How to manually decrypt Electrum and Bitcoin Core wallets?

CryptoSh1va

jr. member

Activity: 33

Merit: 7

Moderators, please delete all the useless flood above!
I'm only interested in the technical part of decrypting AES-CBC in go:

Code:

encKey := doubleSHA([]byte("password"))
ciphertext, err := base64.StdEncoding.DecodeString("***base64 string from the wallet***")
if err != nil {
panic(err)
}

block, err := aes.NewCipher(encKey)
if err != nil {
panic(err)
}
blockSize := block.BlockSize()
iv := ciphertext[:blockSize]

ciphertext = ciphertext[blockSize:]

if len(ciphertext)%blockSize != 0 {
panic("ciphertext is not a multiple of the block size")
}

mode := cipher.NewCBCDecrypter(block, []byte(iv))
mode.CryptBlocks(ciphertext, ciphertext)

fmt.Printf("%s\n", ciphertext)

pooya87

legendary

Activity: 3402

Merit: 10424

Quote from: interiawp on August 31, 2021, 02:27:49 PM

smart decision Shiva. don;t believe developers (this is not ironic)

That makes no sense! You never "believe developers" ever. You only trust the code that you can see and compile yourself and Electrum has an open source code that can be reviewed and easily compiled.

interiawp

newbie

Activity: 24

Merit: 33

smart decision Shiva. don;t believe developers (this is not ironic)

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: CryptoSh1va on August 31, 2021, 01:18:59 PM

I am trying to write my own utility for manual decryption of Electrum and Bitcoin Core wallet.dat files.

Do note that wallet.dat files are not encrypted at the file level... When you enable encryption, certain data records within the database file (what a wallet.dat actually is) are encrypted.

But you can parse/read the file with the appropriate database "viewer" (like dbdump)... you'll just get encrypted bytes for some of the records.

Have a read of this topic: recover keys from wallet.dat without using pywallet

And if you understand python... you'll find my "core decryptor" python script in one of the posts in that thread as a working example: https://bitcointalksearch.org/topic/m.57036972

Electrum is a slightly different beast... it has three "encryption states" for the wallet file:

1- Unencrypted plaintext (No password set)
2- Plaintext but with 'sensitive data' (ie. private keys/seeds etc) encrypted (Password only set)
3- Fully encrypted file (password set + encrypt file option selected)

As suggested, you can probably get a feel for how the decryption of either the individual fields (#2) or full file (#3) is done by looking at the source code for Electrum.

I haven't actually tried decrypting Electrum wallet files manually.

Also, I don't have any experience with golang, so can't really assist with porting the core decryptor code Undecided

BitMaxz

legendary

Activity: 3206

Merit: 2904

Block halving is coming.

Which one actually do you want to decrypt? The wallet or the Electrum software?

If you talking about Decrypting the Electrum software why not go to their open-source https://github.com/spesmilo/electrum
Then you can develop it with your own utility that you want to add.

Or are talking about the wallet file or wallet.dat with a password?

There is a way to brute-force it but without the portion of the password or seed phrase it will take years before you can recover your password or wallet.

CryptoSh1va

jr. member

Activity: 33

Merit: 7

I am trying to write my own utility for manual decryption of electrum files.

Topic: How to manually decrypt Electrum and Bitcoin Core wallets? (Read 171 times)