deleted my old bitcoin wallets password, trying to find the right command to figure!
#1
Bug 
Hey Hashcat

In 2017 I drunkenly accidentally deleted my blockchain.info passwords second password I had set.

I had over 1.6 BTC in the wallet, I know how to extract the hash I need but its the brute forcing the wordlist I could do with some guidance on,

I had set a large 29 random digit password for my first wallet which is working it was:

8099~GeNEcCjDADN____EpF8S!%r  

This works for the 1st password, but as for the second password back then I inserted like 2/3 random characters into the 1st password about 3 times in the middle somewhere randomly so it'd look similar to below (where ive put the ***)

8099~G***eNEcC***jDADN__***__EpF8S!%r  
(NOTE: I do not know where I inserted the charectors this is an example of what I remember it looking like)

So its a roughly 37 character password im trying to bruteforce, I know 29 of these charecters used in the password as they are the same as my 1st password 

I would like some help with the command to try all possible combinations to bruteforce this, im a bit of a beginner but is it along the lines of an expanding wildcard I need to look into? Very confused

Any help is greatly appreciated!
Reply
#2
Try this https://github.com/sc0tfree/mentalist
it's a gui that helps you generate custom wordlist.


You mentioned second password, are you sure it is a. second password or just a bug with the way you are trying to dump the wallet?


I had great success extracting walet data once i found the password by using this fork of btcrecover https://github.com/3rdIteration/btcrecover

Code:
python3 btcrecover.py --wallet=wallet.aes.json --correct-wallet-password=thepasswordthatiscorect! --dump-wallet=thedumpedwalletdatafilenamehere.json
Reply
#3
Wink 
(09-21-2022, 07:07 PM)hashcash Wrote: Try this https://github.com/sc0tfree/mentalist
it's a gui that helps you generate custom wordlist.


You mentioned second password, are you sure it is a. second password or just a bug with the way you are trying to dump the wallet?


I had great success extracting walet data once i found the password by using this fork of btcrecover https://github.com/3rdIteration/btcrecover

Code:
python3 btcrecover.py --wallet=wallet.aes.json --correct-wallet-password=thepasswordthatiscorect! --dump-wallet=thedumpedwalletdatafilenamehere.json


Thanks for the reply, 

that custom wordlist is exactly the sort of thing I was looking for!!! Ill give it a big effort.

it definitely has a second password set on the wallet.aes.json I remember setting it, I will look into that fork of btcrecover too. Considering renting a rig on vast.ai to speed things up..
Reply
#4
You're welcome! I happened to have success using this to add characters to the end of the passwords or replace first letters case etc, make sure you find as many of your saved passwords, the one from your phones keychain can help, web browsers saved passwords, etc. (yeah make sure you don't use them in the future).

This might also help:

https://github.com/obsidianforensics/hindsight

[Image: interface-v2.gif]

most likely the data might be in your browser, or you can at least look at the timeline of events that took place during the time you changed this password, no matter how drunk you was it would help if you walk through the events that took place, you will be able to paint a picture of what your actions could have been.

so do what you can check your google my activity report or something find emails on that day, every log, if you don't know the date find out which day you changed your password. also search emails for


Code:
Authorize Log In

that seems to be the the key word to find the dates you attempted to log in to blockchain.info...

and also check out https://andreafortuna.org/2017/11/15/how...olatility/ maybe
Reply
#5
Big Grin 
(09-21-2022, 07:41 PM)hashcash Wrote: You're welcome! I happened to have success using this to add characters to the end of the passwords or replace first letters case etc, make sure you find as many of your saved passwords, the one from your phones keychain can help, web browsers saved passwords, etc. (yeah make sure you don't use them in the future).

This might also help:


most likely the data might be in your browser, or you can at least look at the timeline of events that took place during the time you changed this password, no matter how drunk you was it would help if you walk through the events that took place, you will be able to paint a picture of what your actions could have been.

so do what you can check your google my activity report or something find emails on that day, every log, if you don't know the date find out which day you changed your password. also search emails for


Code:
Authorize Log In

that seems to be the the key word to find the dates you attempted to log in to blockchain.info...

and also check out https://andreafortuna.org/2017/11/15/how...olatility/ maybe

Thanks again, unfortunately Ive had several computers since 2017 so no chance of it being in caches anywhere, The Mentalist one seems promising a good link there. (Dont worry if I get in ill send you a tip >_> putting all my energy into this. I know 75% of the characters used in the password I just need to insert the random characters in the correct place for the second pass :-[]
Reply
#6
After lot of thinking im going to try bruteforce all the chars inbetween and just use start and end of the password I remembered I set as prefix and suffixs, so im thinking itll look like this:

8099~GeNEcCjDADN____EpF8S!%r
 into 


8099~G[*****************]8S!%r

try all combinations of like 18 character combinations, and remove all that dont repeat like 4/5 of the characters found in the main pass
Reply