Old copay.aes backup importing

[saekki]

Hi,

I'm trying to import an old copay.aes wallet backup which I last used at 2015. I can import it to Bitpay wallet using a password, see my balance, but when I try to do a transaction it again asks for encrypt password, but since the same password I used before is not accepted this must be different, and I can't remember what it could be. Is there any way to recover funds using copay.aes-file and a password which I use to import it?

Bitpay-wallet does not show which addresses are used to store the funds, but I somehow managed to calculate the public address using one of the keys on the encrypted aes-file, can't even remember now which (xpub?).

[1713305438]

1713305438

[1713305438]

1713305438

[1713305438]

1713305438

[1713305438]

1713305438

[saekki]

I can get to the point where I have to confirm transfer. It asks for a "encrypt password", which can be reset using 12 word recovery phrase, which I don't think I have either.

[odolvlobo]

I can get to the point where I have to confirm transfer. It asks for a "encrypt password", which can be reset using 12 word recovery phrase, which I don't think I have either.

https://support.bitpay.com/hc/en-us/articles/115003004403-I-forgot-my-wallet-s-encrypted-password-What-can-I-do-

[HCP]

If you don't have the 12 word recovery phrase, then your only option is to remember what your encrypt password was.

Depending on the .aes file, you might be able to extract a hash from the file and use something like hashcat to bruteforce it, but you'd need to have some idea of what the password you used was (password length, types of characters/numbers/symbols used, random chars or words? etc)


Failing that, I found this link for the "bitcoin.com wallet", which was a fork of CoPay... they say that the wallet backups were encrypted using SJCL... and that you can use the online demo to try and decode it using your "password".


Obviously, the usual caveats of using "online" pages with sensitive data like passwords/keys/wallet files etc apply You should be able to save the page and run it offline.

[saekki]

Depending on the .aes file, you might be able to extract a hash from the file and use something like hashcat to bruteforce it, but you'd need to have some idea of what the password you used was (password length, types of characters/numbers/symbols used, random chars or words? etc)

Thanks, I think I have the wallet file itself decrypted with the right password, the same I use for importing the wallet. And I found some random numbers and letters for example walletPrivKey, xPubKey and xPrivKeyEncrypted, which I'd guess at least some of are hashes. I'd think the next step would be trying to brute force these. I tried hashcat as you suggested and even got it working with simple test hashes, but all these different hashes and salts are getting over my head.