hashcat
advanced password recovery

Feels · 09-03-2023, 04:41 PM

Hello,
i'm trying to test and find the fastest method to recover password from Electrum wallet file. I tried btcrecover and it's okay to recover but with speed of CPU only.
However after suppling --enable-opencl it does not speed up process at all but finds password too.

Code:
python btcrecover.py --wallet ./wallets/default_wallet --passwordlist ./btcrecover/wordlists/electrum1-en.txt

So i tried hashcat approach, the first got wallet hash with electrum2john.py

Code:
python electrum2john.py ./wallets/default_wallet

then supplied it to hashcat

Code:
.\hashcat.exe -a 3 hash.txt test?l?l?d

The password is: testme1 so I pass mask to find "me1", and the result was misunderstanding, not a real password but range.

Code:
Session..........: hashcat

Status...........: Cracked

Hash.Mode........: 21700 (Electrum Wallet (Salt-Type 4))

Hash.Target......: $electrum$4*02bb51f843d9972621fc3e4ac66cc8d1e3d6901...76ddc5

Time.Started.....: Sat Sep 02 18:48:55 2023 (0 secs)

Time.Estimated...: Sat Sep 02 18:48:55 2023 (0 secs)

Kernel.Feature...: Pure Kernel

Guess.Mask.......: test?l?l?d [7]

Guess.Queue......: 1/1 (100.00%)

Speed.#1.........:  138.5 kH/s (0.18ms) @ Accel:64 Loops:31 Thr:128 Vec:1

Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)

Progress.........: 3840/6760 (56.80%)

Rejected.........: 0/3840 (0.00%)

Restore.Point....: 0/6760 (0.00%)

Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:992-1023

Candidate.Engine.: Device Generator

Candidates.#1....: tester1 -> testwt4

Hardware.Mon.#1..: Temp: 58c Fan:  0% Util: 21% Core: 998MHz Mem:1992MHz Bus:16

The full hash is:

Code:
$electrum$4*02bb51f843d9972621fc3e4ac66cc8d1e3d69014ec02914dad01dd9d4a57cfba7e*4249453102bb51f843d9972621fc3e4ac66cc8d1e3d69014ec02914dad01dd9d4a57cfba7e9e6b566b14bd73e9ebc12dcf1e34e25305e4d9961696076d94647685ca0026683b0ff848700c643f8e162427f12b21ca40137a692c7eece9d5e4efe5098622717cf05abde93d2d52179a725e67e5685a6ebef97c1bd3a30ccd9bb711e288d24728f9380b6e80f75346e47de07ec89dba8db8aac64ccc64d847cb31f69b0f15f4d8a7375b915daa9af32165cb2c91f5822780bfb1b704b9b290d0eb18e51133b4ae5f34ba1cd99a72ea5f62c5959ed172f3f3a19119e21202e04c8a40ca76f5e9dba0d93bdf105ec5283c8280e85cab1c02c09f499c145aaddeabb52d909d17f20305b97353cdc52e1c2efc48657b840946985c8e6701ea19def79d1d5c97772a90d3539fbda680c96ed7e4317d7656e42fea6c072ea3ee419bbf640cf058f3d8d82d6d595ba169b992f9ac990b04d24769bea877c3bbbe9f28e0e89a3c209950a6ad96095bf0d32c4748cb9ee15728a4f7b4cf4aae7d1d225361fc2c9000c8b43c99e389971c63974ad93ab9c03c5058564d33af208389149d49fd70523d0ab5835306692d75693d922a63fff5b30f6adb6893574a4cf3f0a8fa40bcd2eacd135319759cd210dadbb371fb499f3522db1c069c455063b755246f73f42bbe93962072343b624f50f18aaac459775d1d0c39caf6cea9b22392d0a78417d7dee45dffd38f47b24097c87bfacd984f2759855a4450c51602103b8b1dd74abd500ae6318737294ae9129b42c033d69b368bddebe8e3ee88543f5c884a75c966a5c0761a3c2b737a5c349a64dbd6a2d86999c552e9f0e6011b3c3eef1cc2f106bef2dc5b0cabb74492d05eef86068971e9627fd17d286618e10d97f86a70891cb08d4dc35100cd8499a4385ecc44314aa43cef214e92252eef2388a4725dd2436a9ee88cc7553e757347b6f65d846d8d17f10117d2645d6d2161bceea272251e741eef328c5fbfbefef39f8ceaf3ae142055c674700d2565850f37b04eb877c4179a2e0dc940966c5007e0a2335391e846841ef737bad1445463d2ea999e0201dc4a65de8c251a08567fe191977b96a0a0eaaa09c9f2433ba85fc59f22784ab8d51d43519637029dfb748b7f2b6f98418a6673c60ec99ed189aeff4a915e11d82e33c27e545f5064a82ce1f8089227bec1b3603d7ac009b5ed34b933f52b267f853b5244348dc5682bc6abc39827fe7edf468dfbb7a0ba76bf8d550751f08e036da7252d9586a92624dc35c72e88509f4aba4d0305566da9b0159df83fe16f4183c23630a76acac9aedb8dfa9474408f039362777d8c0d6f099ac2cf6523840561ae2ab5e9fa0653b47a08630e027e7c958b4842d78e4d9b874c6404c4e846283529b46bdbb20dd3873d67dce184972853d907ad89fb09218a9bf4d0d63d469f3f0b5eda990a04bfe10f1dbce9238c81cf6e884f101606a01ba0429fdc346eed1bd5b2f94cb82bd346f52829d6dc1556ebd38206b3cf92106a89f48ac7dde78121f0e70ab946f9cb692aab1ce2a7ec0736a2bf41a22264909ac11cc4e86592229acd089be2761711fb9448a1ea146390a2141f9f2f5fd74ddcf622eece51d97b61ddf20b26f1295b30f9fb8318feb03d6bd63bd649056069039691a9571da7f4481a5cf3249551706e1ed2f74f4a917c7937a4e3271b1ad8d3b59228b44cbbebd12bb1358796f50c3ad69d0904e418aae2b64b6191f4fb736d1fc9c841f70788389771d55d316f3dde714c8606e1cddf8aa4dcd9d89fd550f24f0416bca8b68758d7df13fdc4e23796bd0e1aa04de08ce91a83765500bc2bf8d726bdd693f61a1c18a009b76195cd41d2dcb59d50f3985a1ec2ff5581b6653e29b647bd4073a412ed2281d6e93188412d89acd42abfecf2da1b339e992d1296672eb74d700e215697f32e179ff365cd12034639bb1a4f772ffb2540290b58d03b3cffe357672661e225925020d2c8997fdd1aa6c402b1dc3ebf30304f2c20798306826a09cf325394711ceef1c724a5e9383d33a4b6af7b29eec5d44b959bf04358ab5b82f8de14576c8ecfe14e8089e114571aa386a2db70cf14e16121734f8e08173236de6c0ee75d6315684d6310c4b6f4ae1fb66729bba0d568ec8069131a05d67ae959e6baa8edd9a92dd6cf90585de6cbe1f1c3d3765889d8f0deaf8ceda7ccd3e31391c1e078a7039e0f55b7170d598938585af942ab5687521a6bbd65d0968987f8cc42e295f470cd8fc933c21c892ac89d0274cfedc01de180f42978a5b7fca640643fbadcb350ae622840319535c9a0d2699e5b8da01711a76d76ded2ee97b21525bab0b93b1fff27701e94a13621b8aedb3e7e6cc0c32819a7ce9ed513051430d058a936bc741ddd2beccb0e7be94772a61b81e5a2dc05dba6219230b6aa3089d2c9ca4450d5b0d581f5284304a26bb068114311aef128c55e7decc397ff5542f9a2dbb77fd8c22b137d41be00934a798b964b951363899cfea64ccd12df27fd46ec60cd715974fd69526746cf6e0107e2dec7d8b604bab523669b8d5037e553c813f2a90cf641eb4e1349f683d321e24e387e783fe0192dbb28b44db5161fc1ce5545811d18e9e2888831201eefe4ddc3af797b5cacd532744594b75c7ec469fbd15211279cf258acbc586dd12ce56ec73c8b95f490a551ba7ae31a37eb5267e9403eda46863d5ded16b045df32492a10309536d5e67daa9eeeccd7a435e5bca87491dd76f6067dc14eaabc17b468d14529860fe417ed22cae44fbffce0968ce7250da0d95fa5db1c687b5528e55ff1886dc79b*a9cad7cfa4cfd90a6b2b1bdce98d24831ce137758f86571515d9d0544176ddc5

**Chick3nman** · 09-03-2023, 06:41 PM

It cracked your hash, you're simply not looking in the right place for the output. Add --show to your command to retrieve the already cracked hashes from your potfile.

Feels · (This post was last modified: 09-03-2023, 09:42 PM by Feels.)

OMG!, yes . I was not looking on the end of the hash in the terminal, password was there already. Thanks!

174region174 · 03-17-2024, 10:59 AM

I want to continue this topic. I won't start a new one... The password for the electrum hash was found earlier. It has been verified on versions 6.2.3, 6.2.5, 6.2.6, but now that verification of this password is needed again on the latest version of hashcat, it is not confirmed. I've already tried it a few times... What could have happened?

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery