openwall/john (jumbo branch)run/ directory.bitcoin2john.py (or similar name like bitcoin2john without extension on Linux).The tool supports various encryption methods used historically by Bitcoin Core, including:
Bitcoin2John is a utility tool used to extract hash data from a Bitcoin wallet file (specifically wallet.dat). Its primary purpose is to prepare a Bitcoin Core wallet for password cracking. By isolating the cryptographic hash and salt from the wallet file, it allows security researchers and penetration testers to use tools like John the Ripper or Hashcat to recover lost passwords or audit wallet security. Bitcoin2john
wallet.dat file.Example Output Format:
$bitcoin$64$[hex_encoded_salt]...$[iterations]...
Bitcoin2john supports several wallet formats: Bitcoin2john — Full Story Option A: John the
| Wallet | File/Format | Notes |
|--------|-------------|-------|
| Bitcoin Core (original) | wallet.dat | Berkleley DB, old and new formats |
| MultiBit Classic | .wallet file | Uses scrypt + AES |
| MultiBit HD | .wallet file | Different structure |
| Armory | .wallet file | Legacy support |
| Electrum (old versions) | default_wallet | Pre-2.0 format |
| Hive | JSON-based | Limited | GitHub: openwall/john (jumbo branch)
Important: Modern BIP39 seed phrase wallets (most 12/24-word wallets) are not directly crackable via Bitcoin2john unless they also have an encrypted wallet file. For BIP39, you need tools like
btcrecoverorfindmycoins.
wallet.dat files from compromised computers use Bitcoin2John to prepare the file for cracking. If the user’s password is weak, the attacker can steal the funds.john --format=bitcoin wallet_hash.txt --wordlist=rockyou.txt
Or for faster cracking using Hashcat (convert format first):
11300 (Bitcoin wallet.dat).$bitcoin$... line into a file.hashcat -m 11300 -a 0 bitcoin_hash.txt rockyou.txt