{"id":18272248,"url":"https://github.com/ryukinix/keybase-hacking","last_synced_at":"2026-01-02T16:50:02.902Z","repository":{"id":72149255,"uuid":"164660786","full_name":"ryukinix/keybase-hacking","owner":"ryukinix","description":"Cracking system to recover my corrupted paper key","archived":false,"fork":false,"pushed_at":"2019-01-09T04:31:14.000Z","size":10,"stargazers_count":9,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-22T10:51:14.342Z","etag":null,"topics":["cracking","keybase","paper-key"],"latest_commit_sha":null,"homepage":"https://keybase.io/lerax","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryukinix.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-08T14:00:05.000Z","updated_at":"2021-11-22T03:34:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"b1d5125b-5289-43b9-b027-cdb5c81d46ac","html_url":"https://github.com/ryukinix/keybase-hacking","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryukinix%2Fkeybase-hacking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryukinix%2Fkeybase-hacking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryukinix%2Fkeybase-hacking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryukinix%2Fkeybase-hacking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryukinix","download_url":"https://codeload.github.com/ryukinix/keybase-hacking/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243796730,"owners_count":20349264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cracking","keybase","paper-key"],"created_at":"2024-11-05T11:41:45.206Z","updated_at":"2026-01-02T16:50:02.858Z","avatar_url":"https://github.com/ryukinix.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"#+TITLE: Paper Key Hacking!\n#+AUTHOR: Manoel Vilela\n#+DATE: \u003c2019-01-08 Tue\u003e\n\n* Description\n\nI have forgot to write one word of 13 of paper key from\nkeybase.io. The paper key is a physical device to authenticate\nothers and in general the unique recover system to keybase\naccount. It's a important feature and key because gives to you the\naccess to all your keybase system.\n\n* Solution Proposal\n\nI'll try hack the system based on a english dictionary with 2048 words\nfrom [[https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt][bitcoin]] that it's used to generate the random paper key.\n\nMy paper key should have 13 words, but I only have 12 because I forgot\nto write down one of them.\n\nThe first two words I'm sure that is correct and there is no more\nwords between because they are public: the name of the device\npaper key.\n\nIf I assume that there is only unique words on a paper key, the number\nof combinations to crack would be at least:\n\n#+BEGIN_SRC python :session\nwords = 2048\npaperkey = 12\nwords_placements = 10\ncombs = word_placements * (words - paperkey)\ncombs # 20360\n#+END_SRC\n\n#+RESULTS:\n: 20360\n\n20360 combinations! Which is far simple to brute force it... The\nunique problem is that would be 20k remote API calls needed. If there\nis some limit of API calls per minute, day or whatever... which I\ndon't know if there is a limit or what is it. (PS.: there is no any\nlimit!)\n\nI'll use the following command to automatize the login guess during\nthe cracking:\n\n#+BEGIN_EXAMPLE\nkeybase oneshot --username \u003cusername\u003e --paperkey \u003cword-list\u003e\n#+END_EXAMPLE\n\n* Usage\n\nPre-requisites:\n+ Python3+\n+ TQDM (~pip install tqdm~)\n+ Keybase cli\n\n1. Set your username hardcoded in [[file:run.sh][run.sh]] USERNAME variable.\n2. Fill your incomplete paperkey in ~data/paperkey_incomplete.txt~ with\n   each word per line in lowercase.\n3. Run run.sh and hope the best.\n\n* Conclusion \u0026 Results\n\nThe overall crack toke about 3 hours to conclude, the development and\nexecution. Result: *I recover access to my keybase* :]\n\nI'm satisfied to get my access back without the cumbersome shit of\nresetting the overall account! However keybase central selling point\nis all about being secure.\n\nActually, keybase it's really supposed to be a super nifty secure\nsystem. I know is a edge case have almost all words of a paper key of\nsomeone, but not all, however I'm shocked by the fact that\nafter so many attempts of login in a small amount of time my IP didn't\nget blocked.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryukinix%2Fkeybase-hacking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryukinix%2Fkeybase-hacking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryukinix%2Fkeybase-hacking/lists"}