hashcat Forum
I lost my second password blockchain.com. - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: I lost my second password blockchain.com. (/thread-8174.html)

I lost my second password blockchain.com. - sakamoto - 02-21-2019

I lost my second password.
Using btcrecover, I found the string "Blockchain second password hash, salt, and iter_count in base64".

Blockchain second password hash, salt, and iter_count in base64:

I want to decode this and extract the second password. Is there a way?

Add information.

I want to revive the second password of blockchain.com.

Current situation,
· It gets garbled when decoding with base64.
· Since I am concerned about + and / contained in the string, I changed the shape.
+→ %2B , / →%2F , = → %3

RE: I lost my second password blockchain.com. - sakamoto - 02-21-2019

I have consultation.

I have lost the second password of the wallet.

I have a hash of the second password, but can not you decode the hash and recover the second password?

I will hand you 1 btc as a reward. (Please say it if it is missing, because I am in a hurry)

RE: I lost my second password blockchain.com. - sakamoto - 02-21-2019

I do not know what this value (Blockchain second password hash, salt, and iter_count in base 64Smile is.

password + salt

So I do not know the number of digits, I can not attack brute force. (It takes too much time)

There should be a reason why btc recovery has prepared a mechanism to issue this value (Blockchain second password hash, salt, and iter_count in base 64 Smile. I want to investigate the reason.

RE: I lost my second password blockchain.com. - Chick3nman - 02-21-2019

You must crack the second password. BTCRecover is capable of cracking said password and the base64 value you were given is required to crack the password, although I'm not sure if --extract allows for blockchain second passwords, i will need to double check on that. iirc the second password requires a second set of values that must be extracted after the top level master password is already known.

RE: I lost my second password blockchain.com. - sakamoto - 02-22-2019

Blockchain second password hash, salt, and iter_count in base64:

How do I decode this?
It garbles as base64

RE: I lost my second password blockchain.com. - philsmd - 02-23-2019

Well, as you should already know by registering to this forum, it is not allowed to post hashes (https://hashcat.net/forum/announcement-2.html). It's a reason to ban you. In this case it's even worse because we don't know the password and also we do not know if you are trying to trick somebody to crack it for you.

Back to the second password for blockchain.info: there is already a github issue over here: https://github.com/hashcat/hashcat/issues/1650
but there wasn't much interest about this algo so far and I think no dev looked into it yet (so far).

I did some research now and the algorithm is quite straight forward.

You basically first need to crack and decrypt your main wallet/password and after that you get a "guid" string etc.

If there is a second password the decrypted string will have some info about the next step.

You can read the full details here: https://github.com/gurnec/btcrecover/blob/master/docs/Extract_Scripts.md#blockchaininfo-second-passwords (credits of course go to this btcrecover project from gurnec, because without that I would be clueless what's going on, without any source code and documentation. Credits where credits are due).

So btcrecover makes the process 2-fold too:
1. run python extract-scripts/extract-blockchain-second-hash.py wallet.aes.json to get this base64 string you are talking about all the time
2. python btcrecover.py --data-extract --passwordlist dict.txt (and here you interactively enter the base64 string at the start, before cracking)

there is a signature within the decoded base64 string "bs:" such that btcrecover.py (the second step) recognizes that it is a blockchain second (bs) password cracking attempt.

The format of the base64 decoded string is also quite straight forward:
echo -n YnM6LeP7peG853HnQlaGswlwpwtqXKwa/1rLyeGzvKNl9HpyjnaeTCZDAaC4LbJcVkxaECcAACwXY6w= | base64 | xxd -p

here are my notes/annotations:
62 73 3a                                         bs:                <- signature
         2d e3 fb a5 e1 bc e7 71 e7 42 56 86 b3     -......q.BV..   <- iterated sha256 hash
09 70 a7 0b 6a 5c ac 1a ff 5a cb c9 e1 b3 bc a3  .p..j\...Z......
65 f4 7a                                         e.z
         72 8e 76 9e 4c 26 43 01 a0 b8 2d b2 5c     r.v.L&C...-.\   <- salt (used for the UUID conversation)
56 4c 5a                                         VLZ
         10 27 00 00                                .'..            <- iteration: 0x2710 = 10000
                     2c 17 63 ac                        ,.c.        <- crc32

the crc32 check is done on the first 55 bytes (59 minus the 4 bytes checksum):
crc32 <(echo 62733a2de3fba5e1bce771e7425686b30970a70b6a5cac1aff5acbc9e1b3bca365f47a728e769e4c264301a0b82db25c564c5a10270000 | xxd -r -p)
as you can see the checksum matches because we got ac63172c from crc32 (as we have in the last 4 bytes)

BTW: you can see here how the base64 string is generated by extract-scripts/extract-blockchain-second-hash.py: https://github.com/gurnec/btcrecover/blob/129c09d653bd21e0eb0989a53c0e15949e37cfff/extract-scripts/extract-blockchain-second-hash.py#L207

Now back to the algorithm details.
There are older algorithms for this second blockchain.info password too (see https://github.com/gurnec/btcrecover/blob/129c09d653bd21e0eb0989a53c0e15949e37cfff/btcrecover/btcrpass.py#L2163-L2178), but the current one is just some iterations of sha256 hashes, after concatenating the converted salt (UUID) and the password, see: https://github.com/gurnec/btcrecover/blob/129c09d653bd21e0eb0989a53c0e15949e37cfff/btcrecover/btcrpass.py#L2157-L2159)

The final hash must match the extracted "hash" from the main password decryption (https://github.com/gurnec/btcrecover/blob/129c09d653bd21e0eb0989a53c0e15949e37cfff/btcrecover/btcrpass.py#L2160).

There are also some example hashes (credits go to the people from the btcrecover project of course, again):

(this is base64string:password notation)

I have also written a POC, just to make it very clear (this is of course a slow single-threaded cracking script, don't compare the speeds or blame me for the bad code PLEASE Wink):

blockchain_second_password.pl :

#!/usr/bin/env perl

# Author: philsmd
# Date: February 2019
# License: public domain, donated to hashcat, credits go to philsmd and the hashcat project

use strict;
use warnings;

use Digest::SHA qw (sha256);
use MIME::Base64 qw (decode_base64);

# Example:
# YnM6LeP7peG853HnQlaGswlwpwtqXKwa/1rLyeGzvKNl9HpyjnaeTCZDAaC4LbJcVkxaECcAACwXY6w=:btcr-test-password
# my $hash_target = pack ("H*", "2de3fba5e1bce771e7425686b30970a70b6a5cac1aff5acbc9e1b3bca365f47a");
# my $salt = "728e769e-4c26-4301-a0b8-2db25c564c5a";
# my $iterations = 10000;

if (scalar (@ARGV) != 2)
  print "USAGE: $0 <base64 string> <dictionary>\n";

  exit (1);

my $base64_string  = $ARGV[0];
my $dict_file_name = $ARGV[1];

if (length ($base64_string) != 80)
  print "ERROR: The base64 string (hash, salt, iterations) was not specified correctly as the second command line argument\n";

  exit (1);

my $bin_string = decode_base64 ($base64_string);

if (substr ($bin_string, 0, 3) ne "bs:")
  print "ERROR: signature of the decoded base64 string did not match 'bs:'\n";

  exit (1);

my $hash_target    = substr ($bin_string,  3, 32);
my $salt           = substr ($bin_string, 35, 16);
my $iterations_str = substr ($bin_string, 51,  4);

my $iterations = unpack ("L<", $iterations_str);

# salt to UUID conversion

$salt = unpack ("H*", substr ($salt,  0, 4)) . '-' .
        unpack ("H*", substr ($salt,  4, 2)) . '-' .
        unpack ("H*", substr ($salt,  6, 2)) . '-' .
        unpack ("H*", substr ($salt,  8, 2)) . '-' .
        unpack ("H*", substr ($salt, 10, 6));

# TODO: crc32 check (not really needed, we assume the rest is okay, not corrupt)

my $fh_dict;

if (! open ($fh_dict, "<", $dict_file_name))
  print "ERROR: Could not open dictionary file file '$dict_file_name'\n";

  exit (1);

binmode ($fh_dict);

while (my $pass = <$fh_dict>)
  chomp ($pass);

  my $hash = $salt . $pass;

  for (my $i = 0; $i < $iterations; $i++)
    $hash = sha256 ($hash);

  if ($hash eq $hash_target)
    print "found pass: $pass\n";


close ($fh_dict);

cat dict.txt

./blockchain_second_password.pl YnM6LeP7peG853HnQlaGswlwpwtqXKwa/1rLyeGzvKNl9HpyjnaeTCZDAaC4LbJcVkxaECcAACwXY6w= dict.txt

I think we could implement this in hashcat and we could get a quite fast speedup by using GPUs. Maybe if more people show interest at the current github issue (https://github.com/hashcat/hashcat/issues/1650), we will consider adding it. My only concern is that we probably would also need to add the older ones too, I didn't research how widespread the older ones are (or their relative distribution and or date/year they were generated/used with each and every version).

update: this algorithm and new hash type was added to hashcat. see https://github.com/hashcat/hashcat/issues/1650#issuecomment-466670491 and https://github.com/hashcat/hashcat/commit/d0d4ce9f8c0e99806466457701f2cc75f98ef00a

RE: I lost my second password blockchain.com. - sakamoto - 02-28-2019

I think sha256 is irreversible, but can you decode it?
I can not do anything wrong.

How can I proceed well?
For beginners, I want you to tell me politely.

I want you to exchange it directly.

[private email addresses removed for privacy reasons by mod]

RE: I lost my second password blockchain.com. - anhday22 - 02-28-2019

Inbox me. [scammy sounding contact address removed by phil]

RE: I lost my second password blockchain.com. - philsmd - 02-28-2019

I close this thread because it's getting ridiculous.
private mail addresses and advertisement of scammy (sounding) cryptocurrency wallet recovery services. This is not a forum where you post ads like this