[ethereum] Fail to find even known password
#1
Hello,

I try to crack my ethereum wallet. 
But I fail even to crack a new wallet, of which I know the password.
I created the hash using ethereum2john.py
But I also tried to do it manually, using these instructions:
https://stealthsploit.com/2017/06/12/eth...-cracking/

In both cases, I get the same commandline
Code:
{"address":"xxxx",
"crypto":{"cipher":"aes-128-ctr","ciphertext":"yyyyy",
"cipherparams":{"iv":"aaaaa"},
"kdf":"scrypt",
"kdfparams":
{"dklen":32,"n":262144,"p":1,"r":8,"salt":"bbbb"},
"mac":"cccc"},"id":"ddd","version":3}




hashcat.exe -m15700  $ethereum$s*262144*8*1*bbbb*yyyyy*ccccc h:\dict.txt --status --status-timer=5 -w3 -S


dict.txt contains a few passwords and the known password.

Running this leads to "Exhausted"

I then tried the example hash from https://hashcat.net/wiki/doku.php?id=example_hashes

Code:
hashcat.exe -m15700 $ethereum$s*262144*1*8*3436383737333838313035343736303637353530323430373235343034363130*8b58d9d15f579faba1cd13dd372faeb51718e7f70735de96f0bcb2ef4fb90278*8de566b919e6825a65746e266226316c1add8d8c3d15f54640902437bcffc8c3 h:\dict1.txt

Running this leads to "cracked"

What could I be doing wrong... I suppose something on the way from my UTC.....json file to the hash must be wrong...

Any Ideas?

Best regards,
Hendrik
Reply
#2
first try to put the hash into a file instead of providing it directly on command line, bash, cmd.exe powershell zsh most of these dont like special chars like $* on command line without putting them into ' ' or " "

second im not quite sure, but see the diff in example *1*8 and your *8*1 try swapping this two digits and see whether your password is recovered or not
Reply
#3
Hello,

thanks. In the end, it worked...
How?
I exported all my passwords from keepass to a textfile and tried them with John The Ripper.
And I got a success!
The Password was a random one. Not a combination of my often used words. But why was it in the keepass-export?
Well, it was under "ehereum". I did not find it, due to the missing "t" ;-)

I do not know, whether my commandline was correct, as in the end I was successful with John.

Best regards,
Hendrik
Reply