Known Dictionary Attack Fails - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Known Dictionary Attack Fails (/thread-11578.html) |
Known Dictionary Attack Fails - pluna - 08-28-2023 Hello, I have a base64 blockchain.info wallet (v1, I believe. circa 2013) for which I know the password. The file name is wallet.aes.json. Using the tool here: https://login.blockchain.com/wallet/import-wallet and entering the password results in success. Entering the mnemonic with this tool (https://login.blockchain.com/wallet/forgot-password) results in the password I have saved, so I know that it's correct. To prepare the wallet file for hashcat, I used blockchain2john.py to generate known.hash. I created a wordlist .dict file with some random strings and the password in the middle and run: Code: hashcat.exe -a 0 -m 12700 known.hash wordlist.dict Hashcat runs, but does not find the correct password. Can someone help me with what I am doing wrong? I can even give real data/files as there is 0BTC in the wallet. Here is the output: Code: Session..........: hashcat Thanks RE: Known Dictionary Attack Fails - nick8606 - 08-28-2023 Last part of your hash 6533786935517843666a4555514537756d5...3d3d0a is Base64-encoded. Use blockchain2john.py with --base64 option. Or you can decode your data with any suitable tool (don't forget to write correct size). RE: Known Dictionary Attack Fails - pluna - 08-28-2023 (08-28-2023, 07:25 AM)nick8606 Wrote: Last part of your hash 6533786935517843666a4555514537756d5...3d3d0a is Base64-encoded. Use blockchain2john.py with --base64 option. Or you can decode your data with any suitable tool (don't forget to write correct size). When trying to use blockchain2john with base64, I get no output. Using with the --json switch, I get an error. Code: Traceback (most recent call last): The hash was created, I believe, with blockchain2john about 5/6/7 years ago from last time I tried cracking this. I have tried both on Windows and Ubuntu 22 with Python3. Below is the contents of the known-password, 0BTC wallet.aes.json file Code: e3xi5QxCfjEUQE7umPRrWEQirlE2+p0cdHQfth+TFn7cKkZwqLWtdnUoHa357UX+ZpCdPfgMJL+VsfYOO0rAlAHV+l7ufh7xA0BM2H35qz4bWeokuWqPPwk+jOy5w+a2vhOxcwx45t310byn2Js+Dp0S0SmJhWx1wp5qIssjtnl4ffVZ7aeFaXiFI7TEBHDS14SWFoM5ksf4hnRcDsCJRb3stPZDfcbx0w0t6Sqz0hD/Db8Sw/TrPC/P/A7oB1gnC++3SpcUYDcLZg2r0zWxOHwUCH14/jpf7NOONpOVstmzBVN6ft5OQjlokM7tvjN63tp95ZqVYtH+J+MMdzmJbNNM81fAJhNq5ZDkbMOerUzRX3u5N1qkvMJDwiw6U78ExlQ5WCEzFI91pj0fRJZEJx83wEjKx5BndbmynGdm+L2uZkGeKbGOD4MqonP3tqOXigDJzi45p6RUr7cVqEhmlzMkQLjLre6IXRi5M8C99uIDFbyHRDSlpyblPIWYh9YyKRYJ93bbSLhzt5WZWi3OApP0dMCRUjV+oH0dXw1Vr2089O43UPE3xiJ1U6Yg7JBv4NaQyxvMFFgrIzoEjKAgSb7QUX08A89SrF2zYVm3d60mvlZ9Z3d7IUK2B4t+CWA7nl6Qz7FJd5t3/uhVOhzrWU6UNJTQWu+5+4pVK6RcC2qTABD0dtAijOc5XB4SXVQN62IfOJj66TqESjk8hflv1lBggkD8EICj1/SB8GXRsq3aOG3kIY5o4bFdAOUC6rNf0H/+HLiM6XmMi+v1EevAOvgqxuR7gKAduXLtNphIQG/Nefjcdd/NrByBGHPH0Pbq+jPcU4bLMXZzGmXS2h88Lw== Edit: I noticed I have two files for the known wallet. Below is the contents of the backup from blockchain according to my notes. It wasn't named wallet.aes.json, though. I get the same results with blockchain2john. I also notice that the first (above) one is 857 chars long and the second (below) one is 512 long. My unknown password backup is 641 long. Not sure if this means anything or is of concern. Code: ntxGCsuoegyAjmP2YttCFJ5RXJsV/a8JSNnZl0oPeMwsREvO+F5AdMKi5ji0DEJ4p13gTO889UmbyI7DKOMMQggG+U8YloFoDRHu3PQUUUQ1VMiFesBsjokr59lX1Q/CaBszMI2XV7eT/vHaWSV5yNU2u8EfLAEjBCO9O7613NrU05EwkKxj4RSwQ6jy1v164lnZGqX2cT8bxUJbAn22qbNo//q3G+rusKUbWe5fVU+AR/GiTSvumU8ULwnsG7L15JKhggimXt5TkvDxS/Qdlv9wVWAIuJhik3a+12+bcCIwlqTzX6tLyVNQLC6s257818qIzxogJyHF9Jh/71tYMiHvUGQ6sjLNripxmdA5K3QuUvaTImiTVFZ3vkfv0k0wdnzC3F0eYVUOCxatiqqF+axgUbSh4iGR6VEAaEK/b+jflBKMdgaaKXEbN7JWHikTsZNvRVwpR0+sZ4rV8uSxc/l1rcdnjAfUbZj0M6zDCV7IJPiUMZO3EUrey8hpVQSk Thanks RE: Known Dictionary Attack Fails - nick8606 - 08-29-2023 (08-28-2023, 10:12 PM)pluna Wrote: When trying to use blockchain2john with base64, I get no output. Using with the --json switch, I get an error. Your command line must be like this: Code: python.exe blockchain2john.py --base64 wallet.aes.json Or just decode your data with any Base64 tool and make your hash manually (decoded size = 640): $blockchain$640$7B7C62E50C427E31...731A65D2DA1F3C2F RE: Known Dictionary Attack Fails - pluna - 08-29-2023 (08-29-2023, 02:16 AM)nick8606 Wrote: Your command line must be like this: Thanks. I figured out the problem with blockchain2john; it doesn't play nice with Python 3. Using 2.7 worked and my output matches yours. Thanks for including that for me. Now that I got that working, hashcat says no hashes loaded. Code: PS LOCATION\hashcat-6.2.6> .\hashcat.exe -a 0 -m 12700 ..\KNOWN.hash ..\wordlists\known.dict So now what am I doing wrong? RE: Known Dictionary Attack Fails - pluna - 08-29-2023 I tested on a test v1 and test v2 wallet that I found online and the v2 works, but the v1 does not. btcrecover can crack the v1 wallet and I verified it by logging in on blockchain.com. So it seems like there may be two problems. One with my wallet and the other with hashcat and v1 wallets. Can anyone verify that v1 wallets work? RE: Known Dictionary Attack Fails - pluna - 08-29-2023 I tried some other v1 test wallets and they worked. With my known wallet, I truncated the file and adjusted the length field to be 288 and it worked. Finally, opening the hash files in visual studio saw the file was UTF-16. I saved with UTF-8 encoding and it fixed the problem. Hashcat can now recognize and correctly crack the known wallet hash. SOLUTION: Save file in UTF-8. No BOM. No UTF-16. Just UTF-8 RE: Known Dictionary Attack Fails - jersonbtc - 08-31-2023 Hashcat is buggy on v1 and 100 percent does not work on v0 wallets. The problem is v0 and v1 wallets cannot easily be differentiated. |