Wallets from 2014 vs Wallets from 2021

[CryptCrypt]

Hello, today I bring you a classic.

I am trying to recover a wallet.dat with date Feb 2014 of which I DO NOT REMEMBER THE KEY !!!
Wait, wait ... Don't go yet, this gets better ...

Actually, I remember half of the password, so I downloaded btc-qt v0.21.0 and loaded the wallet and, initially, there was no problem and I loaded it without errors. Indeed, the wallet is encrypted.

Well, I downloaded btcrecover , as I said, I will only need 4/5 characters to get it and I have a couple of powerful GPUs ...
So I have tried btcrecover with a wallet of btc-qt v0.21 (just created, so I know the key) and I made it difficult for btcrecover. After 19million passwords I got the correct one.

At this point, I tried the wallet from 2014 and there was no way. HOWEVER, I had other wallets from 2015 (ltc, doges) and another from btc from 2016 of which I DID NOT REMEMBER THE KEY. The 2015 ones I didn't get any but the 2016 btc one did found it (I put patterns, etc and it took it out after 3h testing).

Furthermore, the size of the 2014 wallet is 70kb while an empty wallet from 2021 is 1.5mb

I downloaded a snapshot of Arch Linux from 2014 that included the btc v0.9.0 , with which I created the original wallets and YES it's size is 70kb . I changed the passphrase of this one and the key was recovered by btcrecover .

I thought that the format of the Wallet would be different but ... no. I still find it very strange that I do not get the btc key but I do with the other currencies / versions ...

I passed the wallets through the bitcoin2john.py (which I don't know very well what it does, I suppose it decrypts it ... but without a password or anything? Any ideas?) And it got me the next.

Code:

# BTC2014 $ bitcoin $ 64 $ 6a750G4ef1867cff00d941df3d1165c39164b4273aca3c7e57af5adf60183945 $ 16 $ 83c69fe19b89ab31 $ 81501 $ 2 $ 00 $ 2 $ 00
# DGE2015 $ bitcoin $ 64 $ cf76aeFba7fb934a2bec1188374c4e6ba48eec8420a6d31ed60938bfb338f7c5 $ 16 $ 7c764655dce776eb $ 76294 $ 2 $ 00 $ 2 $ 00
# LTC2015 $ bitcoin $ 64 $ 46566411G6f01f736a5b3034a6f08c243c56b2a80f8efae989b82c7f6ce9a16a $ 16 $ 043d2183deb8a8f0 $ 83 052 $ 2 $ 00 $ 2 $ 00
# BTC2016 $ bitcoin $ 64 $ 51af538da4S6ea0ef645c1f3e48235bc154fd223b6b80055384cb23b9b349274 $ 16 $ 41cd67deea8c4a99 $ 292912 $ 2 $ 00 $ 2 $ 00
# BTC2021 $ bitcoin $ 64 $ 7c2ccf1efA605be8bd2b6a5976fb82e1347a3b379212ef2ce06e4bd642fdea80 $ 16 $ 441c84e628c44f46 $ 269046 $ 2 $ 00 $ 2 $ 00

As you can see, those of 2014 and 2015 have one less character. I don't know if this has something to do with it or not.
The btc-qt v0.21 does not give me errors when loading the 2014 and 2015 wallets , in fact it detects the movements that there were. The btcrecover does not show any error either (I don't know, something like the wallet was not formatted correctly or something like that, but no ...)

I'm also not sure what each fields represents:

Code:

 $ bitcoin => currency?
$ 64 => 64 bytes of encryption
$ 6a75 ... 945 => key that I am looking for?
$ 16 => no idea ...
$ 83c69fe19b89ab31 => no idea ... (I have read some salt, which I think is how it is encrypted)
$ 81501 => no idea ...
$ 2 => no idea ...
$ 00 => no idea ...
$ 2 => no idea ...
$ 00 => no idea ... 

At this point, I'm a bit stuck. I'm not sure what to do... Before leaving computers for eons trying to get the password, I prefer to exhaust the possibilities and understand well the fields of wallets and everything that surrounds them.

So my doubts are:
1. What does bitcoin2john.py do?
2. What does each field of the wallet represent? ? Link with info?
3. Any ideas about wallet versioning?
4. Any place where I can find technical information of this level?
5. And more importantly ... Any ideas to keep trying to decrypt the wallet?

PS: In 2015/2016 I took out almost all the bitcoins, there were only a few satoshis that today are worth 8€ ... so it pisses me off, but I don't want to commit suicide thinking I'm a millionaire xD

[1713923126]

1713923126

[1713923126]

1713923126

[achow101]

Furthermore, the size of the 2014 wallet is 70kb while an empty wallet from 2021 is 1.5mb

This is expected. Prior to BIP 32 HD wallets (introduced in Bitcoin Core 0.13 in 2016), wallets pregenerated 100 keys (for both receiving and change). After BIP 32 HD wallets, wallets pregenerated 2000 keys (1000 for receiving, 1000 for change). This causes the size difference.

I thought that the format of the Wallet would be different but ... no.

The format has not changed. Compatibility is maintained.

As you can see, those of 2014 and 2015 have one less character. I don't know if this has something to do with it or not.

It does not. That 3rd parameter is a number of iterations to do and is based off of a benchmark of your computer that is done at the time encryption is added.

The btc-qt v0.21 does not give me errors when loading the 2014 and 2015 wallets , in fact it detects the movements that there were. The btcrecover does not show any error either (I don't know, something like the wallet was not formatted correctly or something like that, but no ...)

This is expected. Compatibility is maintained.

I'm also not sure what each fields represents:

The format is as follows:

Code:

$bitcoin$<length of encrypted key>$<encrypted key>$<length of salt>$<salt>$<derivation method iteration count>$<length of derivation method>$<derivation method>$<length of additional parameters>$<additional parameters>$

<length of encrypted key> is always 64. The encrypted key is a 32 byte key which means it is 64 characters.
<encrypted key> is the encryption key which itself is encrypted with your passphrase. Your passphrase is hashed to get the key that is used to encrypt this encrypted key.
<length of salt> is always 16. The salt is 8 bytes which means it is 16 characters.
<salt> is the salt. It is randomly generated. The salt is combined with your passphrase to generate the key used to encrypt the actual encryption key.
<derivation method iteration count> is the number of times to run the hash function that is used to derive the encryption key from your passphrase.
<length of derivation method> is always 2. The derivation method is stored as a single byte number, so it is always 2 characters.
<derivation method> is an integer that indicates the function to be used to derive the encryption key from the passphrase. Currently there is only one method, SHA512, and it is indicated with the number 0.
<length of additional parameters> is always 2. There are no additional parameters, so it is represented by a single byte of 0, which makes the length 2 characters.
<additional parameters> is always 00. There are no additional parameters, so it is always a 0 byte.

[NotATether]

1. What does bitcoin2john.py do?

People mainly run bitcoin2john on wallet files to get the hash, which can then be attacked by hashcat.

2. What does each field of the wallet represent? ? Link with info?

Achow gave you a good answer for this so I will skip to the next one.

3. Any ideas about wallet versioning?

If a new wallet version ever changes how the hash is created, the outputs of bitcoin2john will have different values, for example salt length or number of rounds. It just scrapes this information from the wallet file.

5. And more importantly ... Any ideas to keep trying to decrypt the wallet?

The next step is to download and run hashcat and run it with the options hashcat -a 0 -m 11300 <paste the hash here> <dictionary file>. -a 0 stands for attack mode 0 which just uses a dictionary file with a password on each line, it's good if you have a large number of passwords you think you used or you used an easy-to-guess password. There's also a "mask mode" you can toggle to construct a pattern to match each characters of a potential pattern against. -m 11300 interprets the hash as one from a Bitcoin or Litecoin wallet.dat file, and it'll probably work for your dogecoin wallet too. Then you paste the hash

For the hash you need to paste the entire line you for from bitcoin2john.py. Then you need to make a dictionary file or download one from the internet. But if you remember using some unique password then you're probably better off making the file yourself.

Instead of putting the hash on the command line you can also put all 5 hashes in a file and pass that in place of the hash.

4. Any place where I can find technical information of this level?

You don't need to understand every field of the bitcoin hash because the important part is just pasting it into into hashcat and it'll do the brute forcing work for you.

[HCP]

Actually, I remember half of the password, so I downloaded btc-qt v0.21.0 and loaded the wallet and, initially, there was no problem and I loaded it without errors. Indeed, the wallet is encrypted.
...
I still find it very strange that I do not get the btc key but I do with the other currencies / versions ...

Why is it strange? How do you even know that the "half of the password" is actually correct? Are you assuming that because the "half of the password" worked on some of your other wallets (for ltc/doge etc), that it must also be "half of the password" to your btc wallet?

Unfortunately, you have not way of knowing this is true until you actually find the correct passphrase for the wallet.dat.

It is entirely possible that the "half of the password" that you believe to be correct, is in fact completely wrong... which would explain why btcrecover is not able to recover the complete passphrase, as if you've given it an incorrect starting point, then btcrecover will never be able to find the passphrase.

That is to say... if the passphrase is: password123
and you believe that the passphrase starts: "abc", then there is literally 0% chance that btcrecover would be able to get end up finding "password123"

[CryptCrypt]

Hey guys, thank you very much for your replies. I did not know the answers because bitcointalk did not notify me by email.

Code:

$bitcoin$<length of encrypted key>$<encrypted key>$<length of salt>$<salt>$<derivation method iteration count>$<length of derivation method>$<derivation method>$<length of additional parameters>$<additional parameters>$

<length of encrypted key> is always 64. The encrypted key is a 32 byte key which means it is 64 characters.
<encrypted key> is the encryption key which itself is encrypted with your passphrase. Your passphrase is hashed to get the key that is used to encrypt this encrypted key.
<length of salt> is always 16. The salt is 8 bytes which means it is 16 characters.
<salt> is the salt. It is randomly generated. The salt is combined with your passphrase to generate the key used to encrypt the actual encryption key.
<derivation method iteration count> is the number of times to run the hash function that is used to derive the encryption key from your passphrase.
<length of derivation method> is always 2. The derivation method is stored as a single byte number, so it is always 2 characters.
<derivation method> is an integer that indicates the function to be used to derive the encryption key from the passphrase. Currently there is only one method, SHA512, and it is indicated with the number 0.
<length of additional parameters> is always 2. There are no additional parameters, so it is represented by a single byte of 0, which makes the length 2 characters.
<additional parameters> is always 00. There are no additional parameters, so it is always a 0 byte.

achow101 thank you very much for your detailed explanation. Now I'm sure that the wallet.dat is not corrupted.

The next step is to download and run hashcat and run it with the options hashcat -a 0 -m 11300 <paste the hash here> <dictionary file>. -a 0 stands for attack mode 0 which just uses a dictionary file with a password on each line, it's good if you have a large number of passwords you think you used or you used an easy-to-guess password. There's also a "mask mode" you can toggle to construct a pattern to match each characters of a potential pattern against. -m 11300 interprets the hash as one from a Bitcoin or Litecoin wallet.dat file, and it'll probably work for your dogecoin wallet too. Then you paste the hash

For the hash you need to paste the entire line you for from bitcoin2john.py. Then you need to make a dictionary file or download one from the internet. But if you remember using some unique password then you're probably better off making the file yourself.

Instead of putting the hash on the command line you can also put all 5 hashes in a file and pass that in place of the hash.

So.. I should run

Code:

hashcat -a 0 -m 11300 $bitcoin$64$6a750G4ef1867cff00d941df3d1165c39164b4273aca3c7e57af5adf60183945$16$83c69fe19b89ab31$81501$2$00$2$00

I tried hashcat few weeks ago. It was slower than btcrecover (I think btcrecover uses all cores of GPU). I assume that btcrecover does the same as hashcat but with the wallet.dat file instead wallet hash.

Why is it strange? How do you even know that the "half of the password" is actually correct? Are you assuming that because the "half of the password" worked on some of your other wallets (for ltc/doge etc), that it must also be "half of the password" to your btc wallet?

Unfortunately, you have not way of knowing this is true until you actually find the correct passphrase for the wallet.dat.

It is entirely possible that the "half of the password" that you believe to be correct, is in fact completely wrong... which would explain why btcrecover is not able to recover the complete passphrase, as if you've given it an incorrect starting point, then btcrecover will never be able to find the passphrase.

That is to say... if the passphrase is: password123
and you believe that the passphrase starts: "abc", then there is literally 0% chance that btcrecover would be able to get end up finding "password123"

Yes, I'm sure that the password is created by my own pattern. I just recover a few other wallets with btcrecover. The key is to create patterns and choose only the characters that I suppose I used. They are words, and in my language + words that I usually use (there are many letters of the alphabet that are not used (w, x, y, k) and special characters I only use three or four). So I think I have a chance of getting them back.

Once again, thank you very much.

[HCP]

hashcat should be much faster than btcrecover. Hashcat is written in C (which is a compiled language), whereas btcrecover is written in Python (which is an interpreted language).

If hashcat isn't using your GPU, then most likely it is a driver issue, or your GPU is not supported... I would suggest you start reading here: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_install_hashcat

And thoroughly read the "How does one install the correct driver for the GPU(s)?" and "GPU device not found, why?" sections of the FAQ if hashcat is not using it properly.

What GPU do you have?