Pages:
Author

Topic: Can You recover my BIP38 Password? (Read 2327 times)

member
Activity: 378
Merit: 53
Telegram @keychainX
November 26, 2018, 04:16:49 AM
#28
You are wrong, for BIP 38 it takes quite a bit more to check the missing characters than a few seconds. For checking two missing characters you would get 9025 alterations and with the numerous options you have with compressed/uncompressed address and segwit/legacy that number grows eight fold. I would say 6-8 hours.

You don't need to generate compressed/uncompressed public keys and segwit-/legacy- addresses for each iteration.
It is enough to only test the ones where the decrypted private key is a valid private key (checksum helps here).

This reduces the 9025 iterations (based on your post) to a fraction.


But.. even with 9025 iterations (if you'd have to generate compressed/uncompressed public keys and all 3 types of addresses) it would NEVER take 6-8 hours on a modern machine.
With a somewhat modern graphic card, this won't take much more than a minute.

Again, you seems not to know what you are talking about. If you study BIP 38 for a while you will know its not possible to hashcat or use john the ripper. You would also know that the bippy code out there has a bug so you would need to do both compressed/uncompressed addys in order to cover the
whole spectrum of space with possible addresses. Finally, if you know anything about passwords, you would know the iterations wont be less than 9025 out of two missing characters.

legendary
Activity: 1624
Merit: 2481
November 25, 2018, 06:32:13 AM
#27
You are wrong, for BIP 38 it takes quite a bit more to check the missing characters than a few seconds. For checking two missing characters you would get 9025 alterations and with the numerous options you have with compressed/uncompressed address and segwit/legacy that number grows eight fold. I would say 6-8 hours.

You don't need to generate compressed/uncompressed public keys and segwit-/legacy- addresses for each iteration.
It is enough to only test the ones where the decrypted private key is a valid private key (checksum helps here).

This reduces the 9025 iterations (based on your post) to a fraction.


But.. even with 9025 iterations (if you'd have to generate compressed/uncompressed public keys and all 3 types of addresses) it would NEVER take 6-8 hours on a modern machine.
With a somewhat modern graphic card, this won't take much more than a minute.
member
Activity: 378
Merit: 53
Telegram @keychainX
November 25, 2018, 04:54:25 AM
#26
I rescue a hard drive where I had stored the password of my private key.
The problem is that I have 80% of the password, I can not remember the last 2 characters
And even worse the password had 2 spaces, I can not remember if these spaces were part of the password or not.

How much of the password do you actually know is correct ?

Are only the last 2 characters missing or are the spaces wrong / in wrong places ?

With only the last 2 chars missing it wouldn't take more than a few seconds to bruteforce your private key.
With also the spaces being in wrong places, it gets harder.. But still doable (if the rest of the password is correct).
With the 2 last chars missing, the spaces being in the wrong position AND the current spaces being 2 other chars, your chances get very slim.


I'd suggest you look at btcrecover (https://github.com/gurnec/btcrecover). It lets you create your own 'token' file. This corresponds to the 'way to iterate trough your password'.

You are wrong, for BIP 38 it takes quite a bit more to check the missing characters than a few seconds. For checking two missing characters you would get 9025 alterations and with the numerous options you have with compressed/uncompressed address and segwit/legacy that number grows eight fold. I would say 6-8 hours. (if its just two characters). Unfortunately there are different buggy versions of BIP38 decoders/encoders like bippy which treats the address as compressed even if its uncompressed, so the decoding process is quite unreliable where the software tells you the password is wrong even if its correct. There are even deviations where the browser itself treats the encoding wrong, which once you try to retrieve your encrypted key you will get a completely wrong decode.

/KX
legendary
Activity: 1624
Merit: 2481
October 26, 2018, 09:20:39 AM
#25
I rescue a hard drive where I had stored the password of my private key.
The problem is that I have 80% of the password, I can not remember the last 2 characters
And even worse the password had 2 spaces, I can not remember if these spaces were part of the password or not.

How much of the password do you actually know is correct ?

Are only the last 2 characters missing or are the spaces wrong / in wrong places ?

With only the last 2 chars missing it wouldn't take more than a few seconds to bruteforce your private key.
With also the spaces being in wrong places, it gets harder.. But still doable (if the rest of the password is correct).
With the 2 last chars missing, the spaces being in the wrong position AND the current spaces being 2 other chars, your chances get very slim.


I'd suggest you look at btcrecover (https://github.com/gurnec/btcrecover). It lets you create your own 'token' file. This corresponds to the 'way to iterate trough your password'.
newbie
Activity: 33
Merit: 0
October 25, 2018, 08:07:31 PM
#24
Hi AgentofCoin, i saw a post in February 20, 2017. You helped mody0101 to Crack a Passphrase. I have a similar issue.

Nice to meet you my name is Jorge.
I have a encrypted private key but i lose the password

I have the Encrypted Private Key.
The Wallet is this:
WALLET: 37zyMum5mY4dj5ySpUX3gizR1bUyc55ywP

Do you believe that that there is something to do?

I rescue a hard drive where I had stored the password of my private key.
The problem is that I have 80% of the password, I can not remember the last 2 characters
And even worse the password had 2 spaces, I can not remember if these spaces were part of the password or not.

PASSWORD TENTATIVELY: YMLHhH58J @ FXX

Do you think you could help me in this case?

Regards!
HCP
legendary
Activity: 2086
Merit: 4363
June 25, 2018, 07:33:31 PM
#23
I assume you mean an encrypted private key... one that starts with "6P"??

If so, your chances of recovering without a really good idea of what the password was will be near impossible Undecided
newbie
Activity: 27
Merit: 0
June 25, 2018, 04:55:29 PM
#22
Hey guys, I have a wallet address & private key but not the password, could you please help me?
staff
Activity: 3304
Merit: 4115
February 25, 2018, 06:31:03 AM
#21
What kinds of hints are most useful? Ie...

I'm highly confident that I used...

at least 1 whole English word at least 6 chars long - possibly by itself,

but also possibly combined with:
1 instance of a known 3 digit numerical string;
1 instance of a known 4 digit numerical string; or
2 matching instances of an unknown 2-digit numerical string.
 
I may also have included up to  2 instances of a single non-alphanumeric symbol either at the end of the password or at the beginning and end of the password. Not anywhere in between.

Like Mody0101, anyone can contact me for more specifics.

However, I think that my problem comes from mis-spelling that whole word (I wish BitAddress.org used matching password form validation). So... I think that using a dictionary file of parts of words or misspelled words will be useful.

I have only done miniscule amounts of programming in my lifetime. But I think an algorithm for this might go...
  • list all possible seed words used to generate the encrypted private key (the hard part)
  • filter for matches containing parts of words or misspelled words
  • filter for matches containing any of the known 3 or 4 digit strings possibly used
  • filter for matches of words I might have used
  • done?


Look at what bob123 said, that applies to you too. Also, I noticed that you like to use 'leet' speak by putting a "3" instead of a "e" is it possible that this could be the password too? These are the things that you need to be thinking about and include all the information you can on the password if this information compromises any other passwords that you use then you need to change them before releasing this information.

At the moment we don't need to think about the algorithm used, we just need information on the password otherwise no algorithm is going to work. Provide all the information you can and send it to Dave's recovery services.
legendary
Activity: 1624
Merit: 2481
February 22, 2018, 05:55:34 AM
#20
Hi.  I am in a similar situation as Moldy.  i have btc in a bip38 paper wallet and i have an idea of the passphrase but can't seem to crack it.  i would make it worth anybody's time for sure as there are more than 3 btc to be released.  thanks

You can either try it by yourself or make your information available on public to get anyones hands on it.

You should make an encrypted private key (with only a fraction of your whole balance / or 0 balance at all) public, since you don't want
to get your funds stolen after someone decrypted your private keys.

You need to remember (at least) a few properties of your password.
For example:
  • Lenght? Min. max?
  • Which chars did you use? / Which chars didn't you use for sure?
  • Any patterns you repeatedly use? e.g. '123' at the end?
  • Variations of anything you use?
  • Upper/lowercase ? Mixed?
  • Can you exclude characters at certain positions for sure?


The more you remember and the shorter your password is, the higher are your chances to retreive it.
newbie
Activity: 6
Merit: 0
February 20, 2018, 11:12:44 PM
#19
Hi.  I am in a similar situation as Moldy.  i have btc in a bip38 paper wallet and i have an idea of the passphrase but can't seem to crack it.  i would make it worth anybody's time for sure as there are more than 3 btc to be released.  thanks
legendary
Activity: 3808
Merit: 1723
December 03, 2017, 05:42:53 PM
#18
From my understanding the BIP38 encrypted password is not easily brute-forcable.

The best GPUs can only do like 1kh/s. While a regular brute force password for Bitcoin Core can do like 100mh/s.

SO if its a long password, its impossible to brute force it.
newbie
Activity: 2
Merit: 0
December 03, 2017, 05:13:47 PM
#17
But I don't think I can provide password suggestions.
Have a look at I'm BIP38 curious, please help me out!: 1 BTC reward was not enough to brute-force a BIP38 password with 6 random characters.

Without password hints, it's impossible to crack a BIP38 password if it's more than 5 characters long.

What kinds of hints are most useful? Ie...

I'm highly confident that I used...

at least 1 whole English word at least 6 chars long - possibly by itself,

but also possibly combined with:
1 instance of a known 3 digit numerical string;
1 instance of a known 4 digit numerical string; or
2 matching instances of an unknown 2-digit numerical string.
 
I may also have included up to  2 instances of a single non-alphanumeric symbol either at the end of the password or at the beginning and end of the password. Not anywhere in between.

Like Mody0101, anyone can contact me for more specifics.

However, I think that my problem comes from mis-spelling that whole word (I wish BitAddress.org used matching password form validation). So... I think that using a dictionary file of parts of words or misspelled words will be useful.

I have only done miniscule amounts of programming in my lifetime. But I think an algorithm for this might go...
  • list all possible seed words used to generate the encrypted private key (the hard part)
  • filter for matches containing parts of words or misspelled words
  • filter for matches containing any of the known 3 or 4 digit strings possibly used
  • filter for matches of words I might have used
  • done?

full member
Activity: 157
Merit: 113
December 03, 2017, 08:54:37 AM
#16
How necessary was/is it to have password suggestions in order to crack this?

I have a similar situation. That is.. I need to crack my private key's BIP38 password. I have a BitAddress.org BIP38 public/private key pair for an empty address that used the same password as another address I own.

But I don't think I can provide password suggestions.

How possible is this without password suggestions?

If you think it is possible, I offer a bounty of $1,000.00 (that's USD) in BTC. At the time of this post it is BTC0.089800.

Both addresses are offline on paper wallets.

My target address is at: https://blockchain.info/address/1EMRVjqpUAWJQksKomHjSKYzQed4veH3de

My empty address key pair:
Public key:1MHsUMfNRSUhpeLAx7vzwNu4qjYfjWesd7
Private key:6PnV8excEtv5g6D6p5dwNmfKT2Wi5fxtPUYSzJoKgDVeKHp3piPgazLd68

Also, if you have any suggestions for password recovery services, please share!

Good luck!

What could the password be?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 03, 2017, 08:49:44 AM
#15
But I don't think I can provide password suggestions.
Have a look at I'm BIP38 curious, please help me out!: 1 BTC reward was not enough to brute-force a BIP38 password with 6 random characters.

Without password hints, it's impossible to crack a BIP38 password if it's more than 5 characters long.
newbie
Activity: 2
Merit: 0
December 03, 2017, 06:26:03 AM
#14
How necessary was/is it to have password suggestions in order to crack this?

I have a similar situation. That is.. I need to crack my private key's BIP38 password. I have a BitAddress.org BIP38 public/private key pair for an empty address that used the same password as another address I own.

But I don't think I can provide password suggestions.

How possible is this without password suggestions?

If you think it is possible, I offer a bounty of $1,000.00 (that's USD) in BTC. At the time of this post it is BTC0.089800.

Both addresses are offline on paper wallets.

My target address is at: https://blockchain.info/address/1EMRVjqpUAWJQksKomHjSKYzQed4veH3de

My empty address key pair:
Public key:1MHsUMfNRSUhpeLAx7vzwNu4qjYfjWesd7
Private key:6PnV8excEtv5g6D6p5dwNmfKT2Wi5fxtPUYSzJoKgDVeKHp3piPgazLd68

Also, if you have any suggestions for password recovery services, please share!

Good luck!
legendary
Activity: 1092
Merit: 1001
February 20, 2017, 06:21:43 PM
#13
Hello All
Can You recover my BIP38 Password?
i have 2.3 BTC in this offline wallet:
https://blockchain.info/address/1M3Wv7qNL7t3Yr7r5g8hyL8uMGVrM4XBSY
i created it using bitaddress.org and forget the password,
i want to crack the password and i have the private key and know password suggetions
For any one want to try to recover the password, i have other another wallet that is have no coins and have same password, so you can crack it and give me the password and i would pay you 20% of the BTC  "0.45 BTC" if you can crack it
anyone can contact me and i would give him password suggestions
if you have any suggetions of password revovery services please let me know too.
here is all info
bitaddress.org
public key: 1MPDjg3DK1GDuoeLEJXDELGUGsrRFt1eYU
privare key: 6PnURfHuPd9asZ8GLtxstBhGSoYJzc7zAxPax2mamxZaTuivJTDv1NTydF
Good luck!
regards


I contacted the OP and he provided me the hints.
After some time I was able to find the pw for the BIP 38 encrypted privatekey.

I am posting this here as a record since most of my communication with the OP is within private messages.

I will now provide the pw to OP within private message.
If I never get my reward for cracking, I will post the answer here so that other can see  that I got it.
Since OP is a new account, I expect that I may not get the reward and thus I am making this record.



Thanks for your help, Really appreciate
hope you confirm that you get the reward here
regards

Yes I confirm. Mody0101 is honorable and maintained his part of the agreement.
newbie
Activity: 8
Merit: 1
February 20, 2017, 05:19:06 PM
#12
Hello All
Can You recover my BIP38 Password?
i have 2.3 BTC in this offline wallet:
https://blockchain.info/address/1M3Wv7qNL7t3Yr7r5g8hyL8uMGVrM4XBSY
i created it using bitaddress.org and forget the password,
i want to crack the password and i have the private key and know password suggetions
For any one want to try to recover the password, i have other another wallet that is have no coins and have same password, so you can crack it and give me the password and i would pay you 20% of the BTC  "0.45 BTC" if you can crack it
anyone can contact me and i would give him password suggestions
if you have any suggetions of password revovery services please let me know too.
here is all info
bitaddress.org
public key: 1MPDjg3DK1GDuoeLEJXDELGUGsrRFt1eYU
privare key: 6PnURfHuPd9asZ8GLtxstBhGSoYJzc7zAxPax2mamxZaTuivJTDv1NTydF
Good luck!
regards


I contacted the OP and he provided me the hints.
After some time I was able to find the pw for the BIP 38 encrypted privatekey.

I am posting this here as a record since most of my communication with the OP is within private messages.

I will now provide the pw to OP within private message.
If I never get my reward for cracking, I will post the answer here so that other can see  that I got it.
Since OP is a new account, I expect that I may not get the reward and thus I am making this record.



Thanks for your help, Really appreciate
hope you confirm that you get the reward here
regards
legendary
Activity: 1092
Merit: 1001
February 20, 2017, 05:00:09 PM
#11

Hello
Password successfully retrived and i give Agentforcoin his reward as agreed and he give me the password and it works fine
so WE ARE ALL  HAPPY!

Yes, I can confirm that Mody0101 paid the reward as agreed and everything went smoothly.
I will be leaving Mody0101 positive feedback for honoring his part of the deal.
I am glad I was able to help.
newbie
Activity: 8
Merit: 1
February 20, 2017, 04:54:44 PM
#10
Since OP is a new account, I expect that I may not get the reward and thus I am making this record.

Probably too late, but thats what escrow is for. Like:
https://bitcointalksearch.org/topic/list-bitcointalks-escrow-providers-ranking-blacklist-avoid-scam-276897

Hello
Password successfully retrived and i give Agentforcoin his reward as agreed and he give me the password and it works fine
so WE ARE ALL  HAPPY!
sr. member
Activity: 276
Merit: 254
February 20, 2017, 03:51:41 PM
#9
Since OP is a new account, I expect that I may not get the reward and thus I am making this record.

Probably too late, but thats what escrow is for. Like:
https://bitcointalksearch.org/topic/list-bitcointalks-escrow-providers-ranking-blacklist-avoid-scam-276897
Pages:
Jump to: