From b19c30c2e66c09ca95517602b58e2fe687546eca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 00:46:46 +0000 Subject: [PATCH 1/9] Bump golang.org/x/crypto from 0.29.0 to 0.31.0 in /phantom_decryptor Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.29.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- phantom_decryptor/go.mod | 4 ++-- phantom_decryptor/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/phantom_decryptor/go.mod b/phantom_decryptor/go.mod index bff0b15..764fcd9 100644 --- a/phantom_decryptor/go.mod +++ b/phantom_decryptor/go.mod @@ -4,7 +4,7 @@ go 1.22.4 require ( github.com/btcsuite/btcutil v1.0.2 - golang.org/x/crypto v0.29.0 + golang.org/x/crypto v0.31.0 ) -require golang.org/x/sys v0.27.0 // indirect +require golang.org/x/sys v0.28.0 // indirect diff --git a/phantom_decryptor/go.sum b/phantom_decryptor/go.sum index 80bd0b0..4790bb4 100644 --- a/phantom_decryptor/go.sum +++ b/phantom_decryptor/go.sum @@ -22,16 +22,16 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= From 6c279c6bd0a39a92a6881a5bec55e1d7b6181f5d Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:19:00 -0600 Subject: [PATCH 2/9] Update README, go.mod, go.sum --- README.md | 7 ++++++- phantom_extractor/go.mod | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e3ca38b..116ea45 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,9 @@ -[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=cyclone-github&repo=phantom_pwn&theme=gruvbox)](https://github.com/cyclone-github/) +[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=cyclone-github&repo=phantom_pwn&theme=gruvbox)](https://github.com/cyclone-github/phantom_pwn/) + +[![GitHub issues](https://img.shields.io/github/issues/cyclone-github/phantom_pwn.svg)](https://github.com/cyclone-github/phantom_pwn/issues) +[![License](https://img.shields.io/github/license/cyclone-github/phantom_pwn.svg)](LICENSE) +[![GitHub release](https://img.shields.io/github/release/cyclone-github/phantom_pwn.svg)](https://github.com/cyclone-github/phantom_pwn/releases) + # Phantom Vault Extractor & Decryptor ### POC tools to extract and decrypt Phantom vaults _**This toolset is proudly the first publicly released Phantom Vault Extractor and Decryptor**_ diff --git a/phantom_extractor/go.mod b/phantom_extractor/go.mod index 61939a8..fae8ebc 100644 --- a/phantom_extractor/go.mod +++ b/phantom_extractor/go.mod @@ -1,6 +1,6 @@ module phantom_extractor -go 1.22.0 +go 1.22.4 require github.com/syndtr/goleveldb v1.0.0 From 1ba186b2d9c781f0048590a39b47d4d196e3fc7d Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Tue, 17 Dec 2024 12:56:57 -0600 Subject: [PATCH 3/9] Update README.md added contact info --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 116ea45..293da77 100644 --- a/README.md +++ b/README.md @@ -5,11 +5,13 @@ [![GitHub release](https://img.shields.io/github/release/cyclone-github/phantom_pwn.svg)](https://github.com/cyclone-github/phantom_pwn/releases) # Phantom Vault Extractor & Decryptor -### POC tools to extract and decrypt Phantom vaults +### POC tools to recover, extract and decrypt Phantom vaults _**This toolset is proudly the first publicly released Phantom Vault Extractor and Decryptor**_ +- Contact me at https://forum.hashpwn.net/user/cyclone if you need help recovering your Phantom wallet password or seed phrase ### Writeup of my process of decrypting Phantom Wallets and recovering the seed phrase - https://github.com/cyclone-github/writeups/blob/main/Pwning%20Phantom%20Wallets.pdf + ### Phantom vault location for Chrome