Crack my BlockChain.info wallet 1 password
#1
Hi guys.

I really need some help cracking the password for my blockchain.info wallet.

Heres what i`ve done so far.

1) created wallet.aes json file for my wallet ID
2) Installed Python 2.7
3) Downloaded hashcat 4.1.0
4) Created possible passwords list(I have tried them all but I might have mixed some symbols in there)
5) Installed a couple other Python addons (not sure if it was necessary)

So far i'm trying something like cmd: hashcat64 -m 16500 --force -D 1,2,3 wallet.aes password.txt -w 3 -r rules\dive.rule

But i need to convert json to .hash file? something like that? wallet.aes to .txt file? I`m noobie on hashcat..
Do I need to install anything else?

Really appreciate any help..

Thanks !
#2
I'm not sure why you even installed python, then stopped midway and tried to run the wallet file itself.

You need this python script to extract the necessary information from the wallet file: https://github.com/magnumripper/JohnTheR...in2john.py
#3
(05-12-2018, 11:37 AM)undeath Wrote: I'm not sure why you even installed python, then stopped midway and tried to run the wallet file itself.

You need this python script to extract the necessary information from the wallet file: https://github.com/magnumripper/JohnTheR...in2john.py

OK.. thanks !I did the following command, it that correct?

C:\Python27>python blockchain2john.py --json wallet.aes.json

What should I do with this blockchain2john.py ? Sorry total noob like I mentioned.

How do I run this on Hashcat?
#4
Another thing, maybe the right hash is 12700 (Blockchain, My Wallet)
#5
I got something that looks like this

[redacted - please do not post real hashes; use "X" characters to obfuscate most of the hash -royce]

Royce that was the the hash example from the hashcat website... not my actual input... just similar format..

[That's cool - just please indicate that it's an example hash (usually by noting the known plaintext, "hashcat" or whatever) when you post hashes. We won't immediately recognize most hashes as example hashes; there are too many to memorize. -royce]
#6
My friends who knows python told me to run the blockchain john command like this:

C:\Users\My computer>"C:\Users\My Computer\Desktop\blockchain2john.py" --json "C:\Users\My Computer\Desktop\wallet.aes.json"

No error message shows up.. however I can`t find any output to this whatsoever..
#7
it should output a string starting with $blockchain$
#8
(05-12-2018, 05:11 PM)undeath Wrote: it should output a string starting with $blockchain$

It did !! That part i got..

So I saved that to a txt file.. myhash.hash. But when I try to run it gets error messages like "line length exception"
or "singnature unmatched".

What could be causing this?

I tried to leave the same number of characters per line =68 as shown in the example here in the hashcat website.

Do I need to replace the $blockchain$ with my $walletid$ ?

Thanks so far man !
#9
Yea sorry to keep posting but just figured out problem.. i`m having same issue as this guy did here in the forum back in february.. my blockchain wallet version is '$blockchain$1759$000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 etc

this 1759 is whats killing and giving the erros. Have to find a way to convert it to $288$
#10
apparently there are different schemes used for encrypting blockchain v1 wallets, according to this post: https://bitcointalk.org/index.php?topic=...sg11105755

I'm not sure if the BCM makes any difference for hashcat since only the first AES block appears to ever be decrypted and the padding should not cause any difference but some wallets use 10 iterations and others only 1. From looking at the kernel source I couldn't find a loop involving 10, hence I assume only wallets with 1 pbkdf2 iteration are supported in hashcat.

That said, if all the above is correct and your wallet was only using 1 iteration (apparently there is no way to figure out from the encrypted data) you should be able to simply shorten the hash.

The number after $blockchain$ holds the number of bytes of data. Hence you can change it to 288 and truncate the following hex data after 288*2 = 576 characters.