Bitcoin Wallet password, which is the best method to recover ?
#1
Question 
Hello Guys,

i'm glad to join this community, so here is my question :

I would like to know which one is the best and effective (and fastest maybe) method to recover a password from my old wallet.dat file (BTC) ?

Here is what i did :

Download the latest version of Hashcat, download python, then i copy pasted the bitcoin2john script into a new text file, then i used this script (which i found here : https://raw.githubusercontent.com/openwa...in2john.py) to create a walletHASH.txt file from my wallet.dat...

then i use this HASH file with this command :

hashcat-6.2.1>hashcat -a 3 -m 11300 wallethash2.txt ?a?a?a?a?a?a?a?a --increment --increment-min 1

i totally forgot my password as it's a very old wallet file which i found on an old HDD.

my question is, is this method i used one of the best way ? because i also saw that there are other attack modes, and also dictionary file, and rules files....

i found this file right here but i don't know if it's better than using a simple bruteforce from hashcat ??
Here is the rule file : https://notsosecure.com/one-rule-to-rule-them-all/
and here the rockyou dictionary file : downloads.skullsecurity.org/passwords/rockyou.txt.bz2

Please guys if you have any advices it would be very cool to know !
BTW i'm using an RTX 2080 Max-Q GPU.
I don't remember nothing from the password.

Big thanks !
Reply
#2
first, keep calm, take a beer and try hard and start thinking, how does your old passwords (you remember) or new passwords (you are using today) look like?

totally random or are they following a "style" which is typical for you? lets say some special char, one-two-three words a number like your birthday e.g. *thisismypassword1942?

if random , stick to bruteforce but dont expect to be successful

if it follows some kind of style, prepare your own dictionary and use a rule file like the one mentioned or use a mask-attack
Reply
#3
(05-21-2021, 12:57 AM)Snoopy Wrote: first, keep calm, take a beer and try hard and start thinking, how does your old passwords (you remember)  or new passwords (you are using today) look like?

totally random or are they following a "style" which is typical for you? lets say some special char, one-two-three words a number like your birthday e.g. *thisismypassword1942?

if random , stick to bruteforce but dont expect to be successful

if it follows some kind of style, prepare your own dictionary and use a rule file like the one mentioned or use a mask-attack

It's totally random... unfortunately.

Do you think i can just use a rule with a random style forgotten password ? or better to stick with bruteforce ?
Can i use bruteforce + rules ?
Reply
#4
mh, do you know the length of your password?

well rules just modify existing password candidates, adding or removing, switching things ... so no i dont think this wont work

so yeah bruteforce seems the only way, anything which would reduce the charset/keyspace would help
some informations that would help

lenght, chars used (lower, upper, specials, digits or all?), with or without double chars'?
Reply
#5
I think it is from 10 to 12 chars.... and only normal alphabetic + numbers... no special char.
can you help me to create the command ? i tried bruteforcing for 7 days but not working.
thank you.
Reply
#6
you could try

hashcat -a 3 -m 11300 wallethash2.txt -1 ?l?u?d  --increment --increment-min=10 --increment-max=12 ?1?1?1?1?1?1?1?1?1?1?1?1

but cracking wallets with bruteforce ... well you have to be very lucky to be successful
Reply
#7
Or you can create a custom charset and exclude the chars which you are sure to not have used. Maybe the xX and yY. You will reduce the possible candidats.

But as Snoopy mentioned: With 10-12 postitions it will take you 4ever.

You might be better off trying your "old" passwords and combine them with possible extensions. But only if you reused passwords and you have used not many different ones. The list can be done with hashcat usils -> combipow.
Reply
#8
Have you succeeded with your password cracking? I'm sorry that you've got such a problem. We all are trying to keep our crypto wallets safe. I have mine here removed by philsmd: a random cryptocurrency wallet service (scam site ?) / My password is very complex, that's why it's written in my notebook. I'm really scared that someone could crack my account.
Reply