Topic: Create a seed from a selection of words (Read 1186 times)

Now this info helps a lot.
In Windows, you have two ways to use the command:

• 1. If pylauncher is selected when you installed Python, you can directly use "python" command in your Command Prompt or PowerShell
• 2. You can also go to python's install location where python.exe is located, use that as your working directory and launch that executable to use the command.

Any specific error when trying o_e_l_e_o's command?

I've added a heads-up because of my own tests in Windows, btcrecover and certain versions of python that couldn't compile a mandatory requirement for using seedrecover on ETH seed phrase.
Depending on your set-up and installed requirements, you may encounter that error.

First, can you test if python is installed correctly in your system?
Since it's on Windows, try to enter this command in your command prompt and see it it'll return with the installed version:
In the latest version, it should be like this (but has compatibility issue with seedrecover):

If nothing works, you need to do option2 which requires absolute paths.

Thanks brother I finally understood this. I will put the seed.txt in btcrecover folder.

Note: Win 11, I meant the desktop where all icons are like MyPc, ControlPanel, RecycleBin.

Well, it depends on if you are talking about the desktop of your computer or the desktop of your virtual machine, what OS you are running, what your account name is, and so on. Try finding the file in a file explorer and your OS might tell you path somewhere near the top of that window.

The easiest thing to do will be to put the file in the same directory as you extracted btcrecover to, then your path will simply be ./FILENAME.txt

I think I correctly installed the required software but my problem was with the command as I didn't had enough knowledge in command line. Also I didn't knew what derivation path was or how the path works (suppose the seed.txt file is in desktop then what will be the path? [ ./PATH/TO/YOUR/FILE.txt ] < Confused with this  )

Edit: All I know I Have the 12 seed words, but they were totally out of order, no seed word is missing and the wallet was ERC-20.

If you came across some issue with specific requirements for ETH, try python 3.10.
Then install the dependencies via requirements-full.txt file again.

Also, the other possible derivation paths are listed inside btcrecover directory: ./derivationpath-lists/ETH.txt
If you exclude the --bip32-path arg, seedrecover.py will prompt you to select the correct derivation path and if you choose Ethereum, it'll automatically use the uncommented paths in that file.

Ahh, I misunderstood your previous post. I thought you were saying the first unhardened 0 referred to your first receiving address, rather than referring to the category of external/receiving addresses.

I also do not use ETH, but you are right in saying it does not use change addresses, so I also wouldn't expect to see 1 at the change level unless someone did that manually or the wallet software was bugged or flawed.

Maybe I was not accurate enough:
I'm aware that ETH wallets use derivation paths up to address index level, should be standard, including the receive_or_external/internal derivation level, ie. m/44'/60'/0'/0/0 (as you point out) for ETH, first account, receive or external address type, first (receive or external) address.

Short legend: m/{purpose}'/{coin type}'/{account index}'/{external | internal}/{address index}

I'm not so fluent with ETH, but it would surprise me to see an address derivation like m/44'/60'/0'/1/n (n being some address index between 0...2³¹-1 (unhardened)) as to my limited knowledge about ETH I see no reason that an ETH wallet needs "internal" addresses like BTC wallets use them for the change coin return which is required due to the UTXO transaction model of BTC.


It's good to point this out for the less experienced users! As I have already worked with btcrecover, I know that.

That's not right. Ethereum does indeed use the change level of the derivation path, and for most wallets, the first Ethereum address will be at m/44'/60'/0'/0/0. The reason we don't specify the full derivation path here is because btcrecover will start deriving addresses on top of whatever we specify.

So if we specify m/60'/44'/0'/0, and give it an address limit of 1 as I did, then it will check the address at m/44'/60'/0'/0/0.
If we specify m/60'/44'/0'/0 and give it an address limit of 10, then it would check between m/44'/60'/0'/0/0 and m/44'/60'/0'/0/9.

My seed.txt file is in desktop, then what will be the path?
I know I am really stupid to ask this.

Edit: I think I almost got it, I'll try to run the program now. Thank you for your valuable time.

Regarding the topic "derivation path" to get a better understanding, I recommend to take a look here: https://learnmeabitcoin.com/technical/derivation-paths (of course you can have a look into BIP-32 but that is a quite technical read)

o_e_l_e_o's instructions are quite spot on but it will only work if the derivation path for ethereum is standard like what he put on the command line for it: m/44'/60'/0'/0 (the single tick marks ' are there for a purpose, don't mess this up).
Coin type 60' indicates ETH, the following 0' indicates first/standard account, the next 0 indicates receiving addresses (ETH normally doesn't use internal change addresses as it's not UTXO based like BTC)

Well, let's assume it was generated using the standard Ethereum derivation path.

