Encrypted wallet.dat, lost password, any solutions? - page 26.

knybe

hero member

Activity: 658

Merit: 500

decentralize EVERYTHING...

Quote from: riX on April 04, 2013, 02:45:52 AM

Ok, since I now get more than 1 request for cracking wallets every day, I'd like to put it a little note here:

If you contact me having forgotten your password, which is "somewhere between 1-32 characters, mixed case including numbers and special characters", please, there is no chance, and you probably stole the wallet anyway, or you would have known more.

To get an idea of the chance of success, try to make a rough estimate of the number of possible combinations your info about the password will result in. If this is more than one million, I will not waste my time.
As an example, the maximum complexity is like 6 unknown digits, or 4-5 unknown letters.
Conclusion: raw bruteforce is not feasible, what needs to be done is educated guesses, so unless you have a very good idea of what the password might be, and probably just typed it in wrongly twice when setting it, there is a high risk of never getting that wallet open.

Some types of requests I have been able to find passwords for:
"The password might be any of these 6 different 20+ character passwords i regularly use, possibly with a combination of two random double letters at the end, like passwordxxyy".
"I'm sure I typed in this 50 character password, but it just isn't working".
"My passwords always starts with the date I created the account, in format mm.dd.yyyy, and then a clockwise or anti-clockwise circle of keys on the keyboard around some key, and then that key 10 times at the end, like 11.12.2012dertgbvcffffffffff. I know it was created sometime in November or December."

That should give you an idea of what is possible.

The wallet is mine.
I do somewhat remember the combinations of words that I used to make up the passphrase, but then I mixed and replaced characters with numbers, etc. The thing is, I know I wrote it down somewhere but mindlessly misplaced it over the last year or so when I put bitcoin on the back burner (I know, I know; "O ye of little faith"). It's gotta be in my house somewhere... it's so frustrating to look and look and look and not find... hopefully it didn't get thrown away.

knybe

hero member

Activity: 658

Merit: 500

decentralize EVERYTHING...

Quote from: the founder on April 04, 2013, 11:55:55 AM

Quote from: riX on April 04, 2013, 02:45:52 AM

Ok, since I now get more than 1 request for cracking wallets every day

Clearly there is a market for it.

Assume there is 1 BTC in that encrypted wallet.

sell it for .01 BTC each (people don't have an incentive to share it because it widens the pool).

Limit it to 100 sales (if there was a 1 coin in it), you got your coin back, and everyone pretty much just bought a lottery ticket for .01 BTC for a crack at opening 1 BTC in there.

That's how I would solve the problem, everyone get's a chance at making 100 times their .01 back, you got your 1 BTC back.

I take tips if you like the idea. : 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f

In a few weeks one of the guys will contact you and say he opened it or something... all good. It may not solve you cracking the wallet yourself, BUT it would get your money back, and someone else will get a chance at making 100 times his money.

Honestly there might a market for this, ASIC miners have more horsepower than most of us, they might buy encrypted wallets like this all the time... might be more profitable for them than mining itself.

unfortunately I have a bit more than 1 BTC in it...

the founder

sr. member

Activity: 448

Merit: 251

Bitcoin

Quote from: riX on April 04, 2013, 02:45:52 AM

Ok, since I now get more than 1 request for cracking wallets every day

Clearly there is a market for it.

Assume there is 1 BTC in that encrypted wallet.

sell it for .01 BTC each (people don't have an incentive to share it because it widens the pool).

Limit it to 100 sales (if there was a 1 coin in it), you got your coin back, and everyone pretty much just bought a lottery ticket for .01 BTC for a crack at opening 1 BTC in there.

That's how I would solve the problem, everyone get's a chance at making 100 times their .01 back, you got your 1 BTC back.

I take tips if you like the idea. : 1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f

In a few weeks one of the guys will contact you and say he opened it or something... all good. It may not solve you cracking the wallet yourself, BUT it would get your money back, and someone else will get a chance at making 100 times his money.

Honestly there might a market for this, ASIC miners have more horsepower than most of us, they might buy encrypted wallets like this all the time... might be more profitable for them than mining itself.

riX

sr. member

Activity: 326

Merit: 254

Ok, since I now get more than 1 request for cracking wallets every day, I'd like to put it a little note here:

If you contact me having forgotten your password, which is "somewhere between 1-32 characters, mixed case including numbers and special characters", please, there is no chance, and you probably stole the wallet anyway, or you would have known more.

