MetaMask Wallet Recovery — Mobile vs Desktop Differences

How MetaMask stores wallets — desktop vs mobile

Desktop MetaMask (browser extension) stores the encrypted vault in the browser's local storage: specifically, IndexedDB at the key '72fc6897-0cef-4c7b-9b55-ae845a1b1e82' under the extension's origin. The vault contains all key material encrypted with the user's password via the Key Derivation Function.

Mobile MetaMask stores vault data in the device's secure storage subsystem: on iOS, this is the Keychain (encrypted with the device UID and user passcode); on Android, it's Android Keystore backed by hardware-backed TEE (Trusted Execution Environment). The mobile vault is also encrypted with the user's MetaMask password, but the storage layer has platform-native encryption wrapping it.

This difference is critical for recovery: on desktop, the encrypted vault blob can be extracted from IndexedDB and attacked offline with hashcat (mode 26600). On mobile, extracting the vault blob requires jailbreak (iOS) or root (Android), because the platform's secure storage prevents app-level data export.

Hashcat 26600 target differences

Desktop MetaMask vault format (mode 26600) consists of: salt (hex), iteration count (10000), the encrypted vault blob. When the user sets a password, MetaMask derives an encryption key through PBKDF2-HMAC-SHA256 with 10,000 iterations and uses this key to encrypt the wallet via AES-128-CTR or a similar symmetric cipher.

The low iteration count (10,000) is forced by the browser environment — MetaMask needs to decrypt the vault quickly when the user enters their password to unlock the wallet. Higher iteration counts would introduce perceptible delay on every browser startup and tab switch.

On mobile, MetaMask similarly uses PBKDF2 with 10,000 iterations, but the vault is double-encrypted by the platform's secure storage. iOS Keychain uses AES-256-GCM with the device's UID-derived key; Android Keystore uses AES-256-GCM with a key wrapped by the TEE. Even with the vault blob extracted, you would still need to decrypt the platform layer before reaching the MetaMask layer.

Seed phrase import on mobile vs desktop

Both platforms support importing an existing seed phrase (BIP39 mnemonic). Desktop: in MetaMask extension, navigate to Settings > Security & Privacy > Import Wallet. Enter your 12 or 24-word seed phrase, set a new password, and the wallet derives all keys anew.

Mobile: MetaMask app > 'Import using Secret Recovery Phrase' on the welcome/onboarding screen or Settings > Security > Import Wallet. The import flow is functionally identical. Both platforms derive Ethereum addresses using BIP44 path m/44'/60'/0'/0/0.

Key difference: on desktop import, the seed phrase is typed into a browser input field and is visible in DOM memory. Keyloggers or screen-capture malware can intercept it. On mobile import, the OS-level keyboard is used, and while mobile malware also exists, the attack surface is smaller in practice.

Password recovery feasibility by platform

Desktop MetaMask password recovery via hashcat (mode 26600) is the standard path. Since the encrypted vault can be extracted from IndexedDB, any password recovery service that supports 26600 can attack it. The low iteration count (10,000) means ~410,000 H/s on an RTX 4090 or ~632,000 H/s on an RTX 5090. A dictionary attack with 10 million words × 50 rules runs in hours, not days.

Mobile MetaMask password recovery is significantly constrained. Without the raw encrypted blob, the only password-recovery path is: (1) extract the blob via jailbreak/root and platform key access, (2) decrypt the platform wrapper, (3) attack the MetaMask PBKDF2 layer. This multi-step process is only viable for higher-value wallets because of the complexity.

Most mobile MetaMask recovery cases follow the seed-phrase restore path instead of password cracking: if the user has their 12-word seed phrase backed up, they can restore on any device without the original password. If the seed phrase is also lost, mobile recovery is substantially harder than desktop.

Exporting a desktop vault for recovery

To extract the MetaMask vault from a desktop browser (Chrome): open Developer Tools (F12), go to Application > IndexedDB > 72fc6897-0cef-4c7b-9b55-ae845a1b1e82 > keyvaluepairs. The 'keyringController' entry contains the encrypted vault JSON under a memStore field. Copy the entire value as a JSON string.

For Firefox: about:debugging > This Firefox > MetaMask > Inspect > Storage > IndexedDB. Select the same database and object store. Extract the keyringController data.

For Brave: follows Chrome's pattern (Chrome-based browser). Same IndexedDB location.

After extraction: the JSON contains 'ciphertext', 'salt', 'nonce', and 'KDF' fields. Format for hashcat mode 26600: the salt (hex-encoded) and iteration count prefix the ciphertext. Most recovery services accept the raw JSON export directly.

Mobile vault export (advanced, requires device access)

iOS jailbreak path: jailbreak the device (checkra1n or Palera1n for compatible iOS versions), install a file browser with Keychain access, navigate to the MetaMask data directory in /var/mobile/Containers/Data/Application/..., extract the encrypted vault blob from the app's secure storage sandbox.

Android root path: root the device (Magisk or KernelSU), install a root file manager, navigate to /data/data/io.metamask/..., extract the encrypted vault from the app-private directory. On newer Android versions (11+), scoped storage and TEE-backed key management may require additional extraction steps.

Note: even with the encrypted blob exported, the platform encryption wrapper must be unlocked using the device passcode/biometrics or the device's hardware key. This is technically complex and only practical for high-value scenarios where both the seed phrase and desktop vault are lost.

Recovery after getting back in

Regardless of platform or recovery method, once access is restored: (1) immediately change the MetaMask password to something strong and unique. (2) Write down the new seed phrase on a paper/steel backup. (3) If the original recovery used an exposed seed (typed into a computer), generate a completely new wallet and move all assets. A seed that has been entered on a potentially compromised device should not be reused.

For desktop users who recovered via hashcat: the vault file was already extracted and exposed to recovery software. After recovering the password, rotate to a new wallet by generating a fresh seed phrase in MetaMask and transferring all tokens/NFTs to the new wallet. This fully negates any potential vault extraction by third parties.

For mobile users who restored via seed phrase on a new device: change the MetaMask password on the new device, verify all token balances and connected dApps, and revoke any excessive token approvals via tools like Revoke.cash.

MetaMask recovery flow by platform

1. 1

   Check seed phrase backup

   If you have the 12-word seed phrase, recovery is straightforward on any platform — import into fresh MetaMask on any device.

2. 2

   Desktop only — extract vault

   Open Chrome/Firefox IndexedDB > keyringController, copy the encrypted vault JSON. This is the hashcat mode 26600 target.

3. 3

   Mobile only — decide path

   Without seed phrase, mobile recovery requires jailbreak/root to extract the platform-encrypted vault. Seed-phrase restore is the preferred path.

4. 4

   Run hashcat mode 26600 (desktop)

   Format the extracted JSON into a hashcat-compatible hash and run dictionary + rules attack. ~410K H/s on RTX 4090, ~632K H/s on RTX 5090.

5. 5

   Sweep to fresh wallet after recovery

   Any vault exposure (exported JSON or typed seed) means the wallet should be retired. Generate fresh seed, transfer all assets.

Frequently Asked Questions

Related Reading