Pt. 1: High Frequency Tezos ICO password cracking with NVIDIA GTX/RTX

Cal Naughton Jr.
5 min readMay 6, 2019

We’re going to keep things simple in the hope that anyone with copy and paste skills can follow. If you know more, you can figure out faster ways. We’re using a standard install of Ubuntu 18.04 LTS. Fire safety begins in your brain, at home.

You’re here because you messed up during the Tezos ICO. This ain’t a place for excuses so let’s move on. Hopefully your incompetence also resulted in the creation of a short password, making today’s exercise a potentially fruitful one.

Some perspective before we get started: Our NVIDIA RTX 2080 Max-Q setup, at 160K passwords per second, can do about 5 trillion ASCII 95 combinations every year.

If you have a 6-character password, a not-so-intimidating 95⁶, 735 billion possibilities, running through all possible combinations would take a bit under 2 months.

If you have a 7-character password, that becomes 69 trillion possibilities, about 14 years. Add a couple months if you want to factor in the 6-character and below possibilities.

And if you have a 8-character password, you’re looking at 6.7 quadrillion possibilities… about 1,300 years of work with our setup.

If you’ve got a longer password or want a more efficient approach to cracking a shorter one, once you’re done setting this up please see part 2: Fast and targeted cracking approaches for longer Tezos ICO passwords and part 3: An additional approach that let us crack a 8-character password.

Feeling good? Good. We will use a popular password cracking tool called John the Ripper.

Credit for adding Tezos and OpenCL support goes to sonarous. Here is his original post:

If you crack it, send him some packets, unless he already cracked his own. In that case keep your XTZ to yourself. Or delegate some to Shake ‘n Bake.

We’ll have to do a few things to get the tool working with your fancy NVIDIA card. So here’s the plan:

  • Download and install NVIDIA 418 display, CUDA (optional), and OpenCL drivers and headers
  • Download and install John the Ripper
  • Verify John the Ripper sees your NVIDIA GTX or RTX card as an OpenCL device
  • Start cracking

This part is optional to get full card functionality in Linux — As shown below, let’s download the 2.4GB runfile of the NVIDIA CUDA drivers so that they’re ready for later. Click save when prompted in FireFox. This should download the file to the Downloads directory.

In Linux, you often need other pieces installed before you can install new stuff. These are called dependencies. Let’s get those all out of the way now:

sudo apt-get install freeglut3 freeglut3-dev libxi-dev libxmu-dev zlib1g-dev build-essential libssl-dev

Hit Enter at all Y/n prompts you see.

Now install the NVIDIA 418 display drivers by downloading them here (like the CUDA drivers, save this file to the Downloads folder):

To install the NVIDA display drivers, exit the graphical interface, go to the Downloads directory, install them, and reboot. One command at a time as seen below. You’ll need to log back into your account after you exit the graphical interface using ‘sudo init 3’. After the ‘sudo init 3’ command, press CTL + ALT + F1 to get to the login screen. Allow NVIDIA to edit the xorg file when prompted:

sudo init 3
cd ~/Downloads
sudo sh
sudo reboot

At this point, you should have the NVIDIA Settings in your App List (lower left corner in Ubuntu 18.04 LTS).

Install the OpenCL requirements:

sudo apt-get install nvidia-opencl-dev
sudo apt install ocl-icd-* opencl-headers

If you had trouble installing the NVIDIA display drivers, try this guide:

Now let’s install the CUDA drivers we downloaded earlier. We’re using OpenCL so this shouldn't technically be needed but this only takes a couple of minutes and will result in all the proper NVIDIA drivers getting installed. To do so, we’ll exit the graphical user interface again (log back in when prompted by pressing CTL + ALT + F1), navigate to the Downloads folder, run the CUDA installation file (this part may hang and take a little while), select defaults when prompted, and restart the graphical user interface at the end (enter one line at a time, same process as the NVIDIA drivers in the last step):

sudo init 3
cd ~/Downloads
sudo sh
sudo init 5

Now let’s run the below collection of commands as one (connected by &&):

export PATH=$PATH:/usr/local/cuda-10.1/bin && export LD_LIBRARY_PATH=:/usr/local/cuda-10.1/lib64 && export PATH=$PATH:/usr/local/cuda-10.1/targets/x86_64-linux/include && export LD_LIBRARY_PATH=:/usr/local/cuda-10.1/targets/x86_64-linux/lib

Give yourself a pat on the back if you’ve made it this far! Now let’s get to cracking!

One command at a time: Back to the home directory, install git, clone JohnTheRipper, navigate to the JohnTheRipper/ folder, navigate to the src/ folder, run configure, and make it:

cd ~
sudo apt install git
git clone
cd JohnTheRipper/
cd src/
make -sj8

Again, one command at a time: Back one folder, navigate to the run/ folder, and run john asking it to list OpenCL devices:

cd ..
cd run/
./john --list=opencl-devices

You should see your NVIDIA card listed here. There should only be one device.

Only a couple of steps left now! We’re going to create a file called hashes that will contain your ICO info (minus the password)

Fake ICO info for this example:

Secret key: shake spider monkey chip magic man french pancakes rabid stray dogs first aint last bake

Email address:

Public Key: tz1sHak1NgANd8aK1nGca7NauGT0nJRSNks

Still in the run folder, run the as below but with your own ICO information. The command will output a file named hashes specified in the last part of the below code:

python3 'shake spider monkey chip magic man french pancakes rabid stray dogs first aint last bake' '' 'tz1sHak1NgANd8aK1nGca7NauGT0nJRSNks' > hashes

Now everything is ready to go. Run john with the hashes file while specifying the OpenCL device and the format to crack the password with:

./john hashes --devices=1 --format=tezos-opencl

You can now hit almost any button on the keyboard to get an update while the program is running. You’ll see a p/s (passwords per second) count and GPU temperatures as well. Here’s a shot of what it will look like. Our RTX 2080 Max-Q is making over 160K attempts per second!

Now that you’re all setup, we recommend reading part 2 for targeted approaches, and part 3 for likely the best approach and how we cracked one password.

We hope this helps some of you unfortunate souls!