A script to off-line test passwords in a blockchain.info wallet. If you forgot your password, with this script you can try and re-try passwords, indefinitely. And even better, you can bruteforce passwords using a dictionary file.
Install as global:
$ sudo npm install bciptk -g
$ bciptk --help
Usage: bciptk (-p <file ...> | -i <identifier>) [options]
A tool for test passwords on a blockchain.info wallet
Options:
-h, --help output usage information
-V, --version output the version number
-p, --payload <file ...> read payload from a file
-i, --identifier <identifier> get payload via API for that identifier
-d, --dictionary <file ...> check each password on this file
-n, --iterations <number> fix number of pbkdf2/iso7816 iterations. By Default check 1 to 20 and 5000
Examples:
$ bciptk -p mypayload.txt
$ bciptk -i "8ea09594-830c-4681-9d9e-6fe4fe7d8be6"
$ bciptk -i "8ea09594-830c-4681-9d9e-6fe4fe7d8be6" -d words.txt
$ bciptk -i pepito -d words.txt
$ bciptk -p mypayload.txt -n 5000
$ bciptk -p mypayload.txt -n 5000 -d wordlist.txt
Throughout time, blockchain.info used a different number of pbkdf2 iterations to encrypt the wallets. They started with just 1; then came 10, 20 and it is now 5000. That number however, is not provided for older identifiers, whenever you query a payload via API. This is why this tool uses all of these possibilities to try and decrypt the payload. New accounts on the other hand, do specify the number of iterations used in the wallet json. Therefore, if you know the exact number of iterations used to encrypt your payload, it is best to use the -n parameter with the correct number, to prevent the script from trying out all possibilities. When you specify an identifier and it is one of the newer ones, the script will use the exact number of iterations as indicated by the API. To recap: using the -n parameter to indicate the exact number of iterations will ensure it runs as fast as possible.
MIT
FAQs
Tool for bruteforce passwords on blockchain.info wallet
We found that bciptk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.