Solve a riddle, guess a 4 char password and add 10 BTC to your xmas... SOLVED!!

[techmix]

I have made a 1 Gb dictionary but I cant tell gpg to shut up and just check the passphrase it slows the whole process down

Sorry am not an expert with GPG myself - but it does have a lot of options that you can't see from just the --help (try searching about that).

I finally managed to shut it up! I'm now just checking the dictionary!

[CIYAM]

I finally managed to shut it up! I'm now just checking the dictionary!

Good stuff - first clue is coming soon (am getting tired)...

[CIYAM]

Okay - I have 10 confirmations now and the BTC has not moved - so here is the first hint in regards to the line of the script that was changed:

Code:

at least

more hints to follow if the 10 BTC is not taken by the time I get up tomorrow.

[Deafboy]

I hate myself for being so lazy not even trying to pick 10 free BTC.
It's just some bash kungfu and gpg magic.
In theory. I know what to do. I'm just lazy to google the syntax.

I hate myslef...

[phr33]

I've brute forced all 62^4 combinations using the following "salt modifications":

password="${password}+${password}=${password}${password}@L3AsT"  (yeah - I didn't understand that this line was modified at first...)

After the "at least" hint:
password="${password}+${password}=${password}${password}>"
password="${password}+${password}=${password}${password}>="
password="${password}+${password}>=${password}${password}"
password="${password}+${password}>${password}${password}"
password="${password}+${password}=${password}${password}atleast"

No hit so far and no idea what to try next. I test ~10200 passwords per second so the entire space take some 20 minutes. That's using one core only. If I had more ideas on the salt mod I guess I could fire off 4 runs at once...

[Deafboy]

Try to add space between at least

[K1773R]

I've brute forced all 62^4 combinations using the following "salt modifications":

password="${password}+${password}=${password}${password}@L3AsT"  (yeah - I didn't understand that this line was modified at first...)

After the "at least" hint:
password="${password}+${password}=${password}${password}>"
password="${password}+${password}=${password}${password}>="
password="${password}+${password}>=${password}${password}"
password="${password}+${password}>${password}${password}"
password="${password}+${password}=${password}${password}atleast"

No hit so far and no idea what to try next. I test ~10200 passwords per second so the entire space take some 20 minutes. That's using one core only. If I had more ideas on the salt mod I guess I could fire off 4 runs at once...

how r u getting 10.2kH/s?

[CIYAM]

Second hint will be coming after 50 confirmations...

[K1773R]

something i was wondering, did u run the bash script in real linux or cygwin/similiar?

[CIYAM]

I used a Puppy distro on an old IBM Thinkpad X40 (am hoping to get a SUSE Studio distro that will work on it so I can share it but no luck getting that to boot so far).

I also have tested the exact same script on an OpenSUSE 12.2 install (running on 64 bit hardware).

[K1773R]

I used a Puppy distro on an old IBM Thinkpad X40 (am hoping to get a SUSE Studio distro that will work on it so I can share it but no luck getting that to boot so far).

I also have tested the exact same script on an OpenSUSE 12.2 install (running on 64 bit hardware).

ty

[CIYAM]

Okay > 50 confirmations now - second hint (which is actually a slightly different version of the first hint):

Code:

(at least)

[BkkCoins]

Aww. Geez. I was hoping for a hint like "you used the default cast5 cipher"...

btw oclhashcat doesn't seem to support gpg encryption so I guess using the GPU is out for this.

[CIYAM]

All the GPG options I used were default values (only filled in a name and email address and of course the password).

[K1773R]

will there be a 3rd hint?

[CIYAM]

will there be a 3rd hint?

If the funds are still there after 100 confirmations I will give a 3rd hint (and a 4th hint is probably not going to be necessary).

[BkkCoins]

All the GPG options I used were default values (only filled in a name and email address and of course the password).

And the encrypted address key is only the key and nothing else?

So it would start with 5... and not eg. PrivKey: 5...

Sometimes there so many assumptions.

Also, I see your outputs of the data say "MingW32" for gpg version but I guess that's just that you outputted the values on Windows because you stated you generated them on Linux.

[CIYAM]

I used "vanitygen" to create the address so am pretty certain that the encrypted content would start with:

Privkey:5

[K1773R]

I used "vanitygen" to create the address so am pretty certain that the encrypted content would start with:

Privkey:5

so password is in the following format?

Code:

Privkey:${privkey}

if so u should have told us earlier, we'r all searching for a real privkey.

[CIYAM]

I used "vanitygen" to create the address so am pretty certain that the encrypted content would start with:

Privkey:5

so password is in the following format?

Code:

Privkey:${privkey}

if so u should have told us earlier, we'r all searching for a real privkey.

I was answering a question about what the *decrypted content* of the GPG message looks like (not about the "salt" formatting - only the "hints" that I give out are directly about that).