john icon indicating copy to clipboard operation
john copied to clipboard

Published 20 hours ago verified publisher icon openwall

Support Electrum 3.x+ wallets

Open skrat opened this issue 4 years ago • 13 comments

@kholia I would like to understand why the old versions of Electrum wallet are not supported by the electrum2john.py script. In the relevant part of the script, it says nothing about why it is not supported. I would like to make this working. Thank you.

I know the old wallets use different seed format, that's all I know at the moment. I'm not sure what needs to be extracted from the wallet in order to make it crackable by john.

locked_wallet: Unsupported Electrum2 seed version '32' found!

skrat avatar Jan 25 '21 18:01 skrat

I'm no Electrum expert, but seed version 32 looks like it's way newer than what that part of the script supports. Puzzling. Maybe an upgraded wallet (created with older Electrum, then imported into newer)? Just a guess.

solardiz avatar Jan 25 '21 22:01 solardiz

@skrat Do you intend to provide any further comments here? To me it looks like your original question is not applicable - you ask "why the old versions of Electrum wallet are not supported" whereas your wallet actually appears to be too new. So I wouldn't expect a literal answer from @kholia here, or at least wouldn't expect it to help.

solardiz avatar Jan 29 '21 16:01 solardiz

@solardiz the wallet is originally from early electrum versions but since it was opened in a recent version, the seed version was updated. I was only able to use electrum2john.py with a backed up version of that wallet.

skrat avatar Jan 29 '21 18:01 skrat

@skrat Thanks for confirming this. If you remove these 3 lines from the script:

    if wallet.get("seed_version") not in (11, 12, 13) and wallet_type != "imported":  # all 2.x versions as of Oct 2016
        sys.stderr.write("%s: Unsupported Electrum2 seed version '%d' found!\n" % (bname, wallet.get("seed_version")))
        return

will it by any chance just happen to work right on your upgraded wallet?

solardiz avatar Jan 29 '21 18:01 solardiz

@skrat Did you have a chance to try removing those 3 lines? Quite possibly the code readily supports newer wallets and we just didn't know that and thus didn't allow it yet - if so, we should. So please help us figure this out. Thank you!

solardiz avatar Feb 14 '21 21:02 solardiz

For Electrum version 33 (3.4.+) method not work for not crypted wallets (type = imported).

If you create a test wallet with test pass (without checkbox "crypt wallet") and use script to extract 16+16 bytes from xprv, hashcat cannot find them. At this wallets xpub key is beginned from "zbup"

At this wallets password use for seed (first 16 bytes). As AES_CBC and SHA256 2 times of password. Converted from hex decoded the first16 bytes of seed are correct.

If wallet crypded and script create v4 hash - password is finded ok.

Layder76 avatar Mar 18 '24 11:03 Layder76

Thanks @Layder76. I haven't been keeping track of this issue. It'd help if you clarify what you posted, perhaps separately listing "desired behavior", "actual observed behavior", and "suggested changes".

When you write about "not crypted wallets", it is unclear to me whether this is something we should support at all - maybe just to error out explicitly, saying the wallet is not encrypted? Is this what you mean and suggest?

Also, it'd help if you frame this in terms of what we have in this project alone (that is, processing the output of *2john tool with john). The reference to hashcat is fine as an extra, but we focus on self-contained functionality here first, and on reuse by other projects next.

solardiz avatar Mar 18 '24 17:03 solardiz

Hi all!!! Solution found, script is ok problem at pass check - new Electrum wallets have xprv string, beginned from "zprv", instead of "xprv", and btcrecover.py and hashcat can't found it. a btc recover need add check to zprv at module btcrpass.py

before: if xprv.startswith(b"xprv") : # BIP32 extended private key version bytes after: if xprv.startswith(b"xprv") or xprv.startswith(b"zprv"): # BIP32 extended private key version bytes

hashcat need add check at module

https://github.com/hashcat/hashcat/blob/master/OpenCL/m16600_a3-pure.cl

line 447 if ((u8) (out[0] >> 0) != 'x') continue;

to same

Layder76 avatar Mar 19 '24 08:03 Layder76

Thanks @Layder76. We also have a number of checks for xprv in JtR, including in electrum2john.py and electrum_fmt_plug.c. Yet you say the "script is ok"? So do we only need to add the extra check in electrum_fmt_plug.c? Why not also in electrum2john.py?

solardiz avatar Mar 19 '24 14:03 solardiz

@Layder76 I've just added the check for zprv to electrum_fmt_plug.c. Do we need to do anything else? Any change to electrum2john.py at all? Perhaps revise the version check? Please suggest a specific edit if you can. Thank you!

Also, maybe you'd send us a pull request against https://github.com/openwall/john-samples adding a directory with test-only Electrum wallet(s) with known passwords (in a nearby password.txt) and no funds nor anything else unsuitable in the wallets?

solardiz avatar Mar 20 '24 00:03 solardiz

@skrat Thanks for confirming this. If you remove these 3 lines from the script:

    if wallet.get("seed_version") not in (11, 12, 13) and wallet_type != "imported":  # all 2.x versions as of Oct 2016
        sys.stderr.write("%s: Unsupported Electrum2 seed version '%d' found!\n" % (bname, wallet.get("seed_version")))
        return

will it by any chance just happen to work right on your upgraded wallet?

yes, all version up to latest at this moment (59) work ok i was also modified btcrecover extract scripts https://github.com/3rdIteration/btcrecover/issues/457

Layder76 avatar Apr 25 '24 11:04 Layder76

Thanks @Layder76. We also have a number of checks for xprv in JtR, including in electrum2john.py and electrum_fmt_plug.c. Yet you say the "script is ok"? So do we only need to add the extra check in electrum_fmt_plug.c? Why not also in electrum2john.py?

script is correctly extract hash from new electrum wallets with zprv/zpub keys (from 2019 zprv/zpub used instead of xprv/xpub)

but I was no used this instrument (jonh) to restore password. I wll try to use it

Layder76 avatar Apr 25 '24 11:04 Layder76

yes, all version up to latest at this moment (59) work ok

Thank you. I see magnum already revised the script in 2022 to relax the version check - it does not have that not in (11, 12, 13) logic anymore. It has a stale/wrong comment on that line, but indeed a comment doesn't affect how it works.

-    if wallet.get("seed_version") not in (11, 12, 13) and wallet_type != "imported":  # all 2.x versions as of Oct 2016
+    if wallet.get("seed_version") < 11 and wallet_type != "imported":  # all 2.x versions as of Oct 2016

So it looks like we should close this issue now?

I was no used this instrument (jonh) to restore password. I wll try to use it

We'd appreciate your testing. It would also be great if you'd provide us with empty sample wallet(s) as I had suggested in a previous comment.

solardiz avatar Apr 27 '24 01:04 solardiz

a stale/wrong comment

I've dropped the comment. While there's room for more testing, I think the most essential work on this issue has been completed, so closing it.

solardiz avatar May 25 '24 14:05 solardiz