Bitcoin Core passphrase problem | Bitcointalksearch.org

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: shorena on October 20, 2015, 11:07:16 AM

Quote from: tspacepilot on October 20, 2015, 10:51:43 AM

Quote from: shorena on October 19, 2015, 04:52:50 PM

Quote from: tspacepilot on October 19, 2015, 04:35:28 PM

Out of curiousity, and I think it's relevant here, what sort of encryption does bitcoin-core use to encrypt wallets? I would guess that it's going to be something in the aes suite. I guess I'm just imagining if I had to make a cracker for my own wallet, what would I put in the shell script. Here's pseudocode:

Code:

for guess in guesses.next(); do
  # run some command to try decryption
  openssl -d ?? -i wallet.dat.encrypted
  # test for success, maybe just $?, or is there a magic number in wallet.dat to look for
  if $?==0; then
    echo "we win!"
    break
done

So, really, I have two questions? What's the encryption algo? And what's the test for success?

Depending on your python you should find the answer here -> https://github.com/gurnec/btcrecover

~~IIRC its AES 256 bit~~

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change). Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases.

https://en.bitcoin.it/wiki/Wallet_encryption

Thanks, Shorena, it definitely seems to be a lot more complex than just descrypting the wallet file. You may be right that the specific question I'm curious about is answered somewhere in the source for the btcrecover tool (thanks for the link!). Just looking at that paragraph from the bitcoin wiki, I'm imagining that you know the passphrase (say), so you'd hash it with sha512 and you'd have to see what this EVP_BytesToKey gives you, then you'd have to gues at how many rounds might have been used? After that I guess you have the "master key" and you can use that to decrypt individual private keys with AES-256-CBC. There must be somewhere that you can tell how many rounds have been used. Anyway, to be clear, I don't need to do this right now, I'm just curous about the procedure.

AFAIK the number of rounds is stored in the wallet.dat. Its not meant to be secret anyway, similar to a salt. Do you look at the wallet.dat with pywallet?

That makes sense, I figured it ought to be stored there. I haven't looked at any particular wallet in this moment, I was just interested in it for the principle---the education. I'll take a closer look for myself before I ask any further questions. Thanks Sho.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: tspacepilot on October 20, 2015, 10:51:43 AM

Quote from: shorena on October 19, 2015, 04:52:50 PM

Quote from: tspacepilot on October 19, 2015, 04:35:28 PM

Out of curiousity, and I think it's relevant here, what sort of encryption does bitcoin-core use to encrypt wallets? I would guess that it's going to be something in the aes suite. I guess I'm just imagining if I had to make a cracker for my own wallet, what would I put in the shell script. Here's pseudocode:

Code:

for guess in guesses.next(); do
  # run some command to try decryption
  openssl -d ?? -i wallet.dat.encrypted
  # test for success, maybe just $?, or is there a magic number in wallet.dat to look for
  if $?==0; then
    echo "we win!"
    break
done

So, really, I have two questions? What's the encryption algo? And what's the test for success?

Depending on your python you should find the answer here -> https://github.com/gurnec/btcrecover

~~IIRC its AES 256 bit~~

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change). Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases.

https://en.bitcoin.it/wiki/Wallet_encryption

Thanks, Shorena, it definitely seems to be a lot more complex than just descrypting the wallet file. You may be right that the specific question I'm curious about is answered somewhere in the source for the btcrecover tool (thanks for the link!). Just looking at that paragraph from the bitcoin wiki, I'm imagining that you know the passphrase (say), so you'd hash it with sha512 and you'd have to see what this EVP_BytesToKey gives you, then you'd have to gues at how many rounds might have been used? After that I guess you have the "master key" and you can use that to decrypt individual private keys with AES-256-CBC. There must be somewhere that you can tell how many rounds have been used. Anyway, to be clear, I don't need to do this right now, I'm just curous about the procedure.

AFAIK the number of rounds is stored in the wallet.dat. Its not meant to be secret anyway, similar to a salt. Do you look at the wallet.dat with pywallet?

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: shorena on October 19, 2015, 04:52:50 PM

Quote from: tspacepilot on October 19, 2015, 04:35:28 PM

Out of curiousity, and I think it's relevant here, what sort of encryption does bitcoin-core use to encrypt wallets? I would guess that it's going to be something in the aes suite. I guess I'm just imagining if I had to make a cracker for my own wallet, what would I put in the shell script. Here's pseudocode:

Code:

for guess in guesses.next(); do
  # run some command to try decryption
  openssl -d ?? -i wallet.dat.encrypted
  # test for success, maybe just $?, or is there a magic number in wallet.dat to look for
  if $?==0; then
    echo "we win!"
    break
done

So, really, I have two questions? What's the encryption algo? And what's the test for success?

Depending on your python you should find the answer here -> https://github.com/gurnec/btcrecover

~~IIRC its AES 256 bit~~

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change). Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases.

https://en.bitcoin.it/wiki/Wallet_encryption

Thanks, Shorena, it definitely seems to be a lot more complex than just descrypting the wallet file. You may be right that the specific question I'm curious about is answered somewhere in the source for the btcrecover tool (thanks for the link!). Just looking at that paragraph from the bitcoin wiki, I'm imagining that you know the passphrase (say), so you'd hash it with sha512 and you'd have to see what this EVP_BytesToKey gives you, then you'd have to gues at how many rounds might have been used? After that I guess you have the "master key" and you can use that to decrypt individual private keys with AES-256-CBC. There must be somewhere that you can tell how many rounds have been used. Anyway, to be clear, I don't need to do this right now, I'm just curous about the procedure.

unholycactus

legendary

Activity: 1078

Merit: 1024

FYI, wallets usually have more than one address.
If you only exported one private key, that key is only valid for one address. Next time, you should make sure you have the private keys of every single address that has funds.

There are indeed tools to more or less brute force your password.
It is highly unlikely you'll be able to recover your wallet unless you have a vague idea of your passphrase or it's a really weak one.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: tspacepilot on October 19, 2015, 04:35:28 PM

Out of curiousity, and I think it's relevant here, what sort of encryption does bitcoin-core use to encrypt wallets? I would guess that it's going to be something in the aes suite. I guess I'm just imagining if I had to make a cracker for my own wallet, what would I put in the shell script. Here's pseudocode:

Code:

for guess in guesses.next(); do
  # run some command to try decryption
  openssl -d ?? -i wallet.dat.encrypted
  # test for success, maybe just $?, or is there a magic number in wallet.dat to look for
  if $?==0; then
    echo "we win!"
    break
done

So, really, I have two questions? What's the encryption algo? And what's the test for success?

Depending on your python you should find the answer here -> https://github.com/gurnec/btcrecover

~~IIRC its AES 256 bit~~

Quote

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change). Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases.

https://en.bitcoin.it/wiki/Wallet_encryption

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Out of curiousity, and I think it's relevant here, what sort of encryption does bitcoin-core use to encrypt wallets? I would guess that it's going to be something in the aes suite. I guess I'm just imagining if I had to make a cracker for my own wallet, what would I put in the shell script. Here's pseudocode:

Code:

for guess in guesses.next(); do
  # run some command to try decryption
  openssl -d ?? -i wallet.dat.encrypted
  # test for success, maybe just $?, or is there a magic number in wallet.dat to look for
  if $?==0; then
    echo "we win!"
    break
done

So, really, I have two questions? What's the encryption algo? And what's the test for success?

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

There are tools to crack wallets but they only work if you have some idea of what the password is.

OmegaStarScream

staff

Activity: 3500

Merit: 6152

Quote from: phantitox on October 19, 2015, 10:53:14 AM

So i have and old wallet.dat that i recover from a damage hard drive, but dont remember the passphrase, here is the thing before the hard drive was damage i dump the private key on the bitcoin core client, but i try to import it to blockchain.info and it only show me 1 address and i think the btc that i want to recover are in another address but from the same wallet, i have options here or this is a total lost?

Yes they are lost , if you don't have the pass-phrase then it's totally impossible to open encrypted wallet.dat from Bitcoin Core . Unless the password is easy and you try to crack it (not sure how though)

phantitox

sr. member

Activity: 385

Merit: 250

So i have and old wallet.dat that i recover from a damage hard drive, but dont remember the passphrase, here is the thing before the hard drive was damage i dump the private key on the bitcoin core client, but i try to import it to blockchain.info and it only show me 1 address and i think the btc that i want to recover are in another address but from the same wallet, i have options here or this is a total lost?

Topic: Bitcoin Core passphrase problem (Read 1688 times)