decrypting Metamask vault data without the password
#1
Hi , 
Metamask  has a tool for decrypting the seed phrases from the extension data (a json file including data, iv and salt):
https://metamask.github.io/vault-decryptor/
there is a json file that contains data, iv and salt.  

{
"data":"...",
"iv":"...",
"salt":"..."
}



Can I get my seed phrases without my password from this json file? Is there a way to bruteforce my way into this? 

A little context: I forget my 12 digit password for my Metamask wallet and also didn't stored the seed phrases. long story short I lost all of my money this way and now I'm broke. I really appreciate your help.
Reply
#2
I just realized that hashcat -m 26600 is metamask module but I have a question, when you run it on a hash what it will return ? the password or the seed phrases?

because on the vault decryptor it when you add the password it will return the seed phrases.
Reply
#3
hahscat is for password cracking so -> password

Can I get my seed phrases without my password from this json file? -> i dont thinks so
Reply
#4
(10-07-2021, 03:54 PM)Snoopy Wrote: hahscat is for password cracking so -> password

Can I get my seed phrases without my password from this json file? -> i dont thinks so

but the hashes return the seed phrase in vault decryptor.

I remember I had a 12 digit password that included upper and lowercase , numbers and symbols. what would be the best way to proceed?

when I try the command bellow I get the error : "Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a"

Code:
hashcat -a 3 -m 26600 -o output.txt hashes.txt -w 3 ?a?a?a?a?a?a?a?a?a?a?a
Reply
#5
(10-07-2021, 06:20 PM)yekmilad Wrote:
(10-07-2021, 03:54 PM)Snoopy Wrote: hahscat is for password cracking so -> password

Can I get my seed phrases without my password from this json file? -> i dont thinks so

but the hashes return the seed phrase in vault decryptor.

yeah IF you provide the proper password

Quote:when I try the command bellow I get the error : "Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a"
Code:
hashcat -a 3 -m 26600 -o output.txt hashes.txt -w 3 ?a?a?a?a?a?a?a?a?a?a?a

if you have no clue about your own password, it will be nearly impossible to brutefoce this lenght/kind of password in any time, just do some math

95 possible chars ^12 = 540.360.090.000.000.000.000.000
(i dont have a real cracking rig, so i used benchmark and multiplied my output by 1000!)
even with this i ONLY could test 100.000.000 (100 Million) candidates per second this means it would last 171.347.059 YEARS so 171 Millions of Years to test your 12 char password
Reply
#6
I think in your case it would be just clever to read the instructions on that guide carefully to see if that "browser extension data" trick could help you somehow.
https://metamask.zendesk.com/hc/en-us/ar...Vault-Data

it should be pretty clear from these paragraphs when this way of recovering important data could work and help you. Within that page it's also always explained that the password is needed (so you need to give the tool both the "browser extension data" and password, it seems).
Reply
#7
(10-08-2021, 06:22 PM)philsmd Wrote: I think in your case it would be just clever to read the instructions on that guide carefully to see if that "browser extension data" trick could help you somehow.
https://metamask.zendesk.com/hc/en-us/ar...Vault-Data

it should be pretty clear from these paragraphs when this way of recovering important data could work and help you. Within that page it's also always explained that the password is needed (so you need to give the tool both the "browser extension data" and password, it seems).

thank you but I already knew that. I explained in the first post. my issue is I have the browser extension data but I don't have the password.
Reply
#8
Quote:
Quote:when I try the command bellow I get the error : "Integer overflow detected in keyspace of mask: ?a?a?a?a?a?a?a?a?a?a"
Code:
hashcat -a 3 -m 26600 -o output.txt hashes.txt -w 3 ?a?a?a?a?a?a?a?a?a?a?a

if you have no clue about your own password, it will be nearly impossible to brutefoce this lenght/kind of password in any time, just do some math

95 possible chars ^12 = 540.360.090.000.000.000.000.000
(i dont have a real cracking rig, so i used benchmark and multiplied my output by 1000!)
even with this i ONLY could test 100.000.000 (100 Million) candidates per second this means it would last 171.347.059 YEARS so 171 Millions of Years to test your 12 char password

I have two clues. first I know it's exactly 12 chars lengths. not less or more.
Secondly it definitely contains all lower and upper case , numbers and symbols. maybe this will reduce a couple of million years; because passwords with only numbers and letters wouldn't count. also passwords with letters and symbols wouldn't count or numbers and symbols. it should contain all of them.

still it seems like a lot of years.
but maybe I should wait for quantum computers to arrive. 

thanks for the help/
Reply