11-15-2018, 05:30 AM
Hello,
The example hash for -m 11300 Bitcoin/Litecoin wallet.dat is:
$bitcoin$96$d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb44899039326f7a00f171a7bbc854a54$16$1563277210780230$158555$96$628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174$66$625882875480513751851333441623702852811440775888122046360561760525
Can anyone help with the format of this hash, and how I could construct one with output from pywallet.py?
As far as I know, $bitcoin$96$ I can just ignore for now. (But what is the 96?) Then:
d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb44899039326f7a00f171a7bbc854a54
is the encrypted master key. Not sure what the $16$ part is.
Then 1563277210780230 is the salt, then 158555 is the iter count. Is that correct so far?
Note sure what $96$ after that is again.
Then there's:
628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174
$66$
625882875480513751851333441623702852811440775888122046360561760525
What are these parts? Can I get them from the json output of a tool like pywallet.py that dumps encrypted wallet information? Do these extra parts have something to do with the mkey or other parts of the wallet.dat, like an addr, compressed true/false, another encrypted private key, pubkey, and if so, what parts?
Thank you for any help, I'm trying to manually construct a hashcat compatible wallet.dat hash from information dumped from pywallet.py, which looks like this:
"mkey": {
"encrypted_key": "encrypted key bytes",
"nDerivationIterations": 47923, # contrived example
"nDerivationMethod": 0,
"nID": 1,
"otherParams": "",
"salt": "salt bytes"
},
Would the other information be another somehow encrypted private key associated with an address in the wallet.dat, and maybe a pubkey?
Or can I just have a go at a hash that has an encrypted private key as above, iterations, salt? What would I be missing out on if I didn't have any further information about the entire hash? How would hashcat deal with the last parts
628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174
$66$
625882875480513751851333441623702852811440775888122046360561760525
... as the example hash from the wiki?
Thank you for any help!
The example hash for -m 11300 Bitcoin/Litecoin wallet.dat is:
$bitcoin$96$d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb44899039326f7a00f171a7bbc854a54$16$1563277210780230$158555$96$628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174$66$625882875480513751851333441623702852811440775888122046360561760525
Can anyone help with the format of this hash, and how I could construct one with output from pywallet.py?
As far as I know, $bitcoin$96$ I can just ignore for now. (But what is the 96?) Then:
d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb44899039326f7a00f171a7bbc854a54
is the encrypted master key. Not sure what the $16$ part is.
Then 1563277210780230 is the salt, then 158555 is the iter count. Is that correct so far?
Note sure what $96$ after that is again.
Then there's:
628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174
$66$
625882875480513751851333441623702852811440775888122046360561760525
What are these parts? Can I get them from the json output of a tool like pywallet.py that dumps encrypted wallet information? Do these extra parts have something to do with the mkey or other parts of the wallet.dat, like an addr, compressed true/false, another encrypted private key, pubkey, and if so, what parts?
Thank you for any help, I'm trying to manually construct a hashcat compatible wallet.dat hash from information dumped from pywallet.py, which looks like this:
"mkey": {
"encrypted_key": "encrypted key bytes",
"nDerivationIterations": 47923, # contrived example
"nDerivationMethod": 0,
"nID": 1,
"otherParams": "",
"salt": "salt bytes"
},
Would the other information be another somehow encrypted private key associated with an address in the wallet.dat, and maybe a pubkey?
Or can I just have a go at a hash that has an encrypted private key as above, iterations, salt? What would I be missing out on if I didn't have any further information about the entire hash? How would hashcat deal with the last parts
628835426818227243334570448571536352510740823233055715845322741625407685873076027233865346542174
$66$
625882875480513751851333441623702852811440775888122046360561760525
... as the example hash from the wiki?
Thank you for any help!