Hackers Crack Old Password, Recover $3M in Bitcoin

Reverse engineering old software, a password generator reveals significant random number generation flaws, enabling Bitcoin wallets‘ successful recovery.

Hardware hacker Joe Grand and his team successfully recovered three million bitcoins from a software wallet that had been locked since 2013. Reverse engineering was part of the effort, which Grand described as unlike anything he had worked on to open the wallet. Grand, well-known for his hardware hacking proficiency, worked with his friend Bruno, who had strong software hacking skills.

The tale starts when Michael, the wallet owner, contacts Grand after viewing a video in which he demonstrates how to hack a hardware wallet. Michael had generated a solid 20-character password using a RoboForm program and stored it in an encrypted text file. But the password-holding partition got corrupted, making it unretrievable.

At first, Grand and Bruno turned down the project since they needed help to possibly brute-force a complex password. But after a year, they had second thoughts after Bruno’s work on deciphering the password generator of another website. They discovered that older versions of RoboForm had flaws in their randomness creation, so they chose to target the program itself instead of the password.

Reverse engineering tools such as Cheat Engine and Ghidra were used at the start of the process. They were confident they were focusing on the right area of the application, as Cheat Engine let them search across the memory of the active program to find the stored password’s location. The National Security Agency’s Ghidra tool then decompiled the machine code into a more understandable format. This was an essential step, leading them to the code that created the password.

Their realization that the system time impacted the generated passwords was their eureka moment. They might repeatedly generate the same code by tampering with the time values. This suggested the password generator’s randomization in earlier RoboForm versions could have been safer.

Grand and Bruno created code that essentially wrapped the original method to change the output of the password generator. This required varying the system time to several numbers within the possible window when Michael created the password. Although they created millions of potential code, their early efforts to open the bitcoin wallet were unsuccessful.

The team overcame several obstacles, such as frequent crashes and protracted debugging sessions. Their perseverance paid off when they modified their strategy and realized that Michael might have needed to remember the exact numbers and letters requirements. They created a new set of codes based on updated parameters that contained only letters and numbers and no special characters.

This novel strategy worked well. After executing the modified code for a few minutes, they could generate the correct password and obtain Michael’s Bitcoin. Michael was relieved and happy about this accomplishment, which also showed how crucial creative problem-solving and teamwork are in cybersecurity.

Grand’s creative method highlights the difficulties and possible flaws in software-based security solutions while highlighting the significance of safe random number generation for cryptographic applications. This research demonstrated the cooperative power of merging hardware and software hacking capabilities and recovered considerable assets.

It also emphasizes why, while utilizing code generators, switching up the codes created before specific software updates could be necessary. Grand’s YouTube channel provides numerous examples of how he has assisted people in retrieving lost cryptocurrency and Bitcoin from devices like Trezor, Ledger, and others.