Join GitHub today
BitShares v0.x wallet password hash type: sha512_hex(sha512_binary(password)) #1572
BitShares is a blockchain-based decentralized asset exchange. It started in 2014 and today has a market cap of $641 million. BitShares uses the cryptocurrency token BTS. Like other cryptocurrencies, BitShares users use a secure digital wallet to 'store', send, and receive BTS. However, if a user forgets their BitShares wallet password, they lose access to their BitShares funds. It is common to see these users ask in forums for help recovering their lost wallet password. It is easy to extract the
Note: cracking the
Note: this is for the older version of the BitShares client, up to and including v0.9.3c. The BitShares-2.0 client wallet encrypts passwords differently.
Steps to extract the password checksum
Something's strange here!
While your example from JSON works, bit it seems to be using a client from Sep 22, 2015, but this is the latest version 0 (or 1?) on GitHub (did it move somewhere else?).
Now if you take a look at JtR which support cracking BitShares.Setup.2.0.180115.exe it access a sqlite database. The KDF is the same, but no more password_checksum field. It now needs an additional AES descrypt (plus it became salted) this way to find out if the password is correct.
The question is now what's the right algorithm and if there's actually 3 different algorithms (including the one from the backup files).
Yes this is for the older version.
We saw a surge of users who bought BitShares early in 2014-2015, used this older wallet client, ignored it for a few years until receiving the news their price soared, then came to forums asking for help recovering their wallets. They have wallet JSONs.