Lost your XTZ password? New bruteforce tool.

in #tezos2 years ago (edited)

DONATION ADDRESS(es). 11/20/20 - No, I have not yet cracked my own password
BTC: bc1q424zx39hvurhcmstyushu9fqgs4zggzllderww
UPDATE FOR THE CAUTIOUS: The patch is now a pull request on the JtR bleeding-jumbo github. It now supports openCL. Your passwords can be cracked at 70k+/s now.

So, the gist of the matter is: On my Tezos PDF I took the "PRIVATE KEY" QR as meaning an actual private key and did not take note of my password.

I need to bruteforce that bish.

You may have done the same, or lost it in another way.

There was a free tool provided by Jon in the Tezos telegram channel. After a month of running it was not yet over 200 million attempts. To me, this was not going to go fast enough.

I contracted the Hashsuite developers to sponsor a Tezos bruteforce feature. It wasn't free, nor was it too cheap, but if it can recover my password it is worth it.

They finished it in a couple days, with the help of Jon's work.

They created a patch for John the Ripper. For anyone familiar with bruteforcing JtR is quite well known.

After 2 days and 20 minutes the JtR patch is already nearly at what took the other program a month.

It's attempting 1430passwords/s on my laptop (i7-7700u). The devs benchmarked it at over 3k/s on their test computer.

I am here to share the tool with you guys.

Let me be clear: DONATIONS ARE HIGHLY APPRECIATED. I paid for this, the cost of the devs is about $250 an hour. I paid a flat rate due to agreeing beforehand rather than paying by devtime, but it was more than 20k(in BTC prices, by now([email protected] 11/2020 rates)) USD was 4k. I paid in BTC.

LINK TO PATCH (updated to Github, soon it will simply be a part of JtR. I removed the old patch link)



git clone https://github.com/magnumripper/JohnTheRipper bleeding-jumbo
cd bleeding-jumbo
patch -p1 < /path/to/0001-Add-support-for-cracking-Tezos-keys.patch
cd src
make -sj8
cd ../run
The last bits, from the readme:

  1. Run tezos2john.py and provide it with the required data. Run tezos2john.py
    without any options to see the usage instructions.

E.g. $ ../run/tezos2john.py 'put guide flat machine express cave hello connect stay local spike ski romance express brass' '[email protected]' 'tz1eTjPtwYjdcBMStwVdEcwY2YE3th1bXyMR' > hashes

  1. Run john on the output of tezos2john.py script.

E.g. $ ../run/john hashes

As a disclaimer I have not yet cracked my password so I can't guarantee this works but the team is professional and thorough.

This is OPTIMIZED. They are still planning on releasing released a simd version and an OPENCL to enable password attempts up to 100k/s on GPU. The patches have been added to the official JtR jumbo repo.

I truly hope this helps some of you.

Toss my donation down here again in case it actually works. Best of luck


So were you ever able to recover your password?

Congratulations @sonarous! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Coin Marketplace

STEEM 0.19
TRX 0.03
JST 0.027
BTC 19229.00
ETH 604.35
SBD 3.35