Trying to recover a blockchain.info wallet - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Trying to recover a blockchain.info wallet (/thread-8814.html) Pages:
1
2
|
Trying to recover a blockchain.info wallet - jennifer4682 - 12-10-2019 Hey guys as the title says i'm trying to recover a blockchain.info wallet password . But before starting to use hashcat, i need to convert the wallet.aes.json to a hash file. so i'm using the following johntheripper script: https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/blockchain2john.py The output of the script is: wallet.aes.json:$blockchain$v2$5000$1184$...ddc40e6979055eb129fb97e3e83d642ffc4f68fe5a441c95d7eb0822ff99dcbf4b978c2... it's 2368 char after $ Is that amount char normal? Can hashcat handle it? RE: Trying to recover a blockchain.info wallet - undeath - 12-10-2019 why do you ask if hashcat can handle it instead of simply trying if hashcat can handle it? RE: Trying to recover a blockchain.info wallet - jennifer4682 - 12-10-2019 I actually tried and searched the forum before posting but i'm struggling like the guys on this thread: https://hashcat.net/forum/thread-8207.html? All i get is the result of exhausted even with a test account. RE: Trying to recover a blockchain.info wallet - undeath - 12-11-2019 What hardware are you using? Can you try with the beta version? https://hashcat.net/beta/ RE: Trying to recover a blockchain.info wallet - jennifer4682 - 12-11-2019 (12-11-2019, 12:00 AM)undeath Wrote: What hardware are you using? Can you try with the beta version? https://hashcat.net/beta/ I'm using a Ryzen 5 2600 cpu with an RX580 8Gb GPU. I didn't had any problems with Hashcat detecting and using my GPU. The beta version still displays the same behavior. It just ignores the password in both straight and brute-force methods showing the result of "Exhausted". While both the stable and beta versions did crack successfully a bitcoin wallet.dat using -m 11300 on both straight and brute-force methods. I did some research and found something interesting. And funny enough it was posted by yourself. Link: https://hashcat.net/forum/thread-7498-post-40352.html#pid40352 RE: Trying to recover a blockchain.info wallet - undeath - 12-11-2019 Note that post is about v1 blockchain wallets only. I don't know if it applies to v2 wallets as well. And if the hash gets loaded excessive data length should make no difference in cracking a v2 hash. Can you successfully crack the example blockchain v2 hash from https://hashcat.net/wiki/doku.php?id=example_hashes ? RE: Trying to recover a blockchain.info wallet - jennifer4682 - 12-11-2019 (12-11-2019, 04:59 PM)undeath Wrote: Note that post is about v1 blockchain wallets only. I don't know if it applies to v2 wallets as well. And if the hash gets loaded excessive data length should make no difference in cracking a v2 hash. Yes, i tried in both modes, it cracks the blockchain v2 very well!! RE: Trying to recover a blockchain.info wallet - philsmd - 12-11-2019 maybe it has something to do with this: https://github.com/hashcat/hashcat/commit/a9bafb7edb49bbf40d097fecf19a5c4ee0620076 The validation check is only searching for some specific pattern... we would need to know what your decrypted file starts with, currently supported patterns are (see https://github.com/hashcat/hashcat/issues/1937#issuecomment-469038973): - "guid" - "tx_no - "share - "addre - "doubl - "keys" I'm pretty sure this huge number of possibilities comes from the fact that for json it doesn't really matter which keys come first (as long as they are in the json object)... so it is somehow shuffle.... the problem is that if some pattern is completely missing in the cracker/hashcat, it doesn't validate correctly. We would need that pattern, if it's really missing... or come up with a better strategy alltogether (but it's not easy to come up with a good plan... maybe a entropy check or a search for specific character sets (e.g. non-binary data. should contain : and " etc) would be also enough, but could lead to false positives ) RE: Trying to recover a blockchain.info wallet - jennifer4682 - 12-11-2019 I tried to make the hashfile again from scratch using blockchain2john.py and now hashcat beta returns an actual error: Hash 'myhash.txt': Token length exception No hashes loaded. RE: Trying to recover a blockchain.info wallet - undeath - 12-11-2019 that just means hashcat can't find the myhash.txt file |