Blockchain My Wallet V2 Hashes, some concerns
#1
Hello everyone.

I´m here because I don´t remember my blockchain wallet password and just found this awesome tool but I have some dubts, I'm totally noob.

Following some tutorials I'm now able to run hashcat. But I have some concerns about Hash-mode 15200, which deals with Blockchain wallet v2 hashes.

I created a new account in Blockchain.com, and saved the password this time, to test hashcat with some of it's parameters. I'm usgin a brute force attack.

This are my hashes:

The wallet from which I don't know anything about the password (you can say that Im trying to crack some else password but this is not the case) I just forgot what kind of password I used then, and I exhasuted my first option, I mean I usually use some key tokens in my passwords, I never use dictionary words e.g. first token = Lkjh + second token = 2 or 3 random letters + third token = $ symbol + fourth token = 22

The result should look something like this and the only variable token is the one in the middle

Lkjhhc$22

So I've tried diferent masks like

Lkjh?a?a$22
Lkjh?a?a?a$22
Lkjh?a?a?a?a$22
Lkjh?a?a?a?a?a$22
Lkjh?a?a?a?a?a?a$22

Even the masks

L?a?a?a?a?a$22
L?a?a?a?a?a?s?d?d (this one with an imcrement)

But the results have been unsuccessful with this hash:


$blockchain$v2$5000$1488$76a1862e3b63969fcca0d702909bcdd143bfb093e8ab06539ed6...

this hash has a lenght of 2796 

The new account which I recently created for test purpouses has the same password characteristics as describe above and has this hash:

$blockchain$v2$5000$1008$c1c5107939395edc07e5a9a1606288516a287f21bd4bc837dc8ae...

but this hash has a lenght of 2016

I tried the masks above and the search is always sucessful.

The example mentioned here is:

$blockchain$v2$5000$288$06063152445005516247820607861028813ccf6dcc5793...

and has a lenght of 576

So my questions are:

Does this number means anything? $blockchain$v2$5000$1488$... besides the hash and its lenght is the only thing that changes within the above 3 hashes.

And second, why the hash lengh changes? I mean, in my understanding, if you apply a hash operation to a password, for example md5, the lenght of the hash must remain the same despite the lenght of the password am I alright?

So, why with this kind of hash the lenghts are different?

And finally, since my second source of password are randomly generated from a tool with a fixed lenght of 12 chars, I'm now trying this mask:

?a?a?a?a?a?a?a?a?a?a?a?a?
Reply
#2
(01-02-2021, 11:33 PM)Audien1990 Wrote: Hello everyone.

I´m here because I don´t remember my blockchain wallet password and just found this awesome tool but I have some dubts, I'm totally noob.

Following some tutorials I'm now able to run hashcat. But I have some concerns about Hash-mode 15200, which deals with Blockchain wallet v2 hashes.

I created a new account in Blockchain.com, and saved the password this time, to test hashcat with some of it's parameters. I'm usgin a brute force attack.

This are my hashes:

The wallet from which I don't know anything about the password (you can say that Im trying to crack some else password but this is not the case) I just forgot what kind of password I used then, and I exhasuted my first option, I mean I usually use some key tokens in my passwords, I never use dictionary words e.g. first token = Lkjh + second token = 2 or 3 random letters + third token = $ symbol + fourth token = 22

The result should look something like this and the only variable token is the one in the middle

Lkjhhc$22

So I've tried diferent masks like

Lkjh?a?a$22
Lkjh?a?a?a$22
Lkjh?a?a?a?a$22
Lkjh?a?a?a?a?a$22
Lkjh?a?a?a?a?a?a$22

Even the masks

L?a?a?a?a?a$22
L?a?a?a?a?a?s?d?d (this one with an imcrement)

But the results have been unsuccessful with this hash:


$blockchain$v2$5000$1488$76a1862e3b63969fcca0d702909bcdd143bfb093e8ab06539ed6...

this hash has a lenght of 2796 

The new account which I recently created for test purpouses has the same password characteristics as describe above and has this hash:

$blockchain$v2$5000$1008$c1c5107939395edc07e5a9a1606288516a287f21bd4bc837dc8ae...

but this hash has a lenght of 2016

I tried the masks above and the search is always sucessful.

The example mentioned here is:

$blockchain$v2$5000$288$06063152445005516247820607861028813ccf6dcc5793...

and has a lenght of 576

So my questions are:

Does this number means anything? $blockchain$v2$5000$1488$... besides the hash and its lenght is the only thing that changes within the above 3 hashes.

And second, why the hash lengh changes? I mean, in my understanding, if you apply a hash operation to a password, for example md5, the lenght of the hash must remain the same despite the lenght of the password am I alright?

So, why with this kind of hash the lenghts are different?

And finally, since my second source of password are randomly generated from a tool with a fixed lenght of 12 chars, I'm now trying this mask:

?a?a?a?a?a?a?a?a?a?a?a?a?

I'm no pro myself but I have a decent understanding of the custom mask option as that is similar to what i'm trying. 

For example when I run hashcat I run 
Code:
sudo hashcat --custom-charset1 custom.hcchr --increment --increment-min=5 --increment-max=8 -a 6 dict.dict ?1?1?1?1?1?1?1?1?1

That would look for a password between 5 and 8 digits with only the digits I have set in the custom.hcchr file

You could do the same by doing something like 

Code:
--custom-charset1 Lkjh --custom-charset2 abcdefghijk... --custom-charset3 $ --custom-charset4 2 dict.dict ?1?1?1?2?2?2?3?4?4

That should make it use just Lkjh for the first 4 digits, the entire alphabet for the next 3 then a $ and finally a 2. 

That is at least what i'm understanding from your post, hopefully this helps or can lead you in the right direction
Reply