Posts: 5
Threads: 3
Joined: Jan 2021
I have been playing with hashcat a lot to refind my wallet password. I even upgraded to a RTX 3090 and went through several dictionaries with no luck so far.
I understand that speeding up the process through rules and piping is not possible because the hashing algoritm for wallets is already so slow that the GPU does not run out of things to do. Right? So faster then a plain dictionary attack is not possible.
Still I believe that a great combination of dictionary and rules file is the way to go forward. But it is very hard to find information on this. In hashcat there are several rule files included but there is no description of what they are intended to do.
So my questions is: What dictionary and/or rule file do you recomment for wallets?
Posts: 2,267
Threads: 16
Joined: Feb 2013
I think you need to approach the problem from a totally different angle:
try to think about what you remember about the password. how long is it ? does it use whole words that can be found in a dictionary file ? any specials or digits appended/inserted ? any special password pattern ? etc etc etc
If it is really your password and it's NOT generated by a password manager or other password generator (and therefore it's not completely random), you need to attack it by remembering and guessing as much as possible. Your brain/mind can help a lot to make it feasible, if it's really your password, you should remember something.
Maybe you even used similar passwords or password patterns back then... this could make it much more feasible and more efficient to attack.
If it's really random and long and you do not remember anything, it's getting very likely (but not guaranteed) that it's not possible to recover the wallet balance.
Don't get distracted by questions like what is the best dictionary file or best rule file etc.... the best thing to do is always to step back and remember as much as possible and make some more educated attacks/guesses with your own dictionary file or rules/patterns/masks etc.
Posts: 5
Threads: 3
Joined: Jan 2021
(02-27-2021, 11:34 AM)philsmd Wrote: I think you need to approach the problem from a totally different angle:
try to think about what you remember about the password. how long is it ? does it use whole words that can be found in a dictionary file ? any specials or digits appended/inserted ? any special password pattern ? etc etc etc
If it is really your password and it's NOT generated by a password manager or other password generator (and therefore it's not completely random), you need to attack it by remembering and guessing as much as possible. Your brain/mind can help a lot to make it feasible, if it's really your password, you should remember something.
Maybe you even used similar passwords or password patterns back then... this could make it much more feasible and more efficient to attack.
If it's really random and long and you do not remember anything, it's getting very likely (but not guaranteed) that it's not possible to recover the wallet balance.
Don't get distracted by questions like what is the best dictionary file or best rule file etc.... the best thing to do is always to step back and remember as much as possible and make some more educated attacks/guesses with your own dictionary file or rules/patterns/masks etc.
Thanks for your thoughts. I agree with you. But I have no idea.... probably I made some combination of a word and some letters/symbols. Hence the idea of using wordlists with rules. So thats why I asked which combinations of word files and rule files are great to try. I can understand that some word files may already have variances of words covered by rule files for example. I also found no description of the rule files included with hashscat. So more knowledge in that direction may help me make better decissions.
Posts: 893
Threads: 15
Joined: Sep 2017
looking here
https://hashcat.net/wiki/doku.php?id=rule_based_attack
and you will get a real good overview of what a single rule does
the rule-files shipped with hascat are only collections of some good rules packed together, think of them like a dictionary just made of rules
for example look into
best64.rule
Code:
## simple number append
$0
$1
$2
$3
$4
$5
$6
$7
$8
$9
these rules will append a single digit 0-9 to every word you povide, nothing more, you can simple add or modify your own rules,
for example you can use rules like
Code:
$1 $9 $8 $0
$1 $9 $8 $1
$1 $9 $8 $2
...
to prepend typical birthdates to a password resulting in words like
Code:
password1980
password1981
password1982
but if you REALLY have no idea of "YOUR" password, this will not help. lets say "YOUR" password is german, then you should use a german dictionary, if "YOUR" password is english, use an english dictionary, if you are from russia, well you get the point right?
some of the dicts "everyone" know and or use can be found with lmgtfy
https://github.com/danielmiessler/SecLis.../Passwords