Topic: Blockchain 2014 wallet recovery if any ? (Read 329 times)

I gave him the information you gave me,just that tokens.txt list I created based on your advice and apparently Dave did a really good job at finding the password in less than three days but no we didn't gave him the name of the cousin,we only wrote the tokens.txt file as you told us with First Name, Last Name and all other characters so yes Dave has some amazing software and bruteforcing power.

Most likely my friend used Electrum and also most likely is game over because he doesn't have nor Electrum wallet.dat file nor the seed so as you say the coins are lost.I remember back at that time that we ran into Electrum after hearing some big exchange being hacked or something like that and that taught us the lesson to keep our coins not in third party wallets anymore.I guess Exodus was not that known at that time and maybe it didn't even exist I am not sure of it so at 99.99% is an Electrum wallet but unfortunately inaccessible.

This is what I gave him

Well, glad he got to the bottom of it. Impressive that Dave managed to brute force all that, but I imagine your friend must at least have given him the name of the cousin and some other formatting information, since otherwise Dave was brute forcing 12+ random characters, which is approximately 80+ bits of entropy.

Walletexplorer tells you when an address is part of a wallet in terms of other addresses which are part of that wallet. It does not and can not tell you which client (Electrum, Exodus, etc) was used to create that address (and neither can any other service). From looking solely at historical blockchain data, you will never be able to tell what software was used to create an address (except maybe in some exceedingly rare cases when a transaction spending coins from that address has some very unique technical characteristics to it).

We found the address in his emails in 2014.

The password was not in the format I gave you it was twins1991(then some random characters that made sense to my friend,then surname followed by other characters then name of his cousins followed by other random characters) here is part of the password with X letter meaning another character

 twins1991xxxdxxxxx2012xxxxaxxhxxfor

No the address with the money my friend bought them at 2014,December 2014 through Ebay at that time and he thought only Blockchain.info to have as an wallet but I remember also telling him about a more secure wallet like Electrum.I tried to see that address in walletexplorer  webpage but it doesn't show to which wallet it belongs,it just tag them with different colors.

Out of curiosity, what format did the password take? Were you close with your own efforts?

Where did you find this address? As an imported address inside your blockchain.com wallet?

With neither the wallet file nor the seed phrase, the coins are lost.

Dave was able to find the missing password of this wallet of 2014 however it had not any money on it.The only address we found to have money is another one which has 0.1044 Bitcoin but most likely it is an Electrum or Exodus wallet.
Of course my friend does not have that wallet.dat file and may be he will not be able to find the 12 words seed phrase.Most likely it is game over for such wallets in such case ?

There is a really slim chance that he may find the 12 words seed phrase but most likely he will not.

Giving this one last try before contacting the wallet recovery services if my friends agrees to do so,I believe he will agree as I don't see any other alternative for him at the moment.He also gave me another option,the name of "Ditrin" maybe is in the password and I added it in the tokens file.I don't have any hopes based on past results but let's see.

Edit:Talked to Dave and agreed with his 20% so I send him the needed files and waiting news from him now.

Unless your friend can be more specific about what combination of things may or may not be in his password, probably not. There are a couple of examples you gave above (such as "Juventus@twins1991") which do not fit the answers to the questions he gave earlier (where he said he always uses "twins@ a number"). Since it seems he doesn't really know what order he might actually have used the tokens, I would remove all the rules regarding token placements and just run with the barebones, something looking like this:


Remember to use the --max-tokens argument if you think you need it. A wallet recovery service might be able to widen the search space somewhat, but if it is a somewhat different password to what he thinks then it is unlikely they will be successful.

To add on malevolent reply, make sure you research whatever company you intend to "contract" for this service. While I never used this kind of service, I always saw positive feedback regarding the service offered by Dave[1] - walletrecoveryservices.com[2] - and if you indeed have run out of options I would have him as a possible supplier for your service. He'll only charge you (20 %) if he manages to successful recover your BTC - at the current price it would be around $5,480 USD - otherwise you won't be charged anything:

---

[1]https://bitcointalksearch.org/user/walletrecoveryservices-130960
[2]https://www.walletrecoveryservices.com/

If you've exhausted all your options, giving it a try is all you can do. Maybe the recovery service is going to be able to ask better questions as to what the password could consist of (a long shot), and they're going to have more than a single 1050 Ti.

Update and bump:

Unfortunately I believe we have just scratched the impossible here and there is not much hope left,can the recovery wallet services do something here knowing that the password is not what my friend thought it was?

Trying this new token file now and if it doesn't work after this I am afraid he has used something else as a password.It most probably take another week or so to try all possible combinations and I will let you know in the results after the scan.

So you can add in the option below to the command you feed to btcrecover (i.e. not in the tokens file itself):

This will limit btcrecover to combining 4 of the 6 different lines in your tokens file, and therefore cut down on the number of valid possibilities dramatically.

I notice as well in the examples you have given that you have the @ symbol occasionally in the middle ("Juventus@1991" for example), and not at the beginning or the end as previously mentioned. If that's a possibility, then you'll want to change the 5th line of the tokens file from this:

To this:

I also note that the number after twins is 4 digits rather than the limit of 2 I gave in the original file, so again you'll want to change the third line from this:

To this:

Unfortunately after going after a billion number of combinations for 10 days neither were correct and it gave all possible passwords.However such passwords are in the form here below

2021-11-16 04:19:43 Possible Password ==>@@nameTwins@06JUVENTUSsurname6871<== in Decrypted Block ==>{ ("_u'3PIERKEt<==
Judging from this my friend told me that his password was never that long,can you please make a simple token list file with this number of characters as follows,(I told him we are bothering the forum members and he told me he is going to reward at least 0.01 Bitcoin for your help if he finds the password and he has a good chunk of Bitcoin as he believes it should have)

You can make the token file like this based on the number of passwords he used which are:

@@namesurname1991
namesurname@1991
Twins@1991
twins1991@@
Juventus@1991
Juventus@twins1991

These are some type of passwords he usually used.As you see max number of characters is 12 to 18.He used both capital and non capital letters in the beginning of the password.I know we are scratching the impossible here but just wanna give a last try.

In the example password of course I put name and surname for privacy reasons.

I started with this token file and hopefully it will find anything,most of the time he says he uses only these type of passwords with slight variations like capital letters and adding the @ symbol at the end or in the beginning and sometimes he throws in the birth year.I will let you know if something great happens.

Ok, so based on all that, the token file I would try would look like this:


This will try one or two @ symbols at the start or the end or not at all, up to 4 digits at the start or the end or not at all, and every combination of up to one entry from each of the first four lines in every order in the middle. Just to be clear you say he only ever uses the @ symbol, and no other symbol such as $()!*[] etc?

If the "Twins@a number" is only going to be a certain number (like the year of their birth for example), then you can change those entries to that number to significantly reduce the search space. The code I have there will try every 1 and 2 digit number. You can also expand that to three or four digits if you need to, but at a 10 fold or 100 fold increase to the number of possibilities respectively

If the capitalization of any of the terms could be something other than the three examples I've included (such as JuVentUs), then we'll need to redesign things again, but we would now be bordering on the impossible.

If his password is at all different to this, even by a single character, then this will not find it.

First Name and Last Name maybe in the password but it is not 100% sure.
They could be switched
They can be lower case or capitalized.
He usually put twins@ a number in his password because he has a twin sister,it can be lower case and upper case twins as a word.
No space,100% sure.
Any other word can be juventus or Juventus as he is a fan of Juventus Turin with about 80% accuracy that this word can be in.
It can be a maximum of 4 numbers added or just two special characters and by special characters he only uses the @ symbol.
Usually the symbols are in the end but can be also in the beginning of the password,they can never be in the middle.

Thank you for your help.

The token file I gave was only an example. You will need to craft one specifically for whatever he can remember was or was not part of his password. I'm more than happy to make one up for you, but we need as much information from him as possible.

Are your first name and last name definitely both in your password?
Are in that order, or could they be switched?
Are they all lowercase, or could they be capitalized?
Could any of the characters be swapped for numbers of symbols, such as E -> 3 or t -> + for example?
Could there be a space or other character(s) between your two names?
Could there any other words in your password?
Could there be extra letters, number, or symbols?
How many?
Are these symbols all at the end, or could they be in more than one place?
etc.

Thank you.I will try this tomorrow as we have the computers at work and we will see what will happen by adding the arguments of his name with special characters as you have indicated here.I will let you know if anything happens,if it successfully recovers the password.

btcrecover does not treat a token file as a list of passwords; it treats it as a list of tokens, and uses one or more of those tokens to construct a password. If you have given it a list of 51 entries and nothing else in the token file, then all it will be trying to do is to combine 2 or more of those entries together exactly as written in various combinations.

If he thinks his password is his first name and his last name combined with some special characters as you said above, then you need to construct a token file which tells btcrecover to try these possibilities. The instructions on how to do this are here: https://btcrecover.readthedocs.io/en/latest/tokenlist_file/, as I linked above.

Let's say, for example, that he knows his password is his first name which may or may not be capitalized, then there might be a space, then his last name which may or may not be capitalized, and then up to 4 special characters that he doesn't remember, your token file would look like this:


+ means you must use one of the tokens on this line
^ means use the token from this line only as the very first token
^2^ means if you do use this token, it comes second
%s means a single space
%1,4 means between 1 and 4 characters
y is the code for any ASCII symbol
$ is the code for only try this as the last token

Such a token list would generate 2 options for the first line, 2 options for the second line, 2 options for the third line, and 32⁴ + 32³ + 32² + 32 options for the fourth line, giving you 8,659,200 possible combinations.

Well that is why I only see the number increase without success,it just has given me a huge file in size with possible passwords so far.No one of them is working so most probably we are doing something wrong.

Can we try like with 3 passwords and hopefully it won't take this long once we reconstruct our token file?

What do you mean by "he gave you 51 passwords"? What does your token list file look like? Are you trying every possible combination of 51 different strings, because that number is in the region of 10⁶⁶ and will be impossible to even scratch the surface of.

If he has given you 51 possible passwords, any of which might be close to correct one but with typos, then you either need to reconstruct your tokens file, or you need to run each password one at a time using some combination of various --typo arguments.

I am here at this number you can see in the below picture,the problem is that the user gave me 51 passwords to check from and the recovery tool is searching for all of them that is why I am not successful so far.I will try to keep this going for maximum another week and then will narrow down to just 5 most common used passwords of the user and see what happens.It has been running for 11 days so far.

OP, did you recover the funds? I am just curious to know, you haven't updated for a few whiles. If you succeed then share how eventually did it, so others would take a lesson from here in the same problem. If not yet, then try and try, don't give it up. Otherwise, just contact the Wallet Recovery Service as I mentioned in my first post.

Best of Luck.

It was a typo,I have used it as you said --no-dupchecks and it is at 17 billion right now but I am going to try directly the brute force method by adding the --no-eta and see what happen.

It is changing,now it is directly brute-forcing at 60 kps almost speed.Is it a good speed or maybe should I add another card,that's the max space I have on this pc to add another one and no more.

--nodupchecks isn't a valid argument. It needs to be --no-dupchecks.

The --no-eta option will skip this whole counting process and go straight to the brute forcing.

Up to you if you just leave it running since you are already at 10 billion, but if this is the command which crashed before because you ran out of memory then chances are the same will happen again since you haven't changed anything.

I am adding the nodupcheck argument as it was interrupted one time telling me out of memory.The word list it contains 51 different passwords which everyone is my friend name and surname plus special characters so far is at 9 billion and 383 million passwords.I guess we have to wait.Here is the full command that I ran:

python btcrecover.py --wallet wallet.aes.json --typos-capslock --tokenlist C:\Users\(name of the user)\Downloads\btcrecover-master\Tokens.txt.txt --nodupchecks

What command did you use? Can you calculate a rough idea of how many passwords your token list is going to generate?

The reason I ask is that screenshot is not actually trying to brute force anything yet - it is simply figuring out all the different passwords it is going to try. ("Counting passwords") In some cases this makes btcrecover much faster, but if you are working with billions of possibilities then it will make things much slower. You might want to restart and use the arguments --no-eta and --no-dupchecks, which should speed things up.

You can read more here: https://btcrecover.readthedocs.io/en/latest/Limitations_and_Caveats/#memory

So far he finally created a word list and as you can see from the picture in attach we are trying to brute force it.We are using a Core i5 9600kf processor together with a Gtx 1050 ti as a GPU to speed up the process,however it has run through billions of combinations and it is still going,should we wait for weeks and is there any real chance to find the password it based on this word list as my friend insists it is one of such related passwords?

No he does not has anything except this word list now.

A vague idea is still better than no idea at all. Try to build a tokens file based on that idea with additional characters, numbers, substitutions, typos, etc. Also ask him if the password would have been similar/related/based on any of the other passwords he was using around the time he set up the wallet? And he's definitely not got an old computer somewhere which might have the password saved in a browser or password manager?

Although they created the wallet and the seed phrase and private keys within, blockchain.com claim that they do not have access to individual wallets so they will not help you recover any funds.

Since resetting passwords is impossible, the only way to recover funds is through brute force as @o_e_l_e_o already described. If you don't know how to do it then you may follow this video as a guide, Brute-Force Blockchain Wallet. Since your friend has welcome mail and access to the mail, there is a hope to recover funds. Although it will take time, don't be hopeless. Try with all possible passwords.

If you failed to do it yourself then you have to trust their party. I am not suggesting using a third party, but in case you need then you may contact this developer, Bitcoin Wallet Recovery Services - for forgotten wallet password  .

One more important thing, most likely you may receive PMs from scammers to recover your funds. Don't let them make you fool. Just ask them to participate in the open discussion here. And please share here before trusting anyone in case you need to hand over your wallet credentials to others. Handover wallet credentials to scammers mean your fund will go forever.

Thank you.We are trying the above but right now things are not looking good as we are brute forcing from scratch as he has only a vague idea what the password could be.I thought that Blockchain support could help us with the ID but it seems this is our only option.Anyway we are going to try until we get bored or if we heaven wants find anything.

He will first need to download his blockchain.com wallet.aes.json file. First check any emails he received from blockchain.com, as they used to send the wallet files out as email attachments to be used as a back up. If not, then he'll need to extract it from blockchain.com. The easiest way I know of doing this is by using btcrecover:

https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-05-08_Recovering_Blockchain_Wallet_Passwords/Example_Recovering_Blockchain_Wallet_Passwords/

Once he has downloaded the wallet file, he'll then need to run btcrecover to try to brute force the password. If he has some idea of what the password might be, then he can create a token list of possibilities to try by following these instructions: https://btcrecover.readthedocs.io/en/latest/tokenlist_file/

If he has no idea what the password is then you can try just bruteforcing from scratch, but this will almost certainly be impossible unless he used a very simple password.

A friend of mine had bought at least 0.5 Bitcoin there and he used Blockchain wallet back in 2014.He only has the welcome email from Blockchain and the Id of his wallet,he doesn't remember the password and he has also lost his recovery phrase back which was kinda like a seed back then.Is there any way to recover this?