08-04-2020, 11:54 PM
I have an old mbhd.wallet.aes dump file of private and public keys... will they be associated with addresses in the wallet? How would I get the addresses using the keys?
08-04-2020, 11:54 PM
08-05-2020, 03:28 AM
I don't think so. You would need to have the password to decrypt it and get the private keys (the HD mechanism automatically allows to generate and lookup all the addresses and public keys if you have successfully unlocked / decrypted it with the correct password).
There is an example file here: https://github.com/gurnec/btcrecover/blo...wallet.aes
and of course all you can see is random data (althrough there is some "metadata" in the file, like salts/iv etc).
The data is encrypted and therefore you would need to decrypt it first to "see" the content.
There might be other (even log) files around your system that might kind of reveal some info, especially if it's true you used 2 wallets and already the timestamps could reveal some info (see https://github.com/hashcat/hashcat/issue...-662353053). If there is an outgoing transaction from one wallet/address and a new MultiBit wallet was just generated some minutes before, they might be related. The timestamp could reveal a lot (and there might be other files too, just install, even the old version of, the software and see what files are created etc).
of course it makes sense to make safe backups of all the important files, before you do any such experiments
There is an example file here: https://github.com/gurnec/btcrecover/blo...wallet.aes
and of course all you can see is random data (althrough there is some "metadata" in the file, like salts/iv etc).
The data is encrypted and therefore you would need to decrypt it first to "see" the content.
There might be other (even log) files around your system that might kind of reveal some info, especially if it's true you used 2 wallets and already the timestamps could reveal some info (see https://github.com/hashcat/hashcat/issue...-662353053). If there is an outgoing transaction from one wallet/address and a new MultiBit wallet was just generated some minutes before, they might be related. The timestamp could reveal a lot (and there might be other files too, just install, even the old version of, the software and see what files are created etc).
of course it makes sense to make safe backups of all the important files, before you do any such experiments
08-07-2020, 12:29 AM
Thank you Phil.
I'm not sure the below hashcat mask is correct. Would you verify I have it correct if I wanted the following conditions:
1. I want to start with 5 characters minimum to guess the password.
2. The first, second, third, fourth, and fifth characters are either upper or lower letters only.
3. The sixth, seventh and eighth characters might be anything so... ?a
4. Maximum characters is 8.
hashcat -m 22700 -a 3 -1 ?u?l -2 ?u?l -3 ?u?l -4 ?u?l -5 ?u?l -i --increment-min 5 --increment-max 8 hashes.txt ?1?2?3?4?5?a?a?a
Is the above correct?
Also, would you verify my math in calculating the total number of possibilities using this command? Is it: 52^5 + 52^5 + 52^5 + 52^5 + 52^5 + 95^6 + 95^6 + 95^6 = 2,207,176,692,035
The reason this is important is my hash cracking is slow, about 1272 H/s so I need to know how long it will take and if it's worth.
I'm not sure the below hashcat mask is correct. Would you verify I have it correct if I wanted the following conditions:
1. I want to start with 5 characters minimum to guess the password.
2. The first, second, third, fourth, and fifth characters are either upper or lower letters only.
3. The sixth, seventh and eighth characters might be anything so... ?a
4. Maximum characters is 8.
hashcat -m 22700 -a 3 -1 ?u?l -2 ?u?l -3 ?u?l -4 ?u?l -5 ?u?l -i --increment-min 5 --increment-max 8 hashes.txt ?1?2?3?4?5?a?a?a
Is the above correct?
Also, would you verify my math in calculating the total number of possibilities using this command? Is it: 52^5 + 52^5 + 52^5 + 52^5 + 52^5 + 95^6 + 95^6 + 95^6 = 2,207,176,692,035
The reason this is important is my hash cracking is slow, about 1272 H/s so I need to know how long it will take and if it's worth.
08-07-2020, 03:18 AM
this makes no sense:
they all define the same thing. so do it only once
the calculation goes like this for mask length exactly 8:
you can see the remaining time, the ending time, the hash speed and the total number of combinations also directly when launching hashcat.
if you want to make the calculation for the different lengths, you just do the same with these masks (the total is the sum of each and every mask length):
the total is therefore:
so quite a huge number of password candidates that you want to try.
I would again recommend using dictionary attacks with rules instead of brute-force/masks if the passwords are chosen by a human (not completely random)
Code:
-1 ?u?l -2 ?u?l -3 ?u?l -4 ?u?lthey all define the same thing. so do it only once
Code:
hashcat -m 22700 -a 3 -w 3 -1 ?u?l -i --increment-min 5 hashes.txt ?1?1?1?1?1?a?a?athe calculation goes like this for mask length exactly 8:
Code:
(26 + 26) * (26 + 26) * (26 + 26) * (26 + 26) * (26 + 26) * 95 * 95 * 95 =
52 * 52 * 52 * 52 * 52 * 95 * 95 * 95 =
52 ^ 5 * 95 ^ 3 =
325,977,431,936,000you can see the remaining time, the ending time, the hash speed and the total number of combinations also directly when launching hashcat.
if you want to make the calculation for the different lengths, you just do the same with these masks (the total is the sum of each and every mask length):
Code:
?1?1?1?1?1 => 380,204,032
?1?1?1?1?1?a => 36,119,383,040
?1?1?1?1?1?a?a => 3,431,341,388,800
?1?1?1?1?1?a?a?a => 325,977,431,936,000the total is therefore:
Code:
380,204,032 + 36,119,383,040 + 3,431,341,388,800 + 325,977,431,936,000 =
329,445,272,911,872so quite a huge number of password candidates that you want to try.
I would again recommend using dictionary attacks with rules instead of brute-force/masks if the passwords are chosen by a human (not completely random)