Fix for AES-GCM wallets

3rdIteration · Dec 17, 2024 · 0701106 · 0701106
1 parent db11341
commit 0701106
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 20 deletions.
diff --git a/btcrecover/btcrpass.py b/btcrecover/btcrpass.py
@@ -3048,18 +3048,20 @@ def _return_verified_password_or_false_cpu(self, arg_passwords):  # dogechain.in
 
             if self.aes_cipher == "AES-CBC":
                 decrypted_block = AES.new(key, AES.MODE_CBC, self.iv).decrypt(self._encrypted_block)
+
+                if self.check_decrypted_block(decrypted_block, password):
+                    # Decrypt and dump the wallet if required
+                    self.decrypt_wallet(password)
+                    return password.decode("utf_8", "replace"), count
             else:
                 try:
-                    decrypted_block = AES.new(key, AES.MODE_GCM, self.iv).decrypt_and_verify(self._encrypted_block, self.aes_auth_tag)
+                    # For AES-GCM we need to decrypt the whole wallet, not just a block,
+                    # also don't need to manually check the file contents as verification is part of the decryption
+                    decrypted_block = AES.new(key, AES.MODE_GCM, self.iv).decrypt_and_verify(self._encrypted_wallet, self.aes_auth_tag)
                     return password.decode("utf_8", "replace"), count
                 except ValueError:
                     continue
 
-            if self.check_decrypted_block(decrypted_block, password):
-                    # Decrypt and dump the wallet if required
-                    self.decrypt_wallet(password)
-                    return password.decode("utf_8", "replace"), count
-
         return False, count
 
     def _return_verified_password_or_false_opencl(self, arg_passwords):  # dogechain.info Main Password
@@ -3077,17 +3079,17 @@ def _return_verified_password_or_false_opencl(self, arg_passwords):  # dogechain
         for count, (password, key) in enumerate(results, 1):
             if self.aes_cipher == "AES-CBC":
                 decrypted_block = AES.new(key, AES.MODE_CBC, self.iv).decrypt(self._encrypted_block)
+                if self.check_decrypted_block(decrypted_block, password):
+                    # Decrypt and dump the wallet if required
+                    self.decrypt_wallet(password)
+                    return password.decode("utf_8", "replace"), count
             else:
                 try:
-                    decrypted_block = AES.new(key, AES.MODE_GCM, self.iv).decrypt_and_verify(self._encrypted_block,
+                    decrypted_block = AES.new(key, AES.MODE_GCM, self.iv).decrypt_and_verify(self._encrypted_wallet,
                                                                                              self.aes_auth_tag)
                     return password.decode("utf_8", "replace"), count
                 except ValueError:
                     continue
-            if self.check_decrypted_block(decrypted_block, password):
-                    # Decrypt and dump the wallet if required
-                    self.decrypt_wallet(password)
-                    return password.decode("utf_8", "replace"), count
 
         return False, count
 

diff --git a/btcrecover/test/test-wallets/dogechain.wallet.aes.json.2022-01 b/btcrecover/test/test-wallets/dogechain.wallet.aes.json.2022-01
diff --git a/...wallets/dogechain.wallet.aes.json.2024-12 → ...allets/dogechain.wallet.aes.json.2024-cbc b/...wallets/dogechain.wallet.aes.json.2024-12 → ...allets/dogechain.wallet.aes.json.2024-cbc
diff --git a/btcrecover/test/test-wallets/dogechain.wallet.aes.json.2024-gcm b/btcrecover/test/test-wallets/dogechain.wallet.aes.json.2024-gcm
@@ -0,0 +1 @@
+{"guid": "52500558-b3fa-4318-b6a3-3c55835c6575","salt": "uTE5zPjTEpb6S23GbUJgwA==","payload": "LYp4+q9Qc2ixp2c49mrCfzfE+gnJgxNBF0YMmSmvELES9aQPwqp02O5Lo7p3npTHtbkjQeub8iGIddvvEdpoXqYi4ZFHSJ5/qM7lQKTzIXqLgJ8+3l3o/kqpgecXsrQKqmJEzzhzNCDnBhUeBpPiJuz39B5m1laehynsIZekAimJrkuEJtUHLfO54Mzzb3v2s6qAXUBuB9wjOBNCXgFPl1qDg+PMJdVhomyQWYoLr7425/+peoJ7IQ7BgH3sIUVua41zFIlkcHqjkYlBOuXOpb5tlZNRbgNRGiYISrYSRwBhuGO+U2R67ePTGtNq62VZhzs=","cipher": "AES-GCM","pbkdf2_iterations": 5000}
diff --git a/btcrecover/test/test_passwords.py b/btcrecover/test/test_passwords.py
@@ -1401,8 +1401,11 @@ def test_blockchain_secondpass_unencrypted(self):  # this wallet has no second-p
     def test_dogechain_info_cpu(self):
         self.wallet_tester("dogechain.wallet.aes.json")
 
-    def test_dogechain_info_cpu(self):
-        self.wallet_tester("dogechain.wallet.aes.json.2024-12")
+    def test_dogechain_info_cpu_2024_CBC(self):
+        self.wallet_tester("dogechain.wallet.aes.json.2024-cbc")
+
+     def test_dogechain_info_cpu_2024_GCM(self):
+        self.wallet_tester("dogechain.wallet.aes.json.2024-gcm")
 
     @skipUnless(can_load_ecdsa, "requires ECDSA")
     @skipUnless(can_load_bitcoinutils,  "requires Bitcoin-Utils")
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"guid": "52500558-b3fa-4318-b6a3-3c55835c6575","salt": "uTE5zPjTEpb6S23GbUJgwA==","payload": "LYp4+q9Qc2ixp2c49mrCfzfE+gnJgxNBF0YMmSmvELES9aQPwqp02O5Lo7p3npTHtbkjQeub8iGIddvvEdpoXqYi4ZFHSJ5/qM7lQKTzIXqLgJ8+3l3o/kqpgecXsrQKqmJEzzhzNCDnBhUeBpPiJuz39B5m1laehynsIZekAimJrkuEJtUHLfO54Mzzb3v2s6qAXUBuB9wjOBNCXgFPl1qDg+PMJdVhomyQWYoLr7425/+peoJ7IQ7BgH3sIUVua41zFIlkcHqjkYlBOuXOpb5tlZNRbgNRGiYISrYSRwBhuGO+U2R67ePTGtNq62VZhzs=","cipher": "AES-GCM","pbkdf2_iterations": 5000}