Can You recover my BIP38 Password? | Bitcointalksearch.org

keychainX

member

Activity: 378

Merit: 53

Telegram @keychainX

Quote from: bob123 on November 25, 2018, 07:32:13 AM

Quote from: keychainX on November 25, 2018, 05:54:25 AM

You are wrong, for BIP 38 it takes quite a bit more to check the missing characters than a few seconds. For checking two missing characters you would get 9025 alterations and with the numerous options you have with compressed/uncompressed address and segwit/legacy that number grows eight fold. I would say 6-8 hours.

You don't need to generate compressed/uncompressed public keys and segwit-/legacy- addresses for each iteration.
It is enough to only test the ones where the decrypted private key is a valid private key (checksum helps here).

This reduces the 9025 iterations (based on your post) to a fraction.

But.. even with 9025 iterations (if you'd have to generate compressed/uncompressed public keys and all 3 types of addresses) it would NEVER take 6-8 hours on a modern machine.
With a somewhat modern graphic card, this won't take much more than a minute.

Again, you seems not to know what you are talking about. If you study BIP 38 for a while you will know its not possible to hashcat or use john the ripper. You would also know that the bippy code out there has a bug so you would need to do both compressed/uncompressed addys in order to cover the
whole spectrum of space with possible addresses. Finally, if you know anything about passwords, you would know the iterations wont be less than 9025 out of two missing characters.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: keychainX on November 25, 2018, 05:54:25 AM

You are wrong, for BIP 38 it takes quite a bit more to check the missing characters than a few seconds. For checking two missing characters you would get 9025 alterations and with the numerous options you have with compressed/uncompressed address and segwit/legacy that number grows eight fold. I would say 6-8 hours.

You don't need to generate compressed/uncompressed public keys and segwit-/legacy- addresses for each iteration.
It is enough to only test the ones where the decrypted private key is a valid private key (checksum helps here).

This reduces the 9025 iterations (based on your post) to a fraction.

But.. even with 9025 iterations (if you'd have to generate compressed/uncompressed public keys and all 3 types of addresses) it would NEVER take 6-8 hours on a modern machine.
With a somewhat modern graphic card, this won't take much more than a minute.

keychainX

member

Activity: 378

Merit: 53

Telegram @keychainX

Quote from: bob123 on October 26, 2018, 10:20:39 AM

Quote from: jegalindogt on October 25, 2018, 09:07:31 PM

I rescue a hard drive where I had stored the password of my private key.
The problem is that I have 80% of the password, I can not remember the last 2 characters
And even worse the password had 2 spaces, I can not remember if these spaces were part of the password or not.

How much of the password do you actually know is correct ?

Are only the last 2 characters missing or are the spaces wrong / in wrong places ?

With only the last 2 chars missing it wouldn't take more than a few seconds to bruteforce your private key.
With also the spaces being in wrong places, it gets harder.. But still doable (if the rest of the password is correct).
With the 2 last chars missing, the spaces being in the wrong position AND the current spaces being 2 other chars, your chances get very slim.

I'd suggest you look at btcrecover (https://github.com/gurnec/btcrecover). It lets you create your own 'token' file. This corresponds to the 'way to iterate trough your password'.

You are wrong, for BIP 38 it takes quite a bit more to check the missing characters than a few seconds. For checking two missing characters you would get 9025 alterations and with the numerous options you have with compressed/uncompressed address and segwit/legacy that number grows eight fold. I would say 6-8 hours. (if its just two characters). Unfortunately there are different buggy versions of BIP38 decoders/encoders like bippy which treats the address as compressed even if its uncompressed, so the decoding process is quite unreliable where the software tells you the password is wrong even if its correct. There are even deviations where the browser itself treats the encoding wrong, which once you try to retrieve your encrypted key you will get a completely wrong decode.

/KX

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: jegalindogt on October 25, 2018, 09:07:31 PM

I rescue a hard drive where I had stored the password of my private key.
The problem is that I have 80% of the password, I can not remember the last 2 characters
And even worse the password had 2 spaces, I can not remember if these spaces were part of the password or not.

How much of the password do you actually know is correct ?

Are only the last 2 characters missing or are the spaces wrong / in wrong places ?

With only the last 2 chars missing it wouldn't take more than a few seconds to bruteforce your private key.
With also the spaces being in wrong places, it gets harder.. But still doable (if the rest of the password is correct).
With the 2 last chars missing, the spaces being in the wrong position AND the current spaces being 2 other chars, your chances get very slim.

I'd suggest you look at btcrecover (https://github.com/gurnec/btcrecover). It lets you create your own 'token' file. This corresponds to the 'way to iterate trough your password'.

jegalindogt

newbie

Activity: 33

Merit: 0

Hi AgentofCoin, i saw a post in February 20, 2017. You helped mody0101 to Crack a Passphrase. I have a similar issue.

Nice to meet you my name is Jorge.
I have a encrypted private key but i lose the password

I have the Encrypted Private Key.
The Wallet is this:
WALLET: 37zyMum5mY4dj5ySpUX3gizR1bUyc55ywP

Do you believe that that there is something to do?

I rescue a hard drive where I had stored the password of my private key.
The problem is that I have 80% of the password, I can not remember the last 2 characters
And even worse the password had 2 spaces, I can not remember if these spaces were part of the password or not.

PASSWORD TENTATIVELY: YMLHhH58J @ FXX

Do you think you could help me in this case?

Regards!

HCP

legendary

Activity: 2086

Merit: 4318

I assume you mean an encrypted private key... one that starts with "6P"??

If so, your chances of recovering without a really good idea of what the password was will be near impossible Undecided

d3xSt4Rr

newbie

Activity: 27

Merit: 0

Hey guys, I have a wallet address & private key but not the password, could you please help me?

Welsh

staff

Activity: 3290

Merit: 4114

Quote from: m0r3Fr33U$ on December 03, 2017, 06:13:47 PM

What kinds of hints are most useful? Ie...

I'm highly confident that I used...

at least 1 whole English word at least 6 chars long - possibly by itself,

but also possibly combined with:
1 instance of a known 3 digit numerical string;
1 instance of a known 4 digit numerical string; or
2 matching instances of an unknown 2-digit numerical string.

I may also have included up to 2 instances of a single non-alphanumeric symbol either at the end of the password or at the beginning and end of the password. Not anywhere in between.

Like Mody0101, anyone can contact me for more specifics.

However, I think that my problem comes from mis-spelling that whole word (I wish BitAddress.org used matching password form validation). So... I think that using a dictionary file of parts of words or misspelled words will be useful.

I have only done miniscule amounts of programming in my lifetime. But I think an algorithm for this might go...

list all possible seed words used to generate the encrypted private key (the hard part)
filter for matches containing parts of words or misspelled words
filter for matches containing any of the known 3 or 4 digit strings possibly used
filter for matches of words I might have used
done?

Look at what bob123 said, that applies to you too. Also, I noticed that you like to use 'leet' speak by putting a "3" instead of a "e" is it possible that this could be the password too? These are the things that you need to be thinking about and include all the information you can on the password if this information compromises any other passwords that you use then you need to change them before releasing this information.

At the moment we don't need to think about the algorithm used, we just need information on the password otherwise no algorithm is going to work. Provide all the information you can and send it to Dave's recovery services.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: bitcoinage1999 on February 21, 2018, 12:12:44 AM

Hi. I am in a similar situation as Moldy. i have btc in a bip38 paper wallet and i have an idea of the passphrase but can't seem to crack it. i would make it worth anybody's time for sure as there are more than 3 btc to be released. thanks

You can either try it by yourself or make your information available on public to get anyones hands on it.

You should make an encrypted private key (with only a fraction of your whole balance / or 0 balance at all) public, since you don't want
to get your funds stolen after someone decrypted your private keys.

You need to remember (at least) a few properties of your password.
For example:

Lenght? Min. max?
Which chars did you use? / Which chars didn't you use for sure?
Any patterns you repeatedly use? e.g. '123' at the end?
Variations of anything you use?
Upper/lowercase ? Mixed?
Can you exclude characters at certain positions for sure?

