Posts: 6
Threads: 1
Joined: Dec 2019
Hey guys as the title says i'm trying to recover a blockchain.info wallet password . But before starting to use hashcat, i need to convert the wallet.aes.json to a hash file. so i'm using the following johntheripper script:
https://github.com/magnumripper/JohnTheR...in2john.py
The output of the script is:
wallet.aes.json:$blockchain$v2$5000$1184$...ddc40e6979055eb129fb97e3e83d642ffc4f68fe5a441c95d7eb0822ff99dcbf4b978c2...
it's 2368 char after $
Is that amount char normal? Can hashcat handle it?
Posts: 2,301
Threads: 11
Joined: Jul 2010
why do you ask if hashcat can handle it instead of simply trying if hashcat can handle it?
Posts: 6
Threads: 1
Joined: Dec 2019
12-10-2019, 10:44 PM
(This post was last modified: 12-10-2019, 10:45 PM by jennifer4682.)
I actually tried and searched the forum before posting but i'm struggling like the guys on this thread:
https://hashcat.net/forum/thread-8207.html?
All i get is the result of exhausted even with a test account.
Posts: 2,301
Threads: 11
Joined: Jul 2010
What hardware are you using? Can you try with the beta version?
https://hashcat.net/beta/
Posts: 6
Threads: 1
Joined: Dec 2019
(12-11-2019, 12:00 AM)undeath Wrote: What hardware are you using? Can you try with the beta version? https://hashcat.net/beta/
I'm using a Ryzen 5 2600 cpu with an RX580 8Gb GPU. I didn't had any problems with Hashcat detecting and using my GPU.
The beta version still displays the same behavior. It just ignores the password in both straight and brute-force methods showing the result of "Exhausted". While both the stable and beta versions did crack successfully a bitcoin wallet.dat using -m 11300 on both straight and brute-force methods.
I did some research and found something interesting. And funny enough it was posted by yourself.
Link:
https://hashcat.net/forum/thread-7498-po...l#pid40352
Posts: 2,301
Threads: 11
Joined: Jul 2010
Note that post is about v1 blockchain wallets only. I don't know if it applies to v2 wallets as well. And if the hash gets loaded excessive data length should make no difference in cracking a v2 hash.
Can you successfully crack the example blockchain v2 hash from
https://hashcat.net/wiki/doku.php?id=example_hashes ?
Posts: 6
Threads: 1
Joined: Dec 2019
(12-11-2019, 04:59 PM)undeath Wrote: Note that post is about v1 blockchain wallets only. I don't know if it applies to v2 wallets as well. And if the hash gets loaded excessive data length should make no difference in cracking a v2 hash.
Can you successfully crack the example blockchain v2 hash from https://hashcat.net/wiki/doku.php?id=example_hashes ?
Yes, i tried in both modes, it cracks the blockchain v2 very well!!
Posts: 2,267
Threads: 16
Joined: Feb 2013
12-11-2019, 10:15 PM
(This post was last modified: 12-11-2019, 10:20 PM by philsmd.)
maybe it has something to do with this:
https://github.com/hashcat/hashcat/commi...4ee0620076
The validation check is only searching for some specific pattern... we would need to know what your decrypted file starts with, currently supported patterns are (see
https://github.com/hashcat/hashcat/issue...-469038973):
- "guid"
- "tx_no
- "share
- "addre
- "doubl
- "keys"
I'm pretty sure this huge number of possibilities comes from the fact that for json it doesn't really matter which keys come first (as long as they are in the json object)... so it is somehow shuffle.... the problem is that if some pattern is completely missing in the cracker/hashcat, it doesn't validate correctly.
We would need that pattern, if it's really missing... or come up with a better strategy alltogether (but it's not easy to come up with a good plan... maybe a entropy check or a search for specific character sets (e.g. non-binary data. should contain : and " etc) would be also enough, but could lead to false positives
)
Posts: 6
Threads: 1
Joined: Dec 2019
I tried to make the hashfile again from scratch using blockchain2john.py and now hashcat beta returns an actual error:
Hash 'myhash.txt': Token length exception
No hashes loaded.
Posts: 2,301
Threads: 11
Joined: Jul 2010
that just means hashcat can't find the myhash.txt file