extensions: - Linux: `/home/$USER/.config/google-chrome/Default/Local\ Extension\ Settings/bfnaelmomeimhlpmgjnjophhpkkoljpa/` - Mac: `Library>Application Support>Google>Chrome>Default>Local Extension Settings>bfnaelmomeimhlpmgjnjophhpkkoljpa` From fdb9f48debc2a6a1dde29275361afb4fdd1c4433 Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Mon, 3 Feb 2025 22:48:22 -0600 Subject: [PATCH 4/9] extractor v0.3.3-2025-02-03 --- README.md | 4 ++ phantom_decryptor/go.mod | 6 +-- phantom_decryptor/go.sum | 8 ++-- phantom_extractor/go.mod | 9 ++-- phantom_extractor/go.sum | 28 ++++++++++-- phantom_extractor/phantom_extractor.go | 60 +++++++++++++++++++++++--- 6 files changed, 95 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 293da77..14465bb 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,10 @@ _**This toolset is proudly the first publicly released Phantom Vault Extractor a | https://github.com/cyclone-github/phantom_pwn | ----------------------------------------------------- {"encryptedKey":{"digest":"sha256","encrypted":"5pLvA3bCjNGYBbSjjFY3mdPknwFfp3cz9dCBv6izyyrqEhYCBkKwo3zZUzBP44KtY3","iterations":10000,"kdf":"pbkdf2","nonce":"NZT6kw5Cd5VeZu5yJGJcFcP24tnmg4xsR","salt":"A43vTZnm9c5CiQ6FLTdV9v"},"version":1} + ----------------------------------------------------- +| hashcat -m 30010 hash (pbkdf2 kdf) | + ----------------------------------------------------- +$phantom$SU9HoVMjb1ieOEv18nz3FQ==$7H29InVRWVbHS4WcBJdTay0ONb4mLX9Q$g0vJAbflhH4jJJDvuv7Ar5THgzBmJ8tt6oajsQZd/dSXNNjcY5/0eGeF5c1NW1WU ``` ### Decryptor usage example: ``` diff --git a/phantom_decryptor/go.mod b/phantom_decryptor/go.mod index 764fcd9..8035b9d 100644 --- a/phantom_decryptor/go.mod +++ b/phantom_decryptor/go.mod @@ -1,10 +1,10 @@ module phantom_decryptor -go 1.22.4 +go 1.23.4 require ( github.com/btcsuite/btcutil v1.0.2 - golang.org/x/crypto v0.31.0 + golang.org/x/crypto v0.32.0 ) -require golang.org/x/sys v0.28.0 // indirect +require golang.org/x/sys v0.29.0 // indirect diff --git a/phantom_decryptor/go.sum b/phantom_decryptor/go.sum index 4790bb4..3091604 100644 --- a/phantom_decryptor/go.sum +++ b/phantom_decryptor/go.sum @@ -22,16 +22,16 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= diff --git a/phantom_extractor/go.mod b/phantom_extractor/go.mod index fae8ebc..77d8d21 100644 --- a/phantom_extractor/go.mod +++ b/phantom_extractor/go.mod @@ -1,7 +1,10 @@ module phantom_extractor -go 1.22.4 +go 1.23.4 -require github.com/syndtr/goleveldb v1.0.0 +require ( + github.com/btcsuite/btcutil v1.0.2 + github.com/syndtr/goleveldb v1.0.0 +) -require github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db // indirect +require github.com/golang/snappy v0.0.4 // indirect diff --git a/phantom_extractor/go.sum b/phantom_extractor/go.sum index 52ee205..a8253d0 100644 --- a/phantom_extractor/go.sum +++ b/phantom_extractor/go.sum @@ -1,9 +1,25 @@ +github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= +github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= +github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= +github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= +github.com/btcsuite/btcutil v1.0.2 h1:9iZ1Terx9fMIOtq1VrwdqfsATL9MC2l8ZrUY6YZ2uts= +github.com/btcsuite/btcutil v1.0.2/go.mod h1:j9HUFwoQRsZL3V4n+qG+CUnEGHOarIxfC3Le2Yhbcts= +github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg= +github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVaaLLH7j4eDXPRvw78tMflu7Ie2bzYOH4Y8rRKBY= +github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc= +github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY= +github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs= +github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ= +github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -11,11 +27,17 @@ github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE= github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA= +golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e h1:o3PsSEY8E4eXWkXrIP9YJALUkVZqzHJT5DOasTyn8Vs= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/phantom_extractor/phantom_extractor.go b/phantom_extractor/phantom_extractor.go index 0948db4..17964c5 100644 --- a/phantom_extractor/phantom_extractor.go +++ b/phantom_extractor/phantom_extractor.go @@ -13,6 +13,7 @@ import ( "strings" "unicode" + "github.com/btcsuite/btcutil/base58" "github.com/syndtr/goleveldb/leveldb" "github.com/syndtr/goleveldb/leveldb/opt" "github.com/syndtr/goleveldb/leveldb/storage" @@ -30,9 +31,16 @@ GNU General Public License v2.0 https://github.com/cyclone-github/phantom_pwn/blob/main/LICENSE version history -v0.1.0-2024-04-16; initial release -v0.2.0-2024-04-22-1500; add support for older vaults -v0.3.1-2024-06-23-1145; added raw db support for reading corrupt or non-standard leveldb files +v0.1.0-2024-04-16; + initial release +v0.2.0-2024-04-22-1500; + add support for older vaults +v0.3.1-2024-06-23-1145; + added raw db support for reading corrupt or non-standard leveldb files +v0.3.2-2024-11-30-1415; + updated help info for Chrome extensions on Linux, Mac and Windows +v0.3.3-2025-02-03; + added support for printing hashcat -m 30010 hash */ // clear screen function @@ -51,7 +59,7 @@ func clearScreen() { // version func func versionFunc() { - fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Extractor v0.3.1-2024-06-23-1145\nhttps://github.com/cyclone-github/phantom_pwn\n") + fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Extractor v0.3.3-2025-02-03\nhttps://github.com/cyclone-github/phantom_pwn\n") } // help func @@ -59,10 +67,18 @@ func helpFunc() { versionFunc() str := `Example Usage: ./phantom_extractor.bin [-version] [-help] [phantom_vault_dir] -./phantom_extractor.bin ldeveldb/ +./phantom_extractor.bin bfnaelmomeimhlpmgjnjophhpkkoljpa/ -Note: Phantom Vault Dir location on Linux with Chrome: -/home/$USER/.config/google-chrome/Default/Local\ Extension\ Settings/bfnaelmomeimhlpmgjnjophhpkkoljpa/` +Default Phantom vault locations for Chrome extensions: + +Linux: +/home/$USER/.config/google-chrome/Default/Local\ Extension\ Settings/bfnaelmomeimhlpmgjnjophhpkkoljpa/ + +Mac: +Library>Application Support>Google>Chrome>Default>Local Extension Settings>bfnaelmomeimhlpmgjnjophhpkkoljpa + +Windows: +C:\Users\$USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\` fmt.Fprintln(os.Stderr, str) } @@ -107,6 +123,7 @@ func processLevelDB(data []byte) { var vault_1 Vault_1 if err := json.Unmarshal(data, &vault_1); err == nil { printJSONVault(vault_1) + printHashcatHash(vault_1) } case 0: // vault version_0 var vault_0 Vault_0 @@ -119,6 +136,7 @@ func processLevelDB(data []byte) { Version: 0, // mark as version_0 to keep backwards compatibility with phantom_decryptor } printJSONVault(vault_0) + printHashcatHash(vault_0) } } default: @@ -178,6 +196,7 @@ func main() { ldbDir := flag.Arg(0) if ldbDir == "" { fmt.Fprintln(os.Stderr, "Error: Phantom vault directory is required") + helpFunc() os.Exit(1) } @@ -263,3 +282,30 @@ func filterPrintableBytes(data []byte) []byte { } return []byte(string(printable)) } + +// print hashcat -m 30010 hash (only for pbkdf2 KDF) +func printHashcatHash(vault Vault_1) { + // only print if kdf is pbkdf2 + if strings.ToLower(vault.EncryptedKey.Kdf) != "pbkdf2" { + fmt.Println(" ----------------------------------------------------- ") + fmt.Println("| hashcat scrypt kdf not supported yet |") + fmt.Println(" ----------------------------------------------------- ") + return + } + + saltDecoded := base58.Decode(vault.EncryptedKey.Salt) + nonceDecoded := base58.Decode(vault.EncryptedKey.Nonce) + encryptedDecoded := base58.Decode(vault.EncryptedKey.Encrypted) + + saltB64 := base64.StdEncoding.EncodeToString(saltDecoded) + nonceB64 := base64.StdEncoding.EncodeToString(nonceDecoded) + encryptedB64 := base64.StdEncoding.EncodeToString(encryptedDecoded) + + fmt.Println(" ----------------------------------------------------- ") + fmt.Println("| hashcat -m 30010 hash (pbkdf2 kdf) |") + fmt.Println(" ----------------------------------------------------- ") + // $phantom$$$ + fmt.Printf("$phantom$%s$%s$%s\n", saltB64, nonceB64, encryptedB64) +} + +// end code From 0f4257b00ae7c8235ff40a3b3359da44045c7ade Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Tue, 4 Feb 2025 10:04:37 -0600 Subject: [PATCH 5/9] v0.3.3-2025-02-04 --- README.md | 20 ++++ phantom_extractor/phantom_extractor.go | 154 +++++++++++++------------ 2 files changed, 103 insertions(+), 71 deletions(-) diff --git a/README.md b/README.md index 14465bb..0580af8 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ _**This toolset is proudly the first publicly released Phantom Vault Extractor a - Mac: `Library>Application Support>Google>Chrome>Default>Local Extension Settings>bfnaelmomeimhlpmgjnjophhpkkoljpa` - Windows: `C:\Users\$USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\` ### Extractor usage example on test vault: (plaintext is `password`) +* Old pbkdf2 KDF ``` ./phantom_extractor.bin bfnaelmomeimhlpmgjnjophhpkkoljpa/ ----------------------------------------------------- @@ -29,6 +30,25 @@ _**This toolset is proudly the first publicly released Phantom Vault Extractor a | hashcat -m 30010 hash (pbkdf2 kdf) | ----------------------------------------------------- $phantom$SU9HoVMjb1ieOEv18nz3FQ==$7H29InVRWVbHS4WcBJdTay0ONb4mLX9Q$g0vJAbflhH4jJJDvuv7Ar5THgzBmJ8tt6oajsQZd/dSXNNjcY5/0eGeF5c1NW1WU + ----------------------------------------------------- +| hashcat -m 26651 hash (pbkdf2 kdf) | + ----------------------------------------------------- +PHANTOM:10000:SU9HoVMjb1ieOEv18nz3FQ==:7H29InVRWVbHS4WcBJdTay0ONb4mLX9Q:g0vJAbflhH4jJJDvuv7Ar5THgzBmJ8tt6oajsQZd/dSXNNjcY5/0eGeF5c1NW1WU +``` +* New scrypt KDF +``` +./phantom_extractor.bin bfnaelmomeimhlpmgjnjophhpkkoljpa/ + ----------------------------------------------------- +| Cyclone's Phantom Vault Hash Extractor | +| Use Phantom Vault Decryptor to decrypt | +| https://github.com/cyclone-github/phantom_pwn | + ----------------------------------------------------- +{"encryptedKey":{"digest":"sha256","encrypted":"37fJoKsB9vwnKEzPgc2AHtYVsPTTzrXdTGacbgWxLxbiS7Ri3P3iNnf8csaKwJ4wpk","iterations":10000,"kdf":"scrypt","nonce":"49aomus4HiKLyg7F66pSinR4tpuUuJDHX","salt":"M1PMFn4p4gdCxZDzf8qX71"},"version":1} + ----------------------------------------------------- +| hashcat -m 26650 hash (scrypt kdf) | + ----------------------------------------------------- +PHANTOM:4096:8:1:ogSL4J4xP/wNbAjiA8Q4hA==:Iofs3VYyyaYFzHVkcMsnpkrjGQ2+Kni2:OacHaTJAM8dD7XJIj5bGMU3cM8QW3u92n+ngYjXsgRSR20FDnkMLQHTgPxJDefOx + ``` ### Decryptor usage example: ``` diff --git a/phantom_extractor/phantom_extractor.go b/phantom_extractor/phantom_extractor.go index 17964c5..2cb7a25 100644 --- a/phantom_extractor/phantom_extractor.go +++ b/phantom_extractor/phantom_extractor.go @@ -39,8 +39,8 @@ v0.3.1-2024-06-23-1145; added raw db support for reading corrupt or non-standard leveldb files v0.3.2-2024-11-30-1415; updated help info for Chrome extensions on Linux, Mac and Windows -v0.3.3-2025-02-03; - added support for printing hashcat -m 30010 hash +v0.3.3-2025-02-04; + added support for hashcat modes 30010, 26650, 26651 */ // clear screen function @@ -59,7 +59,7 @@ func clearScreen() { // version func func versionFunc() { - fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Extractor v0.3.3-2025-02-03\nhttps://github.com/cyclone-github/phantom_pwn\n") + fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Extractor v0.3.3-2025-02-04\nhttps://github.com/cyclone-github/phantom_pwn\n") } // help func @@ -168,61 +168,6 @@ func detectVersion(data []byte) int { return -1 // unknown version } -// main -func main() { - cycloneFlag := flag.Bool("cyclone", false, "") - versionFlag := flag.Bool("version", false, "Program version") - helpFlag := flag.Bool("help", false, "Program usage instructions") - flag.Parse() - - clearScreen() - - // run sanity checks for special flags - if *versionFlag { - versionFunc() - os.Exit(0) - } - if *cycloneFlag { - line := "Q29kZWQgYnkgY3ljbG9uZSA7KQo=" - str, _ := base64.StdEncoding.DecodeString(line) - fmt.Println(string(str)) - os.Exit(0) - } - if *helpFlag { - helpFunc() - os.Exit(0) - } - - ldbDir := flag.Arg(0) - if ldbDir == "" { - fmt.Fprintln(os.Stderr, "Error: Phantom vault directory is required") - helpFunc() - os.Exit(1) - } - - printWelcomeScreen() - - db, err := leveldb.OpenFile(ldbDir, nil) - if err != nil { - fmt.Fprintln(os.Stderr, "Error opening Vault:", err) - fmt.Println("Attempting to dump raw .ldb files...") - err = dumpRawLDBFiles(ldbDir) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to dump raw .ldb files: %v\n", err) - os.Exit(1) - } - os.Exit(0) - } - defer db.Close() - - iter := db.NewIterator(nil, nil) - defer iter.Release() - for iter.Next() { - value := iter.Value() - processLevelDB(value) - } -} - func dumpRawLDBFiles(dirPath string) error { return filepath.Walk(dirPath, func(path string, info os.FileInfo, err error) error { if err != nil { @@ -283,15 +228,8 @@ func filterPrintableBytes(data []byte) []byte { return []byte(string(printable)) } -// print hashcat -m 30010 hash (only for pbkdf2 KDF) +// print hashcat modes 30010, 26650, 26651 func printHashcatHash(vault Vault_1) { - // only print if kdf is pbkdf2 - if strings.ToLower(vault.EncryptedKey.Kdf) != "pbkdf2" { - fmt.Println(" ----------------------------------------------------- ") - fmt.Println("| hashcat scrypt kdf not supported yet |") - fmt.Println(" ----------------------------------------------------- ") - return - } saltDecoded := base58.Decode(vault.EncryptedKey.Salt) nonceDecoded := base58.Decode(vault.EncryptedKey.Nonce) @@ -301,11 +239,85 @@ func printHashcatHash(vault Vault_1) { nonceB64 := base64.StdEncoding.EncodeToString(nonceDecoded) encryptedB64 := base64.StdEncoding.EncodeToString(encryptedDecoded) - fmt.Println(" ----------------------------------------------------- ") - fmt.Println("| hashcat -m 30010 hash (pbkdf2 kdf) |") - fmt.Println(" ----------------------------------------------------- ") - // $phantom$$$ - fmt.Printf("$phantom$%s$%s$%s\n", saltB64, nonceB64, encryptedB64) + // scrypt KDF + if strings.ToLower(vault.EncryptedKey.Kdf) == "scrypt" { + fmt.Println(" ----------------------------------------------------- ") + fmt.Println("| hashcat -m 26650 hash (scrypt kdf) |") + fmt.Println(" ----------------------------------------------------- ") + // PHANTOM:4096:8:1::: + fmt.Printf("PHANTOM:4096:8:1:%s:%s:%s\n", saltB64, nonceB64, encryptedB64) + return + } + + // pbkdf2 KDF + if strings.ToLower(vault.EncryptedKey.Kdf) == "pbkdf2" { + fmt.Println(" ----------------------------------------------------- ") + fmt.Println("| hashcat -m 30010 hash (pbkdf2 kdf) |") + fmt.Println(" ----------------------------------------------------- ") + // $phantom$$$ + fmt.Printf("$phantom$%s$%s$%s\n", saltB64, nonceB64, encryptedB64) + + fmt.Println(" ----------------------------------------------------- ") + fmt.Println("| hashcat -m 26651 hash (pbkdf2 kdf) |") + fmt.Println(" ----------------------------------------------------- ") + // PHANTOM:10000::: + fmt.Printf("PHANTOM:10000:%s:%s:%s\n", saltB64, nonceB64, encryptedB64) + } +} + +// main +func main() { + cycloneFlag := flag.Bool("cyclone", false, "") + versionFlag := flag.Bool("version", false, "Program version") + helpFlag := flag.Bool("help", false, "Program usage instructions") + flag.Parse() + + clearScreen() + + // run sanity checks for special flags + if *versionFlag { + versionFunc() + os.Exit(0) + } + if *cycloneFlag { + line := "Q29kZWQgYnkgY3ljbG9uZSA7KQo=" + str, _ := base64.StdEncoding.DecodeString(line) + fmt.Println(string(str)) + os.Exit(0) + } + if *helpFlag { + helpFunc() + os.Exit(0) + } + + ldbDir := flag.Arg(0) + if ldbDir == "" { + fmt.Fprintln(os.Stderr, "Error: Phantom vault directory is required") + helpFunc() + os.Exit(1) + } + + printWelcomeScreen() + + db, err := leveldb.OpenFile(ldbDir, nil) + if err != nil { + fmt.Fprintln(os.Stderr, "Error opening Vault:", err) + fmt.Println("Attempting to dump raw .ldb files...") + err = dumpRawLDBFiles(ldbDir) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to dump raw .ldb files: %v\n", err) + os.Exit(1) + } + os.Exit(0) + } + defer db.Close() + + iter := db.NewIterator(nil, nil) + defer iter.Release() + for iter.Next() { + value := iter.Value() + processLevelDB(value) + } } // end code From f18714537efab5cd4d9a384b4b1b9aa1c6d301f6 Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Mon, 7 Apr 2025 10:19:40 -0500 Subject: [PATCH 6/9] Update README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0580af8..d921da1 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ ### POC tools to recover, extract and decrypt Phantom vaults _**This toolset is proudly the first publicly released Phantom Vault Extractor and Decryptor**_ - Contact me at https://forum.hashpwn.net/user/cyclone if you need help recovering your Phantom wallet password or seed phrase +- Note: `phantom_extractor` supports hashcat modes 30010, 26650, and 26651 for convenience, but these are third-party modules that are not affiliated with or included in the official hashcat beta or release builds at https://github.com/hashcat/hashcat ### Writeup of my process of decrypting Phantom Wallets and recovering the seed phrase - https://github.com/cyclone-github/writeups/blob/main/Pwning%20Phantom%20Wallets.pdf From 55699ac592eb5fa7cd930a46e7439b6d5db6bd4b Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Mon, 7 Apr 2025 10:42:31 -0500 Subject: [PATCH 7/9] Update README.md updated compile from source info --- README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index d921da1..199c976 100644 --- a/README.md +++ b/README.md @@ -94,16 +94,18 @@ cat wordlist | ./phantom_decryptor.bin -h phantom.txt ### Compile from source: - This assumes you have Go and Git installed - - `git clone https://github.com/cyclone-github/phantom_pwn.git` + - `git clone https://github.com/cyclone-github/phantom_pwn.git` # clone repo - phantom_extractor - - `cd phantom_pwn/phantom_extractor` - - `go mod init phantom_extractor` - - `go mod tidy` - - `go build -ldflags="-s -w" .