The more you remember and the shorter your password is, the higher are your chances to retreive it.

bitcoinage1999

newbie

Activity: 6

Merit: 0

Hi. I am in a similar situation as Moldy. i have btc in a bip38 paper wallet and i have an idea of the passphrase but can't seem to crack it. i would make it worth anybody's time for sure as there are more than 3 btc to be released. thanks

adaseb

legendary

Activity: 3808

Merit: 1723

Up to 300% + 200 FS deposit bonuses

From my understanding the BIP38 encrypted password is not easily brute-forcable.

The best GPUs can only do like 1kh/s. While a regular brute force password for Bitcoin Core can do like 100mh/s.

SO if its a long password, its impossible to brute force it.

m0r3Fr33U$

newbie

Activity: 2

Merit: 0

Quote from: LoyceV on December 03, 2017, 09:49:44 AM

Quote from: m0r3Fr33U$ on December 03, 2017, 07:26:03 AM

But I don't think I can provide password suggestions.

Have a look at I'm BIP38 curious, please help me out!: 1 BTC reward was not enough to brute-force a BIP38 password with 6 random characters.

Without password hints, it's impossible to crack a BIP38 password if it's more than 5 characters long.

What kinds of hints are most useful? Ie...

I'm highly confident that I used...

at least 1 whole English word at least 6 chars long - possibly by itself,

but also possibly combined with:
1 instance of a known 3 digit numerical string;
1 instance of a known 4 digit numerical string; or
2 matching instances of an unknown 2-digit numerical string.

I may also have included up to 2 instances of a single non-alphanumeric symbol either at the end of the password or at the beginning and end of the password. Not anywhere in between.

Like Mody0101, anyone can contact me for more specifics.

However, I think that my problem comes from mis-spelling that whole word (I wish BitAddress.org used matching password form validation). So... I think that using a dictionary file of parts of words or misspelled words will be useful.

I have only done miniscule amounts of programming in my lifetime. But I think an algorithm for this might go...

list all possible seed words used to generate the encrypted private key (the hard part)
filter for matches containing parts of words or misspelled words
filter for matches containing any of the known 3 or 4 digit strings possibly used
filter for matches of words I might have used
done?

SopaXT

full member

Activity: 158

Merit: 113

Quote from: m0r3Fr33U$ on December 03, 2017, 07:26:03 AM

How necessary was/is it to have password suggestions in order to crack this?

I have a similar situation. That is.. I need to crack my private key's BIP38 password. I have a BitAddress.org BIP38 public/private key pair for an empty address that used the same password as another address I own.

But I don't think I can provide password suggestions.

How possible is this without password suggestions?

If you think it is possible, I offer a bounty of $1,000.00 (that's USD) in BTC. At the time of this post it is BTC0.089800.

Both addresses are offline on paper wallets.

My target address is at: https://blockchain.info/address/1EMRVjqpUAWJQksKomHjSKYzQed4veH3de

My empty address key pair:
Public key:1MHsUMfNRSUhpeLAx7vzwNu4qjYfjWesd7
Private key:6PnV8excEtv5g6D6p5dwNmfKT2Wi5fxtPUYSzJoKgDVeKHp3piPgazLd68

Also, if you have any suggestions for password recovery services, please share!

Good luck!

What could the password be?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: m0r3Fr33U$ on December 03, 2017, 07:26:03 AM

But I don't think I can provide password suggestions.

Have a look at I'm BIP38 curious, please help me out!: 1 BTC reward was not enough to brute-force a BIP38 password with 6 random characters.

Without password hints, it's impossible to crack a BIP38 password if it's more than 5 characters long.

m0r3Fr33U$

newbie

Activity: 2

Merit: 0

How necessary was/is it to have password suggestions in order to crack this?

I have a similar situation. That is.. I need to crack my private key's BIP38 password. I have a BitAddress.org BIP38 public/private key pair for an empty address that used the same password as another address I own.

But I don't think I can provide password suggestions.

How possible is this without password suggestions?

If you think it is possible, I offer a bounty of $1,000.00 (that's USD) in BTC. At the time of this post it is BTC0.089800.

Both addresses are offline on paper wallets.

My target address is at: https://blockchain.info/address/1EMRVjqpUAWJQksKomHjSKYzQed4veH3de

My empty address key pair:
Public key:1MHsUMfNRSUhpeLAx7vzwNu4qjYfjWesd7
Private key:6PnV8excEtv5g6D6p5dwNmfKT2Wi5fxtPUYSzJoKgDVeKHp3piPgazLd68

Also, if you have any suggestions for password recovery services, please share!

Good luck!

AgentofCoin

legendary

Activity: 1092

Merit: 1001

Quote from: mody0101 on February 20, 2017, 06:19:06 PM

Quote from: AgentofCoin on February 20, 2017, 04:03:47 PM

Quote from: mody0101 on February 19, 2017, 01:14:23 PM

Hello All
Can You recover my BIP38 Password?
i have 2.3 BTC in this offline wallet:
https://blockchain.info/address/1M3Wv7qNL7t3Yr7r5g8hyL8uMGVrM4XBSY
i created it using bitaddress.org and forget the password,
i want to crack the password and i have the private key and know password suggetions
For any one want to try to recover the password, i have other another wallet that is have no coins and have same password, so you can crack it and give me the password and i would pay you 20% of the BTC "0.45 BTC" if you can crack it
anyone can contact me and i would give him password suggestions
if you have any suggetions of password revovery services please let me know too.
here is all info
bitaddress.org
public key: 1MPDjg3DK1GDuoeLEJXDELGUGsrRFt1eYU
privare key: 6PnURfHuPd9asZ8GLtxstBhGSoYJzc7zAxPax2mamxZaTuivJTDv1NTydF
Good luck!
regards

I contacted the OP and he provided me the hints.
After some time I was able to find the pw for the BIP 38 encrypted privatekey.

I am posting this here as a record since most of my communication with the OP is within private messages.

I will now provide the pw to OP within private message.
If I never get my reward for cracking, I will post the answer here so that other can see that I got it.
Since OP is a new account, I expect that I may not get the reward and thus I am making this record.

Thanks for your help, Really appreciate
hope you confirm that you get the reward here
regards

Yes I confirm. Mody0101 is honorable and maintained his part of the agreement.

mody0101

newbie

Activity: 8

Merit: 1

Quote from: AgentofCoin on February 20, 2017, 04:03:47 PM

Quote from: mody0101 on February 19, 2017, 01:14:23 PM

Hello All
Can You recover my BIP38 Password?
i have 2.3 BTC in this offline wallet:
https://blockchain.info/address/1M3Wv7qNL7t3Yr7r5g8hyL8uMGVrM4XBSY
i created it using bitaddress.org and forget the password,
i want to crack the password and i have the private key and know password suggetions
For any one want to try to recover the password, i have other another wallet that is have no coins and have same password, so you can crack it and give me the password and i would pay you 20% of the BTC "0.45 BTC" if you can crack it
anyone can contact me and i would give him password suggestions
if you have any suggetions of password revovery services please let me know too.
here is all info
bitaddress.org
public key: 1MPDjg3DK1GDuoeLEJXDELGUGsrRFt1eYU
privare key: 6PnURfHuPd9asZ8GLtxstBhGSoYJzc7zAxPax2mamxZaTuivJTDv1NTydF
Good luck!
regards

I contacted the OP and he provided me the hints.
After some time I was able to find the pw for the BIP 38 encrypted privatekey.

I am posting this here as a record since most of my communication with the OP is within private messages.

I will now provide the pw to OP within private message.
If I never get my reward for cracking, I will post the answer here so that other can see that I got it.
Since OP is a new account, I expect that I may not get the reward and thus I am making this record.

Thanks for your help, Really appreciate
hope you confirm that you get the reward here
regards

AgentofCoin

legendary

Activity: 1092

Merit: 1001

Quote from: mody0101 on February 20, 2017, 05:54:44 PM

Hello
Password successfully retrived and i give Agentforcoin his reward as agreed and he give me the password and it works fine
so WE ARE ALL HAPPY!

Yes, I can confirm that Mody0101 paid the reward as agreed and everything went smoothly.
I will be leaving Mody0101 positive feedback for honoring his part of the deal.
I am glad I was able to help.

mody0101

newbie

Activity: 8

Merit: 1