Posts: 5
Threads: 0
Joined: Apr 2024
(02-01-2024, 07:46 PM)Qwarkz Wrote: ...
After some other research, i heard about the "Metamask vault decryptor", which is a tool that can decrypt those type of encrypted data by using the wallet password but unfortunately it works only with Metamask wallet.
... I have written several extractor/decryptor tools for crypto wallets including Metamask, Atomic, and Phantom. Yesterday, I publicly released the Phantom Extractor / Decryptor code on github which supports the new wallet version like your example.
https://github.com/cyclone-github/phantom_pwn
Feel free to contact me if you need the seed phrase decrypted. It's a process, but doable.
For clarity, the python3 scripts posted by bingussssssss seem to work fine with the previous version of Phantom wallets, but not the newer wallets which have 4x encrypted json strings.
Old Phantom Wallet:
Code: encryptedMnemonic | {"expiry":{digits},"value":"{\"encrypted\":\"{base58_string}\",\"nonce\":\"{base58_string}\",\"kdf\":\"pbkdf2\",\"salt\":\"{base58_string}\",\"iterations\":10000,\"digest\":\"sha256\"}"}
New Phantom Wallet:
Code: {"encryptedKey":{"digest":"sha256","encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
Posts: 5
Threads: 0
Joined: Apr 2024
04-30-2024, 12:38 PM
(This post was last modified: 04-30-2024, 12:50 PM by bingussssssss.)
(04-22-2024, 05:51 PM)cyclone Wrote: (02-01-2024, 07:46 PM)Qwarkz Wrote: ...
After some other research, i heard about the "Metamask vault decryptor", which is a tool that can decrypt those type of encrypted data by using the wallet password but unfortunately it works only with Metamask wallet.
... I have written several extractor/decryptor tools for crypto wallets including Metamask, Atomic, and Phantom. Yesterday, I publicly released the Phantom Extractor / Decryptor code on github which supports the new wallet version like your example.
https://github.com/cyclone-github/phantom_pwn
Feel free to contact me if you need the seed phrase decrypted. It's a process, but doable.
For clarity, the python3 scripts posted by bingussssssss seem to work fine with the previous version of Phantom wallets, but not the newer wallets which have 4x encrypted json strings.
Old Phantom Wallet:
Code: encryptedMnemonic | {"expiry":{digits},"value":"{\"encrypted\":\"{base58_string}\",\"nonce\":\"{base58_string}\",\"kdf\":\"pbkdf2\",\"salt\":\"{base58_string}\",\"iterations\":10000,\"digest\":\"sha256\"}"}
New Phantom Wallet:
Code: {"encryptedKey":{"digest":"sha256","encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
Thanks for bringing this up -- I'll see if I can get some scripts working for this type as well.
question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL?
Posts: 5
Threads: 0
Joined: Apr 2024
(04-30-2024, 12:38 PM)bingussssssss Wrote: question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL? The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn
~
Posts: 5
Threads: 0
Joined: Apr 2024
(04-30-2024, 05:16 PM)cyclone Wrote: (04-30-2024, 12:38 PM)bingussssssss Wrote: question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL? The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn
wonderful, thank u
Posts: 1
Threads: 0
Joined: Jul 2024
(04-22-2024, 05:51 PM)cyclone Wrote: (02-01-2024, 07:46 PM)Qwarkz Wrote: ...
After some other research, i heard about the "Metamask vault decryptor", which is a tool that can decrypt those type of encrypted data by using the wallet password but unfortunately it works only with Metamask wallet.
... I have written several extractor/decryptor tools for crypto wallets including Metamask, Atomic, and Phantom. Yesterday, I publicly released the Phantom Extractor / Decryptor code on github which supports the new wallet version like your example.
https://github.com/cyclone-github/phantom_pwn
Feel free to contact me if you need the seed phrase decrypted. It's a process, but doable.
For clarity, the python3 scripts posted by bingussssssss seem to work fine with the previous version of Phantom wallets, but not the newer wallets which have 4x encrypted json strings.
Old Phantom Wallet:
Code: encryptedMnemonic | {"expiry":{digits},"value":"{\"encrypted\":\"{base58_string}\",\"nonce\":\"{base58_string}\",\"kdf\":\"pbkdf2\",\"salt\":\"{base58_string}\",\"iterations\":10000,\"digest\":\"sha256\"}"}
New Phantom Wallet:
Code: {"encryptedKey":{"digest":"sha256","encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
{"encrypted":"{base58_string}","iterations":10000,"kdf":"pbkdf2","nonce":"{base58_string}","salt":"{base58_string}"},"version":1}
Sent you a DM!
Posts: 2
Threads: 0
Joined: Nov 2024
(04-30-2024, 05:16 PM)cyclone Wrote: (04-30-2024, 12:38 PM)bingussssssss Wrote: question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL? The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn
Hello mate, i know this is a few months old but i wanted to know whether it is possible to recover the 12 words if you have forgotten your password ? as most scripts i see use your initial password. I have forgotten my password but was able to retrieve the encrypted key since its the same device.
Posts: 5
Threads: 0
Joined: Apr 2024
(11-22-2024, 03:23 PM)jakezain Wrote: (04-30-2024, 05:16 PM)cyclone Wrote: (04-30-2024, 12:38 PM)bingussssssss Wrote: question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL? The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn
Hello mate, i know this is a few months old but i wanted to know whether it is possible to recover the 12 words if you have forgotten your password ? as most scripts i see use your initial password. I have forgotten my password but was able to retrieve the encrypted key since its the same device.
The first step in recovering the seed phrase is recovering the password. Check out my phantom_pwn toolset and writeup on github as it will lead you in the right direction.
~
Posts: 2
Threads: 0
Joined: Nov 2024
(11-23-2024, 06:58 AM)cyclone Wrote: (11-22-2024, 03:23 PM)jakezain Wrote: (04-30-2024, 05:16 PM)cyclone Wrote: (04-30-2024, 12:38 PM)bingussssssss Wrote: question -- do each of the 4 encrypted strings represent different asset types, whereas the previous version is just SOL? The 4x encrypted json strings in the new Phantom vaults are part of a multi-step process of decrypting and recovering the seed phrase. I posted a paper on GitHub that explains the process:
https://github.com/cyclone-github/phantom_pwn
Hello mate, i know this is a few months old but i wanted to know whether it is possible to recover the 12 words if you have forgotten your password ? as most scripts i see use your initial password. I have forgotten my password but was able to retrieve the encrypted key since its the same device.
The first step in recovering the seed phrase is recovering the password. Check out my phantom_pwn toolset and writeup on github as it will lead you in the right direction. sent you a dm regarding this!
Posts: 1
Threads: 0
Joined: Aug 2025
Hello Qwarkz,
I've been following your thread closely and have successfully worked through the decryption process for the example encrypted seed phrase you provided. This has given me a solid understanding of the underlying mechanism.
Given my success with your example, I am confident in my ability to assist you with your actual wallet containing $2k, provided you still have access to its encrypted data and remember the password. I understand the sensitivity of this information and assure you of complete discretion and security throughout the process.
I'm prepared to help you recover your funds in exchange for the $200 reward you mentioned. Please feel free to reach out if you'd like to discuss how we can proceed securely.
Best regards
|