Already given up, please delete this post

BitMaxz

legendary

Activity: 3234

Merit: 2943

Block halving is coming.

Quote from: ?? on ??

My password is probably around 10 digits, and as long as I know the derivation path, I can brute force it. Now the official not only does not provide help, but also restricts the download of APPs with algorithms. coldlar is a piece of shit. I have collected two Android versions of the APP, but my programming knowledge is limited and I cannot find the algorithms hidden inside.
Hope to get everyone's help.If anyone can provide me with a derivation path, I'd be willing to pay.
~snip~

Can you grab the master public key(xpub, zpub) of this wallet?
You can maybe able to scan the master public key and find the right derivation path of your wallet using the xPub scanner developed by Ledger.

Check the tool below.
- https://github.com/LedgerHQ/xpub-scan

It should work if you have the right master public key. There's also an old version of the scanner but it only works on legacy addresses if your wallet uses legacy addresses then this one also works you don't need to run a node unlike the xpub scanner on the ledger check the link below.

- https://blockpath.com/wallets/local/101?action=appxpub

apogio

sr. member

Activity: 406

Merit: 896

Quote from: ?? on ??

My password is probably around 10 digits

Quote from: NotATether on December 05, 2023, 08:38:58 AM

since 10 digits can be cracked very quickly.

10 digits implies that it consists only of numbers in the range 0 to 9?

What we do know is:
* "Officials said they did not use the conventional BIP standard algorithm".
* The seed phrase alone doesn't produce the same set of addresses as it did in the past. So it must be something similar to the BIP-39 passphrase, meaning it appends to the seed phrase and produces another set of keys.

OP, have you tried importing the words to Electrum? Just in case they use the same standard that Electrum does.

Also, do you recall if they also offered LN features? Because they could potentially use aezeed cipher seed

EDIT: I just saw you posted a valid BIP39 seed phrase. I hope it's not yours.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: zzzccc on December 04, 2023, 12:05:16 PM

Mnemonic phrase...

Do not post your seed phrase and passphrase is public ever again, and better edit and delete what you wrote asap!

I know Coldlar wallet is closed source crap, but in most cases users are to be blamed for forgetting passphrase, not manufacturer of device.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: ?? on ??

My password is probably around 10 digits, and as long as I know the derivation path, I can brute force it. Now the official not only does not provide help, but also restricts the download of APPs with algorithms. coldlar is a piece of shit. I have collected two Android versions of the APP, but my programming knowledge is limited and I cannot find the algorithms hidden inside. Hope to get everyone's help.

If somebody can figure out what wallet format the ColdLar app uses, then that should help with brute forcing, since 10 digits can be cracked very quickly.

The reason this is important is so that we can find out what kind of encryption is being used to protect the wallet file, the prerequisite for brute-forcing a wallet in the first place. But it will be challenging to find, given that it's closed source.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: zzzccc on December 04, 2023, 12:05:16 PM

I bought a Coldlar pro3 cold wallet, but after a long time I forgot the password. I thought I could use the mnemonic phrase to restore it, but now the address generated by importing the mnemonic phrase into other wallet software is different. Officials said they did not use the conventional BIP standard algorithm. Does anyone know this algorithm? I really need your help.

I did a few research and it seems like Pro3 uses a so-called "mnemonic enhancement mode" which also use the payment password to derive the child keys.
So even if you know the correct derivation path or bought another device from them, you still need the payment password to recover your bitcoins.

Are you planning to bruteforce it after knowing the correct derivation path?
Since it's closed source and the key derivation algorithm isn't disclosed, try to ask them for the "derivation path".
(their help page mentions iancoleman's BIP39 tool so the payment password may be a BIP39 passphrase)

There is a ColdLar ANN thread here in Bitcointalk but I can't vouch for the author's integrity: https://bitcointalksearch.org/topic/coldlar-professional-digital-assets-security-and-storage-solution-4391660
The user haven't logged-in since June though.

Quote from: zzzccc on December 04, 2023, 12:05:16 PM

In the past, there was an official APP that used mnemonic phrases to store private keys, but now it has been removed from the shelves.

I've searched the "internet archive" (archive.org) to see if the assistant app is saved there but I failed to find a working link.

BitMaxz

legendary

Activity: 3234

Merit: 2943

Block halving is coming.

This hardware wallet is pretty new to me their sales page does not have much information about this wallet they don't even have a support page and guide on how to import the seedphrase to this unit.
I never heard of this unit before so I don't know what algo they use.

If you still know the exact address of your wallet and your seed backup and remember the passphrase partially you can maybe able to brute-force and recover it using the FinderOuter tool check the link below.

- https://bitcointalksearch.org/topic/the-finderouter-a-bitcoin-recovery-tool-v0160-2022-09-19-5214021

zzzccc

newbie

Activity: 5

Merit: 0

Already given up, please delete this post

Topic: Already given up, please delete this post (Read 146 times)