Author

Topic: Electrum Wallet Seed Recovery (Read 2651 times)

brand new
Activity: 0
Merit: 0
December 23, 2017, 02:09:00 AM
#20
Hey, I have a topic that could use help from people that understand the process of decryption, like this thread.

Please help Smiley

https://bitcointalk.org/index.php?topic=2635840.new#new
HCP
legendary
Activity: 2086
Merit: 4361
November 17, 2017, 06:24:42 PM
#19
This post has seriously grabbed my attention. I very foolishly have managed to lose my password and seed (I know, I know) for my Electrum wallet.

After reading this:
"I see you've figured out how to decrypt the new seed from scene 2 using the console"

And seeing this:
>> import aes
>> from electrum import wallet
>>wallet.pw_decode('bBbGXH3ivbmwapRODeAn7wp7VviwDkpNOcaRdW9EDiA5xeYXj8CtrUidHvRbCubIJhMaPjlEOfO0kQM 13RB6Zw==','125')
u'431a62f1c86555d3c45e5c4d9e10c8c7'

Am I right in thinking it is somehow possible to decrypt the password? I do have the original wallet file in full.
No... what that function is doing, is decoding he encrypted seed from the wallet file... using the password!

I think you missed the bit where he said his password was '125'...
...
Now I need to figure out how to push this info in this function-
Wallet pass = 125
Seed = 431a62f1c86555d3c45e5c4d9e10c8c7


You have to give the function the password as the second argument... hence:
Interesting. Question: Do you use the phrase "hex" here to imply the base 58 encoded string? Hex traditionally meant base 16 eg 0-9 and a,b,c,d,e,f.

No... he meant "hex"... the "seed" which is essentially just a big number... was previously stored in the wallet file in hex... as per the OP:
Scenario 1:
I have an unencrypted wallet i.e. no password was set for the wallet.
I have the wallet file; when we I open the file as text I could see
Code:
....
        "seed": "431a62f1c86555d3c45e5c4d9e10c8c7",
....
legendary
Activity: 2912
Merit: 1386
November 17, 2017, 07:05:03 AM
#18
So apparently hex seed were a thing. Didn't know that.

You can actually recover your wallet just by entering the hex seed, you know. I just tried and it works.
If you want to get the non-hex seed just do it from the client.

Now how cool is that. This solves my problem in Scene 1 (Still curious whats the relation between the hex and the 12 word seed)

And for the Scene 2 now, What encryption is used to encrypt the hex in Scene 1...
Any devs here to help?

Interesting. Question: Do you use the phrase "hex" here to imply the base 58 encoded string? Hex traditionally meant base 16 eg 0-9 and a,b,c,d,e,f.

newbie
Activity: 5
Merit: 0
November 16, 2017, 07:15:24 AM
#17
This post has seriously grabbed my attention. I very foolishly have managed to lose my password and seed (I know, I know) for my Electrum wallet.

After reading this:
"I see you've figured out how to decrypt the new seed from scene 2 using the console"

And seeing this:
>> import aes
>> from electrum import wallet
>>wallet.pw_decode('bBbGXH3ivbmwapRODeAn7wp7VviwDkpNOcaRdW9EDiA5xeYXj8CtrUidHvRbCubIJhMaPjlEOfO0kQM 13RB6Zw==','125')
u'431a62f1c86555d3c45e5c4d9e10c8c7'

Am I right in thinking it is somehow possible to decrypt the password? I do have the original wallet file in full.
I did try the above example but received an error message:
"InvalidPassword: Incorrect password"

Any help here would be massively appreciated - certainly willing to reward if I find a way to decrypt the seed.
legendary
Activity: 3682
Merit: 1580
January 16, 2017, 06:51:12 AM
#16

That's actually a very nice outlook. People like you force us to look deeper and everyone learns something new from that. So yeah ask away Smiley

Well thanks a lot, I was about to close this thread and then boom! someone who understands me  Cheesy

Now that we know why we are talking, is it possible to calculate encrypted key on a calculator on some thing like this:
https://asecuritysite.com/encryption/PBKDF2z

PBKDF2 is not an encryption function. I explained that above but it's also explained on that page:

Quote
this is used to create an encryption key from a defined password, and where it is not possible to reverse the password from the hashed value.

A hash function is not an encryption function. Electrum uses AES to encrypt your seed:

https://github.com/spesmilo/electrum/blob/59ed5932a859fd807232960404764b8686355830/lib/bitcoin.py#L119
S_D
full member
Activity: 198
Merit: 112
January 16, 2017, 05:00:12 AM
#15

That's actually a very nice outlook. People like you force us to look deeper and everyone learns something new from that. So yeah ask away Smiley

Well thanks a lot, I was about to close this thread and then boom! someone who understands me  Cheesy

Now that we know why we are talking, is it possible to calculate encrypted key on a calculator on some thing like this:
https://asecuritysite.com/encryption/PBKDF2z
legendary
Activity: 3682
Merit: 1580
January 16, 2017, 03:14:26 AM
#14
I am trying to understand how Electrum works exactly here Roll Eyes.

That's actually a very nice outlook. People like you force us to look deeper and everyone learns something new from that. So yeah ask away Smiley
S_D
full member
Activity: 198
Merit: 112
January 16, 2017, 02:46:54 AM
#13
I am trying to understand how Electrum works exactly here Roll Eyes.

I hate the easy way, Dont wanna go through the GUI way that wont tell me anything about how Electrum works!

Thanks for the input though.
legendary
Activity: 3682
Merit: 1580
January 15, 2017, 04:24:42 AM
#12
And for the Scene 2 now, What encryption is used to encrypt the hex in Scene 1...
Any devs here to help?

I believe that it uses the password to encrypt using pbkdf2 in the following manner:
Code:
 def mnemonic_to_seed(self, mnemonic, passphrase):
        PBKDF2_ROUNDS = 2048
        mnemonic = normalize_text(mnemonic)
        passphrase = normalize_text(passphrase)
        return pbkdf2.PBKDF2(mnemonic, 'electrum' + passphrase, iterations = PBKDF2_ROUNDS, macmodule = hmac, digestmodule = hashlib.sha512).read(64)


Hashing functions are not encryption functions. That's converting the seed words to the master private key. There is no encryption involved there. This function is actually from bip39 although electrum uses a different seed mnemonic format. The passphrase in this instance is the "extend your seed with custom words" thing that electrum introduced recently. To see that option create a new wallet and during the seed display window phase click on options.
 
I see you've figured out how to decrypt the new seed from scene 2 using the console. But the OP could just have opened the wallet file using electrum and then viewed the seed via the GUI menu option wallet > seed. You can open a different wallet file using file > open or with the -w command line switch.

legendary
Activity: 1736
Merit: 1023
January 15, 2017, 12:20:20 AM
#11
I found out you can decode it via electrum's console fairly easily as shown:

Code:
>> import aes
>> from electrum import wallet
>> wallet.pw_decode('bBbGXH3ivbmwapRODeAn7wp7VviwDkpNOcaRdW9EDiA5xeYXj8CtrUidHvRbCubIJhMaPjlEOfO0kQM13RB6Zw==','125')
u'431a62f1c86555d3c45e5c4d9e10c8c7'

Let me know if this works for what you need.

For further fun, here is how you get the seed words:
Code:
>> import old_mnemonic
>> old_mnemonic.mn_encode('431a62f1c86555d3c45e5c4d9e10c8c7')
['constant', 'forest', 'adore', 'false', 'green', 'weave', 'stop', 'guy', 'fur', 'freeze', 'giggle', 'clock']

It's using the old_mnemonic as the seed is in the old format I believe.
legendary
Activity: 1736
Merit: 1023
January 15, 2017, 12:01:20 AM
#10
I believe that it uses the password to encrypt using pbkdf2 in the following manner:
Code:
  def mnemonic_to_seed(self, mnemonic, passphrase):
        PBKDF2_ROUNDS = 2048
        mnemonic = normalize_text(mnemonic)
        passphrase = normalize_text(passphrase)
        return pbkdf2.PBKDF2(mnemonic, 'electrum' + passphrase, iterations = PBKDF2_ROUNDS, macmodule = hmac, digestmodule = hashlib.sha512).read(64)

Hey thanks,
Now I need to figure out how to push this info in this function-

Wallet pass = 125
Seed = 431a62f1c86555d3c45e5c4d9e10c8c7

Do you need to do this outside of Electrum? Why not just restore the seed into a new wallet then go to Wallet->Seed and it will reveal the seed words.
S_D
full member
Activity: 198
Merit: 112
January 14, 2017, 11:43:48 PM
#9
I believe that it uses the password to encrypt using pbkdf2 in the following manner:
Code:
  def mnemonic_to_seed(self, mnemonic, passphrase):
        PBKDF2_ROUNDS = 2048
        mnemonic = normalize_text(mnemonic)
        passphrase = normalize_text(passphrase)
        return pbkdf2.PBKDF2(mnemonic, 'electrum' + passphrase, iterations = PBKDF2_ROUNDS, macmodule = hmac, digestmodule = hashlib.sha512).read(64)

Hey thanks,
Now I need to figure out how to push this info in this function-

Wallet pass = 125
Seed = 431a62f1c86555d3c45e5c4d9e10c8c7
legendary
Activity: 1736
Merit: 1023
January 14, 2017, 06:01:17 PM
#8
And for the Scene 2 now, What encryption is used to encrypt the hex in Scene 1...
Any devs here to help?

I believe that it uses the password to encrypt using pbkdf2 in the following manner:
Code:
  def mnemonic_to_seed(self, mnemonic, passphrase):
        PBKDF2_ROUNDS = 2048
        mnemonic = normalize_text(mnemonic)
        passphrase = normalize_text(passphrase)
        return pbkdf2.PBKDF2(mnemonic, 'electrum' + passphrase, iterations = PBKDF2_ROUNDS, macmodule = hmac, digestmodule = hashlib.sha512).read(64)
S_D
full member
Activity: 198
Merit: 112
January 14, 2017, 05:00:04 PM
#7
So apparently hex seed were a thing. Didn't know that.

You can actually recover your wallet just by entering the hex seed, you know. I just tried and it works.
If you want to get the non-hex seed just do it from the client.

Now how cool is that. This solves my problem in Scene 1 (Still curious whats the relation between the hex and the 12 word seed)

And for the Scene 2 now, What encryption is used to encrypt the hex in Scene 1...
Any devs here to help?
hero member
Activity: 574
Merit: 503
V2h5IGFyZSB5b3UgcmVhZGluZyB0aGlzPw==
January 14, 2017, 03:49:27 PM
#6
So apparently hex seed were a thing. Didn't know that.

You can actually recover your wallet just by entering the hex seed, you know. I just tried and it works.
If you want to get the non-hex seed just do it from the client.
S_D
full member
Activity: 198
Merit: 112
January 14, 2017, 02:35:16 PM
#5
Yes, it should be possible to convert this to the seed words. Electrum has the ability to show you the seed words ( Click Wallet->Seed ).
...
It looks like there are functions to convert the hex seed back into words and vice versa.

Well lets assume I got only the wallet file.

I am not a python wizard, may be an electrum or python dev could enlighten us.
legendary
Activity: 1736
Merit: 1023
January 14, 2017, 01:36:34 PM
#4
Yes, it should be possible to convert this to the seed words. Electrum has the ability to show you the seed words ( Click Wallet->Seed ).

These snippets of Electrum's code look to be relevant:
Code:
import old_mnemonic
# see if seed was entered as hex
seed = seed.strip()
if seed:
    try:
        seed.decode('hex')
        return str(seed)
    except Exception:
        pass
words = seed.split()
seed = old_mnemonic.mn_decode(words)
if not seed:
    raise Exception("Invalid seed")
return seed

Code:
def mnemonic_decode(self, seed):
    n = len(self.wordlist)
    words = seed.split()
    i = 0
    while words:
        w = words.pop()
        k = self.wordlist.index(w)
        i = i*n + k
    return i

It looks like there are functions to convert the hex seed back into words and vice versa.
S_D
full member
Activity: 198
Merit: 112
January 14, 2017, 01:10:52 PM
#3
The seed field should show the actual unencrypted seed unless you have set a password. What type of wallet are you using? Do you have any problem sending bitcoins?
I am using Electrum Installer Version 2.7.17
I am able to send and receive bitcoins.
hero member
Activity: 574
Merit: 503
V2h5IGFyZSB5b3UgcmVhZGluZyB0aGlzPw==
January 14, 2017, 10:45:43 AM
#2
The seed field should show the actual unencrypted seed unless you have set a password. What type of wallet are you using? Do you have any problem sending bitcoins?
S_D
full member
Activity: 198
Merit: 112
January 14, 2017, 08:43:44 AM
#1
Hey everyone,

I am not in trouble here, this topic is created just for info.

Is it possible to recover wallet seed from 'wallet' file in following scenes:

Assuming I dint have the seed in both cases.

Scenario 1:
I have an unencrypted wallet i.e. no password was set for the wallet.
I have the wallet file; when we I open the file as text I could see
Code:
....
        "seed": "431a62f1c86555d3c45e5c4d9e10c8c7",
....
In this case I don't see the actual seed, so I guess this is in encrypted form. Is it possible to decrypt this to get the correct 12 word seed?


Scenario 2:
I have an encrypted wallet i.e. a password was set for the wallet.
I have the wallet file; when we I open the file as text I could see
Code:
....
        "seed": "bBbGXH3ivbmwapRODeAn7wp7VviwDkpNOcaRdW9EDiA5xeYXj8CtrUidHvRbCubIJhMaPjlEOfO0kQM13RB6Zw==",
....
In this case believe the above string was further encrypted. Is it possible to decrypt this to get the correct 12 word seed?


Progress

Scene 1 - Solved : the hex code mentioned in the file as "seed" can be used as seed while recreating the wallet.

Scene 2 - In Progress :

Function used :
Code:
def mnemonic_to_seed(self, mnemonic, passphrase):
        PBKDF2_ROUNDS = 2048
        mnemonic = normalize_text(mnemonic)
        passphrase = normalize_text(passphrase)
        return pbkdf2.PBKDF2(mnemonic, 'electrum' + passphrase, iterations = PBKDF2_ROUNDS, macmodule = hmac, digestmodule = hashlib.sha512).read(64)

Encryption = PBKDF2 (maybe hard-coded to sha256)
Iterations = 2048
pass = mnemonic = seed (So I assume seed in hex mentioned above can be used)
salt = 'electrum' + passphrase (Not sure what this means yet)
Jump to: