openssl AES256 with a common standardized Password-Based Key Derivation Function
#11
(01-29-2020, 10:26 AM)philsmd Wrote: Did you try to use this btcrpass.py tool to crack your file ? Does it even work ?

Yes, it's working:

Code:
python.exe btcrecover\btcrecover.py --tokenlist btcrecover\tokenlist.txt --wallet hashcat-20200128133332.key
Starting btcrecover 0.17.10 on Python 2.7.16 64-bit, 16-bit unicodes, 32-bit ints
btcrecover.py: notice: use --android-pin to recover the spending PIN of
    a Bitcoin Wallet for Android/BlackBerry backup (instead of the backup password)
Wallet difficulty: 3 MD5 iterations
Counting passwords ...
Done
Using 8 worker threads
78780127 of 92236816 [############################-----] 0:02:59, ETA:  0:00:30
Password found: 'test'
Reply
#12
I don't know what we can/should do here, but maybe somebody can do some more research and update the github issue etc...

For instance it seems that the wiki says it uses base58check:
https://github.com/Multibit-Legacy/multi...ivate-keys
https://github.com/robevansuk/BitcoinPri...8/issues/1
which links to https://en.bitcoin.it/wiki/Wallet_import_format and https://en.bitcoin.it/wiki/Base58Check_encoding

also the tool mentioned (DumpedPrivateKey.java) within that Multibit-Legacy github repository seems to say something about checksums:
https://github.com/bitcoinj/bitcoinj/blo...teKey.java

I have no clue if this is true and if multibit2john.py has support for all the bytes needed for the checksum test.

I think even with the first 2 blocks (2*16=32 bytes) of the private key, you can steal the balance quite easily.... so I don't think the output of multibit2john is really meant to give to untrusted people
https://github.com/magnumripper/JohnTheR...#L342-L344
Reply
#13
Im not an Developer, so it is getting too technical for me.

I just thought, that mainly everything is there to support it in hashcat.

Im trying to bruteforce my old wallet with some BTC in it and since btcrecover
and John only supports it with CPU it will take nearly 3 years with 8 chars (full charset).

I have about 50 GPUs that would do the job in days, I guess.

If someone could enable it in hashcat with GPU support, I’m willing to donate 2 BTC.
Reply
#14
Evening,

So I was on the github thread and saw this got updated with a new mode added -m 22500.  I did a new build using cygwin and the latest clone.

I have a test key using Multibit 0.5.17 with password "butt"   ./hashcat -m 22500 -a 3 TestButt.key ?a?a?a?a

key file contents is 
U2FsdGVkX18nQPqGL5T70CRS+PJ7VT/se5HvWBt+PkIJeSDp9HKc66oq3P5lU6ZRjHzN0AbMDyTRQONlubreVt3/+X0kGTZTniEIuBAnEfABnNdu/6uuxqLkPsXDhDx8


This file worked correctly in BTCRecover, (however it does run into an issue it ignore "line with character with code point 194 > max and 195 > max) but when I run the following in Hashcat, I get a separator unmatched, no hashes loaded.  Can anyone else verify it works or if an error?

Thank you.
-MAJBatman
Reply
#15
as mentioned here: https://github.com/hashcat/hashcat/pull/2306 , you need to use multibit2john.py to convert the file to a hash... but you also need to remove the file name from the beginning... the hash should start with $multibit$1*

cracks perfectly fine with password "butt" (without quotes):
Code:
$multibit$1*2740XXXX2f94XXd0*2452XXXX7b553fec7b91efXXXXe3e42097920e9f4729XXXX2adcfe6XXXX651:butt
Reply
#16
Thank you, i did get it to work.  For others.  Go to https://github.com/magnumripper/JohnTheR...-jumbo/run

Pull the file Multibit2john.py.  Run it using python example cmd line below
D:\Canopy\UserPython multbit2john.py testbutt.key

This outputs in the command line
TestButt.key:$multibit$1*2740fa862f94fbd0*2452f8f27b553fec7b91ef581b7e3e42097920e9f4729cebaa2adcfe6553a651

copy starting at first $, copy to new text file.  Rename extension to .key
Run Hashcat with command
./hashcat -m 22500 -a 3 testbutt.key (ADD MASK MODIFIERS ie. ?a?a?a?a)

My 1070 is getting 151-158MH/S.
Reply