Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Cracking a BIP38 bitcoin wallet
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
About 3 years ago I created a BIP38 (Specifications) protected bitcoin wallet which uses scrypt to protect against brute force attacks. Unfortunately the password I have been thinking I used all these years turns out to be incorrect. I know it is a variation of a particular thing... but I can't remember the variation.

I am a .NET developer with very little experience in cryptography so I'm trying to grasp the concepts and hope I'm going down the right road. I've already developed a program in C# which can step through word lists I've created, but it is slow (I know scrypt is meant to be slow) and I would like to speed it up if possible. I also want to develop a program that runs on Linux so I can take advantage of AWS lower prices on Linux instances to create a distributed solution.

Are there any clear methods I should be using? Can Hashcat help me with the scrypt portion of the bip38 algorithm? I've looked at Hashstack and I see they use the CPU for cracking scrypt... is a GPU really not appropriate for cracking scrypt?

Any help would be appreciated. The advantage I have here is time... I wasn't planning on doing anything with these Bitcoins for years down the road so I'm willing to put in the time to come up with a good solution.

Thanks for any advice you can offer.
What wallet client was used? Also what format do you have the data in right now?
(05-30-2017, 01:06 AM)Chick3nman Wrote: [ -> ]What wallet client was used? Also what format do you have the data in right now?

The wallet is a paper wallet generated from https://www.bitaddress.org. If you go through their initialization process abd then select "paper wallet" you can see an option to password protect the generated wallet with BIP38. That will generate a public key and an encrypted private key. The private key has to be combined with the password to generate the actual unencrypted private key which will work on the network.

What I have right now is the public key along with the encrypted private key.
Looking at how BIP-38 is setup, it wouldnt be too hard to build a script to try and attack the wallet passphrase, and then verify the decrypted private key against the public key you have.

This page has a javascript package you can use to perform the basic encryption/decryption steps: https://github.com/bitcoinjs/bip38/blob/master/index.js

If you sliced out the relevant portions and built a loop with the public key check, you can easily attack your key, however it would likely be a little slow.