Author

Topic: Brute Forcing wallet.dat with BTCRecover need help (Read 350 times)

HCP
legendary
Activity: 2086
Merit: 4363
I tried everything I could think of before reaching the blank file solution, from splitting the backreference wildcards in to different lines using positional anchors, to using the delimiter option to try and separate them, but every time it just joined them together and searched for a file name.
LOL... I had exactly the same experience. Then decided to sleep on it because it was stupid o'clock... then couldn't sleep because it was bugging me... then had the genius "blank file" idea.


I think you are over thinking this. Isn't it simply that you are one character further along and looking one character further back, so you need to increment by two rather than one? For example, in 12password21, there are 8 characters between the two 2s, but 10 characters between the two 1s.
Actually, I think you might be right... I had the correct answer, wrong logic. Roll Eyes
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
just an idea, a simple cpp program (or other programming language) can generate a list of words with the needed criteria with prefix-suffix palindrome with a given length, if they are not too complicated and long palindromes, it could be possible to generate dictionary with the program.
Only down side will be to read from the dictionary file, probably will be slower.
legendary
Activity: 2268
Merit: 18771
I tried everything I could think of before reaching the blank file solution, from splitting the backreference wildcards in to different lines using positional anchors, to using the delimiter option to try and separate them, but every time it just joined them together and searched for a file name. Since it was determined to find a file, I was then experimenting with trying to put the wildcards inside the file it was looking for to see if it would then parse them properly. When that didn't work either, I finally tried just feeding it an empty file. If that hadn't worked then the only other thing I could think of trying was diving in to the source code to find and edit the relevant parts, so I'm glad it didn't come to that.

I was initially confused as to why it was just printing the same character 4 times at the end... then realised that the ;file.txt; tokens were being "counted" even though they were effectively null... and came up with the same "count back 1 additional char" strategy.
I think you are over thinking this. Isn't it simply that you are one character further along and looking one character further back, so you need to increment by two rather than one? For example, in 12password21, there are 8 characters between the two 2s, but 10 characters between the two 1s.
HCP
legendary
Activity: 2086
Merit: 4363
So, give it a file to find which does nothing, and then it will continue to read the rest of the tokenlist file as it should. So, create a file in the root directory called "file.txt" which is empty, and then use the following tokensfile:

Code:
%4cpassword%;file.txt;9b%;file.txt;11b%;file.txt;13b%;file.txt;15b
Nice work!  Wink

I had exactly this thought last night when I was laying in bed trying to get to sleep... "ooooo what if I just use an empty file? Huh", but couldn't be arsed getting out of bed to check it and eventually dozed off.

Came to test it this morning, after a nice lazy lay in... along with a nice cup of tea.

I was initially confused as to why it was just printing the same character 4 times at the end... then realised that the ;file.txt; tokens were being "counted" even though they were effectively null... and came up with the same "count back 1 additional char" strategy.

Came here to proudly post about the clever idea I had, and discovered I had already been beaten to it!   Shocked Cry Roll Eyes Tongue


Will definitely need to file this strategy away in the back reaches of my brain for future reference. Wink
legendary
Activity: 2268
Merit: 18771
After a bit of tinkering, I've figured out a successful workaround to this problem.

As HCP says, it keeps trying to look for a file as opposed to just reading each backreference wildcard individually. So, give it a file to find which does nothing, and then it will continue to read the rest of the tokenlist file as it should. So, create a file in the root directory called "file.txt" which is empty, and then use the following tokensfile:

Code:
%4cpassword%;file.txt;9b%;file.txt;11b%;file.txt;13b%;file.txt;15b

This will spit out passwords in the format 1234password4321.

jr. member
Activity: 40
Merit: 13
That work perfect Now, can I make it like this Example: 1234password4321
Unfortunately, it doesn't look like the code supports having multiple backreferences in a row... Logically, something like this should work:
Code:
%4cpassword%;9b%;10b%;11b%;12b

which should generate the 4 characters at the front... then copy them to the end in reverse order... for example:
Code:
ab2cpasswordc2ba
1234password4321
...;

Unfortunately, it seems that the tokens parser is prioritising the ";filename;" parsing... and treating ;9b%; as a filename for a keyboard walking map pattern and spits out an IOError Undecided
Code:
IOError: [Errno 2] No such file or directory: '9b%'


I'm not sure of a workaround for this, that doesn't involve a massive pre-generated token file that has the 4 characters matched with their reverse 4 characters etc.

