What encrypted in the HASH string?

[walletrecovery]

I spent many days searching for information and gave up, I decided to put a question here:

Here is a HASH of a real password-protected wallet with a zero balance, created for this experiment.
Bitcoin Core version 22 was used for encryption.

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$9baaabed8bde61f4da580ff22905fd2dab69b6193bb365f0fdfbc540ff9f20fc
$16
$9d4164a034dfdb82
$307949
$96
$0497430f102ff66a1556910eb9b9f3277cc38f437fb79f1d78345c770ac918cba04e48e785e29cc169a4e3c0b88b39f5
$66
$03fff614df1bd468aa061bec32eff7b14c42a0a3d0df7d984a7b74a30a99f0ec87

Here is the HASH of the same wallet, encrypted with the same password, but a few minutes later!


For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$da208ddba0272b9fd6f3d144b01ffd9ac862909547a8f40909f6053cb82377af
$16
$1e3edd4b096fe67d
$309436
$96
$7f41727bbe91875979a7cd8422c758bec849c28f4c2399d31583b9756df5bd5ab13ba4bdb30e21f9b7fdba5f210820a3
$66
$03ffed46dcde1175aa57a2a27a38923a8bf97666d1959d80cee2487b8395d25acb

Question: what exactly is encrypted in these HASH fragments (except private keys),
I used to do the same experiments on old versions of Bitcoin Core (2014-2015-2016-2017)
and only 1 fragment changed in the HASH string, not all, as you see in this example.

_____________________________________________________________________________

Here is a HASH of a real password-protected wallet with a zero balance, created for this experiment.
Bitcoin Core version 14 was used for encryption.

$bitcoin$64$c4ab02b223aab0a41558ab4ac04dec75768bf940bb35b664264bc4ff4e4b8e92$16$6d50f442918a5c9d$178099$96$e52515510f4ea8c8f4990f9cff3617353d277f43f83c998124accfb00ccb9808481f1520625bf79f68eb90914843213d$66$03ff307c1a0444dc016f6cef217cc5f1b6b4a6e244b088a1ab2939205eb8e974dc

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$c4ab02b223aab0a41558ab4ac04dec75768bf940bb35b664264bc4ff4e4b8e92
$16
$6d50f442918a5c9d
$178099
$96
$e52515510f4ea8c8f4990f9cff3617353d277f43f83c998124accfb00ccb9808481f1520625bf79f68eb90914843213d
$66
$03ff307c1a0444dc016f6cef217cc5f1b6b4a6e244b088a1ab2939205eb8e974dc

Here is the HASH of the same wallet, encrypted with the same password, but a few minutes later!

$bitcoin$64$c4ab02b223aab0a41558ab4ac04dec75768bf940bb35b664264bc4ff4e4b8e92$16$6d50f442918a5c9d$178099$96$e52515510f4ea8c8f4990f9cff3617353d277f43f83c998124accfb00ccb9808481f1520625bf79f68eb90914843213d$66$03ff307c1a0444dc016f6cef217cc5f1b6b4a6e244b088a1ab2939205eb8e974dc

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$c4ab02b223aab0a41558ab4ac04dec75768bf940bb35b664264bc4ff4e4b8e92
$16
$6d50f442918a5c9d
$178099
$96
$e52515510f4ea8c8f4990f9cff3617353d277f43f83c998124accfb00ccb9808481f1520625bf79f68eb90914843213d
$66
$03ff307c1a0444dc016f6cef217cc5f1b6b4a6e244b088a1ab2939205eb8e974dc

Here is the HASH of the same wallet, encrypted with other password (I change 1 symbol only), but a few minutes later!

$bitcoin$64$7d7ef3e7aa475bfda10b2e7b25dadb58999cecf02f843695f55e218c27beda77$16$9f6c6111015576da$343914$96$3b2a1a52eb7d74a6cdf9368fa3d13cd89e2131645c44c86d51d0bcb5a7a296349108dd7cd5a90ff7e6b0156754af5d58$66$03f812147b50b630f391b3fba520fce93fe1bf52546f59c52aaa637cb2386f0f46

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$7d7ef3e7aa475bfda10b2e7b25dadb58999cecf02f843695f55e218c27beda77
$16
$9f6c6111015576da
$343914
$96
$3b2a1a52eb7d74a6cdf9368fa3d13cd89e2131645c44c86d51d0bcb5a7a296349108dd7cd5a90ff7e6b0156754af5d58
$66
$03f812147b50b630f391b3fba520fce93fe1bf52546f59c52aaa637cb2386f0f46

_____________________________________________________________________________

Here is a HASH of a real password-protected wallet with a zero balance, created for this experiment.
Bitcoin Core version 12 was used for encryption.

$bitcoin$64$2ae7cab98ca52e4fb21634ff5f5a6f572d9ded651f446fba9a822a8a9a2cbd84$16$e5567d452f87bddd$312500$96$d832ab6eb273815fd8c4e52f040b038896ec857f28669dbdda8e6c328d1f1595b5771228ed1e53f4bf6ac3e8d6566fc1$66$03fe3552acd85983c028f03080bb3501698353fc19c636e0ebee063d15ed49df88

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$2ae7cab98ca52e4fb21634ff5f5a6f572d9ded651f446fba9a822a8a9a2cbd84
$16
$e5567d452f87bddd
$312500
$96
$d832ab6eb273815fd8c4e52f040b038896ec857f28669dbdda8e6c328d1f1595b5771228ed1e53f4bf6ac3e8d6566fc1
$66
$03fe3552acd85983c028f03080bb3501698353fc19c636e0ebee063d15ed49df88


Here is the HASH of the same wallet, encrypted with the same password, but a few minutes later!
$bitcoin$64$1716a3b4db5ee42fe7acfd929de2ef7b199bb5b256486d1403a4c359f5cf343f$16$2b8d4e771fd6c519$351940$96$37ae511cae81882406a6cebe28f51207336652e1b79c621cd1b7a1c5d542db3cc55f059ab3795520f711f9343efb65c4$66$03fe3552acd85983c028f03080bb3501698353fc19c636e0ebee063d15ed49df88

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$1716a3b4db5ee42fe7acfd929de2ef7b199bb5b256486d1403a4c359f5cf343f
$16
$2b8d4e771fd6c519
$351940
$96
$37ae511cae81882406a6cebe28f51207336652e1b79c621cd1b7a1c5d542db3cc55f059ab3795520f711f9343efb65c4
$66
$03fe3552acd85983c028f03080bb3501698353fc19c636e0ebee063d15ed49df88

Here is the HASH of the same wallet, encrypted with other password (I change 1 symbol only), but a few minutes later!
$bitcoin$64$41e8fb39b7b2cd8b3560ef1556b0f0208db7d84fd2162ed6aa47285d5faaa5e8$16$6a5816f31e14df19$302578$96$f07a793234669ad4be9a2a1b7f4e5fe346b8bcc6f22d5db03313580f75fec7e2104ca384cfe506cdf04cd2b458411fe6$66$03fe3552acd85983c028f03080bb3501698353fc19c636e0ebee063d15ed49df88

For convenience, let's arrange it vertically (by fragments):
$bitcoin
$64
$41e8fb39b7b2cd8b3560ef1556b0f0208db7d84fd2162ed6aa47285d5faaa5e8
$16
$6a5816f31e14df19
$302578
$96
$f07a793234669ad4be9a2a1b7f4e5fe346b8bcc6f22d5db03313580f75fec7e2104ca384cfe506cdf04cd2b458411fe6
$66
$03fe3552acd85983c028f03080bb3501698353fc19c636e0ebee063d15ed49df88

[1715019276]

1715019276

[1715019276]

1715019276

[1715019276]

1715019276

[1715019276]

1715019276

[whanau]

This might help

https://bitcointalk.org/index.php?topic=5331322.0

Your hash string seems longer than usual but the essentials are an encrypted master key plus padding bytes, a salt and iteration count.

Even though you encrypted again with the same password you will get different hash strings. 

The example deliberately won't decrypt a bitcoin string exactly but it is not hard to change it.

[odolvlobo]

By "hash", do you mean "hexadecimal"?

[walletrecovery]

- longer than usual but the essentials -- because I use old soft
where is "encrypted master key"
where is "padding bytes"
where is "salt"
where is "iteration"
and what does this mean and how can it help?
I noticed that some parameter affects the degree of encryption and different wallets have a different password search speed when I using the same power.

[MrFreeDragon]

The private key of your wallet (a 256-bit number) is symmetrically encrypted with a random master key and that master key is subsequently encrypted with the user-defined password.
The reason why your hashes are different for the same password is because the random master key, random salt and random number of iteration is used for every attempt.

The hash you showed has the strict structure. Let me show what does mean each line from your first example (hope this will help you):

$bitcoin // coin name (could be also litecoin, as the example)
$64 // len of cry_master - master private key
$9baaabed8bde61f4da580ff22905fd2dab69b6193bb365f0fdfbc540ff9f20fc // master private key - encrypted_key from wallet.dat
$16  // len of salt
$9d4164a034dfdb82 // cry_salt - salt from wallet.dat
$307949 //  cry_rounds - number of rounds, nDerivationIterations from wallet.dat
$96 // len of encrypted_privkey
$0497430f102ff66a1556910eb9b9f3277cc38f437fb79f1d78345c770ac918cba04e48e785e29cc169a4e3c0b88b39f5 // ckey - encrypted_privkey from wallet.dat
$66 // len of public key
$03fff614df1bd468aa061bec32eff7b14c42a0a3d0df7d984a7b74a30a99f0ec87 // public key - pubkey from wallet.day

For more details, you can also examine the tool called bitcoin2john.py - this tool extracts hashes from bitcoin wallet.dat

Sample bitcion2john.py code is here: https://github.com/sirrushoo/python/blob/master/bitcoin2john.py

PS. This type of hash from wallet.dat also is suitable for hashcat (-m 11300 mode). Have a look at it too in order to understand more.

[walletrecovery]

$9d4164a034dfdb82 // cry_salt - salt from wallet.dat
$307949 //  cry_rounds - number of rounds, nDerivationIterations from wallet.dat
_________

Thanks for your reply. You are a real HERO and I hope that soon you will have such a status on this forum.

I researched the "cry_rounds - number of rounds" parameter and realized that the smaller this number, the faster the password guessing speed.

I don’t know anything about the “cry_salt” parameter, maybe it also somehow helps to understand or find out at least some information that will help to guess the password.

[MrFreeDragon]

A salt is used in order to protect the hash from pre-computed tables. A salt is random data that is used as an additional input to a one-way function that hashes data.
The cry_rounds is the number of rounds used for hashing the password (together with salt).

The general wallet encryption algorithm is described here: https://en.bitcoin.it/wiki/Wallet_encryption:
"Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA-512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption"

So, the more cry_rounds you have - the more sha512 rounds you should perform while decryption the password (also, the better computer you use for wallet.dat encryption, the more cry_rounds you will have).

In general, the encryption process could be represented as following:

Code:

data = pasw+salt
for i in range(rounds):
    data = sha512(data)
key = data[0:32]
iv = data[32:32+16]
dec = AES(key, CBC_MODE, iv).decrypt(cry_master)

source: hashcat forum https://hashcat.net/forum/thread-9521.html