Posts: 3
Threads: 1
Joined: Aug 2025
I’m trying to recover my Qubic wallet but have lost both the password and the recovery phrase. Unfortunately, my computer crashed before I could save them.
The wallet file is a
.vault
file, which I believe is encrypted using PBKDF2-HMAC-SHA256 with 100,000 iterations, and contains the salt, IV, cipher, and data fields.
For testing, I created a separate wallet where I knew the password, extracted the hash using Python, and successfully cracked it with Hashcat. However, I’m stuck on how to extract a similar hash from my real wallet file, given I don’t have the password.
I’ve looked into
john2hash
and similar tools, but most examples seem tailored for other wallet formats, and I’m not sure they apply to Qubic.
Any advice on how to proceed would be greatly appreciated.
Posts: 3
Threads: 1
Joined: Aug 2025
From my understanding in order to get compatible hash for hashcat. you need the password especially for PBKDF2 encryption. However there must be a method in order to have the last part of the hash as a ? so Hashcat attack modes can guess a password with the criteria given then enter that sha256 hashed password into the hash in order to see if it could open the wallet to reveal the keys. I believe this is how it works but I am still very new to this so i am not sure.
Any advice on if I am thinking the right way or if I need to shift my thinking at all.
Thanks in advance
Posts: 5,230
Threads: 233
Joined: Apr 2010
08-12-2025, 07:01 PM
(This post was last modified: 08-12-2025, 07:01 PM by atom.)
Basically, as with all crackers, what you need is a way to verify if a password is correct. With most algorithms used today, you simply have to reproduce what the target application does. For example, if you know the algorithm uses PBKDF2, then you use PBKDF2. If you know that AES is needed afterwards, such as decrypting some data and then checking for a specific pattern, you follow the same steps. Many algorithms follow this exact pattern, and it is easy to find a template kernel implementation for such cases.
There is a useful pull request that is not yet merged because it is out of date, but it is a good starting point for learning how to write an efficient hashcat kernel:
https://github.com/hashcat/hashcat/pull/4127
Posts: 3
Threads: 1
Joined: Aug 2025
(08-12-2025, 07:01 PM)atom Wrote: Basically, as with all crackers, what you need is a way to verify if a password is correct. With most algorithms used today, you simply have to reproduce what the target application does. For example, if you know the algorithm uses PBKDF2, then you use PBKDF2. If you know that AES is needed afterwards, such as decrypting some data and then checking for a specific pattern, you follow the same steps. Many algorithms follow this exact pattern, and it is easy to find a template kernel implementation for such cases.
There is a useful pull request that is not yet merged because it is out of date, but it is a good starting point for learning how to write an efficient hashcat kernel: https://github.com/hashcat/hashcat/pull/4127
Posts: 4
Threads: 1
Joined: Mar 2025
The Qubic wallet works in a similar way to the Stargazer Stellar Wallet XLM and Metamask Wallet, see modules 25500 and 26600.
These wallets utilise PBKDF2-HMAC-SHA256 for derive the decryption key from the password, and then AES-256-GCM to decrypt the ciphertext and verify.
I would have a look to see whether you can use either of them, or build a new module using them as a reference.
In regards to extracting the hash, the Qubic Vault file has the salt, iv and cipher which is all you need. See here
https://github.com/hashcat/hashcat/blob/...hashcat.py
for how metamask derives the hash.
I hope this helps.