Lost your XTZ password? New bruteforce tool.

in #tezos6 years ago (edited)

DONATION ADDRESS(es). 11/20/20 - No, I have not yet cracked my own password
XTZ:tz1bwgQ2FTkUdEBVqL4CeXZ523zLErGHTFYa
BTC: bc1q424zx39hvurhcmstyushu9fqgs4zggzllderww
UPDATE FOR THE CAUTIOUS: The patch is now a pull request on the JtR bleeding-jumbo github. It now supports openCL. Your passwords can be cracked at 70k+/s now.

So, the gist of the matter is: On my Tezos PDF I took the "PRIVATE KEY" QR as meaning an actual private key and did not take note of my password.

I need to bruteforce that bish.

You may have done the same, or lost it in another way.

There was a free tool provided by Jon in the Tezos telegram channel. After a month of running it was not yet over 200 million attempts. To me, this was not going to go fast enough.

I contracted the Hashsuite developers to sponsor a Tezos bruteforce feature. It wasn't free, nor was it too cheap, but if it can recover my password it is worth it.

They finished it in a couple days, with the help of Jon's work.

They created a patch for John the Ripper. For anyone familiar with bruteforcing JtR is quite well known.

After 2 days and 20 minutes the JtR patch is already nearly at what took the other program a month.

It's attempting 1430passwords/s on my laptop (i7-7700u). The devs benchmarked it at over 3k/s on their test computer.

I am here to share the tool with you guys.

Let me be clear: DONATIONS ARE HIGHLY APPRECIATED. I paid for this, the cost of the devs is about $250 an hour. I paid a flat rate due to agreeing beforehand rather than paying by devtime, but it was more than 20k(in BTC prices, by now(BTC@18325 11/2020 rates)) USD was 4k. I paid in BTC.

LINK TO PATCH (updated to Github, soon it will simply be a part of JtR. I removed the old patch link)

https://github.com/magnumripper/JohnTheRipper/pull/3317

DIRECTIONS TO PATCH JTR CRACK TEZOS:

git clone https://github.com/magnumripper/JohnTheRipper bleeding-jumbo
cd bleeding-jumbo
patch -p1 < /path/to/0001-Add-support-for-cracking-Tezos-keys.patch
cd src
./configure
make -sj8
cd ../run
The last bits, from the readme:

  1. Run tezos2john.py and provide it with the required data. Run tezos2john.py
    without any options to see the usage instructions.

E.g. $ ../run/tezos2john.py 'put guide flat machine express cave hello connect stay local spike ski romance express brass' '[email protected]' 'tz1eTjPtwYjdcBMStwVdEcwY2YE3th1bXyMR' > hashes

  1. Run john on the output of tezos2john.py script.

E.g. $ ../run/john hashes

As a disclaimer I have not yet cracked my password so I can't guarantee this works but the team is professional and thorough.

This is OPTIMIZED. They are still planning on releasing released a simd version and an OPENCL to enable password attempts up to 100k/s on GPU. The patches have been added to the official JtR jumbo repo.

I truly hope this helps some of you.

Toss my donation down here again in case it actually works. Best of luck

Sort:  

So were you ever able to recover your password?

Congratulations @sonarous! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!