Releases: cyclone-github/metamask_pwn
Releases · cyclone-github/metamask_pwn
v0.2.2-2024-11-03
metamask_pwn
Toolset to extract and decrypt metamask vaults (wallets)
Metamask Vault Hash Extractor
Tool to extract metamask vaults to JSON and hashcat compatible formats
Info:
- Metamask JSON vaults can be decrypted with https://github.com/cyclone-github/metamask_pwn
- Previous Metamask hashes can be cracked using hashcat -m 26600
- New Metamask hashes can be cracked with hashcat using the custom -m 26620 kernel below
Metamask Vault location for Chrome extensions:
- Linux:
/home/$USER/.config/google-chrome/Default/Local\ Extension\ Settings/nkbihfbeogaeaoehlefnkodbefgpgknn/ - Mac:
Library>Application Support>Google>Chrome>Default>Local Extension Settings>nkbihfbeogaeaoehlefnkodbefgpgknn - Windows
C:\Users\$USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Usage:
- Linux:
./metamask_extractor.bin {metamask_vault_dir} - Windows:
metamask_extractor.exe {metamask_vault_dir}
d91fc9d0eed6a0c6d18c1e32ea9b05114c8dbdb094dc68210ee097a684eb3cd4 metamask_extractor_amd64.bin
026b28d6e027bd7ffd3e397a709ff2dfe9818dad19c815566ae751c117f2ddf1 metamask_extractor_amd64-darwin
9e0fc001af31e094d976f09f7081c8f8be6bf9ddf2d0bb4eba5622dd74ab0bb8 metamask_extractor_amd64.exe
Jotti Antivirus Scan Results
https://virusscan.jotti.org/en-US/filescanjob/z3iytxcmt7,am2sr3fuqi,b7rp3rrokj
Metamask Vault Decryptor
POC tool to decrypt metamask vault wallets
This tool is proudly the first publicly released Metamask Vault decryptor / cracker to support the new Metamask wallet vaults which have a dynamic iteration.
./metamask_decryptor_amd64.bin -h metamask_json.txt -w wordlist.txt
------------------------------------
| Cyclone's Metamask Vault Decryptor |
------------------------------------
Vault file: metamask_json.txt
Valid Vaults: 1
CPU Threads: 16
Wordlist: wordlist.txt
Working...
Decrypted: 0/1 5430.89 h/s 00h:01m:00s
Info:
- Supports previous Metamask vaults as well as new vaults with "KeyMetadata" which have dynamic iterations
- If you need help extracting Metamask vaults, use
Metamask Extractorhttps://github.com/cyclone-github/metamask_pwn Metamask Vault Decryptoris superseded by hashcat, however,Metamask Vault Decryptoralso displays the seed phrase alongside the vault password, which hashcat does not currently support
Example vaults supported:
- Old vault format:
{"data": "","iv": "","salt": ""} - New vault format:
{"data": "","iv": "","keyMetadata": {"algorithm": "PBKDF2","params": {"iterations": }},"salt": ""}
Usage example:
./metamask_decryptor.bin -h {wallet_json} -w {wordlist}
Output example:
If the tool successfully decrypts the vault, tool will print the vault json, seed phrase and vault password
Decrypted Vault: '{}'
Seed Phrase: ''
Vault Password: ''
50fba5417ccfb09af88afe48712bd63c5952df3b54a5f1599f2b38cfa26f314d metamask_decryptor_amd64.bin
885236e55c5f09a7f002836ec6f67ec0cf90589948ffb5210ac02f306d03fcf4 metamask_decryptor_amd64-darwin
ad59fa381989433da373495b434bb4d16926c85cc9d88b0c855fe6fcbcad2a19 metamask_decryptor_amd64.exe
Jotti Antivirus Scan Results
https://virusscan.jotti.org/en-US/filescanjob/6dvc9yybsp,e14p4lmoq7,86gl7dowj5