If you import secret.key without password setting, an error will occur at the time of remittance

thank you for your reply.

“b76536a4~” was extracted from the sqlite file by having Daedalus import the secret.key. However, something different from your master key came out.

How did you extract “b573~”?

The export-wallets tool can’t extract the private key without the status folder, right?

Sorry, I am not following you. Sqlite DB is for new key store mechanism.
The old Byron recover comes from secret.key files.

I created an extraction tool too for john (cardano2john.py) that extract the keys to john format.
Keep in mind, the john tool is about the old Daedalus secret.key file based recovery.

I do not know what you’re doing as you’re just dumps some hints here and there, but from which what I could decipher that those do not make sense for me.

Example:

$ cd john/run
$ pip3 install cbor2
...
$ ./cardano2john.py /tmp/iog_secret.key | tee wallet.john
$cardano$1$b57361ebe335fa171a260fea7d3277579c212dc74fc2a408d6cbd8a6e7a847cab3c44c5fb190705ddd2698f2d5390798893349b4321e7474b1ce06c9d410b3d6055b42d4a95f19cb34b516a160a306c0eaef398e70ea91da450ccb2a7819e95b8c000436b43d5de6b0dd189cbfb0fc9ff954809abcb574d994cb5fafaf56b781
$cardano$1$a00710ce083a17b6b1659d1540bc09fa0bdb5cb7a2f3c0c90c1996109b99a44f4f85a565f97b0e3207cf7d5cb4e28f53d8f84c7c7efa1cdb4f727e87e1e0952096f9cfd23fe63058756563d95ae7227ac10d37c4bd88733a06420c76619d738fd1ac606295e3bd70ea9f68c78d505ad50a9f1de588845c96218a6e89903b8c71
$cardano$1$264ee1d412910811d725af34969dec27574796eefafac980139d677daad6ab4e6e70308f309cdd6423257c776b790da99d0d35f59ed7a9a705b69a741ab1788b918a486c39b5f5917956aeb146ba1e0aa60e43b60cc1539c33ce3118a9ee8f0b42436f89ce135d6cb8ff7f440c52502d0e0d8d586afdded2c8326e644696cedc
$cardano$1$80708d6f0593c4a52bc81bed82155e9ca128315257377712ea1835f25bea514e634b9f65b5b6ff8d017f5d68de34f25ef7db7a8ec57446d22b3dc0fadaa1fbc7f93ba45ee18a5b00b8ec708422f91bf722f46acbea56d99702ddbaff6c60118aa03470e7e10f4372bbdc74c0816605ee6a01239064b0569c0010b294938f1e43
$cardano$1$02fc72724cec5f9df9a06ca0019cca7d2ea0c4974fb1f4e29ee26c81856ed7c02db79337952571405415f6609076858371f11edf19aec233b3bf7e2735b41acfb88dbec8c3d8420249139bdbc470736312ae4806e8aa529ea7dc77ba9832eb34e7d1a7c87bb262899b66b468bcc58c29d4dfb1e12d65cd77fe28f654b92bc3e0
$cardano$1$90a1b36331ed4a7f0f5243dc5cafc98218156a0750bdb401c87f6e828cb8fd5e0f6bd1342b8b22818e4de55518c121ba1350ea2f64421e7cd38f6a08dbabc47406283ca958aad4bb8ec95bf5d2770135c6335ee999cbd4fe96f03be3a214c9ef0d3a2930da0e3b335654ecf61f7172441e30ea22588db985673ef5c77783870a

$ ./john --wordlist=password_candidates.txt wallet.john

I have no clue how export-wallets works, as I have not used it at all.
You only need john, the secret.key file and the password candidates to decrypt the encrypted master secret key.
But, tbh, I have no clue what and how you do your things, but it clear that you have limited understanding of this topic (that’s not a problem as ppl who are capable of learning/growing can come over that limitation).

1 Like

Thanks ilap.

I did not get good results with the john tool. Because I am sure I updated my password more than once. Or because Daedalus updated around 2019 and I changed my password then.

But I have a limited password.
How can I try that?

I would like to know other ways.

For example, hashing the password and recovering it with API to test money transfer.

Thanks for sharing john and other tools.
I appreciate it very much.

That’s suck and there is no tool for that.
If I would you I would write a tool for that, but the problem is that there can be some issues in different updates of Daedalus versions. Might be once it required to heave a “\n” add the end of password which could have been removed in later version. So, to tackle down correctly, it would be required to imitate all the Daedalus updates’ behaviours with some off-line like tools, and very precisely track the events.

For example, Daedalus updates and the exact details you have done from 2017 till now. E.g., when did you change your password, or even did you set any at all at the beginning (as in the beginning the old Daedalus did not require a spending password and it was optional)?

So, I am not sure, it’s a quite complex issue.

1 Like

ilap,thanks for the reply. You are very kind.

I hope you will make that tool.

I was looking for a password hash that Daedalus can recognize.

For example, it will hash and recover “Secret1234”.

Once the Daedalus remittance password is set to “Secret1234”, you can test the remittance. I searched for that algorithm and found it.

// @flow

import blakejs from ‘blakejs’;

const bytesToB16 = (bytes) => Buffer.from(bytes).toString(‘hex’);

const blake2b = (data) => blakejs.blake2b(data, null, 32);

export const encryptPassphrase = (passphrase: string) => (

bytesToB16(blake2b(passphrase))

);

I am going to try this tonight to see if I can create a password hash with this and use it as a money transfer password in Daedalus. Is this possible?

I have the old Daedalus files so I have the LOG too.

I did not set a password on the first Daedalus.

I changed my password.“2019-05-08T10:33:39.476056”,“hasSpendingPassword”

Too bad the password hash was not recorded in secret.key.

Will the secret.key with the password changed in May 2019 work in john?

Why doesn’t john work if I change my password more than once?

The log starts from January 2018. I didn’t set a password when I created the wallet.

Updated to DAEDALUS 0.13.1 on May 8, 2019.

This is when I set the password for the first time.
(There is a possibility that it has been changed several times for confirmation here.)

Updated to DAEDALUAS 0.15.1 on January 14, 2020.

Until January 13, 2020, the wallet information was listed in the log. After updating to 0.15.1 Daedalus didn’t open until January 2021.

When I took out secreto.key and imported it, it was a wallet without a password.

I have several passwords. I think it’s one of them. But it doesn’t work for john. I would like to do a direct remittance test.

Are you making a tool now?

ilap, thank you as always.

Hi,

I did not have any spare time for this. Though it should not be hard as it should be based on some permutations with repetition for all of your password candidates.

Cheers,

Pal

@okepod
Check this. I created a recover.js for all possible permutations.
Repetation of the same password does not matter as it just decrypt/encrypts the same master key.
Meaning, using the same password twice will result the same encrypted master secret key, so no point of considering them.

2 Likes

ilap,thanks for the reply.

You are very kind.

Thank you for making it despite your busy schedule.

i will try tomorrow. I will also report the results!