Skip to content

New KDF #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Banaanhangwagen opened this issue May 31, 2024 · 5 comments
Closed

New KDF #3

Banaanhangwagen opened this issue May 31, 2024 · 5 comments

Comments

@Banaanhangwagen
Copy link

Since Phantom v24.9 Phantom changed the way the KDF is derived. The extracted vault mentions now scrypt instead of pbkdf.

Example of an extraction with password password :

{"encryptedKey":{"digest":"sha256","encrypted":"4q67Hurr6i5g3iC9i93qgevw1AHByfu4cB2hX7GGuGKGMwPazQ7eJu7PAfnYZaaCyD","iterations":10000,"kdf":"scrypt","nonce":"EokY5qjXKHXiGg6LuZYDtgLFP1dtYpLVM","salt":"HopKt4jDL62TD8i8d2gTTh"},"version":1}

I tried to change the code by simply using key = scrypt(password, salt, 32,16384,8,1), but that would be too easy, right ?

maybe someone has another idea ?
@cyclone-github
Copy link
Owner

cyclone-github commented May 31, 2024
edited
Loading

This is confirmed on Phantom v24.9.1. In order to decrypt these, phantom_decryptor logic will have to be rewritten to support scrypt. I'll look into this as time allows.

cyclone-github added a commit that referenced this issue May 31, 2024
@cyclone-github
note: #3
884a81f 
KDF switched from pbkdf2 to scrypt in Phantom v24.9.x
cyclone-github added a commit that referenced this issue Jun 1, 2024
@cyclone-github
v0.1.2-2024-05-31-1700; acknowledged #3
8a06fba
@cyclone-github
Copy link
Owner

Added support to phantom_extractor so it can extract hashes from Phantom v24.9.x vaults. ef1c864

@decipherBTC
Copy link

decipherBTC commented Jul 3, 2024
edited
Loading

Hello, have you had any time to look into it? Anything you have already checked and a status would be nice! Ill try to work on this tomorrow. By the way, in your writeup on the decryptor for new vaults you say that you get a payload which you can use on the other json strings - but i dont get that payload? I only get a password.

@cyclone-github
Copy link
Owner

Hello, have you had any time to look into it? Anything you have already checked and a status would be nice! Ill try to work on this tomorrow.

I've only briefly looked into this, but the v24.9.x vault appears similar to v24.6.x, but uses scrypt rather than pbkdf2 for the KDF.

By the way, in your writeup on the decryptor for new vaults you say that you get a payload which you can use on the other json strings - but i dont get that payload? I only get a password.

The phantom_decryptor tool only cracks the vault password on <= v24.6 which is the previous version. Decrypting the full payload on v24.6 vaults is a process described here: https://github.com/cyclone-github/writeups/blob/main/Pwning%20Phantom%20Wallets.pdf

@cyclone-github
Copy link
Owner

cyclone-github commented Jul 3, 2024
edited
Loading

For anyone else following along, here's the scrypt parameters found in Phantom v24.11 source code:
src/background/background.js
N=4096
r=8
p=1
dkLen=32

case "scrypt":
	return c.from(yield(0, i.scryptAsync)(e, t(s).decode(r.salt), {
		N: 4096,
		r: 8,
		p: 1,
		dkLen: u.secretbox.keyLength
	}));

Phantom source code (Chrome Extension):
https://gofile.io/d/YXhKek

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Banaanhangwagen @cyclone-github @decipherBTC