To get an idea of the chance of success, try to make a rough estimate of the number of possible combinations your info about the password will result in. If this is more than one million, I will not waste my time.
As an example, the maximum complexity is like 6 unknown digits, or 4-5 unknown letters.
Conclusion: raw bruteforce is not feasible, what needs to be done is educated guesses, so unless you have a very good idea of what the password might be, and probably just typed it in wrongly twice when setting it, there is a high risk of never getting that wallet open.

Some types of requests I have been able to find passwords for:
"The password might be any of these 6 different 20+ character passwords i regularly use, possibly with a combination of two random double letters at the end, like passwordxxyy".
"I'm sure I typed in this 50 character password, but it just isn't working".
"My passwords always starts with the date I created the account, in format mm.dd.yyyy, and then a clockwise or anti-clockwise circle of keys on the keyboard around some key, and then that key 10 times at the end, like 11.12.2012dertgbvcffffffffff. I know it was created sometime in November or December."

That should give you an idea of what is possible.

knybe

hero member

Activity: 658

Merit: 500

decentralize EVERYTHING...

finally can post in here...

Anyway, All the hooplah started up again in Feb 2013 so, excitedly I sits down to open up my wallet and see what I got and send them few bitcoins out to market BUT low and behold; I cannot remember my effing passphrase... for the life of me. been trying for weeks. Even been running Revalin's brute.rb script to no avail.

been trying to reenact the whole scene the day I made the pphrase; visualization, meditation, qi-gong, etc. nothing has come... yet

any ideas appreciated.

possible compensation for a solution.

Revalin

hero member

Activity: 728

Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

Quote from: cycloid on April 02, 2013, 05:32:48 PM

Hey guys this is amazing any chance i can get help with my 10k ltc wallet? I forgot i had it on my laptop and remember the password as its simmilar and i just change either number at the end or used "ks" instead of "x" or "o" instead of "a" . In this case its over 33characters long and i been at it for a week with a notepad file where i record all combinations i tried and nothing so far :/

I know this is off topic but this is the best answer to similar problem i seen so far.

I will give a donation to anyone who can help i know this is just a mispelling because I remember writing it out in a notepad, then copy pasting it twice in ltc wallet and BAM since i cant get it to work ....( yes i know this is extremly stupid Cry

to do and yet for some dumb reason i did it to save time )

thanks in advance and sorry to post here regarding ltc wallet agian.

Hey, I'm cool with LTC. Let's see what we can do:

Code:

#!/usr/bin/ruby

passphrase = 'I fargat my paxxward'
max_digits = 5

def test(phrase)
  print phrase, "\t"
  system("./litecoind", "walletpassphrase", phrase, "20")
  case $?.exitstatus
  when 0
    puts "Found it! #{phrase}"
    exit 0
  when 127
    puts "bitcoind not found in current dir"
    exit 1
  when nil
    puts "Aborting"
    exit 1
  end
end

indexes = (0..passphrase.length-1).select{|i| passphrase[i].match /a|x/}
phrases = (0..2**indexes.length-1).map do |mask|
  new_phrase = passphrase.chars.to_a
  (0..(indexes.length-1)).select{|i| (mask>>i).odd?}.map do |index|
    target = new_phrase[indexes[index]]
    target.sub!("a", "o")
    target.sub!("x", "ks")
    target
  end
  new_phrase.join
end

(0..max_digits).each do |digits|
  (0..10**digits-1).each do |i|
    phrases.each do |phrase|
      test("%s%0#{digits}d" % [phrase,i])
    end
  end
end

The instructions are the same as for bitcoind: Set your RPC passphrase, start the litecoind daemon, then start the script running. You should see the passphrases being tested followed by "Error: The wallet passphrase entered was incorrect." I haven't actually tried it on litecoind so let me know if it doesn't work.

When you enter your passphrase at the top, use all "a" and "x", don't use "o" or "ks". Set the max_digits to the maximum number of digits to try on the end.

It will take about a week as shown: 6 "a"s and "x"es to try and max_digits = 5. Every extra a or x doubles the time. Every extra digit is about 10x the time.

