VTC Vertcoin wallet passphrase lost need help
#1
Not sure what happened. I have what was supposed to be the password, but it is not working so I assume I must have typed it wrong or changed it and not updated where I wrote it down. I've exhausted all iterations I could think of and iterations of all other passwords.


I just downloaded hashcat and I can't find an option for VTC. There's options for bitcoin and litecoin, but I figure VTC uses a different algorithm?


Honestly, I'm super new to all of this. If there's any VTC experts here who can help point me in the right direction, that would be awesome. Willing to give some of what little VTC I have as a thank you of course.

**********************
Back to the password: I have a pretty good idea that it's a 9 character string and I can narrow it down to about 13 keys on the keyboard, not including both upper and lower, so more like 26 total.

If I changed it without writing it down... it could be as long as long as at least 13-25 and I know the longer it is the more futile it's going to be to chase this.

I have a pretty good idea of the keys I never use for passwords so I can make a good file to pull iterations from.
**********************
I have the wallet seed, but I obviously encrypted it. That means it's lost until I can figure out the password, yes?
Reply
#2
If you have an encrypted wallet.dat file, you should run bitcoin2john.py with it.

The resulting hash (without file names, remove the file names and colons from the output of bitcoin2john.py if any are present) should be run with -m 11300.

It's always advisable to test everything with a new password and new hash (i.e. backup you wallets etc and create a new wallet with a similar password that you remember and try cracking that one)
Reply
#3
(01-04-2018, 01:27 PM)philsmd Wrote: If you have an encrypted wallet.dat file, you should run bitcoin2john.py with it.

The resulting hash (without file names, remove the file names and colons from the output of bitcoin2john.py if any are present) should be run with -m 11300.

It's always advisable to test everything with a new password and new hash (i.e. backup you wallets etc and create a new wallet with a similar password that you remember and try cracking that one)

Thanks for the response. Do you have any tips/advice on what the whole command would read as? Something like:

-a 3 -m 11300 wallet.dat xxxxxxxxxxx ?

Should I create and specify a word/letter file or is using an example file fine?
Reply
#4
no. You can't use the wallet.dat file directly. You need to download bitcoin2john.py (from https://raw.githubusercontent.com/magnum...in2john.py) and run it with python 2.7 (as I already told you above):

Code:
python bitcoin2john.py wallet.dat

the output of this python script execution is the "hash" that must be provided to hashcat.
You should save the output of the command above to a file called hash.txt (make sure that it doesn't contain any file names, the hash should be similar to the one mentioned here: https://hashcat.net/wiki/example_hashes , search for -m 11300)

after that you should run your tests like this:
Code:
hashcat -m 11300 -a 0 -w 3 hash.txt dict.txt

The file dict.txt should contain the password of your test wallet (for which you know the password).
Reply
#5
(01-04-2018, 09:05 PM)philsmd Wrote: no. You can't use the wallet.dat file directly. You need to download bitcoin2john.py (from https://raw.githubusercontent.com/magnum...in2john.py) and run it with python 2.7 (as I already told you above):

Code:
python bitcoin2john.py wallet.dat

the output of this python script execution is the "hash" that must be provided to hashcat.
You should save the output of the command above to a file called hash.txt (make sure that it doesn't contain any file names, the hash should be similar to the one mentioned here: https://hashcat.net/wiki/example_hashes , search for -m 11300)

after that you should run your tests like this:
Code:
hashcat -m 11300 -a 0 -w 3 hash.txt dict.txt

The file dict.txt should contain the password of your test wallet (for which you know the password).

Okay! I just ran my test on the new wallet and got the hash from John The Ripper - it worked!. Only thing is, my dict.txt only contained the password, not a big character set.

I'm ready to try on my real wallet now, but since the password I THINK it is isn't working, do I need to build an actual dict.txt or can I just use the question mark commands '?a' for example to have it.
Reply
#6
no, I don't think that a mask attack with a charset of ?a in each position is a good strategy.

Since -m 11300 is a slow hashing algorithm I would recommend to remember as much as possible from the password and try to come up with some policies that limit the keyspace and therefore number of password candidates a lot.

That said, very small mask attacks might be okay even for a slow hashing algorithm but not something like you said "at least 13-25" characters. That's not even possible to brute-force for very fast hashing algorithms like NTLM or MD5.

It therefore would make sense to remember all the policies and either generate (or hand-craft) a (small) dictionary file in advance and run it with hashcat or use a small input dictionary file and use some rules (see https://hashcat.net/wiki/doku.php?id=rule_based_attack)
Reply
#7
(01-05-2018, 09:37 AM)philsmd Wrote: no, I don't think that a mask attack with a charset of ?a in each position is a good strategy.

Since -m 11300 is a slow hashing algorithm I would recommend to remember as much as possible from the password and try to come up with some policies that limit the keyspace and therefore number of password candidates a lot.

That said, very small mask attacks might be okay even for a slow hashing algorithm but not something like you said "at least 13-25" characters. That's not even possible to brute-force for very fast hashing algorithms like NTLM or MD5.

It therefore would make sense to remember all the policies and either generate (or hand-craft) a (small) dictionary file in advance and run it with hashcat or use a small input dictionary file and use some rules (see https://hashcat.net/wiki/doku.php?id=rule_based_attack)

My bad. I was using ?a as an example. I'm pretty sure the first three characters were symbols (?s).. it's just killing me that I don't remember changing the damn thing and what I put down after my seed isn't working. I'll take a look at making a small dictionary file and run it with hashcat. Thanks for all the help and guidance up to this point.

Edit: Trying this first because I didn't read how to make a dictionary file from that link:

Code:
c:\hashcat-4.0.1>hashcat64.exe -m 11300 -a 3 -w 3 hash.txt ?s?s?s?u?u?u?l?l?l?d?d

Edit 2: LOL! 10 years to crack this with a GTX 1080. Wowzers. Might just wanna say bye.

Edit 3: I quit hashing. Need to make a better ruleset/dict file.
Reply
#8
That's actually really fast for such a huge keyspace.
For instance, if you have 10 GPUs, it would only take you a single year (if we assume the worst case. 6 month on average)!

Again, brute-force (or mask attack) is most likely the worst strategy you could come up with.
Dictionary attack (maybe with some suitable rules) would make much more sense if the password was not completely/pefectly random
Reply
#9
(01-05-2018, 10:28 AM)philsmd Wrote: That's actually really fast for such a huge keyspace.
For instance, if you have 10 GPUs, it would only take you a single year (if we assume the worst case. 6 month on average)!

Again, brute-force (or mask attack) is most likely the worst strategy you could come up with.
Dictionary attack (maybe with some suitable rules) would make much more sense if the password was not completely/pefectly random

Interesting that you say that! It only took me 2 months or so to mine what's currently in the wallet, so it's not really worth it for me to waste even 6 months of searching.

If making the dict/rule set doesn't work I think I'll just purchase what I lost and go back to mining. This was fun and I learned something new anyway. Thanks again. I could tell you were really trying to make me help myself.
Reply