{"id":18395987,"url":"https://github.com/cyclone-github/phantom_pwn","last_synced_at":"2025-04-07T03:35:18.344Z","repository":{"id":234949208,"uuid":"789481298","full_name":"cyclone-github/phantom_pwn","owner":"cyclone-github","description":"Tools to recover, extract and decrypt Phantom wallets","archived":false,"fork":false,"pushed_at":"2025-02-04T16:04:38.000Z","size":124,"stargazers_count":22,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-22T13:22:23.738Z","etag":null,"topics":["brave","chrome","crack","cyclone","decrypt","extension","extract","hash","hashcat","password","phantom","pwn","recover","recovery","vault","wallet"],"latest_commit_sha":null,"homepage":"https://forum.hashpwn.net/post/75","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyclone-github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-20T17:10:11.000Z","updated_at":"2025-03-17T05:41:17.000Z","dependencies_parsed_at":"2024-04-23T05:15:54.988Z","dependency_job_id":"b1b24d07-6207-4bcd-80f5-cfccc05bf88a","html_url":"https://github.com/cyclone-github/phantom_pwn","commit_stats":null,"previous_names":["cyclone-github/phantom_pwn"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyclone-github%2Fphantom_pwn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyclone-github%2Fphantom_pwn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyclone-github%2Fphantom_pwn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyclone-github%2Fphantom_pwn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyclone-github","download_url":"https://codeload.github.com/cyclone-github/phantom_pwn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247589799,"owners_count":20963022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brave","chrome","crack","cyclone","decrypt","extension","extract","hash","hashcat","password","phantom","pwn","recover","recovery","vault","wallet"],"created_at":"2024-11-06T02:12:32.178Z","updated_at":"2025-04-07T03:35:18.338Z","avatar_url":"https://github.com/cyclone-github.png","language":"Go","readme":"[![Readme Card](https://github-readme-stats.vercel.app/api/pin/?username=cyclone-github\u0026repo=phantom_pwn\u0026theme=gruvbox)](https://github.com/cyclone-github/phantom_pwn/)\n\n[![GitHub issues](https://img.shields.io/github/issues/cyclone-github/phantom_pwn.svg)](https://github.com/cyclone-github/phantom_pwn/issues)\n[![License](https://img.shields.io/github/license/cyclone-github/phantom_pwn.svg)](LICENSE)\n[![GitHub release](https://img.shields.io/github/release/cyclone-github/phantom_pwn.svg)](https://github.com/cyclone-github/phantom_pwn/releases)\n\n# Phantom Vault Extractor \u0026 Decryptor\n### POC tools to recover, extract and decrypt Phantom vaults\n_**This toolset is proudly the first publicly released Phantom Vault Extractor and Decryptor**_\n- Contact me at https://forum.hashpwn.net/user/cyclone if you need help recovering your Phantom wallet password or seed phrase\n\n### Writeup of my process of decrypting Phantom Wallets and recovering the seed phrase\n- https://github.com/cyclone-github/writeups/blob/main/Pwning%20Phantom%20Wallets.pdf\n  \n### Phantom vault location for Chrome extensions:\n- Linux: `/home/$USER/.config/google-chrome/Default/Local\\ Extension\\ Settings/bfnaelmomeimhlpmgjnjophhpkkoljpa/`\n- Mac: `Library\u003eApplication Support\u003eGoogle\u003eChrome\u003eDefault\u003eLocal Extension Settings\u003ebfnaelmomeimhlpmgjnjophhpkkoljpa`\n- Windows: `C:\\Users\\$USER\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\bfnaelmomeimhlpmgjnjophhpkkoljpa\\`\n### Extractor usage example on test vault: (plaintext is `password`)\n* Old pbkdf2 KDF\n```\n./phantom_extractor.bin bfnaelmomeimhlpmgjnjophhpkkoljpa/\n ----------------------------------------------------- \n|        Cyclone's Phantom Vault Hash Extractor       |\n|        Use Phantom Vault Decryptor to decrypt       |\n|    https://github.com/cyclone-github/phantom_pwn    |\n ----------------------------------------------------- \n{\"encryptedKey\":{\"digest\":\"sha256\",\"encrypted\":\"5pLvA3bCjNGYBbSjjFY3mdPknwFfp3cz9dCBv6izyyrqEhYCBkKwo3zZUzBP44KtY3\",\"iterations\":10000,\"kdf\":\"pbkdf2\",\"nonce\":\"NZT6kw5Cd5VeZu5yJGJcFcP24tnmg4xsR\",\"salt\":\"A43vTZnm9c5CiQ6FLTdV9v\"},\"version\":1}\n ----------------------------------------------------- \n|          hashcat -m 30010 hash (pbkdf2 kdf)         |\n ----------------------------------------------------- \n$phantom$SU9HoVMjb1ieOEv18nz3FQ==$7H29InVRWVbHS4WcBJdTay0ONb4mLX9Q$g0vJAbflhH4jJJDvuv7Ar5THgzBmJ8tt6oajsQZd/dSXNNjcY5/0eGeF5c1NW1WU\n ----------------------------------------------------- \n|          hashcat -m 26651 hash (pbkdf2 kdf)         |\n ----------------------------------------------------- \nPHANTOM:10000:SU9HoVMjb1ieOEv18nz3FQ==:7H29InVRWVbHS4WcBJdTay0ONb4mLX9Q:g0vJAbflhH4jJJDvuv7Ar5THgzBmJ8tt6oajsQZd/dSXNNjcY5/0eGeF5c1NW1WU\n```\n* New scrypt KDF\n```\n./phantom_extractor.bin bfnaelmomeimhlpmgjnjophhpkkoljpa/\n ----------------------------------------------------- \n|        Cyclone's Phantom Vault Hash Extractor       |\n|        Use Phantom Vault Decryptor to decrypt       |\n|    https://github.com/cyclone-github/phantom_pwn    |\n ----------------------------------------------------- \n{\"encryptedKey\":{\"digest\":\"sha256\",\"encrypted\":\"37fJoKsB9vwnKEzPgc2AHtYVsPTTzrXdTGacbgWxLxbiS7Ri3P3iNnf8csaKwJ4wpk\",\"iterations\":10000,\"kdf\":\"scrypt\",\"nonce\":\"49aomus4HiKLyg7F66pSinR4tpuUuJDHX\",\"salt\":\"M1PMFn4p4gdCxZDzf8qX71\"},\"version\":1}\n ----------------------------------------------------- \n|          hashcat -m 26650 hash (scrypt kdf)         |\n ----------------------------------------------------- \nPHANTOM:4096:8:1:ogSL4J4xP/wNbAjiA8Q4hA==:Iofs3VYyyaYFzHVkcMsnpkrjGQ2+Kni2:OacHaTJAM8dD7XJIj5bGMU3cM8QW3u92n+ngYjXsgRSR20FDnkMLQHTgPxJDefOx\n\n```\n### Decryptor usage example:\n```\n ----------------------------------------------- \n|       Cyclone's Phantom Vault Decryptor       |\n| https://github.com/cyclone-github/phantom_pwn |\n ----------------------------------------------- \n\nVault file:     hash.txt\nValid Vaults:   1\nCPU Threads:    16\nWordlist:       wordlist.txt\n2024/11/30 14:11:35 Working...\n{\"encryptedKey\":{\"digest\":\"sha256\",\"encrypted\":\"5pLvA3bCjNGYBbSjjFY3mdPknwFfp3cz9dCBv6izyyrqEhYCBkKwo3zZUzBP44KtY3\",\"iterations\":10000,\"kdf\":\"pbkdf2\",\"nonce\":\"NZT6kw5Cd5VeZu5yJGJcFcP24tnmg4xsR\",\"salt\":\"A43vTZnm9c5CiQ6FLTdV9v\"},\"version\":1}:password\n2024/11/30 14:11:39 Decrypted: 1/1 6181.36 h/s 00h:00m:03s\n\n2024/11/30 14:11:39 Finished\n\n```\n### Decryptor supported options:\n```\n-w {wordlist} (omit -w to read from stdin)\n-h {phantom_wallet_hash}\n-o {output} (omit -o to write to stdout)\n-t {cpu threads}\n-s {print status every nth sec}\n\n-version (version info)\n-help (usage instructions)\n\n./phantom_decryptor.bin -h {phantom_wallet_hash} -w {wordlist} -o {output} -t {cpu threads} -s {print status every nth sec}\n\n./phantom_decryptor.bin -h phantom.txt -w wordlist.txt -o cracked.txt -t 16 -s 10\n\ncat wordlist | ./phantom_decryptor.bin -h phantom.txt\n\n./phantom_decryptor.bin -h phantom.txt -w wordlist.txt -o output.txt\n```\n### Decryptor credits:\n- Shoutout to blandyuk for his help with research - https://github.com/blandyuk\n- https://github.com/renfeee/spl-token-wallet/blob/master/src/utils/wallet-seed.js\n\n### Compile from source:\n- This assumes you have Go and Git installed\n  - `git clone https://github.com/cyclone-github/phantom_pwn.git`\n  - phantom_extractor\n  - `cd phantom_pwn/phantom_extractor`\n  - `go mod init phantom_extractor`\n  - `go mod tidy`\n  - `go build -ldflags=\"-s -w\" .`\n  - phantom_decryptor\n  - `cd phantom_pwn/phantom_decryptor`\n  - `go mod init phantom_decryptor`\n  - `go mod tidy`\n  - `go build -ldflags=\"-s -w\" .`\n- Compile from source code how-to:\n  - https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclone-github%2Fphantom_pwn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyclone-github%2Fphantom_pwn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclone-github%2Fphantom_pwn/lists"}