phantom_pwn - Phantom Vault Extractor & Decryptor
-
Make sure you read through all the information in the GitHub repo as it gives specific details on how to compile and run the toolset. The .go file is the source code which only needs compiled and run.
https://github.com/cyclone-github/phantom_pwnDouble check you have the wallet location in your command.
ex:phantom_extractor.exe "path_to_your_wallet\bfnaelmomeimhlpmgjnjophhpkkoljpa" -
thanks for this, i've managed to get the extractor compiled but based on the readme/github writeup i'm not sure what my next steps would be, it looks like an .exe file was created in the phantom_pwn directory. here's what i see right now: https://imgur.com/a/51OXTuw
i might be in over my head on this, hate to be a bother but any direction would mean the world, i really have tried to decipher the writeups and i'm just not sure what commands i'm looking for.
-
Fixed issue with Windows new line control characters, plus added several performance optimizations.
Source code:
https://github.com/cyclone-github/phantom_pwn/tree/main/phantom_decryptor
Release:
https://github.com/cyclone-github/phantom_pwn/releases/tag/v0.1.5
Issue Resolved:
https://github.com/cyclone-github/phantom_pwn/issues/6Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Hi @cyclone its billy from before can you help me recover seed phrase for a phantom wallet?
-
Hi Cyclone,
Thanks for creating this tool. It looks like I've almost got it but not quite. I get "Error opening Vault" but It did spit out a hash and I manged to get the hash into a txt document. The only problem is it can't decrypt. I'm assuming there is something I'm doing wrong or the vault I'm trying to access is corrupted. I also tried with your test hash and wasn't able to decrypt that either. I'm on macos. Sequoia. Once again thank you for your time, any help would be appreciated.
-
Hi Cyclone,
Thanks for creating this tool. It looks like I've almost got it but not quite. I get "Error opening Vault" but It did spit out a hash and I manged to get the hash into a txt document. The only problem is it can't decrypt. I'm assuming there is something I'm doing wrong or the vault I'm trying to access is corrupted. I also tried with your test hash and wasn't able to decrypt that either. I'm on macos. Sequoia. Once again thank you for your time, any help would be appreciated.
@cryptuhstonks Read through this GitHub issue and DM me if you run into any snags.
https://github.com/cyclone-github/phantom_pwn/issues/14#issuecomment-2613081472 -
Updated source code of
phantom_extractor v0.3.3-2025-02-04has been uploaded which now supports hashcat modes 30010, 26650 and 26651. While those hashcat kernels are not publicly released, the tool can be used to extract Phantom wallets for them.Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
Updated source code of
phantom_extractor v0.3.3-2025-02-04has been uploaded which now supports hashcat modes 30010, 26650 and 26651. While those hashcat kernels are not publicly released, the tool can be used to extract Phantom wallets for them.@cyclone said in phantom_pwn - Phantom Vault Extractor & Decryptor:
30010, 26650 and 26651
Without these cores the program won't work? I understand it works in conjunction with hashcat?
-
@cyclone said in phantom_pwn - Phantom Vault Extractor & Decryptor:
30010, 26650 and 26651
Without these cores the program won't work? I understand it works in conjunction with hashcat?
@John
phantom_extractorextracts the Phantom wallet vault into compatible hashes for eitherphantom_decryptoror hashcat modes 30010, 26650, 26651. Keep in mind, I do not own those hashcat kernels, so if you need them, you'll have to purchase them directly from the developers.Sysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
@cyclone I wanted to speak with you about your vault decryptors. I am currently working on a vault decryptor for solflare wallet but I have had some issues with decrypting the vault data with secretbox as it dosen't seem to be encrypted with the wallet password. Can we speak in dms?
-
I also noticed that the structure of solflare vault data is almost identical to the structure of phantom but it doesn't seem to be using the wallet password.
-
@cyclone I wanted to speak with you about your vault decryptors. I am currently working on a vault decryptor for solflare wallet but I have had some issues with decrypting the vault data with secretbox as it dosen't seem to be encrypted with the wallet password. Can we speak in dms?
-
Hi! thank you so much for this. I am super beginner, only started code with the help of claude recently...
I am trying to crack my own phantom wallet that I forgot the password (didn't write down the seed phrases... ). I have some clue on certain words that the password may contain (not sure either, but trying)
do I need both decryptor and extractor or just decryptor?
I managed to install GO and created exe file for windows (go build?) but when I tried with Key.txt (extracted from wallet), it didn't work..
(I tested on the phantom wallet which I know the password of, and used a random word list with the actual pass word inside) Any idea why this would be the case? Thanks so much! -
Hi! thank you so much for this. I am super beginner, only started code with the help of claude recently...
I am trying to crack my own phantom wallet that I forgot the password (didn't write down the seed phrases... ). I have some clue on certain words that the password may contain (not sure either, but trying)
do I need both decryptor and extractor or just decryptor?
I managed to install GO and created exe file for windows (go build?) but when I tried with Key.txt (extracted from wallet), it didn't work..
(I tested on the phantom wallet which I know the password of, and used a random word list with the actual pass word inside) Any idea why this would be the case? Thanks so much!@shinexyz You'll need to first run phantom_extractor to extract the vault hash, then run phantom_decryptor with that hash and wordlist containing password candidates. Try cracking the example hash first to verify you've got everything figured out and working.
