Author

Topic: blockstack_recover: Extract private keys from blockstack-client wallets (Read 189 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bumping this as a notice that the latest version of the package incorrectly links the project homepage as https:// [link intentionally broken] github.com/ZenulAbidin/blockstack-recover (hyphen instead of underscore) which causes a 404 when you try to go there. Pushing a newer version ASAP that fixes this.

Update: Fixed in 1.1.2 (and technically 1.1.1 but that release was never pushed to PyPI for some reason).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bump with decrypting functionality added! Please update to version 1.1.1.

The program has been split into two subcommands. From here on, to extract private keys from an unencrypted wallet.json as normal, use the extract subcommand: blockstack_recover extract ARGUMENTS.... As for decrypting an encrypted wallet for which you have its password, use the decrypt subcommand: blockstack_recover decrypt ARGUMENTS...

Internally I also fixed the encryption and decryption AES functions which apparently were broken from not padding the input along 32 bytes. Took quite a while to figure out that I was missing padding! And the PyPI page had a broken github link -.-
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
There are some links out there to the client, since I cannot verify their authenticity I will not post them, but a bit of searching and you can find them and they do look like the correct ones.

-Dave

If you are talking about the source bundles which can be downloaded from PyPI, I have verified that those are authentic (21XO used one of them to recover his private key).

What seemed to have happened is that the blockstack developers "nuked" the blockstack-client source code from Github and replaced it with some bizarre incompatible Node.js wallet.

This setup.py is a bit worrying since future update could introduce breaking change and might break your code. Mentioning working version of Python and dependency might be helpful.

Code:
install_requires=[
    'ecdsa',
    'utilitybelt',
    'pycrypto',
    'bitcoin',
    'cachetools',
    'base58',
],

D'oh, I forgot to pip freeze the dependencies and put those in the setup.py instead Embarrassed. Will fix ASAP.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
This setup.py is a bit worrying since future update could introduce breaking change and might break your code. Mentioning working version of Python and dependency might be helpful.

Code:
install_requires=[
    'ecdsa',
    'utilitybelt',
    'pycrypto',
    'bitcoin',
    'cachetools',
    'base58',
],
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Good job on doing this. There are probably a few people out there with BTC sitting in wallets they could not get to.

...
While blockstack-client was a Python 2-only wallet, whose source code is no longer on Github,...

There are some links out there to the client, since I cannot verify their authenticity I will not post them, but a bit of searching and you can find them and they do look like the correct ones.

-Dave
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
As promised here is my tool for recovering bitcoins from blockstack-client (an abandoned Python2 wallet software that's difficult to install and extract keys from anymore) wallets called blockstack_recover (PyPI) (Github). It takes a blockstack-client wallet.json file, and decides it into the private keys that it uses to receive payments. Then you can import them into another wallet software to access your bitcoins.

While blockstack-client was a Python 2-only wallet, whose source code is no longer on Github, this tool works only on Python 3+, and has minimum dependencies to reduce the risk of malicious Python libraries being pulled.

Installation:

pip install blockstack_recover

Running:

Find the path to your unencrypted wallet.json (the tool does not work with encrypted wallet.json), and run:

blockstack_recover extract wallet.json

If you only have an encrypted wallet.json, decrypt it first using:

blockstack_recover decrypt wallet.json decrypted-wallet.json

And supply your password to it. The program can't help you if you don't remember your password.

The unencrypted wallet.json is a JSON File that only has the keys "master_private_key" with a long hexadecimal number and "wallet_password", the wallet password in plain-text.

If you have any bitcoins inside a blockstack-client wallet, please move them off now.

Never give anybody your wallet.json, even if it's encrypted. I have discovered that passwords can be brute-forced using the AES256 encryption code in the blockstack-client. This can be devastating if used with hardware acceleration like PyCUDA.


If there is enough support I will make a tool that decrypts an encrypted wallet.json file, that'll be useful as well. Done!
Jump to: