me get it to a point where I can run hashcat against this.
Posts: 7
Threads: 1
Joined: Apr 2021
@chick3nman i saw your post about length in the thorchain thread. FWIW, here is another keystore, this time using the password hashcat for comparison.
Code: {"crypto":{"cipher":"aes-128-ctr","ciphertext":"d48ed238871a842a8a60740cd48f9c49773867cdb49be6d2ebd918f200a83e66c988fa9490bc977f975de455d1352e5090dcd6b4df17514ade04a2587825a2eba15c96c0f75b0b01aac611","cipherparams":{"iv":"13735bfc06a3539031f674f0676998dc"},"kdf":"pbkdf2","kdfparams":{"prf":"hmac-sha256","dklen":32,"salt":"58ee9379348b36e6acd5c123f242d805c6a02659a2b85e58f387d0282261ca36","c":262144},"mac":"781ecc3a5aa4f3e975a58f03807151fb6855cd1ea609802819a6b69d7538785a"},"id":"128b845e-ac91-4baa-9a28-e2e61999de9a","version":1,"meta":"xchain-keystore"}
Posts: 407
Threads: 2
Joined: Dec 2015
Interesting, that one is a different length. I will need to handle variable length.
|