Digital Bitbox01
Hey all.

I bought a Digital Bitbox in 2018, which looks like has been discontinued.

I've forgotten the passphrase but still have the backup files. I was curious if I can use Hashcat with the backup key hash.

I've taken a look at the source code of the app to see how the backup key hash is computed using Go, which you can find below:
  const (
    iterations = 20480
    keylen     = 64
  first := hex.EncodeToString(pbkdf2.Key(
    []byte("Digital Bitbox"),

[font=Consolas, "Courier New", monospace]  second := hex.EncodeToString(pbkdf2.Key(
    []byte("Digital Bitbox"),
  if first != second {
    panic("memory error")
  return first

I've got the hash, and an idea of what the password may be, however, every password variation off the top of my head hasn't worked out so far.

The backup hash is in the form: 62Xfc5cX0616X7f3645X7XXf82c4644359XXc3adc1f6bf4d5XcX5f3620X72049.

Can someone please lead me in the right direction? This is all very new to me but exciting at the same time.

I've pulled the code for the hardware itself, and was able some of the encryption logic as well. I'm not too sure how to make sense of all this as I'm unfamiliar with C, as well as cryptography in general. Any advice is greatly appreciated here.

int wallet_generate_node(const char *passphrase, const char *entropy, HDNode *node)
    int ret;
    uint8_t seed[PBKDF2_HMACLEN];
    char salt[8 + strlens(passphrase+ 1];
    snprintf(saltsizeof(salt), "%s%s""mnemonic"passphrase);
    pbkdf2_hmac_sha512((const uint8_t *)entropystrlens(entropy), saltseed,

    if (hdnode_from_seed(seedsizeof(seed), node== DBB_ERROR) {
        ret = DBB_ERROR;
    } else {
        ret = DBB_OK;

    return ret;

void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, const char *salt, uint8_t *key,
                        int keylen)
    uint32_t ijk;
    uint8_t f[PBKDF2_HMACLEN], g[PBKDF2_HMACLEN];
    uint32_t blocks = keylen / PBKDF2_HMACLEN;
    int saltlen = strlens(salt);
    uint8_t salt_pbkdf2[saltlen + 4];

    if (keylen & (PBKDF2_HMACLEN - 1)) {
    for (i = 1i <= blocksi++) {
        salt_pbkdf2[saltlen    ] = (i >> 24& 0xFF;
        salt_pbkdf2[saltlen + 1= (i >> 16& 0xFF;
        salt_pbkdf2[saltlen + 2= (i >> 8& 0xFF;
        salt_pbkdf2[saltlen + 3= i & 0xFF;
        hmac_sha512(passpasslensalt_pbkdf2saltlen + 4g);
        for (j = 1j < PBKDF2_ROUNDSj++) {
            for (k = 0k < PBKDF2_HMACLENk++) {
                f[k^= g[k];
        if (i == blocks && (keylen & (PBKDF2_HMACLEN - 1))) {
            memcpy(key + PBKDF2_HMACLEN * (i - 1), fkeylen & (PBKDF2_HMACLEN - 1));
        } else {
            memcpy(key + PBKDF2_HMACLEN * (i - 1), fPBKDF2_HMACLEN);
The code in your second post seems irrelevant. That's about private key generation, not encryption.

The part from your first post is relevant. This is pbkdf2-hmac-sha512 (mode 12100) with 20480 iterations and a fixed salt "Digital Bitbox".

so your hash would look like
sha512:20480:RGlnaXRhbCBCaXRib3g=:[base64-encoded hash]
Hi undeath,

Thanks for your guidance.

To get the base-64 encoded hash, I'm assuming I just take 62Xfc5cX0616X7f3645X7XXf82c4644359XXc3adc1f6bf4d5XcX5f3620X72049 and base64 encode it?

I don't have to decode it into Hex then Encode it into Base64? Sorry if this is a silly question.
You need to hex-decode first, then base64-encode.
Thanks undeath. No luck with my masks.

I wonder if I'm doing something wrong on my end? I take my backup's cipher text, put it in
The flow is Text -> Bytes [Hexadecimal] -> Base64 -> Text. Is this approach correct?
I don't see a way to hex-decode with that tool. You can use

enter at [HEX] -> decode -> [BASE64]