How to Crack Ethereum Wallets

Phil Do
Phil Do
Apr 14, 2018 · 4 min read

I’ll get this out of the way up front: This is not a cryptographic exploit. If you have a wallet that’s not yours, or you used a password generator (with > ~8 chars, depending on wallet type/available computing power), I have nothing for you here.

This is for the person who forgot their password, wrote it down wrong, or thinks their wallet password might contain a typo. Where do you go from here?

A quick summary of spoilers, for the lazy:

  1. Hire someone to work with you (me! — send me an email phildo211 at gmail and we’ll talk. no commitment, no pressure. no cost if unsuccessful.)
  2. Use hashcat . This will get you part of the way there- you’ll still need some computing power, and some clever mask work (to bring the crack space down sufficiently to get through it in less than a trillion years).
  3. Use hashcat with expandpass (a tool I created- free!). Again, will require computing power and some work- but expandpass offers much more efficient navigation of a more… “human” crack space. More details to follow.

Either way you choose to go- you’ll need to start working on articulating what it is you know about your password. And you’ll need to start doing it in a way that’s directly applicable to the generation of passwords. [And you’ll need to start encoding it in a way that’s readable by the tools that generate passwords…] Once you have the technical components up and running, this is what makes the difference between a successful crack and not.

As an example- “I can’t remember if it was Banana123, or Banan4123, or Banana!, or something like that…” sounds like a pretty good start. But what’s more important than some examples is the ability to break those examples down to their consituent “logics”.

Does it always have ‘Banana’ in it? Is ‘Banana’ always at the start? Is the ‘B’ always capitalized? Is anything else ever capitalized? If something else is capitalized, would it ever be capitalized when the ‘B’ isn’t?

Does it maybe end with 123? Or is 123 specifically associated with ‘Banana’-related passwords? Is the ‘!’ an alternative to 123, or could it potentially be an addition? In what order?

There’s a 4 that replaces the final ‘a’ in ‘Banana’- does that mean you sometimes substitute letters for similar-looking numbers? Or is this a special case because of its proximity to ‘123’? What letters do you think might “qualify” for a substitution, and what possible substitutions qualify for each letter (example: E->3, i->1, i=>!, etc…)? Might you have done multiple substitutions?

What were the limitations on the wallet generator you used? Did it require a minimum number of characters? Did it require certain symbols? Did it make you confirm your password? Was it possible to/ were you likely to have copy/pasted it? What language keyboard were you using?

When did you create it? What kinds of passwords were you creating around that time? Do you have paswords from other accounts created around that time?

And so on. I can’t stress enough how important this exhaustive process is. With these questions, we’re shaping a (potentially enormous) possibility space for passwords. Any individual question can carve out enough to make the difference. Skimping here is skimping on cracking your password.

Ok. Assuming you’ve thoroughly articulated the “rules” you used in constructing your password, you now need to encode these rules.

If you’re just using hashcat (the fastest option!), you’ll need to do so with a mask file. I won’t go into details about the construction of such files here (see the hashcat website), but know that it’s limited to enumerating certain types of rules.

For example, if you think your password is “Banana, and then 3 characters- I’m not sure which”, then native hashcat masks are likely sufficient for your needs. Anything more complex than that (without reverting to true brute force), and you’ll have to encode your rules elsewhere.

That brings us to expandpass. Again, I won’t go into specifics about the encoding (see the github repository, or talk to me via email), but it allows for more targeted rules. “If it was banana, then I likely made ~2 characters capitalized, and followed it by 123 (or some other set of 3 numbers), but if it was apple, then I just appended a variable number of ‘!’s” can be very effectively encoded, and enumerated. This won’t run through passwords as fast as a mask- but it can much more effectively create complex possibility spaces that more than make up for it.

Your ability to successfully crack your wallet is going to come down to how well you can articulate your possibilities, your computing power, the nature of your wallet, and the basic technical know-how to get it all hooked up.

If you need help, let me know! Again- the email is phildo211 at gmail. Hope to hear from you.

(And hey, if you use any of my tools to successfully crack a wallet on your own, consider shooting some ETH my way ;) 0xef2bebd1059446f3fc83203c24364e65bd42d103 )

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade