NXT Password Recovery Tool! / NXT mining rig ( :) )

[williamevanl]

I'm always forgetting my passwords so I've created a NXT password recovery tool. Basically you provide it a list of your possible passwords and it tries them against every NXT account and lets you know when it finds your account.

Its a simple executable jar, you run ./unlock.jar   (with your wordlist named words) and in seconds it spits out:

1XXXXX6 goes with-> 13265985987339974375
1XXXXXX5 goes with-> 13888415127028438325
1XXXXXXX9 goes with-> 9145748622157025476
PXXXXXXXXd goes with-> 17946328911576397249
6XXXXXXXX1 goes with-> 16866580466432022750
mXXXXXXXXl goes with-> 353866013030102193
qXXXXXXXXy goes with-> 507719274119471401
1XXXXXXXX0 goes with-> 16958579998696111878
sXXXXXXXXXn goes with-> 1381199936781422049
hXXXXXXXXXo goes with-> 3530952447553796006

... (XXX's added because those accounts/brainwallet addresses aren't mine)

I don't know if it would help anyone else but I'd offer it out for a small donation. (Also you have to promise not to do anything illegal with it, only plan to give out 10 for educational purposes)

contact: Ryanwheeler999@gmail.com

NXT: 10529688047532253405

[Wipeout2097]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all. 

[williamevanl]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  

I suppose that's possible but that would be stealing. (and that's wrong). I will say though that when I ran an api balance check and saw someone holding 975,000 NXT with a 4 character all lowercase password my mind melted. (They still have their money, obviously or I wouldn't be posting that here! )

-Will

[feedmemore]

wow, and who can reverse this now!!
more secure passwords, more secure passwords..

[Wipeout2097]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  

I suppose that's possible but that would be stealing. (and that's wrong). I will say though that when I ran an api balance check and saw someone holding 975,000 NXT with a 4 character all lowercase password my mind melted. (They still have their money, obviously or I wouldn't be posting that here! )

-Will

You are a very kind and genuine, but naive person. 

[williamevanl]

Looks like 8 left, I can also provide the java source code if someone would prefer to look at the code and run it that way. It's kind of neat just to see what people have used for passphrases:

123456789012345678901234567890XXXXXXXXXXXXXXXXX89012345678901234567890123456789 0 goes with-> 2150793311394299018

[tacotime]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  

It's a "feature".

What you fail to understand is that in order to brute force an unsecured account requires not only SHA asics, but also curve ASICS, which there are none of now.  but like as has been stated many times for you already here, this is intentional; to allow 'mining' of lost NXT in the future.

https://bitcointalk.org/index.php?topic=366105.msg4785565#msg4785565


Nxt passwords are supposed to be at least 30 random uppercase/lowercase/number characters, why the client simply doesn't generate these itself and then save them in a wallet.dat is beyond me.

[williamevanl]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  

It's a "feature".

What you fail to understand is that in order to brute force an unsecured account requires not only SHA asics, but also curve ASICS, which there are none of now.  but like as has been stated many times for you already here, this is intentional; to allow 'mining' of lost NXT in the future.

https://bitcointalk.org/index.php?topic=366105.msg4785565#msg4785565


Nxt passwords are supposed to be at least 30 random uppercase/lowercase/number characters, why the client simply doesn't generate these itself and then save them in a wallet.dat is beyond me.

I've updated the subject of the email based on this post. It's an interesting possibility.

[leo66]

That's a good method to "mined" nxt.When yon mine any coin, must be exciting

[Wipeout2097]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  

It's a "feature".

What you fail to understand is that in order to brute force an unsecured account requires not only SHA asics, but also curve ASICS, which there are none of now.  but like as has been stated many times for you already here, this is intentional; to allow 'mining' of lost NXT in the future.

https://bitcointalk.org/index.php?topic=366105.msg4785565#msg4785565


Nxt passwords are supposed to be at least 30 random uppercase/lowercase/number characters, why the client simply doesn't generate these itself and then save them in a wallet.dat is beyond me.

Wow!  

I'm not going to pay for this kind of ( more elaborate) software, but I'm sooo tempted to make a python scrypt and dictionary attack this crap, just to see how many accounts I can find with non-zero balance.

[williamevanl]

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  

It's a "feature".

What you fail to understand is that in order to brute force an unsecured account requires not only SHA asics, but also curve ASICS, which there are none of now.  but like as has been stated many times for you already here, this is intentional; to allow 'mining' of lost NXT in the future.

https://bitcointalk.org/index.php?topic=366105.msg4785565#msg4785565


Nxt passwords are supposed to be at least 30 random uppercase/lowercase/number characters, why the client simply doesn't generate these itself and then save them in a wallet.dat is beyond me.

Wow!  

I'm not going to pay for this kind of ( more elaborate) software, but I'm sooo tempted to make a python scrypt and dictionary attack this crap, just to see how many accounts I can find with non-zero balance.

