Author

Topic: Bitcoin Core wallet crpyt by truecrypt and los pass (Read 282 times)

newbie
Activity: 2
Merit: 0
Could be done, with 2 factors to consider:
1. details of the password for TrueCrypt container (length, symbols used, pattern) - very important
2. encryption methods used (there are many combinations) - important, if you don't have details of p.1

If the password length is very long and if you don't remember the pattern and used symbols, brute forcing it os not feasible.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
1. It's possible the wallet.dat is encrypted twice (by Bitcoin Core and TrueCrypt).

It is a real possibility, especially if the wallet.dat was not created like pre-2011 when there was no password protection of any kind. Although there is also a small chance of the password of both encryption stores to be the same.

I also liked that this software allowed you to move the mouse around to create entropy, I wonder why Bitcoin wallet generation does not include this feature.
Nowadays it's mostly not recommended to use any kind of user-action-derived data for entropy generation, since humans are incredibly bad at creating true randomness, even when trying their best to do 'random' things such as mouse movements or even selecting a random sequence of zeroes and ones.

There is a number of scientific publications on this too, as mentioned in this StackExchange answer:
https://crypto.stackexchange.com/a/87982

I remember that bitaddress.org and GnuPG also listen for user-generated keystrokes and turn that into entropy, somehow, but they combine it with other sources of entropy.
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
Thanks everyone for trying to help me.
Actually, I would like to decrypt TC, but that seems rather difficult.
Especially since it is not possible to waste time on decryption.
Thank you very much


maybe they help

https://forum.hashkiller.io/index.php
newbie
Activity: 9
Merit: 0
Thanks everyone for trying to help me.
Actually, I would like to decrypt TC, but that seems rather difficult.
Especially since it is not possible to waste time on decryption.
Thank you very much
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
I also liked that this software allowed you to move the mouse around to create entropy, I wonder why Bitcoin wallet generation does not include this feature.
Nowadays it's mostly not recommended to use any kind of user-action-derived data for entropy generation, since humans are incredibly bad at creating true randomness, even when trying their best to do 'random' things such as mouse movements or even selecting a random sequence of zeroes and ones.

There is a number of scientific publications on this too, as mentioned in this StackExchange answer:
https://crypto.stackexchange.com/a/87982
sr. member
Activity: 317
Merit: 448
If anything, this showcases the power of a proper password, and Truecrypt can use a cascaded algorithm setup, which means a proper password is just a nightmare to crack. Even if SHA256 got cracked somehow, there would be more to do ahead. Also, Truecrypt was replaced by Veracrypt and is no longer considered safe, so that to me is interesting that people still use TC containers.

As far as the password for the wallet.dat, im assuming that this guy has a known wallet.dat password, otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.

Yes, I remember vaguely that Truecrypt offered such an option of cascaded hash algorithms, which means that you need to know this setup detail for a crack attack, too. It would slow down the process somewhat significantly, especially if you had to try different possibilities in this area, too. Sounds more and more like real pain in the ass.

I wouldn't waste my time and energy with such few hints in this particular case. No one knows if the OP keeps his word and especially if the wallet.dat actually has at least the private key for the mentioned publich address. Too many IFs...


...

wallet.dats for sale are very very likely 100% scams. You can wrap a pile of poop in fancy paper, it's still just poop.  Cheesy Tongue

I remember reading some sort of crypto mail list way back when and there were some people arguing that actually cascaded algorithm setup wasn't that great, and that one should stick to the classic SHA256 only scheme, but im not sure about that. If I used TC, I would first not use TC because it was compromised or so I heard, and that you should use VC (VeraCrypt) and then would research again on the cascaded thing.

I also liked that this software allowed you to move the mouse around to create entropy, I wonder why Bitcoin wallet generation does not include this feature.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
If anything, this showcases the power of a proper password, and Truecrypt can use a cascaded algorithm setup, which means a proper password is just a nightmare to crack. Even if SHA256 got cracked somehow, there would be more to do ahead. Also, Truecrypt was replaced by Veracrypt and is no longer considered safe, so that to me is interesting that people still use TC containers.

As far as the password for the wallet.dat, im assuming that this guy has a known wallet.dat password, otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.

Yes, I remember vaguely that Truecrypt offered such an option of cascaded hash algorithms, which means that you need to know this setup detail for a crack attack, too. It would slow down the process somewhat significantly, especially if you had to try different possibilities in this area, too. Sounds more and more like real pain in the ass.

