Topic: Recovering Encrypted Private Keys (AES) Please help (Read 278 times)

If that website is successfully decrypting your keys... and it seems to be using CryptoJS with "default" options... then I would guess the options for writing scripts would be:

1. Write something in Javascript that uses the CryptoJS library but reads individual lines from a file and decrypts them

or

2. Attempt to mimic the default CryptoJS settings in another language like Python and read in individual lines from a file and decrypt them


If you're not able to write such a script yourself, you'd need to find someone you trust and get them to do it for you.

---

EDIT: I got bored
EDIT 2: OOPS!! forgot the part where it says "use a SHA256 of your password as the key!"    


I've hacked up a small javascript that can be run using NodeJS (https://nodejs.org/). It seems to be decrypting stuff (I installed the "SpareCoins" extension, backed up the wallet, and tested the script on the encrypted keys from the backup file)... So, fingers crossed it would work for your file. No guarantees tho!

NOTES:
- You need the 'rollup' aes.js from CryptoJS (I've included it with my script on keybase link below).
- You need to edit the dev_keys.js file and put your password in as the 'key'
- All your encrypted keys need to be in a file called 'encrypted_keys.txt', one encrypted key per line (see example below)
- It'll create a file called 'decrypted_keys.txt', with one decrypted privatekey per line

- I've put copies of all the files on my keybase.io: https://keybase.pub/hcp/dec_keys/

- As always, use at your own risk! - I accept no responsibility for anything that happens should you decide to try this script!




example encrypted_keys.txt (the passkey is 'password'):

Using the passkey of 'password', the decrypted_keys.txt:

Can you please tell me how a script can be made. I am so lost now.
btw.. luckily none of the addresses had any btc in them. but there are like... 1000s more to go. Thank you for your concern and your advice will be heeded going forward

You should consider each and every one of those private keys as compromised and never use any of them for anything again. Likewise, consider your password compromised and don't ever use it for anything and/or change it if you've used it anywhere else!


So each private key is encrypted separately? It's not a single encrypted file... but a file of individually encrypted keys? yeeeeshhhh

The only way you'd be able to do them all at once, would be a script of some sort that could read the input file, and then individually decrypt each key and output them all to another file.

Thank you for all your response. The app was called "Sparecoins" which was a google chrome app. When I downloaded the wallet for back up, they provided me with an excel spreadsheet with the encrypted private keys (aes).

I am currently manually inputting my encrypted private keys and secret key (password) on https://www.browserling.com/tools/aes-decrypt

Is there a way I can input more than 1 encrypted private key at a time? I have hundreds of encrypted private keys I want to check for any btc balance.

You missed the part where he said that it's just a sample.


@suttonbitcoin Can you tell us the name of the wallet that exports that kind of "encrypted wallet"? So everyone here can search for the native app/tool to decrypt it.
Although there are tons of ways like HCP's example.

You shouldn't have shared that ciphertext in the OP. I suggest you remove it or someone might attempt to bruteforce your password and succeed where you've failed!

That's probably just some plaintext encrypted to AES... so you simply need to use an AES decrypt function and pass in the necessary IV and secret key... in this case, they haven't specified the IV (Initialisation Vector) and have stated that the secret key is the SHA256 digest of your password.

There are plenty of examples online of how to implement this sort of procedure... like in the first example shown here for Python: https://www.quickprogrammingtips.com/python/aes-256-encryption-and-decryption-in-python.html

In this particular instance, you can see that they are indeed using the SHA256 digest of the password as the encryption key, as it's a fairly "common" method.


Having said that, I would contact the support/devs for your web wallet and ask them for a utility/script or step by step instructions for how to decrypt your wallet info, just in case they have used something unexpected for some of the encryption values.

A private key is mathematical operation on your key so you won't be able to get the output... Its a bit like a remainder function, you won't be able to reverse engineer it.

The hash can be used to attempt to brute force your password if you have any info on what it could be?

Even if you know it was a certain number of characters (below 12-16) in length.

A while back, I saved my web wallet private keys and they gave me the following:

Encrypted Privated Keys (AES)
Use a SHA256 digest of your password as the encryption key
U2FsdGVyX7/ZffXzWVj4VzoKho4RWY30cTPHmLi9kGajQC/LHRjNPSnX8ooj74Q71uQIyeNqOCGdktvLqo3A6pW/o3EqaookldI59z1tz3E=

^ *Btw, the above is a sample of what my file looks like. not my actual wallet info*

How do I unencrypt and get my private keys? I think I remember the password but don't know where to decrypt this private key. Please help and thank you.