Author

Topic: How to manually decrypt Electrum and Bitcoin Core wallets? (Read 202 times)

jr. member
Activity: 33
Merit: 7
Moderators, please delete all the useless flood above!
I'm only interested in the technical part of decrypting AES-CBC in go:

Code:
encKey := doubleSHA([]byte("password"))
ciphertext, err := base64.StdEncoding.DecodeString("***base64 string from the wallet***")
if err != nil {
    panic(err)
}

block, err := aes.NewCipher(encKey)
if err != nil {
    panic(err)
}
blockSize := block.BlockSize()
iv := ciphertext[:blockSize]

ciphertext = ciphertext[blockSize:]
   
if len(ciphertext)%blockSize != 0 {
    panic("ciphertext is not a multiple of the block size")
}

mode := cipher.NewCBCDecrypter(block, []byte(iv))
mode.CryptBlocks(ciphertext, ciphertext)

fmt.Printf("%s\n", ciphertext)
legendary
Activity: 3472
Merit: 10611
smart decision Shiva. don;t believe developers (this is not ironic)
That makes no sense! You never "believe developers" ever. You only trust the code that you can see and compile yourself and Electrum has an open source code that can be reviewed and easily compiled.
newbie
Activity: 12
Merit: 33
smart decision Shiva. don;t believe developers (this is not ironic)
HCP
legendary
Activity: 2086
Merit: 4361
I am trying to write my own utility for manual decryption of Electrum and Bitcoin Core wallet.dat files.
Do note that wallet.dat files are not encrypted at the file level... When you enable encryption, certain data records within the database file (what a wallet.dat actually is) are encrypted.

But you can parse/read the file with the appropriate database "viewer" (like dbdump)... you'll just get encrypted bytes for some of the records.

Have a read of this topic: recover keys from wallet.dat without using pywallet

And if you understand python... you'll find my "core decryptor" python script in one of the posts in that thread as a working example: https://bitcointalksearch.org/topic/m.57036972




Electrum is a slightly different beast... it has three "encryption states" for the wallet file:

1- Unencrypted plaintext (No password set)
2- Plaintext but with 'sensitive data' (ie. private keys/seeds etc) encrypted (Password only set)
3- Fully encrypted file (password set + encrypt file option selected)

As suggested, you can probably get a feel for how the decryption of either the individual fields (#2) or full file (#3) is done by looking at the source code for Electrum.

I haven't actually tried decrypting Electrum wallet files manually.


Also, I don't have any experience with golang, so can't really assist with porting the core decryptor code Undecided
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Which one actually do you want to decrypt? The wallet or the Electrum software?

If you talking about Decrypting the Electrum software why not go to their open-source https://github.com/spesmilo/electrum
Then you can develop it with your own utility that you want to add.

Or are talking about the wallet file or wallet.dat with a password?

There is a way to brute-force it but without the portion of the password or seed phrase it will take years before you can recover your password or wallet.
jr. member
Activity: 33
Merit: 7
I am trying to write my own utility for manual decryption of electrum files.
Jump to: