Pages:
Author

Topic: GPU brute forcing an encrypted wallet - page 4. (Read 16597 times)

member
Activity: 60
Merit: 10
March 29, 2013, 12:46:41 AM
#27
Please update if you progress! I have been trying to modify Revalin's code for my password but have been unsuccessful. I too remember part of it.

Thanks
legendary
Activity: 1512
Merit: 1036
March 25, 2013, 03:32:35 AM
#26
I appreciate this message, to be clear, you are suggesting I extract the public/private key from the address the funds were sent to and just attack that? ...
Brute-forcing the AES secret directly would require you brute force the entire key space, which is infeasible. I suggest that you must make your own native code that does the pass-phrase->master key computation using possible human pass-phrases. This is intentionally made hard to crack, a good CPU will only be able to manage a few hundred key attempts a second.
sr. member
Activity: 308
Merit: 250
thrasher.
March 24, 2013, 11:19:18 PM
#25
You are out of your depth. Decrypt this message:

U2FsdGVkX1+b0djAYNFH7ci5sgIKVEVittOk11oml4C/ESACHoqEYrdz0pkCfIf7

The password is 1234

Code:
/*
Private key encryption is done based on a CMasterKey,
which holds a salt and random encryption key.

CMasterKeys are encrypted using AES-256-CBC using a key
derived using derivation method nDerivationMethod
(0 == EVP_sha512()) and derivation iterations nDeriveIterations.
vchOtherDerivationParameters is provided for alternative algorithms
which may require more parameters (such as scrypt).

Wallet Private Keys are then encrypted using AES-256-CBC
with the double-sha256 of the public key as the IV, and the
master key's key as the encryption key (see keystore.[ch]).
*/


What a cracker needs to do is extract the public and private(encrypted) ECDSA keys for some addresses out of the wallet, and perform a billion billion trial decryptions based on a passphrase iteration, generating encryption keys using the same formula Bitcoin does, then verify the decrypted privkey also will create the ECDSA pubkey. The first thing you will find challenging is to parallelize is 25000 rounds of hashing for every master key attempt.

https://www.cryptool.org/trac/CrypTool2/browser/trunk/CrypPlugins/AES/OpenCL/AESOpenCL.cl?rev=2061

I appreciate this message, to be clear, you are suggesting I extract the public/private key from the address the funds were sent to and just attack that?

I didn't attempt this method because I don't think I have the computing power necessary for that since bitcoin's wallet encryption algorithm is so crazy.

I came to the conclusion I would have a much better chance trying actual passwords from a large list of possibilites with substitutions, subtractions and additions. But my main problem now is the RPC used to interact with bitcoind is waay too slow. So instead of trying to run multiple clients at once, someone suggested I extract the portion of code the RPC interacts with. I have been trying to do that and I'm making progress but its slow.

Side note, is there a script that encrypts/decrypts the public/private from bitcoin to and from ascii?

I really appreciate everyone's input.
legendary
Activity: 1512
Merit: 1036
March 24, 2013, 09:00:50 PM
#24
You are out of your depth. Decrypt this message:

U2FsdGVkX1+b0djAYNFH7ci5sgIKVEVittOk11oml4C/ESACHoqEYrdz0pkCfIf7

The password is 1234

Code:
/*
Private key encryption is done based on a CMasterKey,
which holds a salt and random encryption key.

CMasterKeys are encrypted using AES-256-CBC using a key
derived using derivation method nDerivationMethod
(0 == EVP_sha512()) and derivation iterations nDeriveIterations.
vchOtherDerivationParameters is provided for alternative algorithms
which may require more parameters (such as scrypt).

Wallet Private Keys are then encrypted using AES-256-CBC
with the double-sha256 of the public key as the IV, and the
master key's key as the encryption key (see keystore.[ch]).
*/


What a cracker needs to do is extract the public and private(encrypted) ECDSA keys for some addresses out of the wallet, and perform a billion billion trial decryptions based on a passphrase iteration, generating encryption keys using the same formula Bitcoin does, then verify the decrypted privkey also will create the ECDSA pubkey. The first thing you will find challenging is to parallelize is 25000 rounds of hashing for every master key attempt.

https://www.cryptool.org/trac/CrypTool2/browser/trunk/CrypPlugins/AES/OpenCL/AESOpenCL.cl?rev=2061
newbie
Activity: 14
Merit: 0
March 24, 2013, 08:43:32 PM
#23
That sounds terrible. I keep a unencrypted wallet on disk, just for this reason.
sr. member
Activity: 308
Merit: 250
thrasher.
March 24, 2013, 08:21:37 PM
#22
I'm having trouble isolating the functions I need out of the bitcoin client.

