Cracking Yoroi [firefox, windows 10]

Hi, I need to crack my spending password for my Yoroi wallet. I don’t think it will be impossible because I know the majority of the password. I found this python crack here Add Support for Cadano Yoroi Wallet + Example Algorand Util · 3rdIteration/btcrecover@4031ed8 · GitHub

However I’m having trouble finding the master_password argument it’s expecting.

There’s an .xpi file for Yoroi in $USER\AppData\Roaming\Mozilla\Firefox\Profiles\ri7f1l0s.default-release\extensions

It’s an archive that contains (what looks like) static assets and javascript files for the extension. I don’t see anything that obviously looks like data storage. Am I on the right track?

Spending password is not stored anywhere. It just becomes a part of an algorithm to decrypt/ encrypt your secret key.

Example: Let say your encryption algorithms is “x + y = z” (z is your secret key)
If x is your spending password, then what’s on your computer looks like " <user input> +y=z"

Entering spending password just completes the formula, doesn’t access any data storage to confirm if that is true.

Wrong password = wrong decryption , therefore no transactions are signed
Correct password = correct decryption, therefore transaction is signed and authorized.

Hey, could you find the master_password for the firefox extension? I’m having a similar issue and can’t find the hash. I tried looking in the ‘Storage’ tab in Firefox developer tools, but couldn’t find anything there. Any help would be highly appreciated.

The master_password is stored in a .sqlite file for firefox. It can be found in the profile folder of the browser. The location might differ based on the platform you are using, but process for extracting the hash is same.

PS - The tool works. I use to recovery my spending password. I hope it helps you too.

1 Like