Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20201127134611.GA4836@openwall.com>
Date: Fri, 27 Nov 2020 14:46:11 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: electrum2john.py does not work with ledger or trezor encrypted wallet files?

On Fri, Nov 20, 2020 at 10:08:34AM +0100, Antonio Rossi wrote:
> I'm testing the script 'electrum2john.py' with wallet files created in
> Electrum and passphrase encrypted either with a Ledger or a Trezor
> hardware wallet but I get this kind or errors:
> 
> Traceback (most recent call last):
>   File "./extract-electrum-halfseed.py", line 42, in <module>
>     wallet = ast.literal_eval(open(wallet_filename).read(64 * 2**20))
> # up to 64M, typical size is a few k
>   File "/usr/lib/python3.6/ast.py", line 48, in literal_eval
>     node_or_string = parse(node_or_string, mode='eval')
>   File "/usr/lib/python3.6/ast.py", line 35, in parse
>     return compile(source, filename, mode, PyCF_ONLY_AST)
>   File "<unknown>", line 1
> (content of the original wallet file follows and it is omitted)
> 
> I tested the same script with other wallet files created without any
> hardware wallet and it works perfectly however.
> 
> So the question is, does 'electrum2john.py' work only with wallet
> files created in electrum without involving hardware like a trezor or
> ledger?

I was hoping someone familiar with this would reply, but since no one
did I think the answer is we don't know.  Your analysis suggests the
script (and maybe not only the script) lacks something needed to support
those wallets, but I'm not sure it is correct.  Here's why maybe not:

If your usage of a hardware wallet makes sense, the files you have on
your computer are not supposed to be fully usable without assistance
from the hardware device each time you make a transaction, not even if
you know the passphrase.  So you also shouldn't necessarily be able to
probe passphrases against the regular wallet files on your computer.

You should be able to do that against deliberate backup export files
from the hardware device, if any are supported and are protected with a
passphrase.  Those are supposed to be usable for loading onto a new
hardware device if the old one fails, and thus they shouldn't depend on
anything stored solely in the device.

The above is based solely on common sense.  I am not familiar with
Ledger and Trezor.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.