Good luck!

Revalin

hero member

Activity: 728

Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

Quote from: legitnick on April 01, 2013, 05:30:58 AM

What if you know the start of the password and some of the letters in the end?

Roughly how many characters are in the middle? Would it be all numbers, all lowercase, etc? Anything you know will help.

cycloid

sr. member

Activity: 434

Merit: 250

Hey guys this is amazing any chance i can get help with my 10k ltc wallet? I forgot i had it on my laptop and remember the password as its simmilar and i just change either number at the end or used "ks" instead of "x" or "o" instead of "a" . In this case its over 33characters long and i been at it for a week with a notepad file where i record all combinations i tried and nothing so far :/

I know this is off topic but this is the best answer to similar problem i seen so far.

I will give a donation to anyone who can help i know this is just a mispelling because I remember writing it out in a notepad, then copy pasting it twice in ltc wallet and BAM since i cant get it to work ....( yes i know this is extremly stupid Cry

to do and yet for some dumb reason i did it to save time )

thanks in advance and sorry to post here regarding ltc wallet agian.

legitnick

hero member

Activity: 532

Merit: 500

What if you know the start of the password and some of the letters in the end?

Hfleer

sr. member

Activity: 448

Merit: 250

Changing avatars is currently not possible.

Quote from: Revalin on March 30, 2013, 01:08:06 AM

Quote from: Hfleer on March 29, 2013, 04:24:24 PM

What if i know most of the characters, which are either in the very beginning or in the middle, but missing 3-5 characters(certain letters, numbers, and symbols), that are mostly at the end but might have one or two at beginning?

Then you need something like this:

Code:

#!/usr/bin/ruby

middle = "password"           # The known part in the middle
min_left = 0                  # The minimum number of chars on the left
max_left = 2                  # The maximum number of chars on the left
max_total = 5                 # The max total unknowns
chars = 'abcd1234'.chars.to_a # Possible chars to choose from
#chars << '\\'                 # ... plus backslash
#chars << "'"                  # ... plus single quote

def test(phrase)
  print phrase, "\t"
  system("./bitcoind", "walletpassphrase", phrase, "20")
  case $?.exitstatus
  when 0
    puts "Found it! #{phrase}"
    exit 0
  when 127
    puts "bitcoind not found in current dir"
    exit 1
  when nil
    puts "Aborting"
    exit 1
  end
end

(1..max_total).each do |length|
  chars.repeated_permutation(length) do |str|
    max_offset = [max_left, length].min
    (min_left..max_offset).each do |offset|
      left = str.join[0,offset]
      right = str.join[offset,99] || ""
      test(left + middle + right)
    end
  end
end

Fill in the part you know for middle= and put in the characters you want to try in chars= . If you want a backslash or single-quote then remove the # at the start of those lines.

Try to keep the chars list small. The time required increases very rapidly as you add more: 10 characters = 8 hours; 20 characters = 11 days; 30 characters = 3 months.

Thank you.

Revalin

hero member

Activity: 728

Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

Quote from: Hfleer on March 29, 2013, 04:24:24 PM

What if i know most of the characters, which are either in the very beginning or in the middle, but missing 3-5 characters(certain letters, numbers, and symbols), that are mostly at the end but might have one or two at beginning?

Then you need something like this:

Code:

#!/usr/bin/ruby

middle = "password"           # The known part in the middle
min_left = 0                  # The minimum number of chars on the left
max_left = 2                  # The maximum number of chars on the left
max_total = 5                 # The max total unknowns
chars = 'abcd1234'.chars.to_a # Possible chars to choose from
#chars << '\\'                 # ... plus backslash
#chars << "'"                  # ... plus single quote

def test(phrase)
  print phrase, "\t"
  system("./bitcoind", "walletpassphrase", phrase, "20")
  case $?.exitstatus
  when 0
    puts "Found it! #{phrase}"
    exit 0
  when 127
    puts "bitcoind not found in current dir"
    exit 1
  when nil
    puts "Aborting"
    exit 1
  end
end

(1..max_total).each do |length|
  chars.repeated_permutation(length) do |str|
    max_offset = [max_left, length].min
    (min_left..max_offset).each do |offset|
      left = str.join[0,offset]
      right = str.join[offset,99] || ""
      test(left + middle + right)
    end
  end
end

Fill in the part you know for middle= and put in the characters you want to try in chars= . If you want a backslash or single-quote then remove the # at the start of those lines.

