Lost your XTZ password? New bruteforce tool.
DONATION ADDRESS(es). 11/20/20 - No, I have not yet cracked my own password
UPDATE FOR THE CAUTIOUS: The patch is now a pull request on the JtR bleeding-jumbo github. It now supports openCL. Your passwords can be cracked at 70k+/s now.
So, the gist of the matter is: On my Tezos PDF I took the "PRIVATE KEY" QR as meaning an actual private key and did not take note of my password.
I need to bruteforce that bish.
You may have done the same, or lost it in another way.
There was a free tool provided by Jon in the Tezos telegram channel. After a month of running it was not yet over 200 million attempts. To me, this was not going to go fast enough.
I contracted the Hashsuite developers to sponsor a Tezos bruteforce feature. It wasn't free, nor was it too cheap, but if it can recover my password it is worth it.
They finished it in a couple days, with the help of Jon's work.
They created a patch for John the Ripper. For anyone familiar with bruteforcing JtR is quite well known.
After 2 days and 20 minutes the JtR patch is already nearly at what took the other program a month.
It's attempting 1430passwords/s on my laptop (i7-7700u). The devs benchmarked it at over 3k/s on their test computer.
I am here to share the tool with you guys.
Let me be clear: DONATIONS ARE HIGHLY APPRECIATED. I paid for this, the cost of the devs is about $250 an hour. I paid a flat rate due to agreeing beforehand rather than paying by devtime, but it was more than 20k(in BTC prices, by now([email protected] 11/2020 rates)) USD was 4k. I paid in BTC.
LINK TO PATCH (updated to Github, soon it will simply be a part of JtR. I removed the old patch link)
PATCH JTR CRACK TEZOS:
git clone https://github.com/magnumripper/JohnTheRipper bleeding-jumbo
patch -p1 < /path/to/0001-Add-support-for-cracking-Tezos-keys.patch
The last bits, from the readme:
- Run tezos2john.py and provide it with the required data. Run tezos2john.py
without any options to see the usage instructions.
E.g. $ ../run/tezos2john.py 'put guide flat machine express cave hello connect stay local spike ski romance express brass' '[email protected]' 'tz1eTjPtwYjdcBMStwVdEcwY2YE3th1bXyMR' > hashes
- Run john on the output of tezos2john.py script.
E.g. $ ../run/john hashes
As a disclaimer I have not yet cracked my password so I can't guarantee this works but the team is professional and thorough.
This is OPTIMIZED. They
are still planning on releasing released a simd version and an OPENCL to enable password attempts up to 100k/s on GPU. The patches have been added to the official JtR jumbo repo.
I truly hope this helps some of you.
Toss my donation down here again in case it actually works. Best of luck