($200 reward) Phantom Wallet seed phrase recovery
#5
(04-04-2024, 05:58 AM)penguinkeeper Wrote: Research dump for whoever picks this up (Potentially me)

It appears to be PBKDF2_SHA256 KDF of the password then using xsalsa20-poly1305 for the encryption/decryption using tweetnacl's "secretbox" function

https://github.com/project-serum/spl-tok...#L124-L130

Will likely be quite a large effort to implement this, as xsalsa20-poly1305 hasn't been implemented before and the Phantom codebase is a mess

Thanks for the reply penguinkeeper. Given the encrypted seed phrase, is there an easy way to find the public key? That would help me confirm how much funds are on the wallet so I can offer a bounty as well that could incentivize the effort needed to implement this. Thank you, and I hope you keep looking into this.
Reply


Messages In This Thread
RE: ($200 reward) Phantom Wallet seed phrase recovery - by tachsahtac - 04-07-2024, 08:25 PM