Author

Topic: [Bounty Inside] Restoring an electrum seed phrase into another wallet (Read 220 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I don't think we should endorse it. As I already said, if Electrum does not approve this method of recovering a seed phrase, then nobody should recover it likewise. There are different normalization steps followed by these two standards, and I severely lack the confidence to even have an opinion on that matter; I haven't even studied their precise terminology. I only know that my improvised "Iancole-electrum" is untested.

Even in HCP's repo you can see a giant "Run at your OWN risk!!".

With that being said, I think it's better I lock this thread.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Well since you figured it out, would you like to create a hosted version of this on Github Pages (or anywhere else) first?
I don't think we should endorse it. As I already said, if Electrum does not approve this method of recovering a seed phrase, then nobody should recover it likewise. There are different normalization steps followed by these two standards, and I severely lack the confidence to even have an opinion on that matter; I haven't even studied their precise terminology. I only know that my improvised "Iancole-electrum" is untested.

Even in HCP's repo you can see a giant "Run at your OWN risk!!".
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Well since you figured it out, would you like to create a hosted version of this on Github Pages (or anywhere else) first? Smiley For those guests out there reading that don't like to change code and also in case bip39-standalone changes the line counts.
For the record, HCP has it in his GitHub repo for 7 years now: https://github.com/HardCorePawn/electrumBIP39
The later versions also came with instructions on how to use in different wallet types in the readme.

Obviously, the downside is he didn't implemented Electrum's seed version system that counts as a checksum and script type indicator.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
How to gain 20 merits for free:

  • Download bip39-standalone.html.
  • Go to line 28611 and replace "return h == nh;" with "return true;".
  • Go to line 28639 and replace "mnemonic" with "electrum".
  • Open bip39-standalone.html in your browser and paste your seed phrase.
  • Select "Bitcoin - Testnet" from "Coin".
  • In "Derivation Path", select BIP141, P2WPKH and use: m/0'/0

Ta-da!

Well since you figured it out, would you like to create a hosted version of this on Github Pages (or anywhere else) first? Smiley For those guests out there reading that don't like to change code and also in case bip39-standalone changes the line counts.

legendary
Activity: 3472
Merit: 10611
BIP39 uses a simple KD normalization while Electrum does a lot more than that (removes diacritics, modifies CJK inputs, etc.).
Do you mean that it removes diacritics and CJK in the optional extra passphrase?
Both the passphrase and the mnemonic itself use the same normalization method. Remember that there are word lists in other languages too and you can also use your own custom word list with Electrum that could contain all kinds of crazy characters including emojis.
There's a weird test vector for it: https://github.com/spesmilo/electrum/blob/fe03fbf2a05bcbe7ddb263d937ad9501b929d8a4/electrum/tests/test_wallet_vertical.py#L30
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
In general, don't import an electrum seed phrase in a non-electrum software, unless it is certified by Electrum team. Let's keep it simple as that. You wouldn't attempt to ever restore a Bitcoin Core wallet outside Bitcoin Core, so why would you want to restore an electrum seed phrase elsewhere? Both are equally reputable.

BIP39 uses a simple KD normalization while Electrum does a lot more than that (removes diacritics, modifies CJK inputs, etc.).
Do you mean that it removes diacritics and CJK in the optional extra passphrase?
legendary
Activity: 3472
Merit: 10611
Because of how the underlying code works, it is impossible to do any kind of modification to the input (mnemonic) and make it work with a BIP39 code.

To be more specific the way each of these two algorithms go from mnemonic to BIP32 seed is different:
Code:
BIP39:
PBKDF2(pass=mnemonic, salt=mnemonic|passphrase, c=2048, PRF=HMACSHA512)

Electrum:
PBKDF2(pass=mnemonic, salt=electrum|passphrase, c=2048, PRF=HMACSHA512)
That little difference in used salt is enough to prevent it without actually modifying the code.

That is not to mention the difference in normalization steps used in each algorithm which again can not be achieved without actually changing the code and you can't reproduce by simply changing one or two lines of code in BIP39 implementation like @BlackHatCoiner said (that method is a hack to get it to work for most cases not all).
BIP39 uses a simple KD normalization while Electrum does a lot more than that (removes diacritics, modifies CJK inputs, etc.).
legendary
Activity: 3682
Merit: 1580
Additionally, the first person who creates a web page or a script/program that can convert an Electrum seed into a BIP39 seed, that generates the same addresses as Electrum when you use Electrum's derivation paths, will receive an additional 20 merit.

FYI this isn't possible. You can't convert electrum seed mnemonics to bip39.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
How to gain 20 merits for free:

  • Download bip39-standalone.html.
  • Go to line 28611 and replace "return h == nh;" with "return true;".
  • Go to line 28639 and replace "mnemonic" with "electrum".
  • Open bip39-standalone.html in your browser and paste your seed phrase.
  • Select "Bitcoin - Testnet" from "Coin".
  • In "Derivation Path", select BIP141, P2WPKH and use: m/0'/0

Ta-da!
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Does BlueWallet directly accept an Electrum phrase? Because that wouldn't count otherwise Tongue but it's good to know anyway.
Yes.

