Newbie Wallet - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: Newbie Wallet (/thread-8477.html) |
Newbie Wallet - MikeWell - 07-10-2019 Hello, Sorry if I'm aksing what's been asked before, but I could only find a single similar 5 year old thread. I've a DOGECOIN wallet that I last used in early 2014, which I've forgotten the passphrase for. It's not worth a professional cracker as it's only got 12067 coins ($40 approx). But I'd really like to try and access it. I think I know 6 chars of the pwd which won't be more that 16 chars. Is hashcat suitable? How can I use it for this? I'm not very technical, but can figure things out when pointed in the right direction. Thanks if you're willing to help. RE: Newbie Wallet - philsmd - 07-10-2019 What is the thread you are referring at ? What are the files that you have ? wallet.dat ? Which software (and which version of that software) did generate this wallet ? hashcat support bitcoin/litecoin/electrum wallets... maybe your wallet is similar to a "normal" bitcoin wallet !? With all the facts/details that I asked above, it should be easy to find that out. RE: Newbie Wallet - Chick3nman - 07-11-2019 Dogecoin's original wallet client was a derivative of the bitcoin client and as such, can be attacked using the bitcoin wallet.dat modes. That only would work for the original wallet and not any secondary/third-party wallet client of any kind. RE: Newbie Wallet - MikeWell - 07-11-2019 Thanks for your replies. Yes, it's a wallet.dat from 2014. I'm finding the documentation hard to follow. What would be the command line, say for running this in the wallet.dat mode for 16 chars? RE: Newbie Wallet - philsmd - 07-11-2019 you use bitcoin2john.py to convert the wallet.dat file into a hash: https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/bitcoin2john.py install and use python 2.7 to use that python script above, remove all the file names (and colons) from the output, seee https://hashcat.net/wiki/example_hashes for a valid example hash for -m 11300 brute-forcing a 16 character password is infeasible use a dictionary-based attack (maybe with a few rules -r my.rules) instead RE: Newbie Wallet - MikeWell - 07-11-2019 Thanks Phil! RE: Newbie Wallet - MikeWell - 07-11-2019 Ok - I've got closer. I've that bitcoin2john hash into a text file, and I can run: hashcat64 -m 11300 hash.txt and it's running with yellow attention text and white information, and everntually "No password candidates received in stdin mode, aborting..." in red. Based on what you said it's trying too much. I doubt a dictionary will work as I don't make up passwords like that, but it will only be alpha upper and lower and numbers. I also may know the first 6 characters. Would you mind helping me constructing the command line for, say 13 chars as described (let's say the start is "MikeyW")? I really apprecaite this. Thank you. RE: Newbie Wallet - philsmd - 07-11-2019 see --help -a 0 is dictionary attack and you need to provide a dictionary -a 3 is mask attack (or "brute-force") and you need to provide a mask upper = 26 chars, lower = 26 chars, digits = 10 chars => 26 + 26 + 10 = 62 chars 62 chars * 62 chars * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 = 62 ^ 13 = 200,028,539,268,669,788,905,472 = infeasible ^ 2 if you think that 16 - 6 is much better, you are wrong again ! it's still infeasible because 62 ^ (16-6) = 62 ^ 10 = 839,299,365,868,340,224 (and still infeasible, just a little bit smaller number, but not significant and still not feasible ) RE: Newbie Wallet - MikeWell - 07-11-2019 OK thanks. So basically I was too clever coming up with a complex pasword system. I suppose that it's nice to know that even though I've lost $40, the rest of my passwords are safe! RE: Newbie Wallet - philsmd - 07-11-2019 I don't know about that. If you say it's a "complex password system" maybe it's not random at all. I don't know about the specifics of your password system, it could be flawed and not that difficult to write a cusom password generator to crack it (if it's not 100% random chars from /dev/urandom). |