I wanted to go the python route (love Python!) but ran into some issues finding the two types of encryption in Python libraries. You'll have to let me know if you get it figured out. (I think SHA256 was actually available to some extent but not Curve)

[williamevanl]

(I'm now down to 7)

[EvilDave]

Are u running this against an offline blockchain ?

Because if you are running this attack against the live NXT network,  then congratulations, mate,  u have made an account generator.

[ChuckOne]

Are u running this against an offline blockchain ?

Because if you are running this attack against the live NXT network,  then congratulations, mate,  u have made an account generator.

How is that? As long as he does not transfer money FROM that account, no account is created.

[LiQio]

...
I wanted to go the python route (love Python!) but ran into some issues finding the two types of encryption in Python libraries. You'll have to let me know if you get it figured out. (I think SHA256 was actually available to some extent but not Curve)

This one not working
- https://github.com/Hatswitch/cirripede/tree/master/curve25519-python
?

[williamevanl]

Are u running this against an offline blockchain ?

Because if you are running this attack against the live NXT network,  then congratulations, mate,  u have made an account generator.

I just have it scan the blockchain for all transactions and account numbers. (all offline following that)

[williamevanl]

...
I wanted to go the python route (love Python!) but ran into some issues finding the two types of encryption in Python libraries. You'll have to let me know if you get it figured out. (I think SHA256 was actually available to some extent but not Curve)

This one not working
- https://github.com/Hatswitch/cirripede/tree/master/curve25519-python
?

There are minor variations is the different implementations. The 64-bit integer implementation of Curve25519 in Java (ported from C) just worked for me out of the box.

[LiQio]

...
I wanted to go the python route (love Python!) but ran into some issues finding the two types of encryption in Python libraries. You'll have to let me know if you get it figured out. (I think SHA256 was actually available to some extent but not Curve)

This one not working
- https://github.com/Hatswitch/cirripede/tree/master/curve25519-python
?

There are minor variations is the different implementations. The 64-bit integer implementation of Curve25519 in Java (ported from C) just worked for me out of the box.

Could you elaborate? (bold part)

Moreover: Does your tool support GPUs for recovery (e.g. uses jCuda)? what about the performance, any specifics?

thanks

[williamevanl]

...
I wanted to go the python route (love Python!) but ran into some issues finding the two types of encryption in Python libraries. You'll have to let me know if you get it figured out. (I think SHA256 was actually available to some extent but not Curve)

This one not working
- https://github.com/Hatswitch/cirripede/tree/master/curve25519-python
?

There are minor variations is the different implementations. The 64-bit integer implementation of Curve25519 in Java (ported from C) just worked for me out of the box.

Could you elaborate? (bold part)

Moreover: Does your tool support GPUs for recovery (e.g. uses jCuda)? what about the performance, any specifics?
thanks

I'm certainly no expert in the different implmentations but a quick google search shows:

Implementation   Platform   Author   32-bit speed   64-bit speed   Constant time
curve25519    x86 32-bit   djb    265µs    N/A    yes
curve25519-donna-c64    64-bit C   agl    N/A    215µs    yes
curve25591-donna    Portable C   agl    2179µs    610µs    yes

My tool does not support GPU's (my expectation though is that it would be used with pre-defined wordlists and not random permutations. ) I don't have any metrics on number of hashes a second or anything like that. (it's the exact same implementation built into the NXT protocol)

I did rent one of Amazons EC2's supercomputer 'cc2.8xlarge' for a day ($60 bucks). I can say that was blazingly fast compared to my laptop.

[LiQio]

...
I wanted to go the python route (love Python!) but ran into some issues finding the two types of encryption in Python libraries. You'll have to let me know if you get it figured out. (I think SHA256 was actually available to some extent but not Curve)

This one not working
- https://github.com/Hatswitch/cirripede/tree/master/curve25519-python
?

There are minor variations is the different implementations. The 64-bit integer implementation of Curve25519 in Java (ported from C) just worked for me out of the box.

Could you elaborate? (bold part)

Moreover: Does your tool support GPUs for recovery (e.g. uses jCuda)? what about the performance, any specifics?
thanks

I'm certainly no expert in the different implmentations but a quick google search shows:

Implementation   Platform   Author   32-bit speed   64-bit speed   Constant time
curve25519    x86 32-bit   djb    265µs    N/A    yes
curve25519-donna-c64    64-bit C   agl    N/A    215µs    yes
curve25591-donna    Portable C   agl    2179µs    610µs    yes

My tool does not support GPU's (my expectation though is that it would be used with pre-defined wordlists and not random permutations. ) I don't have any metrics on number of hashes a second or anything like that. (it's the exact same implementation built into the NXT protocol)

I did rent one of Amazons EC2's supercomputer for a day ($60 bucks). I can say that was blazingly fast compared to my laptop.

ok, so https://github.com/Hatswitch/cirripede/tree/master/curve25519-python could be working.

ok, so same code as good old vanitygen from jlp, with added wordlist and scan blockchain/transactions functionality.

thanks for answering