I have been looking here https://btcrecover.readthedocs.io/en/latest/tokenlist_file/#keyboard-walking-backreference-wildcards-revisited

but I can't understand how exactly this woking Sad
HCP
legendary
Activity: 2086
Merit: 4363
That work perfect Now, can I make it like this Example: 1234password4321
Unfortunately, it doesn't look like the code supports having multiple backreferences in a row... Logically, something like this should work:
Code:
%4cpassword%;9b%;10b%;11b%;12b

which should generate the 4 characters at the front... then copy them to the end in reverse order... for example:
Code:
ab2cpasswordc2ba
1234password4321
...;

Unfortunately, it seems that the tokens parser is prioritising the ";filename;" parsing... and treating ;9b%; as a filename for a keyboard walking map pattern and spits out an IOError Undecided
Code:
IOError: [Errno 2] No such file or directory: '9b%'


I'm not sure of a workaround for this, that doesn't involve a massive pre-generated token file that has the 4 characters matched with their reverse 4 characters etc.
jr. member
Activity: 40
Merit: 13
In which case use:

Code:
%4cpassword%4;12b

And use the --custom-wild command with your specific character set.


That work perfect Now, can I make it like this Example: 1234password4321
legendary
Activity: 2268
Merit: 18771
In which case use:

Code:
%4cpassword%4;12b

And use the --custom-wild command with your specific character set.
jr. member
Activity: 40
Merit: 13
Yes I want to use a specific characters I remember what type of characters but I don't remember the sequence

Can you help me please  


EDIT: and I need to mirror them Example 1234password4321




Is there a way to tell btcrecover that front part is the same as end part ? That will lower the combinations and ETA significantly.
You would change your tokens file to this:

Code:
%4dpassword%4;12b

%4d will tell it to insert any 4 digits.
%4;12b will tell it to copy 4 characters, starting 12 characters back from this point.
You can change the number of characters or type of characters using the codes here: https://btcrecover.readthedocs.io/en/latest/tokenlist_file/#expanding-wildcards
You don't need to use --custom-wild here unless you specifically want to use a set of characters which is not easily selected using the above wildcards.

Also is there a way to create an exclusion list with btcrecover to skip combinations that I already tried HuhHuhHuh?
Not between different tokenlists. You can use the autosave feature to save your progress on a specific tokenlist (https://btcrecover.readthedocs.io/en/latest/TUTORIAL/#autosave), but you can't cross reference between different tokenlists.

member
Activity: 70
Merit: 53
@xlameee
you can use hashcat
first use bitcoin2john.py to convert your wallet to hash.
second at end of line add ?x depending your requirement.
Code:
  ? | Charset
 ===+=========
  l | abcdefghijklmnopqrstuvwxyz
  u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
  d | 0123456789
  h | 0123456789abcdef
  H | 0123456789ABCDEF
  s |  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
  a | ?l?u?d?s
  b | 0x00 - 0xff

for example your password is "156Apassword911"
Code:
?d?d?d?upassword?d?d?d

legendary
Activity: 2268
Merit: 18771
Is there a way to tell btcrecover that front part is the same as end part ? That will lower the combinations and ETA significantly.
You would change your tokens file to this:

Code:
%4dpassword%4;12b

%4d will tell it to insert any 4 digits.
%4;12b will tell it to copy 4 characters, starting 12 characters back from this point.
You can change the number of characters or type of characters using the codes here: https://btcrecover.readthedocs.io/en/latest/tokenlist_file/#expanding-wildcards
You don't need to use --custom-wild here unless you specifically want to use a set of characters which is not easily selected using the above wildcards.

Also is there a way to create an exclusion list with btcrecover to skip combinations that I already tried HuhHuhHuh?
Not between different tokenlists. You can use the autosave feature to save your progress on a specific tokenlist (https://btcrecover.readthedocs.io/en/latest/TUTORIAL/#autosave), but you can't cross reference between different tokenlists.
legendary
Activity: 952
Merit: 1386
Check tokens description:
https://btcrecover.readthedocs.io/en/latest/tokenlist_file/

There is an example:
%2Atest%2;6b - patterns such as ABtestAB and XKtestXK where the two capital letters before and after test match each other, but never ABtestXK where they don't match
jr. member
Activity: 40
Merit: 13
Hello

I am trying to brute force my old wallet.dat with btcrecover I need to shorten the combination some how

I am currently running Firepro W8000, but I also have Firepro W9100 that I am planing to install

The time I am getting with W8000 TIME: 1day, 22:33:33, but if I can lower the combinations and add my 2nd GPU I can break my password much faster 

Let me give you an example:

Let's say my mid part of the password is "password"

Front part is the same as the end part Example: "1234password1234"

What I did in my tokens.txt

%c%c%c%cpassword%c%c%c%c

and the command I use


python btcrecover.py --wallet wallet.dat --custom-wild 1234 --tokenlist tokens.txt --enable-gpu


Is there a way to tell btcrecover that front part is the same as end part ? That will lower the combinations and ETA significantly.


Also is there a way to create an exclusion list with btcrecover to skip combinations that I already tried HuhHuhHuh?

I can use --listpass and save them to a file so the next time I tried those combinations will be skipped  If that's even possible.


Thank you
Jump to: