Cracking metamask hash
-
@cyclone said in Cracking metamask hash:
Keep in mind that hashcat v7.x recently added support for their own metamask wallet hash with dynamic iterations which is not compatible with the widely used 26620 kernel which I released back in March, 2024.
I guess, it is compatible, but hash string should be changed from
$metamask$600000$...$...$...to
$metamask$rounds=600000$...$...$... -
Hello all members and @cyclone, Happy New Year. Greeting.
Regarding the metamask_decryptor, I have some ideas to upgrade it. I tried to use it to crack my old wallet.
At first, I used hashcat but 'Token Length Exception' error was occupied so I tried to use your decryptor.
But its speed is a bit slow and it's because yours use only CPU, not GPU. If you use CUDA, it would be better to speed up.
Also, we can add mask options like hashcat. Sorry for my suggestions but I really appreciate your tools.
Please let me know if you have some solutions for my sugesttions.
Thanks -
It is better to use hashcat to recover the wallet password, then use metamask_decryptor to recover the seed phrase. If you're having issues with getting hashcat to work, make sure to use metamask_extractor to properly extract the hash. Several users have run into issues getting hashcat and metamask hashes to work on Windows, so trying yours with hashcat on linux is worth a shot. I have hashcat with my custom 26620 metamask kernel hosted on github which is compatible with the metamask_extractor.
https://github.com/cyclone-github/hashcat -
Hi @cyclone, Long time no see. How are you today?
Regarding the Metamask Vault Decryptor, I can see 5430.89 h/s speed in the example screen. But when I test it on my side, I can see only about 82 h/s speed.
You can see my PC's spec in the uploaded screen. which device and OS did you use to test it on your side?
-
Hi @cyclone, Long time no see. How are you today?
Regarding the Metamask Vault Decryptor, I can see 5430.89 h/s speed in the example screen. But when I test it on my side, I can see only about 82 h/s speed.You can see my PC's spec in the uploaded screen. which device and OS did you use to test it on your side?
@Silver0666
I develop and test on Debian linux. Rig specs are listed here:
https://github.com/cyclone-github/hashgen-testing/tree/main/benchmarksThe speed difference you're seeing is likely due to the Metamask version of your wallet. The older 10k iteration pbkdf2 are much faster to run than the newer 600k iteration pbkdf2 vaults.
From the GitHub README:
https://github.com/cyclone-github/metamask_pwnExample vaults supported: * Old vault format: {"data": "","iv": "","salt": ""} * New vault format: {"data": "","iv": "","keyMetadata": {"algorithm": "PBKDF2","params": {"iterations": }},"salt": ""}For greater speed, you should use my hashcat_26620_kernel on the newer Metamask vaults.
https://github.com/cyclone-github/hashcat_26620_kernel -
Okay, make sense. it sounds like you used iteration=10000 version in your test. All right!
As you know, it would be faster if I use hashcat. But when I try to use it, I can see "Token length is overflow" error. It seems like my wallet's salt's length is too large. Do you have any insight to resolve this issue? -
Okay, make sense. it sounds like you used iteration=10000 version in your test. All right!
As you know, it would be faster if I use hashcat. But when I try to use it, I can see "Token length is overflow" error. It seems like my wallet's salt's length is too large. Do you have any insight to resolve this issue?@Silver0666
I've run into this before as well. You can either modify the hashcat kernel to allow longer tokens, or use hashcat'smetamask2hashcat.pyto generate a "short" -m 26610 hash.https://github.com/hashcat/hashcat/blob/master/tools/metamask2hashcat.py
-
Hi @cyclone, how is your weekend?
Could you help me to modify the limit of token in hashcat 26620 mode?
I'm using your hashcat 26620 mode to crack metamask vault. but when I try to crack it, I can see "Token length exception" error. so I'm going to modify it.
Could you help me with this?
Also, thanks for sharing hashcat 26620 module. -
Hi @cyclone, how is your weekend?
Could you help me to modify the limit of token in hashcat 26620 mode?
I'm using your hashcat 26620 mode to crack metamask vault. but when I try to crack it, I can see "Token length exception" error. so I'm going to modify it.
Could you help me with this?
Also, thanks for sharing hashcat 26620 module.@Silver0666
If you're not comfortable with modifying hashcat kernels, the best thing you can do is use the metamask2hashcat.py tool linked in my previous reply. Once you have the password recovered with hashcat using -m 26610, usemetamask_decryptorto recovery your seed phrase using the password recovered with hashcat.I'll also look into this issue to see if it's worth releasing an update to the 26620 kernel that can support longer tokens.
If you have any further questions, feel free to send me a DM on Matrix.
-
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login