So what I understand is that there is a built in 100ms delay. If I extract out the piece to unlock it and bypass the rpc I can avoid that or is that because of the algorithm used to encrypt it?
donator
Activity: 994
Merit: 1000
March 10, 2013, 09:26:32 PM
#21
You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.
Try breaking the encryption for a wallet you don't have.

First rule of business: Keep savings wallets offline. Forever.
Encryption is only meant to create an economic barrier and give you some time, once you realize that the wallet has been compromised (i.e. uploaded to the internet).
sr. member
Activity: 308
Merit: 250
thrasher.
March 10, 2013, 09:14:08 PM
#20
All of this got me thinking, wouldn't it be crazy if after all the bitcoins were handed out the infrastructure once used to mine was turned to hack wallets because of their value.

Sure, but first you'd have to get ahold of the wallet.dat file somehow.  Then, even if you could do that, keep in mind that miners get the transaction fees of all the transactions in the block in addition to the newly minted bitcoins.  So in 136 years when all new bitcoins have been issued, you'd probably still be more profitable continuing to mine (and receiving the transaction fees), unless you could get ahold of the wallet.dat of someone who had a REALLY large number of bitcoins AND an insecure password.

I had not realized that the mining would continue because of ongoing transactions which makes sense now that you say it. Thanks for that insight.
legendary
Activity: 3472
Merit: 4801
March 10, 2013, 11:33:48 AM
#19
All of this got me thinking, wouldn't it be crazy if after all the bitcoins were handed out the infrastructure once used to mine was turned to hack wallets because of their value.

Sure, but first you'd have to get ahold of the wallet.dat file somehow.  Then, even if you could do that, keep in mind that miners get the transaction fees of all the transactions in the block in addition to the newly minted bitcoins.  So in 136 years when all new bitcoins have been issued, you'd probably still be more profitable continuing to mine (and receiving the transaction fees), unless you could get ahold of the wallet.dat of someone who had a REALLY large number of bitcoins AND an insecure password.
sr. member
Activity: 308
Merit: 250
thrasher.
March 10, 2013, 04:48:17 AM
#18
You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

Not quite, I'm trying to crack a wallet with a password I created that is over 14 characters long. Since I created it though I have a base password which I know for certain is in the password which brings down the length of the password I need to crack to an insecure length. It is already pretty much known you don't use passwords less than 8 characters, preferably 14 or greater.

All of this got me thinking, wouldn't it be crazy if after all the bitcoins were handed out the infrastructure once used to mine was turned to hack wallets because of their value.
newbie
Activity: 16
Merit: 0
March 09, 2013, 08:27:25 AM
#17
You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

OP:

Quote
So I have modified it to brute force based off a base password that I know is correct, so I'm only have to brute force between 6-8 characters which is feasible.

He knows part of the password so has some a priori information to go off of, not like cracking a private key. It still might take a while.
legendary
Activity: 947
Merit: 1008
central banking = outdated protocol
March 09, 2013, 02:59:45 AM
#16
You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

Maybe you are confusing cracking the user password for the wallet with cracking a private key? A wallet password would crack easier or harder depending on what the password was.
newbie
Activity: 21
Merit: 0
March 09, 2013, 02:49:55 AM
#15
You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.
legendary
Activity: 1600
Merit: 1014
March 08, 2013, 09:57:48 PM
#14
can you not somehow utilize hashcat or john the ripper for that?
sr. member
Activity: 308
Merit: 250
thrasher.
March 08, 2013, 09:46:11 PM
#13
Don't use bitcoind RPC interface, it's waaaaaaay to slow.

Go to github, find the 'wallet unlock code'-part, extract and use this code to bruteforce.

Great idea, thank you.

Ill share my code when it is ready, incase anyone else runs into this.
newbie
Activity: 39
Merit: 0
March 07, 2013, 05:58:36 PM
#12
Don't use bitcoind RPC interface, it's waaaaaaay to slow.

Go to github, find the 'wallet unlock code'-part, extract and use this code to bruteforce.
sr. member
Activity: 308
Merit: 250
thrasher.
March 07, 2013, 05:00:40 PM
#11
AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

You would be correct.
Naah, multiple rounds of AES. bruteforcing sucks.

So since its multiple rounds I would be better off trying to just crack via multiple instances of the bitcoind rpc?
legendary
Activity: 1050
Merit: 1000
You are WRONG!
March 05, 2013, 03:11:38 AM
#10
AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

You would be correct.
Naah, multiple rounds of AES. bruteforcing sucks.
newbie
Activity: 3
Merit: 0
March 05, 2013, 12:01:08 AM
#9
AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

You would be correct.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
March 04, 2013, 12:58:11 PM
#8
Mining involves generating hashes, which apparently GPU shaders are good at.  I'm not sure what algorithm is used for encrypting your private keys, but I guess the first thing to figure out is if a GPU would be any good at that algorithm anyhow.

AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU
Pages:
Jump to: