Author

Topic: Identify Blockchain.info MyWallet Version (Read 173 times)

newbie
Activity: 11
Merit: 0
December 15, 2017, 05:08:15 PM
#2
Just a follow-up here in case anyone has the same issue.

I was able to get into the account, created in Jan. 2014. My issue was: I had two valid-looking hashes when I ran blockchain2john.py against the wallet.aes.json. If I ran blockchain2john without args, I got a hash that began: $blockchain$704$.... If I ran blockchain2john with the argument --base64, the hash began $blockchain$528$...

Each hash was a different length and unlike modern My Wallet hashes, they did not specify the version. In my case, the second hash was the correct one and used 10 rounds of stretching or whatever it is.

My solution was to put both hashes into one hash file and run hashcat against both. Since my wordlist was very specific to me, and less than 10K words in length, it was no real addition in time. The --generate-rule function against my base list wound up finding the winner. Took 2 seconds; didn't even need the GPUs.
newbie
Activity: 11
Merit: 0
December 14, 2017, 07:22:20 PM
#1
Is there a way to do this based on the year the wallet was created?

I'm trying to decrypt an old wallet.aes.json of my own. The blockchain.info MyWallet version is not listed in the hash, but I created the account in late January 2014. I want to make sure I'm using correct number of rounds against the encryption.

I'm using Hashcat (to leverage my GPUs) against the hash file, and the "blockchain2john.py" script to extract the hash from wallet.aes.json. (see here: https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/blockchain2john.py)

Any tips for making sure I've got the right hash?

Thanks.
Jump to: