Geth Ethereum Keystore password recovery

[LowellChief]

Hello-  I have a small amount of Ethereum that I mined back in 2017-2018 using a GETH wallet I created.  I believe my wife accidently threw away my password that I wrote on a bill for this wallet.  I do have the keystore file backed up.

I used this link to create my keystore hash

https://stealthsploit.com/2017/06/12/eth...-cracking/

I set my txt file up in a similar way except I used "262144" instead of 1024 for the N value

I created a password txt file using several combinations of passwords I used from back then

I'm using hashcat 6.2.6 and windows 11

I've opened a terminal in hashcat and tried a few of the commands I've found out there and added my hash.txt and password.txt in the line but just had a series of errors that do not work

Honestly, I was able to build 4 ETh mining rigs but I have not a clue what I am doing in trying to crack this password.  

Any suggestions on how I should enter my command line in hashcat?

Thank you, LC

[TheBogeyman]

Hello-  I have a small amount of Ethereum that I mined back in 2017-2018 using a GETH wallet I created.  I believe my wife accidently threw away my password that I wrote on a bill for this wallet.  I do have the keystore file backed up.

I used this link to create my keystore hash

https://stealthsploit.com/2017/06/12/eth...-cracking/

I set my txt file up in a similar way except I used "262144" instead of 1024 for the N value

I created a password txt file using several combinations of passwords I used from back then

I'm using hashcat 6.2.6 and windows 11

I've opened a terminal in hashcat and tried a few of the commands I've found out there and added my hash.txt and password.txt in the line but just had a series of errors that do not work

Honestly, I was able to build 4 ETh mining rigs but I have not a clue what I am doing in trying to crack this password.  

Any suggestions on how I should enter my command line in hashcat?

Thank you, LC

Save hash in ETHhash.txt and save it in hashcat directory.
Then, and that is most important, decide, how would you like to try to recover password. If you want only to test all letters, it vould take time and it is useless,.. if you know aproximatly what structure password was, that would help a lot (leinght of password, what was created-numbers, letters, special characters) or maybe created from different words (example: horsetableblue11,...)....
ETH hash is relatively slow to crack and if you dont know even close, what password is, currently forget it.

[LowellChief]

Thank you for your response. I do have an idea of the structure and I have created a txt file of approximately 90 or so words/combinations of numbers/symbols and approx. variations that I might have used.

I'm not sure what kind of attack would be best to use to recover it though.

I've had some issues running hashcat after entering my command in an offline mini PC that only has 8 gb of RAM and I got an error code with not enough RAM to run the attack.

I then tried an offline gaming PC with a 32 GB of RAM, a Ryzen 7, a 4070 Super and Windows 11 but got a message in the hashcat terminal of

.\hashcat pid: Permission denied
.\hashcat.induct: Permission denied

I'm assuming this is a windows 11 related firewall issue..not sure how to fix it.
Would running The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Live on this system from a Live boot work? Not sure I want to create a Linux partition on this system.

[TheBogeyman]

Thank you for your response.  I do have an idea of the structure and I have created a txt file of approximately 90 or so words/combinations of numbers/symbols and approx. variations that I might have used.

I'm not sure what kind of attack would be best to use to recover it though.

I've had some issues running hashcat after entering my command in an offline mini PC that only has 8 gb of RAM and I got an error code with not enough RAM to run the attack.

I then tried an offline gaming PC with a 32 GB of RAM, a Ryzen 7, a 4070 Super and Windows 11 but got a message in the hashcat terminal of

.\hashcat pid: Permission denied
.\hashcat.induct: Permission denied

I'm assuming this is a windows 11 related firewall issue..not sure how to fix it.
Would running The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)) Live on this system from a Live boot work?  Not sure I want to create a Linux partition on this system.

start cmd as Administrator and then run command again,.. maybe just admin privileges not allowing running hashcat

[LowellChief]

Thank you Bogeyman. That worked and I got HC running. I tried to run the dive.rule with my txt file but it was going to take until April to finish running. Next, I tried the best64.rule and it took about 2 hours to run but did not find the PW after trying about 8400 possibilities. I know my password is most likely between 8 and 20 characters and may be a combination of words/numbers/symbols in my text file.

Any suggestions of what rule might work the best and be most efficient?

[TheBogeyman]

Thank you Bogeyman.  That worked and I got HC running.  I tried to run the dive.rule with my txt file but it was going to take until April to finish running.  Next, I tried the best64.rule and it took about 2 hours to run but did not find the PW after trying about 8400 possibilities.  I know my password is most likely between 8 and 20 characters and may be a combination of words/numbers/symbols in my text file.

Any suggestions of what rule might work the best and be most efficient?

If you will try all possibilities random from 8 to 20 characters,.. this is futile,.. If you think you know aproximation of a password, then write it, yace in txt and then run rule over your possible passwords,.. everything else is almost futile. 

example:  hashcat -a 1 -m 15700 your_wallet_hash.txt 1.txt 2.txt -r your_rule.rule