Posts: 14
Threads: 1
Joined: May 2018
05-12-2018, 03:32 AM
(This post was last modified: 05-12-2018, 03:56 AM by cryptozin.)
Hi guys.
I really need some help cracking the password for my blockchain.info wallet.
Heres what i`ve done so far.
1) created wallet.aes json file for my wallet ID
2) Installed Python 2.7
3) Downloaded hashcat 4.1.0
4) Created possible passwords list(I have tried them all but I might have mixed some symbols in there)
5) Installed a couple other Python addons (not sure if it was necessary)
So far i'm trying something like cmd: hashcat64 -m 16500 --force -D 1,2,3 wallet.aes password.txt -w 3 -r rules\dive.rule
But i need to convert json to .hash file? something like that? wallet.aes to .txt file? I`m noobie on hashcat..
Do I need to install anything else?
Really appreciate any help..
Thanks !
Posts: 2,301
Threads: 11
Joined: Jul 2010
I'm not sure why you even installed python, then stopped midway and tried to run the wallet file itself.
You need this python script to extract the necessary information from the wallet file:
https://github.com/magnumripper/JohnTheR...in2john.py
Posts: 14
Threads: 1
Joined: May 2018
(05-12-2018, 11:37 AM)undeath Wrote: I'm not sure why you even installed python, then stopped midway and tried to run the wallet file itself.
You need this python script to extract the necessary information from the wallet file: https://github.com/magnumripper/JohnTheR...in2john.py
OK.. thanks !I did the following command, it that correct?
C:\Python27>python blockchain2john.py --json wallet.aes.json
What should I do with this blockchain2john.py ? Sorry total noob like I mentioned.
How do I run this on Hashcat?
Posts: 14
Threads: 1
Joined: May 2018
Another thing, maybe the right hash is 12700 (Blockchain, My Wallet)
Posts: 14
Threads: 1
Joined: May 2018
05-12-2018, 01:32 PM
(This post was last modified: 05-12-2018, 07:12 PM by royce.)
I got something that looks like this
[redacted - please do not post real hashes; use "X" characters to obfuscate most of the hash -royce]
Royce that was the the hash example from the hashcat website... not my actual input... just similar format..
[That's cool - just please indicate that it's an example hash (usually by noting the known plaintext, "hashcat" or whatever) when you post hashes. We won't immediately recognize most hashes as example hashes; there are too many to memorize. -royce]
Posts: 14
Threads: 1
Joined: May 2018
My friends who knows python told me to run the blockchain john command like this:
C:\Users\My computer>"C:\Users\My Computer\Desktop\blockchain2john.py" --json "C:\Users\My Computer\Desktop\wallet.aes.json"
No error message shows up.. however I can`t find any output to this whatsoever..
Posts: 2,301
Threads: 11
Joined: Jul 2010
it should output a string starting with $blockchain$
Posts: 14
Threads: 1
Joined: May 2018
05-12-2018, 05:16 PM
(This post was last modified: 05-12-2018, 05:17 PM by cryptozin.)
(05-12-2018, 05:11 PM)undeath Wrote: it should output a string starting with $blockchain$
It did !! That part i got..
So I saved that to a txt file.. myhash.hash. But when I try to run it gets error messages like "line length exception"
or "singnature unmatched".
What could be causing this?
I tried to leave the same number of characters per line =68 as shown in the example here in the hashcat website.
Do I need to replace the $blockchain$ with my $walletid$ ?
Thanks so far man !
Posts: 14
Threads: 1
Joined: May 2018
Yea sorry to keep posting but just figured out problem.. i`m having same issue as this guy did here in the forum back in february.. my blockchain wallet version is '$blockchain$1759$000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 etc
this 1759 is whats killing and giving the erros. Have to find a way to convert it to $288$
Posts: 2,301
Threads: 11
Joined: Jul 2010
apparently there are different schemes used for encrypting blockchain v1 wallets, according to this post:
https://bitcointalk.org/index.php?topic=...sg11105755
I'm not sure if the BCM makes any difference for hashcat since only the first AES block appears to ever be decrypted and the padding should not cause any difference but some wallets use 10 iterations and others only 1. From looking at the kernel source I couldn't find a loop involving 10, hence I assume only wallets with 1 pbkdf2 iteration are supported in hashcat.
That said, if all the above is correct and your wallet was only using 1 iteration (apparently there is no way to figure out from the encrypted data) you should be able to simply shorten the hash.
The number after $blockchain$ holds the number of bytes of data. Hence you can change it to 288 and truncate the following hex data after 288*2 = 576 characters.