` + - `cd phantom_pwn/phantom_extractor` # enter project directory + - `go mod init phantom_extractor` # initialize Go module (skips if go.mod exists) + - `go mod tidy` # download dependencies + - `go build -ldflags="-s -w" .` # compile binary in current directory + - `go install -ldflags="-s -w" .` # compile binary and install to $GOPATH - phantom_decryptor - - `cd phantom_pwn/phantom_decryptor` - - `go mod init phantom_decryptor` - - `go mod tidy` - - `go build -ldflags="-s -w" .` + - `cd phantom_pwn/phantom_decryptor` # enter project directory + - `go mod init phantom_decryptor` # initialize Go module (skips if go.mod exists) + - `go mod tidy` # download dependencies + - `go build -ldflags="-s -w" .` # compile binary in current directory + - `go install -ldflags="-s -w" .` # compile binary and install to $GOPATH - Compile from source code how-to: - https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt From 4cb58176ef283a5e5e502799d74ff3a5b229757a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 20:06:00 +0000 Subject: [PATCH 8/9] Bump golang.org/x/crypto from 0.32.0 to 0.35.0 in /phantom_decryptor Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.32.0 to 0.35.0. - [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- phantom_decryptor/go.mod | 4 ++-- phantom_decryptor/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/phantom_decryptor/go.mod b/phantom_decryptor/go.mod index 8035b9d..92c3229 100644 --- a/phantom_decryptor/go.mod +++ b/phantom_decryptor/go.mod @@ -4,7 +4,7 @@ go 1.23.4 require ( github.com/btcsuite/btcutil v1.0.2 - golang.org/x/crypto v0.32.0 + golang.org/x/crypto v0.35.0 ) -require golang.org/x/sys v0.29.0 // indirect +require golang.org/x/sys v0.30.0 // indirect diff --git a/phantom_decryptor/go.sum b/phantom_decryptor/go.sum index 3091604..efa690f 100644 --- a/phantom_decryptor/go.sum +++ b/phantom_decryptor/go.sum @@ -22,16 +22,16 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= -golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= +golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= From d8f9e7d014bdde4b4b655cda5362d54861816c36 Mon Sep 17 00:00:00 2001 From: cyclone <34043806+cyclone-github@users.noreply.github.com> Date: Wed, 22 Oct 2025 10:09:40 -0500 Subject: [PATCH 9/9] v1.0.0 --- README.md | 6 +++--- phantom_decryptor/go.mod | 6 +++--- phantom_decryptor/go.sum | 8 ++++---- phantom_decryptor/main.go | 2 ++ phantom_decryptor/print_welcome.go | 2 +- phantom_extractor/go.mod | 4 ++-- phantom_extractor/go.sum | 4 ++-- phantom_extractor/phantom_extractor.go | 4 +++- 8 files changed, 20 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 199c976..90515ce 100644 --- a/README.md +++ b/README.md @@ -62,11 +62,11 @@ Vault file: hash.txt Valid Vaults: 1 CPU Threads: 16 Wordlist: wordlist.txt -2024/11/30 14:11:35 Working... +2025/10/22 14:11:35 Working... {"encryptedKey":{"digest":"sha256","encrypted":"5pLvA3bCjNGYBbSjjFY3mdPknwFfp3cz9dCBv6izyyrqEhYCBkKwo3zZUzBP44KtY3","iterations":10000,"kdf":"pbkdf2","nonce":"NZT6kw5Cd5VeZu5yJGJcFcP24tnmg4xsR","salt":"A43vTZnm9c5CiQ6FLTdV9v"},"version":1}:password -2024/11/30 14:11:39 Decrypted: 1/1 6181.36 h/s 00h:00m:03s +2025/10/22 14:11:39 Decrypted: 1/1 6181.36 h/s 00h:00m:03s -2024/11/30 14:11:39 Finished +2025/10/22 14:11:39 Finished ``` ### Decryptor supported options: diff --git a/phantom_decryptor/go.mod b/phantom_decryptor/go.mod index 92c3229..3a6c0f9 100644 --- a/phantom_decryptor/go.mod +++ b/phantom_decryptor/go.mod @@ -1,10 +1,10 @@ module phantom_decryptor -go 1.23.4 +go 1.25.2 require ( github.com/btcsuite/btcutil v1.0.2 - golang.org/x/crypto v0.35.0 + golang.org/x/crypto v0.43.0 ) -require golang.org/x/sys v0.30.0 // indirect +require golang.org/x/sys v0.37.0 // indirect diff --git a/phantom_decryptor/go.sum b/phantom_decryptor/go.sum index efa690f..13cd277 100644 --- a/phantom_decryptor/go.sum +++ b/phantom_decryptor/go.sum @@ -22,16 +22,16 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= -golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= +golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= +golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= diff --git a/phantom_decryptor/main.go b/phantom_decryptor/main.go index 4aa0229..12a3d44 100644 --- a/phantom_decryptor/main.go +++ b/phantom_decryptor/main.go @@ -42,6 +42,8 @@ v0.1.5-2024-11-30-1415; swapped crackedCount and lineProcessed channels for atomic int32 for better performance multiple performance optimizations in process.go print vault:password when vault is cracked +v1.0.0; 2025-10-22; + stable release */ // main func diff --git a/phantom_decryptor/print_welcome.go b/phantom_decryptor/print_welcome.go index 5cd703d..7e2bccf 100644 --- a/phantom_decryptor/print_welcome.go +++ b/phantom_decryptor/print_welcome.go @@ -8,7 +8,7 @@ import ( // version func func versionFunc() { - fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Decryptor v0.1.5-2024-11-30-1415\nhttps://github.com/cyclone-github/phantom_pwn\n") + fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Decryptor v1.0.0; 2025-10-22\nhttps://github.com/cyclone-github/phantom_pwn\n") } // help func diff --git a/phantom_extractor/go.mod b/phantom_extractor/go.mod index 77d8d21..ac8f7a9 100644 --- a/phantom_extractor/go.mod +++ b/phantom_extractor/go.mod @@ -1,10 +1,10 @@ module phantom_extractor -go 1.23.4 +go 1.25.2 require ( github.com/btcsuite/btcutil v1.0.2 github.com/syndtr/goleveldb v1.0.0 ) -require github.com/golang/snappy v0.0.4 // indirect +require github.com/golang/snappy v1.0.0 // indirect diff --git a/phantom_extractor/go.sum b/phantom_extractor/go.sum index a8253d0..b143e8e 100644 --- a/phantom_extractor/go.sum +++ b/phantom_extractor/go.sum @@ -13,8 +13,8 @@ github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= +github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= diff --git a/phantom_extractor/phantom_extractor.go b/phantom_extractor/phantom_extractor.go index 2cb7a25..5af1169 100644 --- a/phantom_extractor/phantom_extractor.go +++ b/phantom_extractor/phantom_extractor.go @@ -41,6 +41,8 @@ v0.3.2-2024-11-30-1415; updated help info for Chrome extensions on Linux, Mac and Windows v0.3.3-2025-02-04; added support for hashcat modes 30010, 26650, 26651 +v1.0.0; 2025-10-22; + stable release */ // clear screen function @@ -59,7 +61,7 @@ func clearScreen() { // version func func versionFunc() { - fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Extractor v0.3.3-2025-02-04\nhttps://github.com/cyclone-github/phantom_pwn\n") + fmt.Fprintln(os.Stderr, "Cyclone's Phantom Vault Extractor v1.0.0; 2025-10-22\nhttps://github.com/cyclone-github/phantom_pwn\n") } // help func