I wouldn't waste my time and energy with such few hints in this particular case. No one knows if the OP keeps his word and especially if the wallet.dat actually has at least the private key for the mentioned publich address. Too many IFs...


...

wallet.dats for sale are very very likely 100% scams. You can wrap a pile of poop in fancy paper, it's still just poop.  Cheesy Tongue
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.
That's correct, however that's what people have been asking for in this forum repeatedly. For someone to crack their ('own' -- in reality: bought, fake) wallet.dat password, assuming the person doing it wouldn't then just go ahead and empty the wallet immediately.

Maybe wallet scammers changed their strategy and now sell supposedly TrueCrypt-encrypted wallet files, instead, that when decrypted are still secured with a password. Tongue Meanwhile it's just a /dev/random dump. Grin
sr. member
Activity: 317
Merit: 448
Address 1L8SqDEvaA3WnDinobai21ZbnyC79XuJGn has a current balance of 2.11752132 BTC and last outgoing transactions where UTXOs of this address were spent were in
2021-03-03: tx bdc3bc54a358301552c03eecb5c6994bc13066284f795211a2db6497f5692cd7
2021-01-09: tx d27a036c3d1acd27f7b57b3c3bc0e85cff1b03714e1b8b03274f161badac38c4

So in the first months of 2021 the owner of UTXOs of this address apparently had access to this address' private key and the other involved inputs in above transactions.


Yes, the file is mine. If it was not mine, how could I know the general wallet address?

I'm not convinced because a Bitcoin Core wallet uses a lot of keys and public addresses, not just a single one. And naming a public address with a suitable balance isn't hard at all.

Your passphrase hints for the Truecrypt container are rather insufficient. My question would be: why didn't you document such an important secret?

As n0nce points out, having the hashes isn't quite enough. An attack to crack the Truecrypt container passphrase would also need details how Truecrypt processes the passphrase to get to hash digests. Well, likely hashcat or similar tools know how to deal with cracking Truecrypt containers.

And then if someone manages to crack the Truecrypt passphrase: what about the contained wallet.dat file? Is this protected by a passphrase, too? Is the Bitcoin Core wallet.dat passphrase known?

There are stories of people being thrown to jail permanently for failing to disclose a Truecrypt password. If anything, this showcases the power of a proper password, and Truecrypt can use a cascaded algorithm setup, which means a proper password is just a nightmare to crack. Even if SHA256 got cracked somehow, there would be more to do ahead. Also, Truecrypt was replaced by Veracrypt and is no longer considered safe, so that to me is interesting that people still use TC containers.

As far as the password for the wallet.dat, im assuming that this guy has a known wallet.dat password, otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Address 1L8SqDEvaA3WnDinobai21ZbnyC79XuJGn has a current balance of 2.11752132 BTC and last outgoing transactions where UTXOs of this address were spent were in
2021-03-03: tx bdc3bc54a358301552c03eecb5c6994bc13066284f795211a2db6497f5692cd7
2021-01-09: tx d27a036c3d1acd27f7b57b3c3bc0e85cff1b03714e1b8b03274f161badac38c4

So in the first months of 2021 the owner of UTXOs of this address apparently had access to this address' private key and the other involved inputs in above transactions.


Yes, the file is mine. If it was not mine, how could I know the general wallet address?

I'm not convinced because a Bitcoin Core wallet uses a lot of keys and public addresses, not just a single one. And naming a public address with a suitable balance isn't hard at all.

Your passphrase hints for the Truecrypt container are rather insufficient. My question would be: why didn't you document such an important secret?

As n0nce points out, having the hashes isn't quite enough. An attack to crack the Truecrypt container passphrase would also need details how Truecrypt processes the passphrase to get to hash digests. Well, likely hashcat or similar tools know how to deal with cracking Truecrypt containers.

And then if someone manages to crack the Truecrypt passphrase: what about the contained wallet.dat file? Is this protected by a passphrase, too? Is the Bitcoin Core wallet.dat passphrase known?
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Yes, the file is mine. If it was not mine, how could I know the general wallet address?
You could have just posted any random address; there is no way to prove that it corresponds to one of the private keys in your encrypted wallet.dat unless you can decrypt it and sign a message.

Furthermore, we've seen this many times here. People sell encrypted wallet.dat files (sometimes together with some address to 'prove' funds are in the wallet).

