hashcat Forum Developer hashcat v
Mode 11300

Threaded Mode
Mode 11300
MalumaDev Offline
Junior Member
**
Posts: 1
Threads: 1
Joined: Sep 2020
#1
09-21-2020, 06:58 PM (This post was last modified: 09-21-2020, 06:59 PM by MalumaDev.)
Hi,
I'm trying to understand how the hashcat's brute-force attack works for bitcoin wallets (11300). Until now, I have understood how decrypt the secret key:


Code:
data = pasw+salt
for i in range(rounds):
    data = sha512(data)
key = data[0:32]
iv = data[32:32+16]
dec = AES(key, CBC_MODE, iv).decrypt(cry_master)


But, how can I know that the decrypted key is the correct one?
Find
Reply
philsmd Offline
I'm phil
******
Posts: 2,268
Threads: 16
Joined: Feb 2013
#2
09-24-2020, 10:17 PM (This post was last modified: 09-24-2020, 10:22 PM by philsmd.)
the padding is known, we exploit this (padding attack, last few bytes 16 or 8 depending on the wallet type):

https://github.com/hashcat/hashcat/blob/...#L340-L352

or course you need to decrypt the full last blocks with the correct padding (not removing/replacing the padding, "none") to get the full decrypted block and see what the padding bytes are
Find
Reply