It’s probable that some of you reading this will have been approached in the past by people who’ve lost the password to their crypto wallets. They hear that you’re involved in some kind of “hacking”, and they cling to the forlorn hope that you might just be able to recover their lost wealth. For most of us there’s little chance we can help, but in [Joe Grand]’s case he has made it something of a specialism. He’s given an account of how he and a friend recovered a particularly difficult password.
The password in question had been generated by RoboForm, a long random string that was impossible for its owner to remember. The only chance of finding it lay in discovering a flaw in RoboForm, and that seemed hopeless until the discovery of a changelog reference to improving the random number generation of the software.
The video below details some of the detective work required to find the password, first reverse engineering an old version of RoboForm to find the flaw, and then the discovery that the random seed was derived from the system time. A range of passwords could be created for a given time frame, reducing the odds of finding the password considerably. The story is not without its twists, but it ends with the wallet’s owner rather theatrically being presented with a giant fake Bitcoin check.
Continue reading “Generating A Lost Password By Traveling Back In Time”