Parameters for crack ETH wallet password
#1
Bug 
Hi all, 

I'm new here. 

I've been trying to crack my old ETH wallet file (keystore) for a few days. I don't have a private key. Accoount was created with Mist wallet. And I forgot password. 

password was something like this : 

ga1782745ga
Ga8217598ga

I just remember that  1st two character is  letter after numerical and  last two is letter again. 

I need your help on how to follow a method crack this password.  I need suitable parameters, otherwise, the work gets too long. Hashcat tell me about 43 year Sad

I just try this combination : 

hashcat64.exe -m 15700 $ethereum$s*1024*1*8*........... rockyou.txt --status --status-timer=5 -w 3 -r rules\dive.rule

My gpu is  GTX 1080
#2
hashcat64.exe -m15700 -1 gG ?1?1?d?d?d?d?d?d?d?1?1 -a3 -w4 -O

If the password is formatted like you suggested, that should crack pretty quickly. It says to test the first two and last two characters with an uppercase and lowercase G, and then to try the middle seven characters with digits.

Good luck.
#3
(09-30-2018, 03:43 AM)plaverty9 Wrote: hashcat64.exe -m15700 -1 gG ?1?1?d?d?d?d?d?d?d?1?1 -a3 -w4 -O

If the password is formatted like you suggested, that should crack pretty quickly. It says to test the first two and last two characters with an uppercase and lowercase G, and then to try the middle seven characters with digits.

Good luck.


Thank you ... i'll try it right away
#4
before starting a long running cracking job I would suggest to first make sure that your restrictions about the password candidates are correct and that your expected/test password candidates are even within the set of generated candidates.

For instance, the command above doesn't generate any "a" character like mentioned within your example "Ga8217598ga".

Therefore, you should make sure that:
1. you know that the length of the passwords you are trying is 100% correct (or could it be longer/shorter too?)
2. all characters that you think are within the password are also tested
3. the mask generates all of your test passwords
4. uppercase letters and lowercase letters are used correctly (position is important within the mask)

for instance, you could do something like this:

Code:
hashcat64.exe --stdout -a 3 -1 ?u?l ?1?1?d?d?d?d?d?d?d?1?1

to see which password candidates are generated and if they look correctly (pipe the output to something like the unix head command and/or a filter like the unix grep command to make it more clear what is going on)

From your description of the examples it is also not clear if it is always "G", "g" and "a" or if it could be any upper- or lower-case letter. It's also not clear if the letters are the same at the start and ending or if they could be completely different, like this: YO4512859hi

Therefore, my suggestion is to make sure that you have a clear picture about what the "rules" of the password candidates are and use them correctly within the mask: https://hashcat.net/wiki/doku.php?id=mask_attack (see also custom characters defined with -1,-2,-3,-4 and used within the mask ?1,?2,?3,?4)

Of course the ethereum algo is a pretty slow one, so you should make the mask very specific and test only what needs to be tested (therefore using ?l and ?u and even ?d might not be the best thing to do here... if you can restrict the charsets even more to the characters you think were used)
#5
Dear @philsmd

Thank you for instructions and suggestions.


I just start with this methos  last night. Still trying ...

So I remember my password "style" .  I am sure one of thats

GA12345678GA
ga12345678ga

But I don't remember number 12345678   between   GA -GA or ga ga.

I think it should be take a long time. 
Also  hashcat work very slow on my PC   (16GB ram , GTX 1080, i7-3770K)
Nvidia driver : 390.87 ,  Cuda 9.1

Ethereum, Scrypt algoritm   work just  100 H/s

May be I am use worse driver version . I'm not sure .
I've The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) 2018.3a and windows 10 with x64 platforms