MetaMask (browser or mobile)
MetaMask's encrypted vault JSON — NOT your Secret Recovery Phrase.
hashcat modes: 26600, 31900 · hash starts with $metamask$
Find the vault
# In the browser: MetaMask Settings -> Advanced, or the extension's Local Storage / IndexedDB. Copy the JSON with "data", "iv" and "salt" fields.Output looks like
{"data":"...","iv":"...","salt":"..."}Copy only that vault JSON — never the 12/24-word phrase.
metamask2john (for hashcat / John)
python3 metamask2john.py /path/to/copy/vault.jsonOutput looks like
$metamask$...Send the $metamask$... string.
✅ Send this
The $metamask$... hash. Tell the helper whether it's the browser extension (mode 26600) or the mobile app (mode 31900).
❌ Never send
- your 12/24-word Secret Recovery Phrase
- any private key
Watch out
- If you can already see your Secret Recovery Phrase, you don't need this workflow — restore the wallet directly from the seed.
- The same steps work for other browser-extension vaults (Ronin, Brave, etc.).
Learn more: John the Ripper (metamask2john)
Next steps
Before you send it,run the safety check, thenassess the difficulty.