glv2 / bruteforce-wallet Goto Github PK

Hello

While trying to compile the source on the CentOS 7, I had to add a AM_PROG_CC_C_O to the line 8 of the configure.ac, otherwise it gave me an error. Hope this could help someone.

It would be nice to have an ability to pipe a dictionary to your tool in a single-threaded mode and save output to the file like:

$ ./my_words_generator | ./bruteforce-wallet -o output_file.txt -d wallet.dat

This way user could have more control over process, could run multiple threads piping different word generators to each instance.

Thank you for a great tool - it helped me to recover the lost password.

Does it work on Blockchain Wallet Backup "wallet.aes.json" ?
I did tried it but here is an error

BDB0196 Encrypted checksum: no encryption key specified
BDB0196 Encrypted checksum: no encryption key specified
BDB0196 Encrypted checksum: no encryption key specified
BDB0196 Encrypted checksum: no encryption key specified
BDB0210 wallet.aes.json: metadata page checksum error
Error: wallet.aes.json.

: Invalid argument

Is there a way to stop the process, and continue at the same progress later?

I'm trying to use russian symbols with -s key (original password probably contains some), and program tells me that there is no such file. Is there any way to use them?

Hello, i'm writing to you because i'm not really confortable to use linux and i have a lot of difficulties to run this. I got a windows 10 pc, so i installed a virtual machine on it using Ubuntu. Butn when i follow all the step to configure, i got a lot of errors, i can't ./autogen.sh , ./configure and make install . The errors coming, are "no permissions" "symbol not expected" "autoreconf not finded".
When i use ./configure, is not finding something to run, so i try ./configure.ac as the named file, and now is trying to run but i have the message "symbol not expected" (sorry for the translation of the errors messages)

What i have to do? I want to brute force my one year old ether wallet.

Thank's and sorry for my english

Will this work with ravencoin wallets ?

Trying to build/install on Kali. When running 'make' I some errors. Any tips?

root@kali:~/Downloads/bruteforce-wallet# make
depbase=`echo src/bruteforce-wallet.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DPACKAGE_NAME=\"bruteforce_wallet\" -DPACKAGE_TARNAME=\"bruteforce_wallet\" -DPACKAGE_VERSION=\"1.4.1\" -DPACKAGE_STRING=\"bruteforce_wallet\ 1.4.1\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"bruteforce_wallet\" -DVERSION=\"1.4.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_MATH_H=1 -DHAVE_LOCALE_H=1 -DHAVE_SIGNAL_H=1 -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_UNISTD_H=1 -DHAVE_WCHAR_H=1 -DHAVE_CALLOC=1 -DHAVE_MALLOC=1 -DHAVE_REALLOC=1 -DHAVE_FREE=1 -DHAVE_PERROR=1 -DHAVE_PRINTF=1 -DHAVE_FPRINTF=1 -DHAVE_FOPEN=1 -DHAVE_FGETC=1 -DHAVE_ATOI=1 -DHAVE_MEMCMP=1 -DHAVE_MEMSET=1 -DHAVE_SETLOCALE=1 -DHAVE_MBSTOWCS=1 -DHAVE_WCSNCPY=1 -DHAVE_WCSTOMBS=1 -DHAVE_GETOPT=1 -DHAVE_SIGNAL=1 -DHAVE_LIBM=1 -DHAVE_LIBPTHREAD=1 -DHAVE_PTHREAD_H=1 -DHAVE_LIBCRYPTO=1 -DHAVE_OPENSSL_EC_H=1 -DHAVE_OPENSSL_EVP_H=1 -DHAVE_OPENSSL_OBJ_MAC_H=1 -DHAVE_LIBDB=1 -DHAVE_DB_H=1 -I.     -g -O2 -MT src/bruteforce-wallet.o -MD -MP -MF $depbase.Tpo -c -o src/bruteforce-wallet.o src/bruteforce-wallet.c &&\
mv -f $depbase.Tpo $depbase.Po
src/bruteforce-wallet.c: In function ‘sha256’:
src/bruteforce-wallet.c:89:14: error: storage size of ‘ctx’ isn’t known
   EVP_MD_CTX ctx;
              ^~~
src/bruteforce-wallet.c:94:3: warning: implicit declaration of function ‘EVP_MD_CTX_cleanup’ [-Wimplicit-function-declaration]
   EVP_MD_CTX_cleanup(&ctx);
   ^~~~~~~~~~~~~~~~~~
src/bruteforce-wallet.c: In function ‘sha256d’:
src/bruteforce-wallet.c:100:14: error: storage size of ‘ctx’ isn’t known
   EVP_MD_CTX ctx;
              ^~~
src/bruteforce-wallet.c: In function ‘decryption_func_bruteforce’:
src/bruteforce-wallet.c:130:18: error: storage size of ‘ctx’ isn’t known
   EVP_CIPHER_CTX ctx;
                  ^~~
src/bruteforce-wallet.c: In function ‘decryption_func_dictionary’:
src/bruteforce-wallet.c:305:18: error: storage size of ‘ctx’ isn’t known
   EVP_CIPHER_CTX ctx;
                  ^~~
Makefile:379: recipe for target 'src/bruteforce-wallet.o' failed
make: *** [src/bruteforce-wallet.o] Error 1

This is the configure

root@kali:~/Downloads/bruteforce-wallet# ./autogen.sh 
root@kali:~/Downloads/bruteforce-wallet# ./configure 
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking math.h usability... yes
checking math.h presence... yes
checking for math.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking stdio.h usability... yes
checking stdio.h presence... yes
checking for stdio.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for unistd.h... (cached) yes
checking wchar.h usability... yes
checking wchar.h presence... yes
checking for wchar.h... yes
checking for calloc... yes
checking for malloc... yes
checking for realloc... yes
checking for free... yes
checking for perror... yes
checking for printf... yes
checking for fprintf... yes
checking for fopen... yes
checking for fgetc... yes
checking for atoi... yes
checking for memcmp... yes
checking for memset... yes
checking for setlocale... yes
checking for mbstowcs... yes
checking for wcsncpy... yes
checking for wcstombs... yes
checking for getopt... yes
checking for signal... yes
checking for pow in -lm... yes
checking for pthread_create in -lpthread... yes
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
checking for EVP_get_cipherbyname in -lcrypto... yes
checking openssl/ec.h usability... yes
checking openssl/ec.h presence... yes
checking for openssl/ec.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking openssl/obj_mac.h usability... yes
checking openssl/obj_mac.h presence... yes
checking for openssl/obj_mac.h... yes
checking for db_create in -ldb... yes
checking db.h usability... yes
checking db.h presence... yes
checking for db.h... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: executing depfiles commands

I tried it with a wallet backup from Bitcoin Wallet for Android but it ends with an error:

Error: wallet.dat.

I guess this format is not supported. Would it be possible to add support for this format.

could you add an option to skip the search for the generated combination if n repeating characters appear?
also, I think adding a possibility to pass a file containing combinations of letters that should cause a combo to be skipped would be helpful

for example, if I add

GGK to the file then once the program reaches

adersdsdGGK

it should know to stop generating passwords on this branch and continue with the next combo:

adersdsdGGL

Also, configuring the program to not allow for 2 repeating characters should skip generating solutions once it reaches something like

adeGG

Thanks for the tool !

I have a suggestion that could be useful. Let me know what you think.
Let's say I know that the password might start with a given word, e.g. Shanon followed by a sequence of character generated only from a subset (e.g. made of 4,5,6).

For example :

   Shanon456
   Shanon44446 

I was thinking we could you the charset option but restrict the charset to a small subset of characters. Would it be possible without to much pain ?

What needs to be changed so we can unlock an Ethereum wallet ?

test

Hi,
I successfully compiled code without issues but when i try to run it i get constantly same error:

Error: wallet.dat

: Invalid argument

I tried Ubuntu 14.04 and 16.04. BerkeleyDB 5.3 and 6.0 and also current version of bruteforce-wallet and also some older versions too.
Some long time ago my friend was able to start it on this same litecoin wallet file.

Can I provide any more info?
Thanks

I'm trying to add special characters in the configure file.

I added '!@#$' to as_cr_letters but I think it is getting rejected later in the program. I also tried adding it to as_cr_digits. Same results

Hello - This is a great tool, thank you.

Is there a way to send work to a GPU or even better, multiple GPUs?

Thanks

i ve running the -bruteforce almost for 12 hours, then i shutdown my computer to clean it, an when trying to restart the program to continue, it only says:

Error: parsing the state file failed.

But the file has data, this is the content of state.txt

wallet wallet.dat
time 46443
dictionary /media/External/rockyou.txt
13336900

regards

👋 Hello, @glv2 - a potential medium severity Heap Overflow (CWE-122) vulnerability in your repository has been disclosed to us.

Next Steps

1️⃣ Visit https://huntr.dev/bounties/1-other-glv2/bruteforce-wallet for more advisory information.

2️⃣ Sign-up to validate or speak to the researcher for more assistance.

3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.

✏️ NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.

Confused or need more help?

• Join us on our Discord and a member of our team will be happy to help! 🤗

• Speak to a member of our team: @JamieSlome

This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.

When running, the only output I get is "Segmentation fault" and return to the command line. I have tried it with several different options and always get the same output. If I run it with -h it works fine and shows me the options.

I keep getting this error when I input ./autogen.sh
Anyone have any ideas? Thank you in advance.

I try installing n run it
but it seem not working for me
Kindly Help
please

Hi wondered it's possible to exclude a pattern such as pppp, 1111 or 123 for those of us that don't know much else other than that there are no sequence of repetition all while passing in specific character range.

be great if I've missed something or of this is easier than I think it would be ;)

i have 2 bitcoin wallet in bitcoin core i need help getting password

Hi, I was running this script for a few hours and now my hard disk is full. Is there a tmp/cache directory that I can clear?

Thank you!

I'm currently looking into packaging bruteforce-wallet for Debian.

Your code is under GPL and the GPL is incompatible with some terms of the OpenSSL license. This makes Debian (and probably other distributions, too) not allowing GPL-licensed code to be linked with OpenSSL libraries unless there is a license exception explicitly permitting this.

To grant such an exception, it should suffice to add these paragraphs to whereever the GPL preamble is used (and probably also to the LICENSE file):

In addition, as a special exception, the copyright holders give permission to link the code of
portions of this program with the OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations including the two.

You must obey the GNU General Public License in all respects for all of the code used other
than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this
exception statement from your version. If you delete this exception statement from all source files
in the program, then also delete it here.

Alternatively (but surely more effort) would be to also support GnuTLS as alternative to OpenSSL.

hello,I have some questions about . That project is read-only right now, so I'm here to ask you.

The problem page states that imprecise clocks can cause frequency offsets, If the offset between the center frequencies of the sender and the receiver is bigger than 1% of the OFDM signal bandwidth, the receiver will probably not be able to decode the frames. So I used the same external clock source to clock both BladerFs, but I didn't receive any data at the receiver.

When I'm not using an external clock source, I can see "Frame 1 for ' ' : corrupted payload" on the receiver. But the received file is empty.

I would like to ask what causes the failure of transmission and how I should adjust it. I look forward to your reply.

Hi,

Does your tool support Multibit (classic) wallet or key files?

I tried it with both but I got the following error:

$ ./bruteforce-wallet -l 3 -m 5
-t 2 ~/MultiBit/multibit.wallet
BDB0004 fop_read_meta: /home/neil/MultiBit/multibit.wallet:
unexpected file type or format
Error: /home/neil/MultiBit/multibit.wallet.

: Invalid argument

im getting a "ERROR: Couldn't find required info in wallet." when I try with my doge wallet

The following dependencies are listed in the read me. "libdb6.0-dev libssl-dev".

I am currently running Ubunut 16.04 and was unable to install "libdb6.0-dev". I resolved this by using
"libdb-dev". After install that package I was able to successfully test a bruteforce a Dogecoin core wallet.

Hello.
I want to run this tools in kali linux. but I have this error:
./autogen.sh: 6: autoreconf: not found
./configure.ac: 1: Syntax error: word unexpected (expecting ")")

Hello - I'm trying to bruteforce my MultiDoge wallet, which uses it's own .wallet format. I'm assuming this script wouldn't work for that, but figured I should check in here just in case? Any thoughts about this?

I run the ./autogen.sh script and it returns an error saying it can't find autoreconf. When looking at the script it looks like it is trying to call autoreconf but it does not exist in this source.

I am not very familiar with Linux but I know enough to get around. So its possible I am doing something wrong. But I do not see this file in GitHub either

Hello sir,

Thanks putting this together. Currently trying to recover a lost Dogecoin wallet from years ago. I've tested your library out on the current Dogecoin core version wallet. And was able to recover it.

I imagine you have a much better understanding of the cryptography behind this solution than I do. Is it possible to create a rainbow table from the hashes generated from each password? I am no C developer so as of right now, I cannot figure it out.

Perhaps we could collaborate?

Hi there :)

I have a wallet.dat file for my electracoin wallet which is encrypted with a pass-phrase.

If i try to btruteforce the file, I get the following error:

$ bruteforce-wallet -t 1 -l 6 wallet.dat

[1]    5970 segmentation fault (core dumped)  bruteforce-wallet -t 1 -l 6 wallet.dat

Here is a sample wallet.dat file with the pass-phrase 'secret' for test wallet.dat.tar.gz

version 3.1 of the electracoin wallet on windows is used.

Hello,

is it possible to use this for a passphrase? I have a seed (that is very likely correct) and a passphrase (that very likely contains one or several typos).

Can i use this software for passphrases too?

Hello glv2.

First of all many thanks for this code, which I'm using now to find a password.

Could you share your opinion regarding the reason of speed of password trying. AS for me, now I have 40-passwords per second. If I'll buy better RAM, will I get higher rate?

Or, probably there is other way to increase the speed rate?

My computer info:
Intel Core I3-2100 3.10 GHz
RAM 2.00 GB
NVIDIA GeForce GT 630
Windows 7 using virtual box for XUbuntu

Thanks for feedback.

special characters are often included in wallet passwords. the current code returns -bash: !-: event not foundwhen !is included in the the charset.