Also I am just thinking of it. NeuroticFish is also correct. Although we may not be able to spend the coins on Electrum directly, but Electrum wallet will still be able to generate the keys needed for coin recovery and spending. But let us hope that this will not change one day as they do to Android Electrum. Before on Android Electrum, you can get the keys, but now not possible.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Since you quoted o_e_l_e_o, I will also do so. I don't know if this counts (although it's a minor change of the most well known bip39 software), but I've kept a bookmark to this quote for the case I ever have problems or I have to help anybody recover his coins from an Electrum seed:

There is no need to back up your master private key or individual private keys from an Electrum wallet.

You could use any old copy of Electrum software to restore an Electrum seed phrase and extract the relevant private keys. Even if the devs abandon the project, the GitHub disappears, and your own devices are destroyed, there are thousands of people who would pretty quickly upload copies of the Electrum code for other people to download.

Even if no one did that, you can use any open source piece of software with two very minor changes as explained by pooya87 above to restore an Electrum seed phrase. For example, with https://github.com/iancoleman/bip39, simply open src/js/jsbip39.js, change line 116 to return true; and at line 144 change the word "mnemonic" to the word "electrum". The derivation paths will be different (m/0 for legacy and m/0'/0 for segwit), but it will generate your Electrum addresses just fine.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Bluewallet is not having testnet. If it is mainnet, you can use Bluewallet for the recovery.

Does BlueWallet directly accept an Electrum phrase? Because that wouldn't count otherwise Tongue but it's good to know anyway.

- Obviously, you are not allowed to use Electrum for this, or other software that directly takes Electrum seeds (as far as I know though, there are none).

Though you've proven me wrong on the "other software" part.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Bluewallet is not having testnet. If it is mainnet, you can use Bluewallet for the recovery.

Code:
lazy fit float begin ugly skirt garage frost birth skin inner brown

 

Worth knowing that the transaction made on seed phrase imported from Electum to Bluewallet will not support Replace-by-fee if used for making transaction.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Reserved

(Somebody actually funded the address with tbtc for some reason)
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
No, I did not lose my coins Wink

However, in the process of testing my new wallet implementation, I have found it very annoying how addresses generated inside an Electrum wallet cannot be reached from BIP39 software.

Consequentially, this means that people might become desperate if they cannot restore their Electrum seed phrase inside another wallet, and Electrum itself for whatever reason stops working for them.

So I have decided to make a little challenge.

As some of you may know, Electrum uses its own wordlist, different from BIP32. However, the underlying seed phrase bytes will be the same for both types.

Additionally, Electrum uses its own derivation paths. Here is the prefix of all Electrum wallets, which you can find below (same for mainnet and testnet):

Under the hood, Electrum derives a "master private key" (m) from the seed and derive external and internal chains at (m/0 and m/1) for receiving and change address parent extended keys.
Then, the addresses which at (m/0/0~19 and m/1/0~9) for the initial 20 receiving and 10 change addresses.
This is only the case for legacy wallets. Electrum uses m/0' (rather than just m) for single-sig segwit wallets, which has obviously been the default wallet type for some time.

2FA (legacy and SegWit): m/1'/0/
This is not quite right either. Electrum uses the following:

Legacy: m
Segwit: m/0'
Legacy multi-sig: m
Segwit multi-sig: m/1'

It will then append /x/y to the above derivation paths, with x being 0 or 1 for receiving or change, and y being the address index. For 2FA wallets, your three master keys are derived at m/0', m/1', and m, respectively. The final key at m is the one which is derived from your previous two keys and the hardcoded TrustedCoin key.



As far as I know, there are no tutorials for restoring an Electrum seed phrase into a BIP39 wallet. Therefore, I have created a seed phrase on Testnet which has an address attached to it.

The first person to successfully generate this address from a non-Electrum wallet will get 20 merit, from me.

Rules:

- Anybody can participate.
- You can use any tool to help you generate the address, like IanColeman, any script or program. There are no restrictions.
- You must show a proof of concept. This means you're going to take screenshots of your wallet or web-page showing the step-by-step process you created the address with. People following your instructions should be able to reproduce the address as well.
- Obviously, you are not allowed to use Electrum for this, or other software that directly takes Electrum seeds (as far as I know though, there are none).

Additionally, the first person who creates a web page or a script/program that can convert an Electrum seed into a BIP39 seed, that generates the same addresses as Electrum when you use Electrum's derivation paths, will receive an additional 20 merit.

The seed phrase (note: There is no tBTC inside!)
Code:
lazy fit float begin ugly skirt garage frost birth skin inner brown

The first receiving address (ie. this address derivation path ends in 0/0):
Code:
tb1q9nvh8dyaq07az8waztpachekqd4wpzwyyav3pa



This bounty is meant to incentivize the development of wallet recovery software, which is important for people who have lost access to their wallet but still possess their seed phrase.
Jump to: