Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 1.29 KB

README.md

File metadata and controls

44 lines (31 loc) · 1.29 KB

Metamask Vault Decrypt

1. Obtaining the vault

Take the encrypted Vault file(s) and password (or password list) and attempt to decrypt the wallet(s)

Obtain the Vault file from the Browser Extension in following location:

  1. Firefox

    moz-extension://UUID/home.html (right click) inspect element

    chrome.storage.local.get('data', result=> {var vault=result.data.KeyringController.vault; console.log(vault)})

  2. Chrome

    In an explorer window:

    %LocalAppData%\\Google\\Chrome\\UserData\\Default\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn

    Ideally parse the LevelDB (eg LevelDBDumper) and output the json Alternatively, search all *.ldb files for "vault" and extract the json

  1. Mobile 
    /private/var/mobile/[Application]/persistStore/persist-root

Please note, Metamask enforces a minimum password length of 8 characters, shorter passwords will be ignored by the script.

See the following link for further details on extracting the vault:

https://metamask.zendesk.com/hc/en-us/articles/360018766351-How-to-use-the-Vault-Decryptor-with-the-MetaMask-Vault-Data

2. Running the script

python decrypt_metamask_vault.py -p passwordlist vaultfile

3. Further work

  • parse levelDB
  • parse vaults pasted in the command line