Blockchain second pass decrypt error
Thanks to Proxerboss I was able to troubleshoot this problem (he has send me an empty encrypted wallet with 2nd password that fails for him to accept the password with btcrecover).

I've now analyzed the wallet and came very quickly to the conclusion that btcrecover doesn't validate the decrypted data correctly, It allows only a very specific regex, which we already found out isn't working correctly.

The problem is similar to this one we had discovered in hashcat:
and first fixed here:

basically, the check for {"guid" is not always good enough, because decrypted wallets could start with other patterns too (see , for instance with {"tx_notes":{},...}).

the problem of btcrecover is located here:

and this is only for the 2nd password extraction of current versions, there might be other lines of code in the btcrecover software that also need to be more flexible and therefore fixed.

Could somebody please report this to the btcrecover guys on github ( ... if it's not already a known issue update: I got some spare minutes and have now searched for a similar issue on the btcrecover github and found this, so I guess it's already a known issue and not fixed yet. In general, it seems that this project is quite inactive Sad ), explain this problem and maybe also link to this post.

Thank you very much

BTW: it's needless to say, but if it's still unclear ... this is not a hashcat problem, but btcrecover doesn't accept the password because the validation fails because it only tries to match {"guid", but guid could be anywhere in the wallet file not always after the opening curly brackets. We addressed a similar problem in the hashcat kernel (decrypted data validation) already, thanks to the help of an user who reported this (see above hashcat github issue).

Messages In This Thread
RE: Blockchain second pass decrypt error - by philsmd - 04-13-2019, 03:49 PM