MetaMask (browser or mobile)

MetaMask's encrypted vault JSON — NOT your Secret Recovery Phrase.

hashcat modes: 26600, 31900 · hash starts with $metamask$

  1. Find the vault

    # In the browser: MetaMask Settings -> Advanced, or the extension's Local Storage / IndexedDB. Copy the JSON with "data", "iv" and "salt" fields.

    Output looks like {"data":"...","iv":"...","salt":"..."}

    Copy only that vault JSON — never the 12/24-word phrase.

  2. metamask2john (for hashcat / John)

    python3 metamask2john.py /path/to/copy/vault.json

    Output looks like $metamask$...

    Send the $metamask$... string.

Send this

The $metamask$... hash. Tell the helper whether it's the browser extension (mode 26600) or the mobile app (mode 31900).

Never send

  • your 12/24-word Secret Recovery Phrase
  • any private key

Watch out

  • If you can already see your Secret Recovery Phrase, you don't need this workflow — restore the wallet directly from the seed.
  • The same steps work for other browser-extension vaults (Ronin, Brave, etc.).

Learn more: John the Ripper (metamask2john)

Next steps

Before you send it,run the safety check, thenassess the difficulty.