Posts: 7
Threads: 1
Joined: Aug 2017
08-14-2017, 10:06 PM
(This post was last modified: 08-19-2017, 07:41 AM by crypto.)
Hi,
I'm about to hack my own password for an online cryptocurrency wallet. I have the hash data and the algo in c++ source code. It seems to be a variant of PBKDF2-HMAC-SHA256 with a different number of rounds and a custom IV. The result is easy to check because it's json.
I've already looked through different variants of the 10900 but couldn't find the one I need. I think I have to code it myself. Can you give me a hint how to accomplish that? I code on windows in c++ and c# and have already implemented some crypto functions but I'm a total newbie to Hashcat!
Posts: 413
Threads: 2
Joined: Dec 2015
What wallet/client are you interested in cracking? It's possible that you could use one of the modes in hashcat with just a different round setting. It's also possible you need more than just the pbkdf2, often times they loop in the AES step as well.
Posts: 7
Threads: 1
Joined: Aug 2017
08-14-2017, 11:48 PM
(This post was last modified: 08-14-2017, 11:49 PM by crypto.)
It's an altcoin, not a bitcoin wallet. And it's not even the wallet itself but the encrypted private key of my crypto account stored on their website.
Thanks for the hint with the AES looping, I will have a look at it!
Posts: 7
Threads: 1
Joined: Aug 2017
08-16-2017, 10:17 PM
(This post was last modified: 08-16-2017, 10:37 PM by crypto.)
I couldn't find a loop in the AES step.
The decryption part consists mainly of calls to these 3 sdk functions (sdk named 'mbed TLS'):
/**
* \brief PKCS#5 PBKDF2 using HMAC
*
* \param ctx Generic HMAC context
* \param password Password to use when generating key
* \param plen Length of password
* \param salt Salt to use when generating key
* \param slen Length of salt
* \param iteration_count Iteration count
* \param key_length Length of generated key in bytes
* \param output Generated key. Must be at least as big as key_length
*
* \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
*/
int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
unsigned int iteration_count,
uint32_t key_length, unsigned char *output );
/**
* \brief AES key schedule (decryption)
*
* \param ctx AES context to be initialized
* \param key decryption key
* \param keybits must be 128, 192 or 256
*
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
*/
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
/**
* \brief AES-CBC buffer encryption/decryption
* Length should be a multiple of the block
* size (16 bytes)
*
* \note Upon exit, the content of the IV is updated so that you can
* call the function same function again on the following
* block(s) of data and get the same result as if it was
* encrypted in one call. This allows a "streaming" usage.
* If on the other hand you need to retain the contents of the
* IV, you should either save it manually or use the cipher
* module instead.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
*/
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
This looks pretty straight to me. Input data is key (unknown), salt (known), iv (known), iteration_count (known), input (crypted data).
Any idea which hashcat algo would be easiest to modify for this?
Posts: 7
Threads: 1
Joined: Aug 2017
Anyone here who could modify any existing pbkdf2 algo in hashcat to fill my need?
I can provide you with a decrypter source (c++) and sample hashes.
We can negotiate a bounty, I'm willing to pay a few hundred bucks for the code.
Posts: 7
Threads: 1
Joined: Aug 2017
I've investigated the issue further and found the "Ethereum Wallet, PBKDF2-HMAC-SHA256" is exactly what I need!
But I think the detection code for verifying that the correct password was found must be changed. Any hints where I have to look for that in the hashcat sources?
Posts: 5,185
Threads: 230
Joined: Apr 2010
all the stuff you need is already in the kernel, you just need to find someone to put them together. especially with latest version opencl kernel development is much easier
Posts: 7
Threads: 1
Joined: Aug 2017
(09-17-2017, 01:07 PM)atom Wrote: all the stuff you need is already in the kernel, you just need to find someone to put them together. especially with latest version opencl kernel development is much easier
Thanks, any suggestions who I could talk to?
Posts: 1
Threads: 0
Joined: Sep 2017
(09-17-2017, 05:39 PM)crypto Wrote: (09-17-2017, 01:07 PM)atom Wrote: all the stuff you need is already in the kernel, you just need to find someone to put them together. especially with latest version opencl kernel development is much easier
Thanks, any suggestions who I could talk to?
Sam is that you?