Another BTC MultiBit Classic wallet (no password or seed words)

keychainX

member

Activity: 382

Merit: 53

Telegram @keychainX

Quote from: mr_fish2021 on January 14, 2021, 04:23:38 AM

thanks keychainX! It seems powerful. I'm just learning how to use it while the computer is doing some mask attacks. I'll probably combine both approaches.

A couple of questions regarding MultiBit Classic wallet: I see many people complaining about corrupted MultiBit wallets not opening with the correct password. I *believe* my wallet files are ok because they load into MultiBit Classic for Mac or, when I extract keys o see transactions with other scripts, they do not complain, but:

... is there a way to be sure the wallet files have not been corrupted?
... is there the possibility that hascat (or other recovery scripts) is not able to open the wallet even if they find the correct password?

Thank you!

There is actually a bug in Multibit Classic if you changed the password inside when saving the .key file. It cuts of part of the bits.

Also, various versions of the files could have different encryptions, so password might be different for different saved versions.

Did you actually solve this?

/KX

?

Activity: -

Merit: -

Quote from: HCP on January 11, 2021, 12:38:12 AM

To do that, we copy everything after the ":" and put it into a .txt file like this:

Code: (multibit_hash.txt)

$multibit$1*0b4989bdf01e4746*02d61e0c77e7131cb12a638ed742f571ba884621f4e0bebdfc900357cd9a310a

Thanks for your comment. I am in the process of trying to recover btc from an old multibit classic wallet.
I followed your steps and have tried to crack my hash with an old GPU mining rig but have been unsuccessful.
I am tempted to pay a cracking service to brute-force my "$multibit$1" hash but concerned about whether they could reverse the multibit2john process and retrieve the original .key file.
Do you know if this is possible? Is there risk in sharing my multibit hash with others? Surely the hash is just my unknown password right?

Thanks

HCP

legendary

Activity: 2086

Merit: 4363

Quote from: mr_fish2021 on January 15, 2021, 02:20:14 AM

I was wondering if there is a way to tell if a key has been corrupted (any parity, checksum, redundancy, ...)

Yes... the WIF format key that you should have got from decrypting the .key file (for MultiBit it'll be a "compressed" key so it will start with a "K" or an "L"), contains a checksum...

If you can import that private key into a wallet like Electrum without error, then it's almost guaranteed that the key is not corrupted in any way. Changing even a single character will likely render the entire address invalid.

You can see an example of WIF checksum's in action here: https://gobittest.appspot.com/PrivateKey

Note that this page is quite old so it is using "uncompressed" keys for it's examples, so the WIF keys start with a "5"... it still works with "compressed" keys and WIFs that start with a "K" or "L", it just gives spurious errors.

mr_fish2021

newbie

Activity: 8

Merit: 1

thanks Myleschetty and HCP! I believe my .wallet files are OK because multibit itself, multibit_recovery and other scripts seem to behave well managing the files. I understand hashcat does not manage the wallet, just the key. I believe my private key extracted is correct. I was wondering if there is a way to tell if a key has been corrupted (any parity, checksum, redundancy, ...). I'll keep trying in any case, thanks!

HCP

legendary

Activity: 2086

Merit: 4363

Quote from: mr_fish2021 on January 14, 2021, 04:23:38 AM

... is there a way to be sure the wallet files have not been corrupted?

Quote

... is there the possibility that hascat (or other recovery scripts) is not able to open the wallet even if they find the correct password?

hashcat doesn't open the wallet... all it does is "hash" password combinations and compare to the "hash" you already have. If it finds a match, it tells you.

Depending on how corrupt the file is, you'll either get incorrect password or invalid file messages.

I know my Python multibit recovery scripts will often know if the password on a "corrupt" .key file is incorrect... but if the correct password is supplied it will spit out garbage data instead of the private keys etc... This is because the .key files are just encrypted "text" files. I've tested this by overwriting a few random characters of an encrypted ".key" files and then running the script.

.wallet file corruption is a bit different... the file format is a lot more sensitive to corruption as it is a "protobuf" binary file... so any corruption will generally mean that it is not able to be deserialised properly and the script will just crash with a "not a wallet file"-type error.

Same with the .wallet.cipher files... it'll generally know if the password to the file encryption is "OK", but then because the "protobuf" is damaged, it'll crash the script.

Myleschetty

member

Activity: 1191

Merit: 78

Quote from: mr_fish2021 on January 14, 2021, 04:23:38 AM

... is there a way to be sure the wallet files have not been corrupted?

If the wallet is MultiBit? No, the last time i checked the wallet is deprecated and people are advised not to use it cause it developer no longer work on it or provide support which is the reason why people complain about it.

Quote from: mr_fish2021 on January 14, 2021, 04:23:38 AM

... is there the possibility that hascat (or other recovery scripts) is not able to open the wallet even if they find the correct password?
Thank you!

Hascat does not illustrate how wallet cause it own function is to help you recover your lost or forgotten password.

mr_fish2021

newbie

Activity: 8

Merit: 1

thanks keychainX! It seems powerful. I'm just learning how to use it while the computer is doing some mask attacks. I'll probably combine both approaches.

A couple of questions regarding MultiBit Classic wallet: I see many people complaining about corrupted MultiBit wallets not opening with the correct password. I *believe* my wallet files are ok because they load into MultiBit Classic for Mac or, when I extract keys o see transactions with other scripts, they do not complain, but:

... is there a way to be sure the wallet files have not been corrupted?
... is there the possibility that hascat (or other recovery scripts) is not able to open the wallet even if they find the correct password?

Thank you!

keychainX

member

Activity: 382

Merit: 53

Telegram @keychainX

Quote from: mr_fish2021 on January 12, 2021, 07:58:35 PM

Thanks HCP and NotATether! I'm writing some masks for the passwords patterns I usually use and this will be very helpful.
I must say I'm quite impressed with hashcat capabilities.

Masks are useless. Try with rules. Its much more efficient and will increase the speed sometimes 90%
.

Pure brutforce is slow...

/KX

mr_fish2021

newbie

Activity: 8

Merit: 1

Thanks HCP and NotATether! I'm writing some masks for the passwords patterns I usually use and this will be very helpful.
I must say I'm quite impressed with hashcat capabilities.

HCP

legendary

Activity: 2086

Merit: 4363

If you use the -i on it's own and a mask like this:

Code:

?a?a?a?a?a?a?a?a

Hashcat will actually try:
?a
?a?a
?a?a?a
?a?a?a?a
?a?a?a?a?a
?a?a?a?a?a?a
?a?a?a?a?a?a?a
?a?a?a?a?a?a?a?a

It is essentially the "brute force" mode...

So if you only use -i and --increment-max, it'll start at length 1... and go up to the max. Seems somewhat pointless, as you could just set the "max" with the length of the mask and setting max to something less than the mask length seems a bit pointless Wink

The --increment-min is probably more useful.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: HCP on January 12, 2021, 01:42:57 PM

Yes, there is Wink

Have a look at -i, --increment-min and --increment-max as described here:

Code: (https://hashcat.net/wiki/doku.php?id=hashcat#options)

So, if you know the password is between 6-8 chars...

Code:

hashcat -m 22500 -a 3 multibit_hash.txt -i --increment-min=6 --increment-max=8 ?a?a?a?a?a?a?a?a

will only check the masks that have 6-8 chars in them Wink

Ah OK, thanks for that. I never really understood how --increment worked and I thought it took a mask, and then made the mask shorter as in less characters. That's what the hashcat wiki page seemed to imply at least, in the part where it talks about having an 8 character mask but the mask's length decreases. Maybe that's what happens if you use -i and --increment-max by themselves?

HCP

legendary

Activity: 2086

Merit: 4363

Quote from: NotATether on January 11, 2021, 03:42:11 AM

This tries all ASCII characters. Unfortunately there is no shorthand syntax for ranges of passwords.

Yes, there is Wink

Have a look at -i, --increment-min and --increment-max as described here:

Code: (https://hashcat.net/wiki/doku.php?id=hashcat#options)

So, if you know the password is between 6-8 chars...

Code:

hashcat -m 22500 -a 3 multibit_hash.txt -i --increment-min=6 --increment-max=8 ?a?a?a?a?a?a?a?a

will only check the masks that have 6-8 chars in them Wink

mr_fish2021

newbie

Activity: 8

Merit: 1

Thanks NotATether, I've already obtained the multibit hash and installed hashcat, this will help me a lot to reduce the number of iterations

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: mr_fish2021 on January 11, 2021, 03:01:22 AM

Thanks HCP! I'll give it a try. I hope the password is one of the variations of the passwords I've used in the last 7 years...

Also, if you remember only using certain characters in your password, you can define a custom character set in hashcat so that it only looks for password combinations with those characters in it:

If you know your password only has the characters "abcdefgh12345", use

Code:

hashcat -m 22500 -a 3 multibit_hash.txt -1 abcdefgh12345 ?1?1?1?1?1?1?1?1

Finds an 8-character password with only the above characters in them. If you know the password is between 6 and 8 characters long, use this:

Code:

hashcat -m 22500 -a 3 multibit_hash.txt ?a?a?a?a?a?a ?a?a?a?a?a?a?a ?a?a?a?a?a?a?a?a

This tries all ASCII characters. Unfortunately there is no shorthand syntax for ranges of passwords.

mr_fish2021

newbie

Activity: 8

Merit: 1

Thanks HCP! I'll give it a try. I hope the password is one of the variations of the passwords I've used in the last 7 years...

HCP

legendary

Activity: 2086

Merit: 4363

Also, it's possible to use the "multibit2john.py" script (that is part of JohnTheRipper) to extract a hash from either a multibit .key (preferred option) or a multibit .wallet file (VERY slow to crack as it is encrypted with Scrypt).

The hash output from multibit2john.py will look something like this (for a .key file):

Code:

cwoern.key:$multibit$1*0b4989bdf01e4746*02d61e0c77e7131cb12a638ed742f571ba884621f4e0bebdfc900357cd9a310a

Once you have the hash, you can use "hashcat" to attempt to crack the password.

To do that, we copy everything after the ":" and put it into a .txt file like this:

Code: (multibit_hash.txt)

$multibit$1*0b4989bdf01e4746*02d61e0c77e7131cb12a638ed742f571ba884621f4e0bebdfc900357cd9a310a

And then the hashcat commandline should be something like:

Code:

hashcat -m 22500 -a 3 multibit_hash.txt

You can practise using the hash above... and the mask ?a?a?a?a?a?a:

Code:

hashcat -m 22500 -a 3 multibit_hash.txt ?a?a?a?a?a?a

And it should find the password "abc123" relatively quickly. For your .key/hash, you'll need to experiment with different "masks" based on what you believe the password is likely to be... refer here: https://hashcat.net/wiki/doku.php?id=mask_attack

Finally, unless you have a fairly good idea of what the password was likely to be, and that it's relatively short... your chances of bruteforcing it aren't great Undecided

mr_fish2021

newbie

Activity: 8

Merit: 1

Thanks! I didn't know this fork.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

You might want to see if this[1] fork will be better, it's far more active than the previous repository. As with your chances, it would probably be not worth your time unless you have some vague idea of the password. AES-256-CBC is not particularly weak.

[1] https://github.com/3rdIteration/btcrecover

mr_fish2021

newbie

Activity: 8

Merit: 1

Thanks for the tips!

Currently using macOS big sur in a macbook pro: python btcrecover.py --wallet wallets.key --tokenlist tokens/tokens.txt --no-dupchecks

I'll try in Linux and with a GPU as soon as I can. I'm not really confident to find it by brute force :-(
I'm still reviewing old notebooks and backups for a clue of the password or seed.

BitMaxz

legendary

Activity: 3500

Merit: 3249

Happy New year 🤗

What OS you currently use?

Would you mind sharing your BTCrecover command here?

For some tips that I found to help speed up the brute-force process check them below.

If you are using Linux you can have a small speed boost for the Multibit wallet by compiling BTCrecover with Cython.
Commands

Code:

sudo apt-get install python-pip
sudo pip install Cython

cython -o btcrecover/btcrpass.c btcrecover/btcrpass.py
gcc -O3 -fwrapv -fno-strict-aliasing -fPIC -I /usr/include/python2.7 -shared -lpython2.7 -o btcrecover/btcrpass.so btcrecover/btcrpass.c

./run-all-tests.py

The source can be found here https://github.com/gurnec/btcrecover/issues/90#issuecomment-317757608

If you are going to use GPU add this command.

Code:

--enable-gpu

Sample command to brute-force encrypted.key with GPU

Code:

python btcrecover.py --enable-gpu --wallet encrypted.key --tokenlist tokensamples.txt --no-dupchecks --autosave sampleprogress.txt --max-eta 5000

Topic: Another BTC MultiBit Classic wallet (no password or seed words) (Read 437 times)