Hardware hacker Joe Grand and his team successfully recovered $3 million worth of Bitcoin from a software wallet that had been locked since 2013. The project, which Grand described as unlike anything he had worked on, involved reverse engineering a password generator to unlock the wallet. Grand, known for his expertise in hardware hacking, collaborated with his friend Bruno, who is adept at software hacking.
The story began when Michael, the wallet’s owner, reached out to Grand after seeing a video where he had hacked a hardware wallet. Michael had used a password generator called RoboForm to create a highly secure 20-character password, which he then saved in an encrypted text file. However, the partition holding the password became corrupted, rendering the password irretrievable.
Grand and Bruno initially declined the project because brute-forcing a password of that complexity was infeasible. However, a year later, Bruno’s work on reverse engineering another password generator inspired them to reconsider. They decided to attack the RoboForm program itself rather than the password, discovering that older versions of RoboForm were vulnerable in their randomness generation.
The process began with reverse engineering tools like Cheat Engine and Ghidra. Cheat Engine allowed them to search through the running program’s memory to identify where the generated password was stored, giving them confidence that they were targeting the correct part of the program. They then used Ghidra, a tool developed by the NSA, to decompile the machine code into a more understandable format. This step was crucial as it helped them locate the code responsible for generating the password.
Their breakthrough came when they found that the system time influenced the generated passwords. By manipulating the time values, they could reproduce the same password multiple times. This indicated that the randomness of the password generator was not entirely secure in older versions of RoboForm.
Grand and Bruno wrote code to control the password generator, effectively wrapping the original function to manipulate its output. This involved setting the system time to various values within the suspected timeframe when Michael generated the password. They generated millions of potential passwords, but initial attempts to unlock the wallet failed.
The team faced numerous challenges, including repeated system crashes and extensive debugging sessions. Their persistence paid off when they adjusted…
Click Here to Read the Full Original Article at Bitcoin (BTC) News | CryptoSlate…
