04-07-2017, 04:33 PM
Well...
I looked at the problem a bit more in depth and now I'm aware (hope to be wrong) that I can use only a dictionary based attack. Also using ethercrack that has the "presale" option, that @philsmd gently proposed, has no way of solving my issue.
The key points are:
So the only way I found (please refute me!) is dictionary attack with a very big dictionary.
So I can for sure pipe the dictionary I created into the .pl scripts that @philsmd wrote and I have only to test it.
If other infoes are needed please tell me.
Thanks
I looked at the problem a bit more in depth and now I'm aware (hope to be wrong) that I can use only a dictionary based attack. Also using ethercrack that has the "presale" option, that @philsmd gently proposed, has no way of solving my issue.
The key points are:
- passphrase is between 23 and 25 chars
- passphrase is presumably created with 3 names (i.e. Camille, Ernest, Savannah)
- the "a" can be "@" at least in the first position
- the "e" can be "€" at least in the first position
- the first letter of every name is capitalized
- at the end of the passphrase can be a "*"
So the only way I found (please refute me!) is dictionary attack with a very big dictionary.
So I can for sure pipe the dictionary I created into the .pl scripts that @philsmd wrote and I have only to test it.
If other infoes are needed please tell me.
Thanks
(04-07-2017, 02:12 PM)dindolo1979 Wrote: Wow !! Thank you.
Ok I'll collect info and give a better definition of the scenario as well as I can.
I'll try the perl code you wrote and try to contribute asap.
Thanks
(04-07-2017, 02:03 PM)philsmd Wrote: @dindolo1979 Attention: I would be very careful with this small set of information you provided/got here.
As far as I understood the algorithm is much more simple/straight forward and doesn't need any AES etc steps just to validate the password.
If you are really interested in some more (technical) discussions and/or if you want that these algorithms (actually yes, there are 2 different algorithms at least!) to be added to hashcat, we should continue to collect some information and maybe you can contribute a little bit (with some more info, e.g. which file a user normally has etc, I'm thinking about e.g. the ~/.web3/keys/ files on linux, but I'm not too familiar with ethereum)...
This is what I got so far, a POC:
pbkdf2:
Code:#!/usr/bin/env perl
# author: philsmd (for hashcat)
# date: april 2017
use strict;
use warnings;
use Crypt::PBKDF2;
use Digest::Keccak qw (keccak_256_hex);
#
# Algorithm can be found in: SecretStore::decrypt () in cpp-ethereum/libdevcrypto/SecretStore.cpp
# Examples can be found in: cpp-ethereum/test/unittests/libdevcrypto/SecretStore.cpp
#
my $mac = "cf6bfbcc77142a22c4a908784b4a16f1023a1d0e2aff404c20158fa4f1587177"; # the "hash"
my $ciphertext = "d69313b6470ac1942f75d72ebf8818a0d484ac78478a132ee081cd954d6bd7a9";
# pbkdf2 params:
my $dklen = 32;
my $c = 262144; # iterations
my $salt = "c82ef14476014cbf438081a42709e2ed";
# pass:
# my $pass = "bar";
#
# Start
#
my $salt_bin = pack ("H*", $salt);
my $ciphertext_bin = pack ("H*", $ciphertext);
while (my $pass = <>)
{
chomp ($pass);
# pbkdf2:
my $pbkdf2 = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
iterations => $c,
out_len => $dklen
);
my $derived_key = $pbkdf2->PBKDF2 ($salt_bin, $pass);
my $derived_key_cropped = substr ($derived_key, 16, 16);
# SHA3 - keccak (needed for the "mac" check)
my $mac_gen = keccak_256_hex ($derived_key_cropped . $ciphertext_bin);
if ($mac_gen eq $mac)
{
print "Password found: '$pass'\n";
}
}
how to run it:
Code:echo bar | ./ethereum_pbkdf2.pl
scrypt:
Code:#!/usr/bin/env perl
# author: philsmd (for hashcat)
# date: april 2017
use strict;
use warnings;
use Crypt::ScryptKDF qw (scrypt_raw);
use Digest::Keccak qw (keccak_256_hex);
#
# Algorithm can be found in: SecretStore::decrypt () in cpp-ethereum/libdevcrypto/SecretStore.cpp
# Examples can be found in: cpp-ethereum/test/unittests/libdevcrypto/SecretStore.cpp
#
my $mac = "2103ac29920d71da29f15d75b4a16dbe95cfd7ff8faea1056c33131d846e3097"; # the "hash"
my $ciphertext = "d172bf743a674da9cdad04534d56926ef8358534d458fffccd4e6ad2fbde479c";
# scrypt params:
my $dklen = 32;
my $n = 262144;
my $p = 8,
my $r = 1,
my $salt = "ab0c7876052600dd703518d6fc3fe8984592145b591fc8fb5c6d43190334ba19";
# pass:
# my $pass = "testpassword";
#
# Start
#
my $salt_bin = pack ("H*", $salt);
my $ciphertext_bin = pack ("H*", $ciphertext);
while (my $pass = <>)
{
chomp ($pass);
# scrypt:
my $derived_key = scrypt_raw ($pass, $salt_bin, $n, $r, $p, $dklen);
my $derived_key_cropped = substr ($derived_key, 16, 16);
# SHA3 - keccak (needed for the "mac" check)
my $mac_gen = keccak_256_hex ($derived_key_cropped . $ciphertext_bin);
if ($mac_gen eq $mac)
{
print "Password found: '$pass'\n";
}
}
how to run it:
Code:echo testpassword | ./ethereum_scrypt.pl
(examples, as mentioned within the code, are from: cpp-ethereum/test/unittests/libdevcrypto/SecretStore.cpp)
Note: the code is in perl, but it wouldn't be impossible to add GPU support with hashcat, but we need to clarify a lot of things first, actually there is already a github issue here: https://github.com/hashcat/hashcat/issues/262 (with very little information about the algorithm)