Bitcoin Core wallet.dat file containing 3.5 BTC + Password Hint - page 2.

PawGo

legendary

Activity: 952

Merit: 1385

Quote from: BlackHatCoiner on May 06, 2022, 07:37:51 AM

For those who say it's a scam, what's the benefit of the scammer exactly?

In this case - I do not know what OP is hoping for. For success it must be 1) real wallet 2) opened by someone 3) honest "winner" share coins with OP. Maybe he bought that wallet and has no resources to crack the password?
Here, there is no clear gain for him. But in general it seems there is a huge "market" for locked wallets.
For example that topic from Russian board: https://bitcointalksearch.org/topic/1000-0001-btc-5160025
Or that topic, already mentioned by me: https://bitcointalksearch.org/topic/dont-buy-walletdat-files-with-lost-passwords-exchange-them-5242967
So you may buy password protected wallet and try your luck or you may just get one for free.

If you check addresses sold, most of them has public key exposed...

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

For that amount, I suspect the hints aren't proper, for if they did, one would have cracked the password already. OP, are you sure the password is 4-8 characters long with the English letters and/or numbers? Is there a slight chance you've chosen a special character which isn't mentioned?

For those who say it's a scam, what's the benefit of the scammer exactly?

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: PawGo on May 06, 2022, 07:15:46 AM

I do not know how all that .dat files are manipulated, but as far I recall, it was somehow proved that it is possible to "inject" given address into wallet.dat file knowing it's public key. In other words - if you know public key (wallet has spending transaction) it is possible to create a forged wallet file for that address. Wallet will work in bitcoin core, show correct balance etc.

It is pretty easy to manipulate a wallet file simply because wallet files don't really have any kind of checksum or integrity check to make sure the file is not manipulated. It is jut raw data that can be modified and any part of it like the addresses can be changed to a funded one and the encrypted keys to garbage undecryptable data.

PawGo

legendary

Activity: 952

Merit: 1385

Quote from: ABCbits on May 06, 2022, 07:07:15 AM

Since you asked, i just did it on VM. Looking at it's transaction history, 1NUW3z5z6cNs8Ltd2cN2BnxP92dySdcuG8 is the only receiving address. According to mempool.space[3], it has ~3.5BTC. But there's no way to know whether the encrypted part of the wallet is manipulated or not[4].

I do not know how all that .dat files are manipulated, but as far I recall, it was somehow proved that it is possible to "inject" given address into wallet.dat file knowing it's public key. In other words - if you know public key (wallet has spending transaction) it is possible to create a forged wallet file for that address. Wallet will work in bitcoin core, show correct balance etc. But of course it will not be possible to withdraw coins as private key will not be available.
Such a bad surprise when you already crack the password.

And yes, address from OP's wallet has spending transaction, which means (in my opinion) that chances it is forged change from 50/50 to 99%.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Cricktor on May 06, 2022, 05:12:47 AM

Quote from: CrunchyF on May 06, 2022, 01:38:44 AM

~

Why is BIP38 involved here? From what I remember a password protected wallet.dat basically encrypts more or less only the private key stuff with AES. I may lack knowledge here though as cracking wallet.dats is not my business. I'm more just curious and have fun to broaden my crypto knowledge.

It's true Bitcoin Core use AES, although it's more than encrypt private key with AES[1-2].

Quote from: Cricktor on May 06, 2022, 05:12:47 AM

Has anyone tried to load this wallet.dat into Bitcoin Core to check which addresses claim to hold the funds and if a blockexplorer actually shows these funds? I admit, I haven't tried yet because I don't believe this is a legit and valid wallet.dat (well, likely 99.999% of publicly available wallet.dats are manipulated scams).

Since you asked, i just did it on VM. Looking at it's transaction history, 1NUW3z5z6cNs8Ltd2cN2BnxP92dySdcuG8 is the only receiving address. According to mempool.space[3], it has ~3.5BTC. But there's no way to know whether the non-encrypted part of the wallet is manipulated or not[4].

[1] https://en.bitcoin.it/wiki/Wallet_encryption
[2] https://bitcoin.stackexchange.com/a/1714
[3] https://mempool.space/address/1NUW3z5z6cNs8Ltd2cN2BnxP92dySdcuG8
[4] https://bitcointalksearch.org/topic/m.50566174

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: CrunchyF on May 06, 2022, 01:38:44 AM

~

Why is BIP38 involved here? From what I remember a password protected wallet.dat basically encrypts more or less only the private key stuff with AES. I may lack knowledge here though as cracking wallet.dats is not my business. I'm more just curious and have fun to broaden my crypto knowledge.

Has anyone tried to load this wallet.dat into Bitcoin Core to check which addresses claim to hold the funds and if a blockexplorer actually shows these funds? I admit, I haven't tried yet because I don't believe this is a legit and valid wallet.dat (well, likely 99.999% of publicly available wallet.dats are manipulated scams).

CrunchyF

jr. member

Activity: 56

Merit: 26

Quote from: Minase on May 05, 2022, 02:26:57 PM

can already confirm that 1-6 characters the password is not.
who knows...maybe he is the owner maybe not... i will try up to 7 characters to help him.
and yes the story it's a little weird.. no money but posted the walled.

I try (just for fun) because i'm pretty sure that this is a scam every numeric possibility
between 0->99999999. no found

Does someone know if the OPENCL implementation of bip38 decoding in hashcat is optimised ?
I have only a speed of 28000 tests / sec on my RTX3070...
I want to test a coding from scratch of AES and scrypt (used in bip38) on a CUDA kernel
with this library :
https://github.com/franneck94/CUDA-AES/blob/master/AES%20CUDA/AES.cu

but i d'ont know if the game deserves to ?

Minase

member

Activity: 72

Merit: 43

can already confirm that 1-6 characters the password is not.
who knows...maybe he is the owner maybe not... i will try up to 7 characters to help him.
and yes the story it's a little weird.. no money but posted the walled.

PawGo

legendary

Activity: 952

Merit: 1385

Quote from: NotATether on May 05, 2022, 11:26:28 AM

Quote from: entropyapes on May 05, 2022, 10:09:38 AM

This wallet was mine, in 2012 I bought some BTC than I wasnt very educated and I forget the password, but all my passwords at that time was only number and some number and letter without capital letter, I shared it before with 3 guys that claimmed be able to brute force but till now nothing happenned and the funds are still in the hash, may someone here find and we will have a good time on it.

It means some of those people have violated your secrecy.

But I am surprised that the wallet has not been cracked yet given that it is between 4-8 chars with only numbers and letters. That would be easy fodder for Hashcat and a lone (high-end) GPU. Are you sure these are the exact constraints of the password? Maybe there could be some non-latin characters that you have forgotten about?

Exactly.
Checking 1-8 digits is trivial. To check 6 characters lowercase+digits takes around 2h on 7x 3090 using hashcat. If OP gave that wallet to open long time ago, I believe there is at least one person who checked that possibilities. There is of course always a chance that password has 9 characters... no?
Anyway, if one of you wants to try hashcat, this is the configuration:
Save wallet hash into file (hash.txt):

Code:

$bitcoin$64$011f6abdec8e23032b7eb1298ed661fb9ebcd7388b3963b527a2923cce6800ea$16$e4aa72cd2bfa00cd$68014$2$00$2$00

Commands for hashcat to launch search of digits + lowercase letters, passwords 6, 7 and 8 characters long:

Code:

./hashcat.bin -m 11300 -a 3 -w 3 -o result.txt hash.txt -1 ?l?d ?1?1?1?1?1?1
./hashcat.bin -m 11300 -a 3 -w 3 -o result.txt hash.txt -1 ?l?d ?1?1?1?1?1?1?1
./hashcat.bin -m 11300 -a 3 -w 3 -o result.txt hash.txt -1 ?l?d ?1?1?1?1?1?1?1?1

Good luck!

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Considering all OP's posts so far, I have some doubt that this wallet.dat actually contains keys for those funds that you claim are in "your" wallet.
If it were legit, you'd get the most from Dave of walletrecoveryservices.com who has decent fast hardware for cracking and you'd get 85% of the wallet's funds.
Whereas posting it here to the public is kinda weird, you'd risk to get 0% if it were a valid wallet.dat with "real funds".

Taking your password hints into account, only lowercase letters and numbers, a length of 4-8 as you claim: that's a search space of approx. 2.9*10^12 possible passwords in total. Who's going to waste the energy to try to crack this under the assumption that your password hints are even valid? (Yes, I'm judging you by your posting behavior, I might misjudge you or not.)

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: entropyapes on May 05, 2022, 10:09:38 AM

This wallet was mine, in 2012 I bought some BTC than I wasnt very educated and I forget the password, but all my passwords at that time was only number and some number and letter without capital letter, I shared it before with 3 guys that claimmed be able to brute force but till now nothing happenned and the funds are still in the hash, may someone here find and we will have a good time on it.

It means some of those people have violated your secrecy.

But I am surprised that the wallet has not been cracked yet given that it is between 4-8 chars with only numbers and letters. That would be easy fodder for Hashcat and a lone (high-end) GPU. Are you sure these are the exact constraints of the password? Maybe there could be some non-latin characters that you have forgotten about?

entropyapes

newbie

Activity: 10

Merit: 0

Quote from: PawGo on May 05, 2022, 10:00:38 AM

It is the most probably forged wallet. Did you buy it and now you want others to open it for you?
It is available for sale on some scam websites: https://wallet-dat.net/bitcoin-core-wallet-dat/bitcoin-core-wallet-dat-3-53-btc/
Some even give it for free: https://bitcointalksearch.org/topic/m.54284429

This wallet was mine, in 2012 I bought some BTC than I wasnt very educated and I forget the password, but all my passwords at that time was only number and some number and letter without capital letter, I shared it before with 3 guys that claimmed be able to brute force but till now nothing happenned and the funds are still in the hash, may someone here find and we will have a good time on it.

PawGo

legendary

Activity: 952

Merit: 1385

It is the most probably forged wallet. Did you buy it and now you want others to open it for you?
It is available for sale on some scam websites: https://wallet-dat.net/bitcoin-core-wallet-dat/bitcoin-core-wallet-dat-3-53-btc/
Some even give it for free: https://bitcointalksearch.org/topic/m.54284429

entropyapes

newbie

Activity: 10

Merit: 0

Quote from: Minase on May 05, 2022, 09:29:39 AM

oh well, your wallet, your money.
I can't guarantee that someone else with faster machine will not find the password first without giving you back whats your.
I will try to see if i can help you.

If you got success it will be a dream coming true in my life, any couple of thousands would change my reality, thanks for your effords!

Minase

member

Activity: 72

Merit: 43

oh well, your wallet, your money.
I can't guarantee that someone else with faster machine will not find the password first without giving you back whats your.
I will try to see if i can help you.

entropyapes

newbie

Activity: 10

Merit: 0

Quote from: Minase on May 05, 2022, 08:50:07 AM

I will help you recover what's yours.
I will pm you if what you provided is correct.
Please delete the link for now for your safety

I would be very glad if you pay me 50% or a couple of thousands if you got success, but I already shared and I dont think is fair to delete, if you find and give me some of the funds I will be more than happy because am currently almost bankrupted.

Minase

member

Activity: 72

Merit: 43

I will help you recover what's yours.
I will pm you if what you provided is correct.
Please delete the link for now for your safety

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: entropyapes on May 04, 2022, 07:00:04 PM

Hello, I got one wallet.dat containing 3.5BTC and the password is 4 to 8 digits numbers and letters only, pretty easy one.

If it's a pretty easy one, why don't you pay a wallet recovery service to do it for you? The most reputable I know is walletrecoveryservices.com. Dave, who's the administrator, takes only 15% of what's found for amounts greater than $100k.

It's already late, but if it's indeed easy, don't expect someone to send you more than a tenth of it. That's a lot of money.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

You can use bicoin2john to extract the password hash from the wallet and then someone can brute-force it with Hashcat. I wrote a guide [1] with details on how do do this.
Cheap GPU power can be rented from vast.ai as well.

[1]: https://notatether.com/tutorials/what-is-the-bitcoin2john-script-and-how-do-you-use-it/

entropyapes

newbie

Activity: 10

Merit: 0

Hello, I got one wallet.dat containing 3.5BTC and the password is 4 to 8 digits numbers and letters only, pretty easy one.
You can use BTCrecover or whatever techniques you have to find the password.
This is a technical discussion so I belive am in the right place.
Am giving the wallet.dat for free and if the password finder is ethical send me whatever it thinks is right to:
1CuBp3ZUhebentFtYaZMSGFSVzV4Aga3TZ

Link to Download the File:
https://www.transfernow.net/dl/20220504e6gZ6GTD

I have a cheap 2 core laptop as my driver so am not able to even to try to find it, but as I mentioned above, it is only 4 to 8 digits password. there is good odds to be only numbers, that is all I know about the password.
Have fun and if you find share with us the experience and dont forget my tip.

AM A HOMO SAPIENS TRYING TO MAKE MILLIONS TO DEVELOPE MY OWN NUCLEAR WEPONS AND HIRE PEOPLE TO DEVELOPE BIOLOGICAL IMMORTALITY, AM CURRENTLY HOMELESS BECAUSE I WAS A ELON MUSK THAT FAILLED, HELP ME RISE AGAIN AND LET ME EXPLODE THE PARTICULES.

DONATE MILLIONS TO ADDRESS BELOW AND LET SEE ME BENDING THE PARTICULES HARDER THAN BIG BANG ~~~~~~~~~~~~~~~~~~

1APEXJf4M5ajLkeK3JxjAJ284zJLCcELj1
1APEXJf4M5ajLkeK3JxjAJ284zJLCcELj1
1APEXJf4M5ajLkeK3JxjAJ284zJLCcELj1
1APEXJf4M5ajLkeK3JxjAJ284zJLCcELj1
1APEXJf4M5ajLkeK3JxjAJ284zJLCcELj1

Topic: Bitcoin Core wallet.dat file containing 3.5 BTC + Password Hint - page 2. (Read 1687 times)