Because I don't want to put the encrypted file here, I just put its hash, and whoever can decrypt the hash can find out the password.
Hashes cannot be decrypted. A hash is just that: a hash. A digest. You're asking for people to brute-force a whole wallet.dat file just from its hash and then it would still be encrypted & they would have to decrypt the wallet file itself.
Task 1 is already impossible and task 2 is pretty tough; combine them (for no reason whatsoever) and you can basically close this thread.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
It seems to be tall task. I don't have resource to perform brute-force, but i have few thoughts.
1. It's possible the wallet.dat is encrypted twice (by Bitcoin Core and TrueCrypt).
2. Aside from hint you've shared. Do you remember how long is the password and which character you use?
3. If your password has relative small amount of possible combination, it can be brute-forced with modern high-end GPU. For example, RTX 4090 has speed ranging from 100 to 3500 kH/s depending on encryption type you use. Benchmark link (not mine), https://gist.github.com/Chick3nman/32e662a5bb63bc4f51b847bb422222fd.

Assuming that the wallet.dat file is really yours and that you didn't bought it in the hopes of finding the password (who locks almost 3 bitcoin without noting down the password ?), I really don't see how you can achieve this.

Using TeraCrypt is non-standard approach, so i doubt OP is lying. Besides, Teracrypt was discountined on 2014 where Bitcoin price was about few hundred dollar which isn't big money for people who live on developed country.
newbie
Activity: 9
Merit: 0
UP UP
newbie
Activity: 9
Merit: 0
Assuming that the wallet.dat file is really yours and that you didn't bought it in the hopes of finding the password (who locks almost 3 bitcoin without noting down the password ?), I really don't see how you can achieve this. My first suggestion would be using John the ripper[1] and hascat[2] but TrueCrypt has near perfect cryptography and these tools would probably only help you in finding one or two characters at most. If the password was complex and had a mix of numbers and special characters I would say forget it but perhaps someone who is more knowledgeable in this matter will show up with a better solution than mine.

[1]https://www.openwall.com/john/
[2]https://hashcat.net/hashcat/

Yes, the file is mine. If it was not mine, how could I know the general wallet address?
Because I don't want to put the encrypted file here, I just put its hash, and whoever can decrypt the hash can find out the password.
legendary
Activity: 1148
Merit: 3117
Assuming that the wallet.dat file is really yours and that you didn't bought it in the hopes of finding the password (who locks almost 3 bitcoin without noting down the password ?), I really don't see how you can achieve this. My first suggestion would be using John the ripper[1] and hascat[2] but TrueCrypt has near perfect cryptography and these tools would probably only help you in finding one or two characters at most. If the password was complex and had a mix of numbers and special characters I would say forget it but perhaps someone who is more knowledgeable in this matter will show up with a better solution than mine.

[1]https://www.openwall.com/john/
[2]https://hashcat.net/hashcat/
newbie
Activity: 9
Merit: 0
Hello, I got one wallet.dat containing 2.78 BTC and i crypt it by truecrypt  useing password but i actually forgot the password but i think hint is ( nevada )
You can use BTCrecover or whatever techniques you have to find the password.
This is a technical discussion so I belive am in the right place.

i will give 1 Bitcoin to anyone who can decrypt the attached file .

this's my bitcon address : 1L8SqDEvaA3WnDinobai21ZbnyC79XuJGn
you can take a look at it

please copy the hash in text file and try :

container.tc:truecrypt_RIPEMD_160$6976410c2c124fb30a2ee495471f03f35e4d3e52a21ab68a40a1996aa374b3655268cccd0f2092eef6f3ec1a21dc91eb15c35eeb293f4372f0a66a014f814ef228beec2395f62aaf4fea0437e34114e3f187c4d8bd2a259a7772b722a3034308e4e39d9e92355e6f6a44b758a4da840ba656524449e176fbecf9e1969bf0c79a58694cf21c67d8303029d1980f15e419394caa5534a6c82fd5e9ced8f79991ab141060845590db7cc87e0ac5dc4e11ea321479f925717c92891526b72ca49dd943acafd5f0ad45ff4dfdde6702d557316e57a3bbbd6dfe3532c6863668df1f292a50921bcacb4f9c312f74141b694ad1b64470a84797c28e6f40a8c7caa3b2194e0c62a48ea4b4d16d60993b36f3698434dbad6f6efde4c5a83846f7ffcbf9ddcb7e972891b7723f6fce04cf048076bdb4f1f0e95f77a23d5e9a58a548dbc487865c3772d7d2703363fc62a49e9b187b662e1e1039f469d958705632ee763d193f28c97dd675d393225aab1b4db430fd623c64402ebd625b012cf1c3223884272c8ef52a2776cb178dbc99c93db4f6c2e3985cf98bded7111a7efc5b5fe6453f731a5480124b6e39a3ce0ca6b4b79fac6e9f76b8dd59a2c62be50181425c824099586b12fdf252e14057756afe89b0baed820f22b5e307967f2456e239919a68fdd06772bea3ba91b95f4262ab7f6e1b7527d6fd8c0caaa57d781692213d4cf4:normal::::container.tc
container.tc:truecrypt_SHA_512$6976410c2c124fb30a2ee495471f03f35e4d3e52a21ab68a40a1996aa374b3655268cccd0f2092eef6f3ec1a21dc91eb15c35eeb293f4372f0a66a014f814ef228beec2395f62aaf4fea0437e34114e3f187c4d8bd2a259a7772b722a3034308e4e39d9e92355e6f6a44b758a4da840ba656524449e176fbecf9e1969bf0c79a58694cf21c67d8303029d1980f15e419394caa5534a6c82fd5e9ced8f79991ab141060845590db7cc87e0ac5dc4e11ea321479f925717c92891526b72ca49dd943acafd5f0ad45ff4dfdde6702d557316e57a3bbbd6dfe3532c6863668df1f292a50921bcacb4f9c312f74141b694ad1b64470a84797c28e6f40a8c7caa3b2194e0c62a48ea4b4d16d60993b36f3698434dbad6f6efde4c5a83846f7ffcbf9ddcb7e972891b7723f6fce04cf048076bdb4f1f0e95f77a23d5e9a58a548dbc487865c3772d7d2703363fc62a49e9b187b662e1e1039f469d958705632ee763d193f28c97dd675d393225aab1b4db430fd623c64402ebd625b012cf1c3223884272c8ef52a2776cb178dbc99c93db4f6c2e3985cf98bded7111a7efc5b5fe6453f731a5480124b6e39a3ce0ca6b4b79fac6e9f76b8dd59a2c62be50181425c824099586b12fdf252e14057756afe89b0baed820f22b5e307967f2456e239919a68fdd06772bea3ba91b95f4262ab7f6e1b7527d6fd8c0caaa57d781692213d4cf4:normal::::container.tc
container.tc:truecrypt_WHIRLPOOL$6976410c2c124fb30a2ee495471f03f35e4d3e52a21ab68a40a1996aa374b3655268cccd0f2092eef6f3ec1a21dc91eb15c35eeb293f4372f0a66a014f814ef228beec2395f62aaf4fea0437e34114e3f187c4d8bd2a259a7772b722a3034308e4e39d9e92355e6f6a44b758a4da840ba656524449e176fbecf9e1969bf0c79a58694cf21c67d8303029d1980f15e419394caa5534a6c82fd5e9ced8f79991ab141060845590db7cc87e0ac5dc4e11ea321479f925717c92891526b72ca49dd943acafd5f0ad45ff4dfdde6702d557316e57a3bbbd6dfe3532c6863668df1f292a50921bcacb4f9c312f74141b694ad1b64470a84797c28e6f40a8c7caa3b2194e0c62a48ea4b4d16d60993b36f3698434dbad6f6efde4c5a83846f7ffcbf9ddcb7e972891b7723f6fce04cf048076bdb4f1f0e95f77a23d5e9a58a548dbc487865c3772d7d2703363fc62a49e9b187b662e1e1039f469d958705632ee763d193f28c97dd675d393225aab1b4db430fd623c64402ebd625b012cf1c3223884272c8ef52a2776cb178dbc99c93db4f6c2e3985cf98bded7111a7efc5b5fe6453f731a5480124b6e39a3ce0ca6b4b79fac6e9f76b8dd59a2c62be50181425c824099586b12fdf252e14057756afe89b0baed820f22b5e307967f2456e239919a68fdd06772bea3ba91b95f4262ab7f6e1b7527d6fd8c0caaa57d781692213d4cf4:normal::::container.tc
container.tc:truecrypt_RIPEMD_160$804021663e0b1b270eebd8dc1d29106893eec389ee7d3ba49d5f0530a376970c03061418f0737dfb62d644a0854036f3b4585d0118ae178daae70179945e432b8baa71f2cf81563bbc9185bd03bc57c6baa587a449039bf9262547468691d09aa96e0987bd3b84bb6f937bf03160896c821936dcdb673b3b2c4d393e9fea544b1679f279dca579472358e4f0d4c8771b4169424e339f6021a236a9764de3a02e710fb11a373857fba24dc050cbaed57722665eadfd69f20c4576c66cca159210332d7720c57c03c291ba5217e61dfc371fcbefc3a5dfc2319be9d970d8a3baee993da71ecea21bdad0128a21ee932a12bbb28b95663fe2d6b40480d51d1bd3b32e4997ad065512845b2759c63b9717696400252a182d370e6265507acdb627cd1053e18466c9b643b6dc02c5888ef462255c37db5bf519ce235a81ab186ee605012c1616cf9774cb5bc13e6606a8f437de6b2b2c986c62d03770d9d773957476ca6c703151c5e610938a7f6c8110f3030f0591ffafc8470bf6ff436b96564a79c8d958f8f4e91ea5d95fc2bba59df4c25cda151c57615d579d9e54cf6d967226ec453403c1a8543a7ce009a3d4c7177f8b5884220ac377976db7e55571cbc1ef7dd6cafea545d80630962ed55e34145acaf0ba17bf20eb64c015c131efb8a19339d6d31e598adb03eeb38e61fc4d2b190767c3e6099722d5398d31ee49a8dd0e:hidden::::container.tc
container.tc:truecrypt_SHA_512$804021663e0b1b270eebd8dc1d29106893eec389ee7d3ba49d5f0530a376970c03061418f0737dfb62d644a0854036f3b4585d0118ae178daae70179945e432b8baa71f2cf81563bbc9185bd03bc57c6baa587a449039bf9262547468691d09aa96e0987bd3b84bb6f937bf03160896c821936dcdb673b3b2c4d393e9fea544b1679f279dca579472358e4f0d4c8771b4169424e339f6021a236a9764de3a02e710fb11a373857fba24dc050cbaed57722665eadfd69f20c4576c66cca159210332d7720c57c03c291ba5217e61dfc371fcbefc3a5dfc2319be9d970d8a3baee993da71ecea21bdad0128a21ee932a12bbb28b95663fe2d6b40480d51d1bd3b32e4997ad065512845b2759c63b9717696400252a182d370e6265507acdb627cd1053e18466c9b643b6dc02c5888ef462255c37db5bf519ce235a81ab186ee605012c1616cf9774cb5bc13e6606a8f437de6b2b2c986c62d03770d9d773957476ca6c703151c5e610938a7f6c8110f3030f0591ffafc8470bf6ff436b96564a79c8d958f8f4e91ea5d95fc2bba59df4c25cda151c57615d579d9e54cf6d967226ec453403c1a8543a7ce009a3d4c7177f8b5884220ac377976db7e55571cbc1ef7dd6cafea545d80630962ed55e34145acaf0ba17bf20eb64c015c131efb8a19339d6d31e598adb03eeb38e61fc4d2b190767c3e6099722d5398d31ee49a8dd0e:hidden::::container.tc
container.tc:truecrypt_WHIRLPOOL$804021663e0b1b270eebd8dc1d29106893eec389ee7d3ba49d5f0530a376970c03061418f0737dfb62d644a0854036f3b4585d0118ae178daae70179945e432b8baa71f2cf81563bbc9185bd03bc57c6baa587a449039bf9262547468691d09aa96e0987bd3b84bb6f937bf03160896c821936dcdb673b3b2c4d393e9fea544b1679f279dca579472358e4f0d4c8771b4169424e339f6021a236a9764de3a02e710fb11a373857fba24dc050cbaed57722665eadfd69f20c4576c66cca159210332d7720c57c03c291ba5217e61dfc371fcbefc3a5dfc2319be9d970d8a3baee993da71ecea21bdad0128a21ee932a12bbb28b95663fe2d6b40480d51d1bd3b32e4997ad065512845b2759c63b9717696400252a182d370e6265507acdb627cd1053e18466c9b643b6dc02c5888ef462255c37db5bf519ce235a81ab186ee605012c1616cf9774cb5bc13e6606a8f437de6b2b2c986c62d03770d9d773957476ca6c703151c5e610938a7f6c8110f3030f0591ffafc8470bf6ff436b96564a79c8d958f8f4e91ea5d95fc2bba59df4c25cda151c57615d579d9e54cf6d967226ec453403c1a8543a7ce009a3d4c7177f8b5884220ac377976db7e55571cbc1ef7dd6cafea545d80630962ed55e34145acaf0ba17bf20eb64c015c131efb8a19339d6d31e598adb03eeb38e61fc4d2b190767c3e6099722d5398d31ee49a8dd0e:hidden::::container.tc
Jump to: