Bitcoin Wallet Recovery Services - for forgotten wallet password - page 14.

walletrecoveryservices

member

Activity: 89

Merit: 21

Quote from: molecular on July 01, 2013, 02:10:34 AM

Quote from: molecular on June 24, 2013, 06:23:18 AM

I'm trusting Molecular to return my 1 BTC at the end of this exercise... sometimes you have to show some trust to earn some trust...

Cool.

Money has arrived:

ok, so a week has passed and walletrecoveryservices PMed me wanting his 1 BTC back, so I sent it to him.

notice how someone used the 1ErroNQ... address? It was in the wallet dump I published, so anyone might've used it.

not so the 19xTYJg... address. The bitcoin seems to have been secure there despite me having published the wallet (omitting that address, of course) and the password.

Ergo, I'm quite sure walletrecoveryservices has no way to steal your money if you send him your wallet dump after removing addresses with money on them.

I can confirm that Molecular has sent me back my 1BTC.
Thank-you very much, Molecular, for both your honesty (in returning my 1BTC), and your willingness to get to the bottom of whether the walletrecoveryservices.com service was trying to scam anyone.
Regards,
Dave

J35st3r

full member

Activity: 196

Merit: 100

Quote from: molecular on July 01, 2013, 02:10:34 AM

notice how someone used the 1ErroNQ... address? It was in the wallet dump I published, so anyone might've used it.

not so the 19xTYJg... address. The bitcoin seems to have been secure there despite me having published the wallet (omitting that address, of course) and the password.

Ergo, I'm quite sure walletrecoveryservices has no way to steal your money if you send him your wallet dump after removing addresses with money on them.

That was me (notice the address and public message). I just wanted to see how difficult it would be to extract the private key from the wallet fragment given the password (answer: fairly easy, just a messy hack of the the pywallet code).

As for the rest of the wallet. Its completely secure. Your only option is to brute force it, which is an impossible solution (the numbers are just way too large to be feasible, it would take until the end of eternity, then start again for an eternity of eternities kind of unfeasible).

Anyway the challenge was fun, I learned something about wallets and the various encryptions used Cheesy

molecular

donator

Activity: 2772

Merit: 1019

Quote from: molecular on June 24, 2013, 06:23:18 AM

Quote from: walletrecoveryservices on June 24, 2013, 04:49:30 AM

Quote from: molecular on June 24, 2013, 03:33:33 AM

Quote from: r3wt on June 23, 2013, 04:47:02 AM

Scammer Fails So Hard

Ok, let's harden the assumption he can't scam us.

I accept your challenge, Molecular.!!!
I have transferred 1.00 BTC to that address, 19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b
You have published the details of that wallet above, so everyone reading this now knows the same details as the walletrecoveryservices.com website is asking for when it tries to decode a wallet.
There is 1.00 BTC in that wallet.
I can't steal it, and I do not believe that anyone else can either. Prove me wrong, skeptics!
If you think that the concept behind the wallet password recovery service is flawed, here is your chance to prove it, and earn some cash.

Here is the record of the 1.00BTC transaction: https://blockchain.info/address/19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b

I'm trusting Molecular to return my 1 BTC at the end of this exercise... sometimes you have to show some trust to earn some trust...

Cool.

Money has arrived:

ok, so a week has passed and walletrecoveryservices PMed me wanting his 1 BTC back, so I sent it to him.

notice how someone used the 1ErroNQ... address? It was in the wallet dump I published, so anyone might've used it.

not so the 19xTYJg... address. The bitcoin seems to have been secure there despite me having published the wallet (omitting that address, of course) and the password.

Ergo, I'm quite sure walletrecoveryservices has no way to steal your money if you send him your wallet dump after removing addresses with money on them.

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

Quote from: erpalum on June 27, 2013, 03:28:11 AM

actually you was promoted by this person - escrow.ms

Oh, really?

Quote from: r3wt on June 26, 2013, 11:23:19 PM

oh, i will add one more thing, if you decide against using my help, you might try the user "walletrecoveryservices" or something to that effect. he claims to have invented a program that can strip the public key out of wallet.dat files and use it to bruteforce the account with no possibility of stealing the funds. to my knowledge he hasn't proven that it works or is real, but he's made the claim. i'm not sure what his rates are either. if you do choose to use the walletrecovery guy, please be aware his account isn't very old and he could very well be a scammer.

erpalum

member

Activity: 351

Merit: 10

actually you was promoted by this person - escrow.ms
but i dont mind if you share your ideas and it helps.

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

Quote from: walletrecoveryservices on June 27, 2013, 03:14:02 AM

Quote from: r3wt on June 27, 2013, 02:44:56 AM

Quote from: walletrecoveryservices on June 27, 2013, 02:40:00 AM

Quote from: erpalum on June 26, 2013, 11:31:59 PM

hello,
i sent you wallet mkey data, can you recover passcode from it?

Hi Erpalum.
( I assume that you are the person who sent me information today using a completely different email name ? )
I shall try to recover your wallet, but your information on the remembered password is a bit skimpy, so we'll have to see...

Regards,
Dave

you owe me a referral fee Mister.

Tell you what... If (and it is a fairly bit if in this case), I make any money from helping Erpalum, I will send you 10%.

i'm cool with that.

thanks

walletrecoveryservices

member

Activity: 89

Merit: 21

Quote from: r3wt on June 27, 2013, 02:44:56 AM

Quote from: walletrecoveryservices on June 27, 2013, 02:40:00 AM

Quote from: erpalum on June 26, 2013, 11:31:59 PM

hello,
i sent you wallet mkey data, can you recover passcode from it?

Hi Erpalum.
( I assume that you are the person who sent me information today using a completely different email name ? )
I shall try to recover your wallet, but your information on the remembered password is a bit skimpy, so we'll have to see...

Regards,
Dave

you owe me a referral fee Mister.

Tell you what... If (and it is a fairly bit if in this case), I make any money from helping Erpalum, I will send you 10%.

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

Quote from: walletrecoveryservices on June 27, 2013, 02:40:00 AM

Quote from: erpalum on June 26, 2013, 11:31:59 PM

hello,
i sent you wallet mkey data, can you recover passcode from it?

Hi Erpalum.
( I assume that you are the person who sent me information today using a completely different email name ? )
I shall try to recover your wallet, but your information on the remembered password is a bit skimpy, so we'll have to see...

Regards,
Dave

you owe me a referral fee Mister.

walletrecoveryservices

member

Activity: 89

Merit: 21

Quote from: erpalum on June 26, 2013, 11:31:59 PM

hello,
i sent you wallet mkey data, can you recover passcode from it?

Hi Erpalum.
( I assume that you are the person who sent me information today using a completely different email name ? )
I shall try to recover your wallet, but your information on the remembered password is a bit skimpy, so we'll have to see...

Regards,
Dave

erpalum

member

Activity: 351

Merit: 10

hello,
i sent you wallet mkey data, can you recover passcode from it?

walletrecoveryservices

member

Activity: 89

Merit: 21

Quote from: molecular on June 24, 2013, 03:52:56 PM

Quote from: walletrecoveryservices on June 24, 2013, 01:45:30 PM

I'm currently working on several wallet decryptions.

Cool. Do they look like they have a chance of success, i.e. did the users provide helpful enough info?

Hi
Still working on the wallets. One of the 'customers' has some reasonable idea of the password, but also a big list of possible variations and alternatives. Some of those alternatives have required me to make some enhancements to the logic in the service to cater for that type of permutation.
So... no luck yet, but continuing to work on them.

I see that the 1 BTC is still secure. (I was a tad worried that I might have overlooked some aspect of the wallet format that might have lead to a vulnerability to the third-party trustlessness that I explained. Fortunately, it seems like it is all secure

)
Thanks for your suggestion and help on this 'proving not a scam' process, Molecular, it has been really helpful.

Cheers
Dave

molecular

donator

Activity: 2772

Merit: 1019

Quote from: Abdussamad on June 24, 2013, 02:40:11 PM

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.

It really is easy enough to follow the instructions manually: pywallet --dumpwallet, edit human-readable dumpfile (remove all addresses except 2)

molecular

donator

Activity: 2772

Merit: 1019

Quote from: walletrecoveryservices on June 24, 2013, 01:45:30 PM

However for now, yes, it is a pro-bono service.
I'm currently working on several wallet decryptions.

Cool. Do they look like they have a chance of success, i.e. did the users provide helpful enough info?

Abdussamad

legendary

Activity: 3724

Merit: 1586

Quote from: walletrecoveryservices on June 24, 2013, 03:15:35 PM

Quote from: Abdussamad on June 24, 2013, 02:40:11 PM

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.

Er... Have you looked at the instruction at walletrecoveryservices.com ?
The script to grab the required portion of the wallet is specifically open-source!

pywallet is opensource but there is no script to grab the exact portions YOU need. Instead you are asking people to do it manually. I recommend creating an opensource script that grabs the parts you need so that non-techies don't have to muck about with pywallet.

Yes these non-techies will need assurances from techies that the script does what it says on the tin and nothing more. So maybe you can do this in the future when you have enough of a following that somebody reputable will take the time to look at the code and say it is safe.

QuestionAuthority

legendary

Activity: 2156

Merit: 1393

You lead and I'll watch you walk away.

Quote from: walletrecoveryservices on June 24, 2013, 03:22:48 PM

Quote from: QuestionAuthority on June 24, 2013, 02:40:58 PM

You say it yourself:

Quote

If you have no idea at all of your passphrase, and it was more than a handful of characters long, then we cannot help you. No-one in the world, including the NSA, CIA, D-Wave or anyone else can crack the encryption used in the bitcoin wallet if the passphrase is more than 15 fairly random characters. The bitcoin wallet encryption is strong by design. There are no known flaws in the implementation, and many people have tried to break it!

You cannot crack a good passphrase. Stupid people should be punished. If they lose one time they will be more careful or lose money again. It's a learning experience. I almost don't want you to provide this service because it will rob users of the valuable experience. People can now be lazy and make a simple password. If they forget it they can just come to you and all is well.

Also, have you thought about the possibility that a thief might use your service to crack a stolen wallet. Bots are easy to set up and can even be spread simply. If I were a bot operator and found that a few zombies had wallets I might be tempted to just have you crack all the wallets that I can find instead of setting up my own system to do it.

Yes, I've thought about the bad guys using this service to crack other people's stolen wallets. I hate the idea of the site being used for evil. However, as you rightly quote from the walletrecoveryservices.com website, that would be a completely futile exercise unless the bad guy knows 'most' of the wallet password. Probably if they done a key-logging, then they know all the password already. If I move to using a pay-as-you-go model for the cracking service, I'm happy for them to try.

But only the most stupid, basic passwords have any chance of being cracked when the user has no idea of the forgotten passphrase and I don't think many people are silly enough to have a super weak password. (oh, well, maybe some are...)
If I was to detect some user submitting many wallets for decryption, then I would stop them using the wallet recovery services.
Cheers,
Dave

I'm glad to see you say that and don't discount the stupidity of the average person. Wink

walletrecoveryservices

member

Activity: 89

Merit: 21

Quote from: QuestionAuthority on June 24, 2013, 02:40:58 PM

You say it yourself:

Quote

If you have no idea at all of your passphrase, and it was more than a handful of characters long, then we cannot help you. No-one in the world, including the NSA, CIA, D-Wave or anyone else can crack the encryption used in the bitcoin wallet if the passphrase is more than 15 fairly random characters. The bitcoin wallet encryption is strong by design. There are no known flaws in the implementation, and many people have tried to break it!

You cannot crack a good passphrase. Stupid people should be punished. If they lose one time they will be more careful or lose money again. It's a learning experience. I almost don't want you to provide this service because it will rob users of the valuable experience. People can now be lazy and make a simple password. If they forget it they can just come to you and all is well.

Also, have you thought about the possibility that a thief might use your service to crack a stolen wallet. Bots are easy to set up and can even be spread simply. If I were a bot operator and found that a few zombies had wallets I might be tempted to just have you crack all the wallets that I can find instead of setting up my own system to do it.

Yes, I've thought about the bad guys using this service to crack other people's stolen wallets. I hate the idea of the site being used for evil. However, as you rightly quote from the walletrecoveryservices.com website, that would be a completely futile exercise unless the bad guy knows 'most' of the wallet password. Probably if they done a key-logging, then they know all the password already. If I move to using a pay-as-you-go model for the cracking service, I'm happy for them to try.

But only the most stupid, basic passwords have any chance of being cracked when the user has no idea of the forgotten passphrase and I don't think many people are silly enough to have a super weak password. (oh, well, maybe some are...)
If I was to detect some user submitting many wallets for decryption, then I would stop them using the wallet recovery services.
Cheers,
Dave

walletrecoveryservices

member

Activity: 89

Merit: 21

Quote from: Abdussamad on June 24, 2013, 02:40:11 PM

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.

Er... Have you looked at the instruction at walletrecoveryservices.com ?
The script to grab the required portion of the wallet is specifically open-source!

QuestionAuthority

legendary

Activity: 2156

Merit: 1393

You lead and I'll watch you walk away.

You say it yourself:

Quote

If you have no idea at all of your passphrase, and it was more than a handful of characters long, then we cannot help you. No-one in the world, including the NSA, CIA, D-Wave or anyone else can crack the encryption used in the bitcoin wallet if the passphrase is more than 15 fairly random characters. The bitcoin wallet encryption is strong by design. There are no known flaws in the implementation, and many people have tried to break it!

You cannot crack a good passphrase. Stupid people should be punished. If they lose one time they will be more careful or lose money again. It's a learning experience. I almost don't want you to provide this service because it will rob users of the valuable experience. People can now be lazy and make a simple password. If they forget it they can just come to you and all is well.

Also, have you thought about the possibility that a thief might use your service to crack a stolen wallet. Bots are easy to set up and can even be spread simply. If I were a bot operator and found that a few zombies had wallets I might be tempted to just have you crack all the wallets that I can find instead of setting up my own system to do it.

Abdussamad

legendary

Activity: 3724

Merit: 1586

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.

ibminer

legendary

Activity: 1789

Merit: 2535

Goonies never say die.

I don't understand why people establish multiple identities/accounts here. Who is the true owner of the account? Why hide it?

If I had such a great idea, I'd want to be recognized for it, rather than starting a blank account and trying to sell something... it seems easier to sell things here when you have some type of history, unless the person already has a tarnished record and wants to start over or just get some quick coins out of a scam?

In the end, I will just consider this a scam until I need to recover my password... Grin

Topic: Bitcoin Wallet Recovery Services - for forgotten wallet password - page 14. (Read 63996 times)