Try to keep the chars list small. The time required increases very rapidly as you add more: 10 characters = 8 hours; 20 characters = 11 days; 30 characters = 3 months.

veryveryinteresting

member

Activity: 60

Merit: 10

Quote from: Revalin on March 29, 2013, 03:26:19 AM

And another: This person knows the middle of the password but forgot the digits on either side.

Code:

#!/usr/bin/ruby

middle = "password"  # The known part in the middle
min_per_side = 1     # The minimum number of digits per side
max_per_side = 4     # The maximum number of digits per side

def test(phrase)
  print phrase, "\t"
  system("./bitcoind", "walletpassphrase", phrase, "20")
  case $?.exitstatus
  when 0
    puts "Found it! #{phrase}"
    exit 0
  when 127
    puts "bitcoind not found in current dir"
    exit 1
  when nil
    puts "Aborting"
    exit 1
  end
end

((2 * min_per_side)..(2 * max_per_side)).each do |length|
  if length - max_per_side > min_per_side
    min_per_side = length - max_per_side
  end
  (0..(10**length-1)).each do |number|
    digits = ("%0#{length.to_s}d" % [number]).chars.to_a
    (min_per_side..(length - min_per_side)).each do |offset|
      left = digits[0,offset].join
      right = digits[offset,99].join
      test(left + middle + right)
    end
  end
end

Edit: Improved to limit the max digits per side which will help with longer passphrases.

Thanks Revalin! I am running it now...

Hfleer

sr. member

Activity: 448

Merit: 250

Changing avatars is currently not possible.

What if i know most of the characters, which are either in the very beginning or in the middle, but missing 3-5 characters(certain letters, numbers, and symbols), that are mostly at the end but might have one or two at beginning?

Revalin

hero member

Activity: 728

Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

And another: This person knows the middle of the password but forgot the digits on either side.

Code:

#!/usr/bin/ruby

middle = "password"  # The known part in the middle
min_per_side = 1     # The minimum number of digits per side
max_per_side = 4     # The maximum number of digits per side

def test(phrase)
  print phrase, "\t"
  system("./bitcoind", "walletpassphrase", phrase, "20")
  case $?.exitstatus
  when 0
    puts "Found it! #{phrase}"
    exit 0
  when 127
    puts "bitcoind not found in current dir"
    exit 1
  when nil
    puts "Aborting"
    exit 1
  end
end

((2 * min_per_side)..(2 * max_per_side)).each do |length|
  if length - max_per_side > min_per_side
    min_per_side = length - max_per_side
  end
  (0..(10**length-1)).each do |number|
    digits = ("%0#{length.to_s}d" % [number]).chars.to_a
    (min_per_side..(length - min_per_side)).each do |offset|
      left = digits[0,offset].join
      right = digits[offset,99].join
      test(left + middle + right)
    end
  end
end

Edit: Improved to limit the max digits per side which will help with longer passphrases.

wingsuit

member

Activity: 64

Merit: 10

2100 trillion sats baby

Quote from: viper1092 on March 20, 2013, 07:44:05 PM

Hey! I have a very similar issue which I posted about here https://bitcointalksearch.org/topic/blockchaininfo-wallet-desktop-sync-stuck-at-getting-balances-153452.

I set up a BlockChain.info Wallet online. I gave it a 'main' password. I know this main password. The problem is I set the 'second password' which in effect performs double encryption, and I thought I knew that password! But it doesn't work Shocked

Now, I've got 15 BTC in that wallet so it's definitely worth it for me to get back. To recap, I know the initial password that encrypted, and I'm confident I know most of the second password.

My question is how do I go about brute forcing that? I have a .aes.json file with the priv keys that are backed up, but I have no idea on how to go about brute forcing it.

I read the whole post and there are some awesome Ruby scripts, but they all target bitcoind, and I don't have the funds in a local wallet.

Any help?

I had a slightly similar thing happen to me just the other day with blockchainwallet. I set a second pass and then went to test it but it failed over and over again. I had written the second pass to a text file which i was copy-pasting, but also typing and using the virtual keyboard neither of which worked. Then randomly on my 'enth paste attempt it worked.
Hope you get yours back soon.

2112

legendary

Activity: 2128

Merit: 1073

Quote from: AdriKGB on March 23, 2013, 01:44:56 PM

Hi 2112,

Does it mean that it is possible that if I created a wallet password in a PC which crashed, now in a new PC maybe Bitcoin-qt does not accept the password?

If this is the case, and I don't know the encoding of regedit.exe, what can I do to be sure that I test all the encoding possibilities in the ubuntu's terminal?

Thanks in advanced

Anything is possible, especially in the presence of bugs or various typing-utilities/spelling-checkers/etc. Blind typing into the bitcoin-qt window is a classic failure mode for that, e.g. for Germans: Kongressstraße vs. Kongreßstraße.

For KGB agents the example would be: Microsoft vs. Miсrosoft. (For non-KGB-agents: the second "c" is actually a cyrillic "s".)

Edit: Oh, and guys, please don't race into registering the homo-glyph accounts for the Bitcoin luminaries. Registering as "Gavin-non-break-space-Andresen" is not that funny.

Edit2: Fixed the external link.

AdriKGB

newbie

Activity: 18

Merit: 0

veryveryinteresting

member

Activity: 60

Merit: 10

I just used Revalin's code, but it doesn' work in Windows. I used its on a known password and it still said "error: canot connect to host". Can someone help me out please?

veryveryinteresting

member

Activity: 60

Merit: 10

Quote from: Amitabh S on March 20, 2013, 05:29:52 PM

Just a thought. If you send me the wallet.dat and password fragments, I can try some stuff here. Will you trust me? Cheesy

Depends on how many coins are there

If reward is generous, I will try sending you code snippets.. Give more details. What type of wallet. Whats the length of passwd, what tool did you use to generate the password? Im guessing its a low entropy password if you remember part of it..

Tldr the prev posts in this thread yet..

Why in the world would I trust you? You didn't even read the thread.....

If you read the previous posts, it's possible for you to crack it without having the actual wallet.dat file itself.

I am willing to pay a 1BTC reward to anyone who can help me out.

2112

legendary

Activity: 2128

Merit: 1073

Quote from: niklas on March 21, 2013, 04:44:31 PM

Thank you for your help, 2112.

However, if I am honest I do only have a faint idea of how to accomplish what you describe. Does the bitcoin client use different encodings on different platforms? The wallet was encriptded on a German Windows 7 installation; for running Revalins script I now use a German Ubuntu 12.04.

Do you have a concrete strategy how I could get Revalins script running using all characters on my keyboard?

Thank you

Well, you had a good idea to see if you can crack the known short password with umlauts.

1) I currently don't have access to any other machine except my single laptop, I really can't help you with details. In particular I'm almost illiterate in German.
2) verify if the "Language for non-Unicode programs" in Control Panel is still "German (Germany)".
3) using regedit.exe verify the settings in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage\ACP. It should probably be 1252 which means the Windows-1252 encoding was used for non-internationalized programs like Satoshi's client. Also note the OEMCP value from the same page. Ostensibly OEMCP is used only for DOS compatibility mode, but some programs use it because of bugs.
4) If you encrypted your wallet using bitcoin-Qt then verify that you can decrypt it from the command line by using bitcoind.
5) Make sure that the step 4) works for all umlauts you may have used, both lower-case and upper-case.
6) configure Ubuntu's terminal program to use Windows-1252 or if you access it from Windows via ssh configure your ssh client to use that encoding
7) rerun the test decryption of the known-password wallet on Ubuntu's command line.
8) verify that your Ruby program is using the correct encodings for umlauts
9) run the Ruby crack program

While I'm almost illiterate in German I'm very familiar with the computer-specific problems encountered by German-speaking people, especially in multi-language places like Switzerland. Because of the QWERTY vs. QWERTZ vs. AZERTY keyboard layout issue, when you were entering your password sight-unseen you may have entered some other characters because of accidental switching of the keyboard layouts. Have you actually verified in the Language Bar that you were using the correct layout while typing your password?

Topic: Encrypted wallet.dat, lost password, any solutions? - page 26. (Read 213600 times)