First of all create a plain text .txt file with one of each of the twelve words per line. So, like this:


Save the file somewhere easy to find.

You'll then want to run the following command:


You'll need to insert your address and the path to the file you just created above in the relevant places.

The seeds were part of a puzzle competition. I cracked it but I don't know how or what wallet was used. And I don't know the derivation path of this address because I am unfamiliar with this term "Derivation Path" .

I need some more information first. Please can you answer each of the following questions:

Is the address you have a bitcoin address?
Is it legacy (1), nested segwit (3), or native segwit (bc1)?
Which wallet was used to generate the seed phrase? (Alternatively, is the seed phrase BIP39 or Electrum?)
Do you know if you have used non-standard derivation paths or more than one account? (If you don't know what this means, then the answer is probably no.)

Edit:

I see you've edited to say the address you have is an ERC20 address. So again, which wallet was used to create this address? Do you know the derivation path of this address?

Hello sir.

I know all 12 seed words but i don't know their order.
And I also have the address(ERC20). I tried the software you mentioned. But I have less knowledge in command line interface and etc. And his youtube guides are bit hard to understand for me as I am a newbie. So would you be kind enough to enlighten me. I have successfully installed the required software in a virtual machine.

Now suppose my 12 seed are: one two three four five six seven eight nine ten eleven twelve

Now what command do I have to input. Thanks in advance.

It won't happen during the lifetime of our solar system or even beyond (estimated), unless the RNG is severly flawed. Not for a 128-bit secret, beyond comprehension less for a 256-bit secret. The probability is in theory not equal to zero, but I'd say in practice it is basically zero.

Unless you do something stupid (and there's a lot of that possible) there's no need to move funds on some regular schedule into new wallets. You ruin any pseudonymity of your UTXOs with such moves. Unnecessary dangers. You would burden yourself with a lot of unnecessary safekeeping (remember, you shouldn't completely delete old wallets as you might receive funds on old addresses by accident or from someone who got some old addresses in the past). Then always have to renew your redundant storage for every new wallet iteration? No, thanks.

Simply use decent hardware wallets or a hot watch-only wallet with a proper cold wallet for the precious private keys.

When a wallet is created, first there's a as random as possible secret, most commonly 128 bit long (represented by 12 recovery words) or 256 bit long integer (represented by 24 recovery words). The software doesn't pick somehow first the recovery words. The software (be it a software or hardware wallet) first generates a long random integer which is encoded in human readable and easy storable recovery words. Not the other way round.

Yes, that's what I meant in the first place, it's meaningless to be afraid of 12 or 24 word seed. But as I see, out of no reason, people are afraid that since the 2048 word list is publicly available, their wallets may be bruteforced. I know, there is just no way for that to happen but as you see, people even think about their own word list for 'safety' over publicly available one. So, these people aren't going to stop. In this case, I think it's better if meaninglessly super paranoid people create a new wallet from time to time and transfer coins compared to the idea of using your own word list or manually creating a seed phrase.


What does it mean if someone get the same phrase like you? There is no way that someone will generate the same seed phrases in the same order as I generated becuase there are 2048 words in the list and there is simply no way for that accident to happen.

i also think you can do a new wallet from time to time but it also can be unsafe if you think there is a possibility, someone get the same phrase like you. there is a bigger possibility to get hacked if you use a hotwallet or a web3 wallet and infect it with ransomware. use a 24seed and make it as cold wallet. if you want to use the bitcoin for other stuff like collecting it, you can make a second wallet and use it as hot wallet.

Yes, it is possible to generate truly random numbers. Whether or not your seed phrase was generated using a truly random number or a pseudorandom number depends on the method in which you generated it.

https://en.wikipedia.org/wiki/Hardware_random_number_generator

You should certainly transfer everything to a new wallet if you have any concerns about your seed phrase being leaked or the security of your back ups, but such a transfer is meaningless when it comes to brute forcing, which does not need to be protected against in the first place.

I think one can feel secure till death or even after.

This is so right! And I don't really understand why do some people think that because 2048 word list is public, it will be dangerous and unsafe, I just can't figure it out because they can mathematically prove that the probability of someone bruteforcing their wallet with positive result is so low that we can confidently say that it will never happen. At least one can create a new wallet and transfer coins every year but logically and mathematically, absolutely everyone is safe.

I really pray that one day people will never look for alternative methods of generating bitcoin seeds.

Is proper randomization possible by proper randomization I mean true random phrase generation, I am asking this because, in most encryptions, we use pseudo randomization which is like randomization but cant generate real random phrases.