03-17-2022, 11:44 AM
(This post was last modified: 03-17-2022, 11:45 AM by monyanus.
Edit Reason: textual improvements
)
RESOLVED
After analyzing the html and javascript code I realized that the Bitbox 1 backups only contains the plain sha256 of the mnemonic input (also other input is allowed). Bitbox does not use the mnemonic index or a checksum like the normal seed generation process of a BIP39 mnemonic.
This means that the backup seed (stored in the pdf file that you put on the SD of the Bitbox) is not yet hashed with the password. So similar to normal BIP39 it is not something Hascat can attack.
The only way to recover coins from a Bitbox is to repeat the derivation procedure with many possible passwords and see if the resulting Bitcoin addresses are one of the addresses you used. This is much slower than using Hashcat to brute-force a hash. I am working on some Python scripts to do the derivation and check in a list of addresses (any Bitcoin address in existence).
In case you read this post and you are in a similar situation, you can contact me. Note that because the attack is very slow this only makes sense if you have some solid knowledge of the password. So if you planned to brute force someone else's Bitbox, forget about, it is not gonna work, BitBox security is solid.
After analyzing the html and javascript code I realized that the Bitbox 1 backups only contains the plain sha256 of the mnemonic input (also other input is allowed). Bitbox does not use the mnemonic index or a checksum like the normal seed generation process of a BIP39 mnemonic.
This means that the backup seed (stored in the pdf file that you put on the SD of the Bitbox) is not yet hashed with the password. So similar to normal BIP39 it is not something Hascat can attack.
The only way to recover coins from a Bitbox is to repeat the derivation procedure with many possible passwords and see if the resulting Bitcoin addresses are one of the addresses you used. This is much slower than using Hashcat to brute-force a hash. I am working on some Python scripts to do the derivation and check in a list of addresses (any Bitcoin address in existence).
In case you read this post and you are in a similar situation, you can contact me. Note that because the attack is very slow this only makes sense if you have some solid knowledge of the password. So if you planned to brute force someone else's Bitbox, forget about, it is not gonna work, BitBox security is solid.