I've known Joe Grand for close to 30 years. He's an incredibly smart hardware hacker, and lately he's been helping people recover cryptocurrency they've lost as a result of losing their passwords. For especially interesting cases, Joe makes videos documenting his recovery process. Here's a case he cracked in 2022, recovering $2 million for a grateful client.
In his latest video, Joe shows how he unlocked a software wallet containing over $3 million in Bitcoin, untouched since 2013. Michael, the Bitcoin holder, created a wallet in using a 20-character password generated by RoboForm, a password management tool. He saved this password in an encrypted TrueCrypt container. Unfortunately, the container became corrupted, and Michael lost access to the password, leaving his Bitcoin stash out of reach.
Here's a step-by-step breakdown of how Joe and his partner Bruno pulled off this digital heist:
Step 1: Initial Contact
Michael, having seen Joe Grand's previous work, reached out for help. Joe initially turned him down, knowing that brute-forcing a 20-character password would be akin to finding a grain of sand in a beach the size of the Oort Cloud. But Bruno, a fellow hacker with deep software knowledge, saw potential in the project.
Step 2: Understanding RoboForm
Bruno suggested focusing on the RoboForm password generator itself. They hypothesized that if they could understand how RoboForm generated the password, they might find a backdoor into Michael's wallet.
Step 3: Reverse Engineering
The duo began reverse-engineering RoboForm. This involved dissecting the software to understand its algorithm for generating passwords. By doing this, they aimed to replicate the exact conditions under which Michael's password was created.
Step 4: Exploiting Weaknesses
During the reverse-engineering process, they looked for any weaknesses or patterns in RoboForm's algorithm. By identifying these, they could significantly reduce the number of potential passwords they needed to test.
Step 5: Narrowing Down the Options
Using their newfound understanding of RoboForm, Joe and Bruno generated a list of possible passwords. This list was much shorter than a brute force attempt, making the task manageable.
Step 6: Testing Passwords
With their refined list, they began testing the passwords one by one. Given their precise approach, it didn't take long to hit the jackpot.
Step 7: Access Granted
Their method worked. They successfully unlocked Michael's Bitcoin wallet, recovering the $3 million held within.
Joe and Bruno's success wasn't just about hacking a password; it was about hacking the system that created it. By thinking outside the box, they turned an impossible task into a solvable puzzle.