Skip to content
  • Categories
  • Recent
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Slate)
  • No Skin
Collapse
Brand Logo

hashpwn

Home | Donate | GitHub | Matrix Chat | PrivateBin | Rules

  1. Home
  2. Tools
  3. Hash Cracking
  4. metamask_pwn - Metamask Vault Extractor & Decryptor

metamask_pwn - Metamask Vault Extractor & Decryptor

Scheduled Pinned Locked Moved Hash Cracking
5 Posts 3 Posters 535 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • cycloneC Offline
    cycloneC Offline
    cyclone
    Admin Trusted
    wrote on last edited by cyclone
    #1

    Title: metamask_pwn
    Author: cyclone
    URL: metamask_pwn
    Description: Tools to extract and decrypt metamask vaults. Supports previous versions and the new Metamask wallet vaults which have a dynamic iteration.

    Readme Card

    GitHub issues License GitHub release

    metamask_pwn

    Toolset to extract and decrypt metamask vaults (wallets)

    • Contact me at https://forum.hashpwn.net/user/cyclone if you need help recovering your Metamask wallet password or seed phrase

    Metamask Vault Hash Extractor

    Tool to extract metamask vaults to JSON and hashcat compatible formats

    Info:

    • Metamask JSON vaults can be decrypted with https://github.com/cyclone-github/metamask_pwn
    • Previous Metamask hashes can be cracked using hashcat -m 26600
    • New Metamask hashes can be cracked with hashcat using the custom -m 26620 kernel below
      • https://github.com/cyclone-github/hashcat_26620_kernel

    Metamask Vault location for Chrome extensions:

    • Linux: /home/$USER/.config/google-chrome/Default/Local\ Extension\ Settings/nkbihfbeogaeaoehlefnkodbefgpgknn/
    • Mac: Library>Application Support>Google>Chrome>Default>Local Extension Settings>nkbihfbeogaeaoehlefnkodbefgpgknn
    • Windows C:\Users\$USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn

    Usage:

    • Linux: ./metamask_extractor.bin {metamask_vault_dir}
    • Windows: metamask_extractor.exe {metamask_vault_dir}

    Compile from source:

    • If you want the latest features, compiling from source is the best option since the release version may run several revisions behind the source code.
    • This assumes you have Go and Git installed
      • git clone https://github.com/cyclone-github/metamask_pwn.git
      • cd metamask_pwn
      • cd metamask_extractor
      • go mod init metamask_extractor
      • go mod tidy
      • go build -ldflags="-s -w" metamask_extractor.go
    • Compile from source code how-to:
      • https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt

    Metamask Vault Decryptor

    POC tool to decrypt metamask vault wallets

    This tool is proudly the first publicly released Metamask Vault decryptor / cracker to support the new Metamask wallet vaults which have a dynamic iteration.

    ./metamask_decryptor_amd64.bin -h metamask_json.txt -w wordlist.txt
 ------------------------------------ 
| Cyclone's Metamask Vault Decryptor |
 ------------------------------------ 

Vault file:     metamask_json.txt
Valid Vaults:   1
CPU Threads:    16
Wordlist:       wordlist.txt
Working...

Decrypted: 0/1  5430.89 h/s     00h:01m:00s

    Info:

    • Supports previous Metamask vaults as well as new vaults with "KeyMetadata" which have dynamic iterations
    • If you need help extracting Metamask vaults, use Metamask Extractor https://github.com/cyclone-github/metamask_pwn
    • Metamask Vault Decryptor is superseded by hashcat, however, Metamask Vault Decryptor also displays the seed phrase alongside the vault password, which hashcat does not currently support

    Example vaults supported:

    • Old vault format: {"data": "","iv": "","salt": ""}
    • New vault format: {"data": "","iv": "","keyMetadata": {"algorithm": "PBKDF2","params": {"iterations": }},"salt": ""}

    Usage example:

    • ./metamask_decryptor.bin -h {wallet_json} -w {wordlist}

    Output example:

    If the tool successfully decrypts the vault, tool will print the vault json, seed phrase and vault password

    Decrypted Vault: '{}'
Seed Phrase:    ''
Vault Password: ''

    Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
    3x RTX 4090

    1 Reply Last reply
    👍
    1
    • C citizenblanco referenced this topic on
    • R Offline
      R Offline
      rickyc2024
      Banned
      wrote on last edited by
      #2

      I am creating my own metamask vault decryptor, not to sell. The issue is python and leveldb hate eachother, I can't get leveldb working with python. Mind if I rewrite your metamask extractor?

      cycloneC 1 Reply Last reply
      🤝
      0
      • R rickyc2024

        I am creating my own metamask vault decryptor, not to sell. The issue is python and leveldb hate eachother, I can't get leveldb working with python. Mind if I rewrite your metamask extractor?

        cycloneC Offline
        cycloneC Offline
        cyclone
        Admin Trusted
        wrote on last edited by
        #3

        @rickyc2024 Sure, thanks for asking! metamask_pwn is released under the GPL v2.0 License, so you're free to use, modify, and redistribute it as long as you comply with the license terms. Please make sure to:

        1. Retain the GPL v2.0 License in your modified code
        2. Include a reference to the metamask_pwn repository in your project
        3. Provide source code if you distribute the modified version

        https://github.com/cyclone-github/metamask_pwn

        Good luck with your project!

        Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
        3x RTX 4090

        1 Reply Last reply
        0
        • D Offline
          D Offline
          deva
          wrote on last edited by
          #4

          Hey cyclone i am trying to decrypt my metamsk vaulkt using the metamask decryptor but it says " can not read infor from vault" would your tool help me read the contents.

          cycloneC 1 Reply Last reply
          0
          • D deva

            Hey cyclone i am trying to decrypt my metamsk vaulkt using the metamask decryptor but it says " can not read infor from vault" would your tool help me read the contents.

            cycloneC Offline
            cycloneC Offline
            cyclone
            Admin Trusted
            wrote on last edited by
            #5

            @deva I moved your reply to the correct Topic. Read through the info above (https://forum.hashpwn.net/post/74) and send me a DM if you still have any questions.

            Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
            3x RTX 4090

            1 Reply Last reply
            0
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes

            Who's Online [Full List]

            2 users active right now (2 members and 0 guests).
            hashpwn-bot, petrovivo1234

            Board Statistics

            Our members have made a total of 3.8k posts in 150 topics.
            We currently have 260 members registered.
            Please welcome our newest member, iceman.
            The most users online at one time was 49 on Thursday, December 26, 2024.

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent