Debrief: Cracked Ethereum wallet - a beginners approach
#1
Heart 
Hi,

First of all I want to say thanks. Started my short hashcat journey a week ago to resolve a password to an old wallet file for Ethereum.

I struggled a bit to find the exact combined solution so I wanted to write this post in case it comes up for other users while searching. 
Mods: please feel free to delete if this doesn't add value to the forum.

My passwords tend to follow a predictable pattern. Some symbols, some letters, some numbers and some more symbols. 

I first made a list of all the words I commonly used in passwords over the last 10 years. This turned out to be less than 100 words. I put these in a text file which was called text.txt and put it in the same folder as hashcat main executable file.

I then created a rule set using the wiki documents. This would modify each text be adding the symbols before it and then adding some numbers, symbols at the end of it. 
I put each rule on a different line. Saved this as rule.txt and also placed it in the same folder.

Then (with help from searching the forums and the wiki and discord) I put in the following command in hashcat:
hashcat -a 0 text.txt -r rule.txt --stdout -o output.txt

This created an output.txt file of several thousand passwords that combined my words with all kinds of numbers and symbols that I would normally use when creating a password. This is what will be used in the crack. 

It is funny when you look at that output file you realize that many of those passwords could've been my password.

I converted my Ethereum wallet keystore information into the correct format using the same approach as this website:
https://stealthsploit.com/2017/06/12/eth...-cracking/
which is basically: `$ethereum$s*n*r*p*salt*ciphertext*mac`
I saved this in a text file called hasheth.txt and put this in the same folder as the other text files mentioned above.

I then ran the following command:
hashcat -w 3 -m 15700 hasheth.txt output.txt

About 70% through the process I got my successful cracked password notification.
Thank you folks Smile
Reply
#2
Congratulation your lucky bastard :-)
I probably never crack my, and will die trying, it's too long.
Good that some people have had success. How many letters did you have in it?
Reply
#3
nice to hear success stories like this from time to time.

It's important to note that this is the more difficult to crack SCRYPT-based algorithm and therefore it's even harder to crack this.

Maybe, if you find some time, you could also add some notes about your hardware and if you considered cracking this SCRYPT-based algo with a lot of CPU-power (instead of a GPU Rig).... well, if you generated only a "small" word list, it's maybe okay cracking even with just 1 GPU, but of course if you try to crack it in a very short amount of time and very efficiently (less power, best performance) a CPU rig might be best against SCRYPT-based algorithms, like yours. Any thoughts/notes about this ?
Thx and congraz, well done !
Reply
#4
Thanks, this is really helpful as a beginner trying to do something similar. Would you mind posting your rules.txt file? I have been given a list of words and a vague set of rules (first letter might be capitalised, symbol might be inserted somewhere in the middle, might terminate in a digit) but I am struggling to turn that into a programmatic set of rules. I even wrote my own program in python to generate possible passwords for me which is fine except that it hasn't uncovered the password I'm looking for. If you could post your rules or at least the process you went about creating them it would be very handy.
Reply
#5
Information 
Thanks everyone! I felt a lot of relief because of this.

Answers to some of the questions.
1. Length of password: It was 12 characters. A few characters, a word and numbers and characters.

2: Hardware spec: old i5 laptop. I read that the scrypt encryption limits usability of GPU so just used CPU.

3: The rules files really saves you. Its also I think how people intuitively generate their own passwords so it makes sense to use that approach if you can go through the short learning curve.
Instead of the mask system, the rules made more sense because what was more common was the type of characters I used and their placement in my passwords as opposed to the length of the password.
The common passwords ranged from 8 to 16 characters but that all depended on the amount of characters or numbers at the start or end of the specific word.
And each word had different lengths. In this case the rules makes more sense.

To make my rules list I opened my last saved passwords from the last 5 years that I had either written down or saved in chrome auto-save (bad practice, I know) and created two text files. One was the "text.txt" file that had my base words. and the second was the rules.txt file.  In my post above I mentioned the Hashcat command to generate a password output text file of every possible combination using my base words and all the special rules.


Code:
##base word is in text.txt file
##: the colon is command to include base word but for some reason it includes the word twice so I'm commenting it out for now

##custom rules we want: prepend characters, append numbers and always capitalize the first letter of the word in the middle of the password

##capitalizes first letter and lowers the rest
c

##prepends characters to the start, it goes in this direction because of how it reads it and it appends an exclamation to the end
^!^!^@
^!^!^@$1
^!^(^)
^!^(^)$1
^!^(^)$1$1
^!^@^!
^!^@^!$1
^!^@^!$1$1

I had more combinations than this rules list but this is an idea of how my rules file was generated. 

Basically hashcat reads every line in the rule.txt file as a new set of possible passwords to generate. So the more rules combined with more base words to combine with leads to a fairly long list of passwords relative to the 100 base words I started out with.  This worked for me because although it was a common word (one of the 100), the character/number combination that was used was not common.

4. Renting GPU/CPU space: I read that scrypt doesn't work well on GPUs so I looked for CPU options.
I DMd someone here regarding renting CPUs but didn't get a reply.

I read that renting CPUs on Amazon allows you to get up to 5000 guesses per second.

Since the value locked was pretty decent I was willing to pay a significant amount to recover the file.
 
I also contacted a specialist who said they could crack it in a month for just over $200k so in a sense that was my limit but I really did not want to go that high.

My next plan if the initial list didn't work was to go on a CPU purchasing spree.

I found that I was able to get just under 1 guess per second, so I figured I would try to get a machine that could get 2 guesses per second then buy 10 of those PCs for under $1k each and try it for a few months. I could always donate the computers later. This would increase my guessing ability by 10x for $10k which seems like a good tradeoff. And by that time I would either hit on my guesses or basically realize I was not going to ever hit.

After everything I've read about scrypt since finding hashcat though, I'm not sure if the guy telling me he could crack it in a month could have really done it if my main password rules set up didn't work.
Limiting the attack surface, as people say on here, is really the best move and that's why I really encourage people, even newbies, to learn to use the rule based system.


Question for the experts:
Someone with more experience could tell us what the realistic amount of guesses per second that could be expected per machine would be when guessing against Scrypt?
Reply
#6
That's really interesting thanks. Did you end up buying the 10 PCs or did you just use your laptop? You say you cracked it 75% of the way through your password list so I'm wondering whether you just got lucky on your first set of generated passwords and planned to throw more hardware at the problem if that had failed.
Reply
#7
(12-16-2021, 02:29 PM)aspz Wrote: That's really interesting thanks. Did you end up buying the 10 PCs or did you just use your laptop? You say you cracked it 75% of the way through your password list so I'm wondering whether you just got lucky on your first set of generated passwords and planned to throw more hardware at the problem if that had failed.

I just got lucky that it was in my first set of generated passwords so I didn't need to buy the PCs.
My initial list was a few thousand passwords with all the rules.
Even at 1H/second that's still easily 50,000 attempts in a 24 hr period which is not bad if you get lucky and happened to use some variation of a common password (I opened up my google chrome auto saved password and unlocked every "word" and every "symbol / number" combination that I used back then and used that to help me generate a list).

To make the rules I used the rule wiki guide mostly and looked on here in the forums plus asked in the discord.
Reply
#8
Hi,

I'm having difficulty creating rules for a mixed password.

I believen it is between 10-12 characters

I know the first letter is Uppercase, and the last is a special character. The rest are upper, lower, numbers and characters.

Is there any way to create rules for something like this?

I'm trying to crack an -m 15700 eth and clearly confused.

Thank you!
Reply
#9
(12-24-2021, 10:22 AM)FleetwoodAMAC Wrote: Hi,

I'm having difficulty creating rules for a mixed password.

I believen it is between 10-12 characters

I know the first letter is Uppercase, and the last is a special character. The rest are upper, lower, numbers and characters.

Is there any way to create rules for something like this?

I'm trying to crack an -m 15700 eth and clearly confused.

Thank you!

Can you remember anything about the other characters? were they totally random or were they perhaps based on a word eg.pa$sw0rd
?
Reply