Android Password Hacker

[Tranz]

I had my phone erased, due to my own mistake. So I needed to get my wallet running again on my phone from a backup I created. Well when I went to import it, I could not for the life of me get the correct password. I tired for over an hour.

So after reading a few of the posts here and some from the bitcoind forum I modified a ruby script created by Revalin to work with openssl and look for the correct header record as specified here: https://raw.githubusercontent.com/schildbach/bitcoin-wallet/master/wallet/README.recover

The ruby code works well enough, it is for the newer (v3.47+) wallets, but can be quickly modified for older ones. It does create some files in the system directory based on the password you put in the script. Likely due to the ">" in the charters var.  I am sure someone more knowledgeable in ruby could fix it up proper. It was my first time I have used that language, and it solved my issue.

Anyway I didn't see anything specific for this type of wallet, so I thought I would share. Hope this helps someone some day.

Code:

#!/usr/bin/ruby -w

# Put your best guess in passphrase
passphrase = "oops"
characters = " !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"

def test(phrase)
  print phrase, "\t"
  msg=`openssl enc -d -aes-256-cbc -a -in bitcoin-wallet-backup-2014-12-06 -k #{phrase} |tr -cd "[:print:]" | awk '{print $1}'`
  msg = msg.chomp
  if msg == "org.bitcoin.production"
    puts "Found it!  #{phrase}"
    exit 0
  end
end

# transpose adjacent chars
(passphrase.length - 1).times do |i|
  testphrase = passphrase.dup
  testphrase[i] = passphrase[i+1]
  testphrase[i+1] = passphrase[i]
  test testphrase
end

# delete one char
passphrase.length.times do |i|
  testphrase = passphrase.dup
  testphrase = testphrase[0,i] + testphrase[(i+1)..-1]
  test testphrase
end

# substitutute one char
passphrase.length.times do |i|
  characters.chars.each do |c|
    testphrase = passphrase.dup
    testphrase[i] = c
    test testphrase
  end
end

# insert one char
(passphrase.length + 1).times do |i|
  characters.chars.each do |c|
    testphrase = passphrase.dup
    testphrase.insert(i, c)
    test testphrase
  end
end


puts "No luck."
exit 1

[btchris]

Anyway I didn't see anything specific for this type of wallet, so I thought I would share. Hope this helps someone some day.

FWIW, btcrecover supports Bitcoin Wallet for Android. It supports searching for openssl passwords or scrypt PINs in these formats:

• Bitcoin Wallet for Android v3.47+ (protobuf with or w/o a PIN, with or w/o openssl)
• Bitcoin Wallet for Android v2.3 - v3.46 key backup files (openssl starting with "# KEEP YOUR PRIV")
• Bitcoin Wallet for Android v2.24 and older key backup files (openssl starting with a WIF, same as MutliBit .key files)

how long did it take (excluding the programming)?

Slightly related if you've any interest, performance numbers comparing btcrecover (and JohnTheRipper) for various wallet formats (including the above), running on a 2nd gen. quad-core i5, are available here: http://1drv.ms/1pnpk0m

[btchris]

Very interesting, thanks for that!

In the performance table, it appears only the spending PIN protection is covered. Did you measure backup passwords as well?

Side note: you should probably correct the name in the first column to "Bitcoin Wallet", because the app is available for BlackBerry as well.

Welcome!

The backup password speeds are identical to MultiBit Classic, so I didn't bother listing them both.

Are the file formats the same for BlackBerry?

[btchris]

Are the file formats the same for BlackBerry?

Yes, the app is identical.

That's great, thanks.

I corrected both the spreadsheet and the btcrecover repo.

[Tranz]

Anyway I didn't see anything specific for this type of wallet, so I thought I would share. Hope this helps someone some day.

FWIW, btcrecover supports Bitcoin Wallet for Android. It supports searching for openssl passwords or scrypt PINs in these formats:

• Bitcoin Wallet for Android v3.47+ (protobuf with or w/o a PIN, with or w/o openssl)
• Bitcoin Wallet for Android v2.3 - v3.46 key backup files (openssl starting with "# KEEP YOUR PRIV")
• Bitcoin Wallet for Android v2.24 and older key backup files (openssl starting with a WIF, same as MutliBit .key files)

how long did it take (excluding the programming)?

Slightly related if you've any interest, performance numbers comparing btcrecover (and JohnTheRipper) for various wallet formats (including the above), running on a 2nd gen. quad-core i5, are available here: http://1drv.ms/1pnpk0m

Thanks I couldn't find it in my searches. But now I know!

[Tranz]

Thanks! Did you manage to recover your backup password with this tool, and how long did it take (excluding the programming)? If I may ask, what's the length of your password?

Yes I got my pass. It took the computer 20 seconds. I knew pretty closely what my pass was, I was off by 1 letter. 16 long.