This thread got me thinking and I started to research a little bit.
Here is an example scenario of what could happen.
You install a bitcoin wallet on your phone, you make a backup file with a password, and store it somewhere safe.
After a year you lose your phone, buy a new one and try to recover from that backup, but you forgot that password you use to encrypt the backup.
How in the hell you can brute force it?
I did some experiments to create a backup and try to decode it. I found no info on the internet about it and started my own approach.
The source file starts with "U2FsdGVkX1" so I presumed it was an openssl encryption. So here we go.
![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FemPfPj2.png&t=663&c=AtotPDHZ812a0w)
The password of the file was 1234.
Here is the result.
![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FX3DoIyh.png&t=663&c=K7Db5rN8kR6VGg)
Of course, the wallet is empty and it's used for testing if just in case you tempt to steal my bitcoins
![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif)
I still think I'm not in the right way. People talking about that
key derivation function used to encrypt the whole file instead of having a password hash in the source.
But still, I manage to get the correct password in the 32 suggested solutions out of 10000 possibilities.
I need to read more..
Some extra thoughts, looks like
btcrecover was using Scrypt in order to crack the android bitcoin wallets so I assume is used Scrypt Key Derivation Function to encrypt the backup.
Wallet Installation Requirements
...
Bitcoin Wallet for Android/BlackBerry spending PIN - Python 2.7, scrypt, Google protobuf, optional: PyCrypto
...
https://github.com/gurnec/btcrecover/blob/master/docs/INSTALL.mdscrypt-kdf is a Node.js zero-dependency wrapper around the core Node.js OpenSSL implementation of scrypt, providing a kdf function and a verify function.
https://github.com/chrisveness/scrypt-kdf-----
I made a progression in cracking the android bitcoin wallet password using btcrecover, but no success on the Dash wallet yet, working on it too
![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
![](https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.imgur.com%2FznG0nDT.png&t=663&c=c8M6JxNn_LNb9w)
If I make a success in that experiment, I will turn this thread into a guide.
![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)