Author

Topic: btc password recovered success with hashcat using a custom rule (Read 895 times)

newbie
Activity: 1
Merit: 0
I got it!! It worked!! ahhh!!!!!!!!!!!

I was so close, yes I had put together my own custom lists first using excel, then I used the mask function and mask processor.  I created a few hundred million possibilities and they didn't work.  I see my password now, I was extremely close.  For reference, it's not an easy password, it's a long complex password hardcoded in my brain.  I knew there had to be something small that I possibly changed when I created it, but it turns out it wasn't the type of change I was thinking, it was something else.  I created a custom rule set this morning that would have taken a few days to exhaust and still not have found it, now that I see what it is.  It's possible I eventually would have added this variable into the rules, but it wasn't in my mind for the past few days.  So, I was searching online for more info and I found this custom rule set below and it cracked the password within 11 seconds on my 1080ti and all I did was use it in combination with a small master wordlist of what I thought it should be.  Perfect timing too as I was about to order more cards today.

Thanks a ton everyone.  Hashcat is awesome!!

Here is the ruleset I used.  And thank you to the people who created this ruleset.
https://www.notsosecure.com/one-rule-to-rule-them-all/

Just a note to anyone who reads this too, I got the GPU to work in btcrecover as well and it was also fast.  GPU is disabled by default, I didn't realize that.  But hashcat still went through the lists faster.  Both are great.  

I couldn't believe it when 11 seconds later it stopped and said status "Cracked".  Grin Grin
Quote
Session..........: hashcat
Status...........: Cracked
Hash.Name........: Bitcoin/Litecoin wallet.dat
Hash.Target......: $bitcoin$64$~~~~~~~~~~~~~~~~~
Time.Started.....: Sun Dec 22 05:01:32 2019 (11 secs)
Time.Estimated...: Sun Dec 22 05:01:43 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........:     5793 H/s (11.04ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Recovered........: 1/1 (100.00%) Digests

For any other newbs reading this, to get full speed using rules, you are going to need to pipe it.  Read here: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_to_create_more_work_for_full_speed

I used windows and this is the line I entered into cmd as an example:
hashcat.exe --stdout wordlist0.txt -r rules/OneRuleToRuleThemAll.rule | hashcat.exe -m 11300 hash.txt

hash.txt being your extracted wallet hash, of course. make sure there are no spaces in the file.

Shred your wordlists and anything with your info of any part of your pass on it of course in a file shredder program when you are done.


This post is now a couple of years old but I'm soooooooo glad i found this! Extremely helpful! I was able to use this info to help crack my wallet passphrase in just 13 minutes! Thank you!!!!

How did you create hash for this hash.txt file:

"hash.txt being your extracted wallet hash, of course. make sure there are no spaces in the file."

Which command did you use please?
newbie
Activity: 1
Merit: 0
I got it!! It worked!! ahhh!!!!!!!!!!!

I was so close, yes I had put together my own custom lists first using excel, then I used the mask function and mask processor.  I created a few hundred million possibilities and they didn't work.  I see my password now, I was extremely close.  For reference, it's not an easy password, it's a long complex password hardcoded in my brain.  I knew there had to be something small that I possibly changed when I created it, but it turns out it wasn't the type of change I was thinking, it was something else.  I created a custom rule set this morning that would have taken a few days to exhaust and still not have found it, now that I see what it is.  It's possible I eventually would have added this variable into the rules, but it wasn't in my mind for the past few days.  So, I was searching online for more info and I found this custom rule set below and it cracked the password within 11 seconds on my 1080ti and all I did was use it in combination with a small master wordlist of what I thought it should be.  Perfect timing too as I was about to order more cards today.

Thanks a ton everyone.  Hashcat is awesome!!

Here is the ruleset I used.  And thank you to the people who created this ruleset.
https://www.notsosecure.com/one-rule-to-rule-them-all/

Just a note to anyone who reads this too, I got the GPU to work in btcrecover as well and it was also fast.  GPU is disabled by default, I didn't realize that.  But hashcat still went through the lists faster.  Both are great.  

I couldn't believe it when 11 seconds later it stopped and said status "Cracked".  Grin Grin
Quote
Session..........: hashcat
Status...........: Cracked
Hash.Name........: Bitcoin/Litecoin wallet.dat
Hash.Target......: $bitcoin$64$~~~~~~~~~~~~~~~~~
Time.Started.....: Sun Dec 22 05:01:32 2019 (11 secs)
Time.Estimated...: Sun Dec 22 05:01:43 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........:     5793 H/s (11.04ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Recovered........: 1/1 (100.00%) Digests

For any other newbs reading this, to get full speed using rules, you are going to need to pipe it.  Read here: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_to_create_more_work_for_full_speed

I used windows and this is the line I entered into cmd as an example:
hashcat.exe --stdout wordlist0.txt -r rules/OneRuleToRuleThemAll.rule | hashcat.exe -m 11300 hash.txt

hash.txt being your extracted wallet hash, of course. make sure there are no spaces in the file.

Shred your wordlists and anything with your info of any part of your pass on it of course in a file shredder program when you are done.



I have the exact same problem that you have resolved. I have used hashcat and extracted the hash string out of my password forgotten bitcoin core wallet.dat file. The extracted hash string is in $bitcoin$64$.........$00 format. I tried to follow your advised method, however it is not working for me. I can give you the hash string, can you please extract the password for me? All i know it is 4+ combination char.

I don't have that much bitcoin in my wallet thus i can compensate you 0.25 bitcoin for your time. Would you please help me?


Thanks.

member
Activity: 168
Merit: 39
I got it!! It worked!! ahhh!!!!!!!!!!!

I was so close, yes I had put together my own custom lists first using excel, then I used the mask function and mask processor.  I created a few hundred million possibilities and they didn't work.  I see my password now, I was extremely close.  For reference, it's not an easy password, it's a long complex password hardcoded in my brain.  I knew there had to be something small that I possibly changed when I created it, but it turns out it wasn't the type of change I was thinking, it was something else.  I created a custom rule set this morning that would have taken a few days to exhaust and still not have found it, now that I see what it is.  It's possible I eventually would have added this variable into the rules, but it wasn't in my mind for the past few days.  So, I was searching online for more info and I found this custom rule set below and it cracked the password within 11 seconds on my 1080ti and all I did was use it in combination with a small master wordlist of what I thought it should be.  Perfect timing too as I was about to order more cards today.

Thanks a ton everyone.  Hashcat is awesome!!

Here is the ruleset I used.  And thank you to the people who created this ruleset.
https://www.notsosecure.com/one-rule-to-rule-them-all/

Just a note to anyone who reads this too, I got the GPU to work in btcrecover as well and it was also fast.  GPU is disabled by default, I didn't realize that.  But hashcat still went through the lists faster.  Both are great.  

I couldn't believe it when 11 seconds later it stopped and said status "Cracked".  Grin Grin
Quote
Session..........: hashcat
Status...........: Cracked
Hash.Name........: Bitcoin/Litecoin wallet.dat
Hash.Target......: $bitcoin$64$~~~~~~~~~~~~~~~~~
Time.Started.....: Sun Dec 22 05:01:32 2019 (11 secs)
Time.Estimated...: Sun Dec 22 05:01:43 2019 (0 secs)
Guess.Base.......: Pipe
Speed.#1.........:     5793 H/s (11.04ms) @ Accel:16 Loops:512 Thr:64 Vec:1
Recovered........: 1/1 (100.00%) Digests

For any other newbs reading this, to get full speed using rules, you are going to need to pipe it.  Read here: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_to_create_more_work_for_full_speed

I used windows and this is the line I entered into cmd as an example:
hashcat.exe --stdout wordlist0.txt -r rules/OneRuleToRuleThemAll.rule | hashcat.exe -m 11300 hash.txt

hash.txt being your extracted wallet hash, of course. make sure there are no spaces in the file.

Shred your wordlists and anything with your info of any part of your pass on it of course in a file shredder program when you are done.
member
Activity: 378
Merit: 53
Telegram @keychainX
I currently have an 8700k and it's been plenty sufficient for checking the couple million variations I made in the passwords list.  But it hasn't found my password yet and it's time to step it up in the tokens file so I need something stronger, and I'm not willing to spend more than a grand on a CPU.

Would a 2950x 24/48 or a 3950x 16/32 be faster for this program?  Logically the more cores makes sense, but I remember reading Threadripper Gen2 had an efficiency issue with the design and you can see it in the benchmarks where it severely lacks.  But at the same time it wouldn't be doing anything hardcore other than checking passwords against a wallet file.  So which would be better for this?  I know the Ryzen 9 3950x is much better as an all around daily driver, but this would be just for this purpose and sold once the wallet password is recovered.

What do you guys think?

What wallet type is it and what are your parameters in Hashcat?

There are various tweaks and rule sets you could use, could give you some ideas to improve the tests.

Do you use your own password lists or password hints?

Any rule sets?

good luck
/KX
member
Activity: 168
Merit: 39
I wish I would have known my wallet was screwed up before I sold my mining rigs.  I might have to buy some more GPUs, after I just sold them all earlier this year.  I wasn't spending funds, only depositing, so I only used the password on the initial creation of that new wallet, I was certain it was the same password as my previous wallet, but apparently it's not.  I've tried more than a few hundred million precisely created variations so far, which worries me that it might not be anything near what I thought at all.
member
Activity: 168
Merit: 39
I was just looking into that actually, you guys are awesome thanks a ton.  I just did a test run and my 1080ti flew through a list in a few minutes that my 8700k took almost a whole day.  This is fantastic, now I need to customize some hardcore lists. I really hope I can get this to work.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Yeah gpus are much better.

You can normally get one that will be sufficiently fast for $500 afaik (if prices haven't changed much). You'll need a spare pcie port and be able to install it or find someone who can (without giving them access to the tokened list of previous password list).
legendary
Activity: 3682
Merit: 1580
you need something written in C and coded to take advantage of GPUs because those tend to be faster at this than CPUs. try hashcat:

https://hashcat.net/hashcat/
member
Activity: 168
Merit: 39
Hello, need help please.  I'm using btcrecover, I currently have an 8700k and it's been plenty sufficient for checking the couple million variations I made in the passwords list.  But it hasn't found my password yet and it's time to step it up in the tokens file so I need something stronger, and I'm not willing to spend more than a grand on a CPU.

Would a 2950x 24/48 or a 3950x 16/32 be faster for this program?  Logically the more cores makes sense, but I remember reading Threadripper Gen2 had an efficiency issue with the design and you can see it in the benchmarks where it severely lacks.  But at the same time it wouldn't be doing anything hardcore other than checking passwords against a wallet file.  So which would be better for this?  I know the Ryzen 9 3950x is much better as an all around daily driver, but this would be just for this purpose and sold once the wallet password is recovered.

What do you guys think?


The conclusion is here if you guys need help: https://bitcointalksearch.org/topic/m.53409785
Jump to: