Recovering password for TrueCrypt wallet containing BTC

19 replies 26 views
its_maxiMember
Posts: 5 · Reputation: 92
#1May 8, 2025, 11:06 AM
Hey everyone, I've got this wallet.dat file with 2.78 BTC in it. I encrypted it with TrueCrypt and set a password, but I've totally forgotten what it is. I remember a hint though: it might be "nevada". If anyone has tips or knows how to use BTCrecover or any other methods to crack the password, please let me know. I’m ready to reward anyone who can help me decrypt the file with 1 Bitcoin. Here’s my Bitcoin address: 1L8SqDEvaA3WnDinobai21ZbnyC79XuJGn. Feel free to check it out. I’ll share the hash for reference. Just copy it into a text file and take a shot at it: container.tc:truecrypt_RIPEMD_160$6976410c2c124fb30a2ee495471f03f35e4d3e52a21ab68a40a1996aa374b3655268cccd0f2092eef6f3ec1a21dc91eb15c35eeb293f4372f0a66a014f814ef228beec2395f62aaf4fea0437e34114e3f187c4d8bd2a259a7772b722a3034308e4e39d9e92355e6f6a44b758a4da840ba656524449e176fbecf9e1969bf0c79a58694cf21c67d8303029d1980f15e419394caa5534a6c82fd5e9ced8f79991ab141060845590db7cc87e0ac5dc4e11ea321479f925717c92891526b72ca49dd943acafd5f0ad45ff4dfdde6702d557316e57a3bbbd6dfe3532c6863668df1f292a50921bcacb4f9c312f74141b694ad1b64470a84797c28e6f40a8c7caa3b2194e0c62a48ea4b4d16d60993b36f3698434dbad6f6efde4c5a83846f7ffcbf9ddcb7e972891b7723f6fce04cf048076bdb4f1f0e95f77a23d5e9a58a548dbc487865c3772d7d2703363fc62a49e9b187b662e1e1039f469d958705632ee763d193f28c97dd675d393225aab1b4db430fd623c64402ebd625b012cf1c3223884272c8ef52a2776cb178dbc99c93db4f6c2e3985cf98bded7111a7efc5b5fe6453f731a5480124b6e39a3ce0ca6b4b79fac6e9f76b8dd59a2c62be50181425c824099586b12fdf252e14057756afe89b0baed820f22b5e307967f2456e239919a68fdd06772bea3ba91b95f4262ab7f6e1b7527d6fd8c0caaa57d781692213d4cf4:normal::::container.tc container.tc
8 Reply Quote Share
davealphaSenior Member
Posts: 257 · Reputation: 975
#2May 8, 2025, 02:51 PM
Assuming that the wallet.dat file is really yours and that you didn't bought it in the hopes of finding the password (who locks almost 3 bitcoin without noting down the password ?), I really don't see how you can achieve this. My first suggestion would be using John the ripper[1] and hascat[2] but TrueCrypt has near perfect cryptography and these tools would probably only help you in finding one or two characters at most. If the password was complex and had a mix of numbers and special characters I would say forget it but perhaps someone who is more knowledgeable in this matter will show up with a better solution than mine. [1]https://www.openwall.com/john/ [2]https://hashcat.net/hashcat/
3 Reply Quote Share
its_maxiMember
Posts: 5 · Reputation: 92
#3May 8, 2025, 08:31 PM
Yes, the file is mine. If it was not mine, how could I know the general wallet address? Because I don't want to put the encrypted file here, I just put its hash, and whoever can decrypt the hash can find out the password.
3 Reply Quote Share
its_maxiMember
Posts: 5 · Reputation: 92
#4May 8, 2025, 11:06 PM
UP UP
3 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#5May 8, 2025, 11:21 PM
It seems to be tall task. I don't have resource to perform brute-force, but i have few thoughts. 1. It's possible the wallet.dat is encrypted twice (by Bitcoin Core and TrueCrypt). 2. Aside from hint you've shared. Do you remember how long is the password and which character you use? 3. If your password has relative small amount of possible combination, it can be brute-forced with modern high-end GPU. For example, RTX 4090 has speed ranging from 100 to 3500 kH/s depending on encryption type you use. Benchmark link (not mine), https://gist.github.com/Chick3nman/32e662a5bb63bc4f51b847bb422222fd. Using TeraCrypt is non-standard approach, so i doubt OP is lying. Besides, Teracrypt was discountined on 2014 where Bitcoin price was about few hundred dollar which isn't big money for people who live on developed country.
2 Reply Quote Share
hodlg4ngSenior Member
Posts: 129 · Reputation: 853
#6May 9, 2025, 12:04 AM
You could have just posted any random address; there is no way to prove that it corresponds to one of the private keys in your encrypted wallet.dat unless you can decrypt it and sign a message. Furthermore, we've seen this many times here. People sell encrypted wallet.dat files (sometimes together with some address to 'prove' funds are in the wallet). Hashes cannot be decrypted. A hash is just that: a hash. A digest. You're asking for people to brute-force a whole wallet.dat file just from its hash and then it would still be encrypted & they would have to decrypt the wallet file itself. Task 1 is already impossible and task 2 is pretty tough; combine them (for no reason whatsoever) and you can basically close this thread.
1 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#7May 9, 2025, 04:26 AM
Address 1L8SqDEvaA3WnDinobai21ZbnyC79XuJGn has a current balance of 2.11752132 BTC and last outgoing transactions where UTXOs of this address were spent were in 2021-03-03: tx bdc3bc54a358301552c03eecb5c6994bc13066284f795211a2db6497f5692cd7 2021-01-09: tx d27a036c3d1acd27f7b57b3c3bc0e85cff1b03714e1b8b03274f161badac38c4 So in the first months of 2021 the owner of UTXOs of this address apparently had access to this address' private key and the other involved inputs in above transactions. I'm not convinced because a Bitcoin Core wallet uses a lot of keys and public addresses, not just a single one. And naming a public address with a suitable balance isn't hard at all. Your passphrase hints for the Truecrypt container are rather insufficient. My question would be: why didn't you document such an important secret? As n0nce points out, having the hashes isn't quite enough. An attack to crack the Truecrypt container passphrase would also need details how Truecrypt processes the passphrase to get to hash digests. Well, likely hashcat or similar tools know how to deal with cracking Truecrypt containers. And then if someone manages to crack the Truecrypt passphrase: what about the contained wallet.dat file? Is this protected by a passphrase, too? Is the Bitcoin Core wallet.dat passphrase known?
2 Reply Quote Share
DarkSeedSenior Member
Posts: 209 · Reputation: 1423
#8May 9, 2025, 06:09 AM
There are stories of people being thrown to jail permanently for failing to disclose a Truecrypt password. If anything, this showcases the power of a proper password, and Truecrypt can use a cascaded algorithm setup, which means a proper password is just a nightmare to crack. Even if SHA256 got cracked somehow, there would be more to do ahead. Also, Truecrypt was replaced by Veracrypt and is no longer considered safe, so that to me is interesting that people still use TC containers. As far as the password for the wallet.dat, im assuming that this guy has a known wallet.dat password, otherwise, whoever cracked the wallet.dat, would just take the funds isn't it? or he is naive enough to think that they would crack it, then ask for permission to take the funds? im assuming that's not the case here.
2 Reply Quote Share
hodlg4ngSenior Member
Posts: 129 · Reputation: 853
#9May 9, 2025, 09:57 AM
That's correct, however that's what people have been asking for in this forum repeatedly. For someone to crack their ('own' -- in reality: bought, fake) wallet.dat password, assuming the person doing it wouldn't then just go ahead and empty the wallet immediately. Maybe wallet scammers changed their strategy and now sell supposedly TrueCrypt-encrypted wallet files, instead, that when decrypted are still secured with a password. Meanwhile it's just a /dev/random dump.
6 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#10May 9, 2025, 10:29 AM
Yes, I remember vaguely that Truecrypt offered such an option of cascaded hash algorithms, which means that you need to know this setup detail for a crack attack, too. It would slow down the process somewhat significantly, especially if you had to try different possibilities in this area, too. Sounds more and more like real pain in the ass. I wouldn't waste my time and energy with such few hints in this particular case. No one knows if the OP keeps his word and especially if the wallet.dat actually has at least the private key for the mentioned publich address. Too many IFs... wallet.dats for sale are very very likely 100% scams. You can wrap a pile of poop in fancy paper, it's still just poop.
4 Reply Quote Share
DarkSeedSenior Member
Posts: 209 · Reputation: 1423
#11May 11, 2025, 07:51 PM
I remember reading some sort of crypto mail list way back when and there were some people arguing that actually cascaded algorithm setup wasn't that great, and that one should stick to the classic SHA256 only scheme, but im not sure about that. If I used TC, I would first not use TC because it was compromised or so I heard, and that you should use VC (VeraCrypt) and then would research again on the cascaded thing. I also liked that this software allowed you to move the mouse around to create entropy, I wonder why Bitcoin wallet generation does not include this feature.
0 Reply Quote Share
hodlg4ngSenior Member
Posts: 129 · Reputation: 853
#12May 13, 2025, 09:36 AM
Nowadays it's mostly not recommended to use any kind of user-action-derived data for entropy generation, since humans are incredibly bad at creating true randomness, even when trying their best to do 'random' things such as mouse movements or even selecting a random sequence of zeroes and ones. There is a number of scientific publications on this too, as mentioned in this StackExchange answer: https://crypto.stackexchange.com/a/87982
3 Reply Quote Share
its_maxiMember
Posts: 5 · Reputation: 92
#13May 13, 2025, 11:53 AM
Thanks everyone for trying to help me. Actually, I would like to decrypt TC, but that seems rather difficult. Especially since it is not possible to waste time on decryption. Thank you very much
1 Reply Quote Share
omega_bearFull Member
Posts: 116 · Reputation: 780
#14May 13, 2025, 05:04 PM
maybe they help https://forum.hashkiller.io/index.php
3 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#15May 13, 2025, 07:46 PM
It is a real possibility, especially if the wallet.dat was not created like pre-2011 when there was no password protection of any kind. Although there is also a small chance of the password of both encryption stores to be the same. I remember that bitaddress.org and GnuPG also listen for user-generated keystrokes and turn that into entropy, somehow, but they combine it with other sources of entropy.
3 Reply Quote Share
nonce404Member
Posts: 3 · Reputation: 145
#16May 13, 2025, 11:28 PM
Could be done, with 2 factors to consider: 1. details of the password for TrueCrypt container (length, symbols used, pattern) - very important 2. encryption methods used (there are many combinations) - important, if you don't have details of p.1 If the password length is very long and if you don't remember the pattern and used symbols, brute forcing it os not feasible.
0 Reply Quote Share
lynx_2021Member
Posts: 19 · Reputation: 176
#17May 13, 2025, 11:47 PM
You need to tell us specifically what the hint (nevada) means. Does it mean that "nevada" is part of the password? Does it make you think of some special person, scene, or experience in your life? If you are the owner of the wallet.dat file, you should be able to tell such information easily.
4 Reply Quote Share
bit2017Senior Member
Posts: 278 · Reputation: 1886
#18May 14, 2025, 11:27 PM
He won't be able to provide any information because it is not his Bitcoin wallet. Here's the background on this: This originated in 2014 as part of a scam email. The email in question reads as follows: Later, in 2017, the message above saved as "walletpass.txt" was widely distributed across P2P networks along with a file called "container.tc," which is the file this user is attempting to crack. For reference, you can find more details here: https://www.virustotal.com/gui/file/e5335c2233db0de78d597d9a76c752c6a594a926776e27473a20d689dfe3ab98 The key format is RIPEMD-160, "Nevada" is not part of the password, and the files within the encrypted container are unrelated to any form of digital currency. Sorry, but this was a scam. It was never real... https://i.postimg.cc/c4V0ZpcG/not-your-wallet.png
0 Reply Quote Share
im_lynxHero Member
Posts: 515 · Reputation: 2161
#19May 15, 2025, 04:23 AM
Quoted to make image of newbie visible. Out of curiosity: how are those details known, has anyone cracked the container? Well, well, whatever is actually the truth. Whoever paid for such a file, should know that it's very likely a scam as are practically all faked Bitcoin Core wallets that are passed around to the gullible ones. OP went inactive/silent since about a year, so anyway, nothing to see here.
3 Reply Quote Share
alt_gangFull Member
Posts: 70 · Reputation: 451
#20May 15, 2025, 08:46 AM
Clearly, this is neither the first nor likely the last time that newcomers ask for help with the nearly impossible task of brute-forcing a wallet.dat password. Newcomers who fall victim to scams—such as buying these wallet files from others—will always claim that the files belong to them. However, even if the files are genuinely theirs, the chances of success are extremely low. Most likely, the original owner has abandoned the wallet, or it is just a fake wallet.dat file being sold at a low price.
3 Reply Quote Share

Related topics