Topic: GPU brute forcing an encrypted wallet (Read 16576 times)
I only remember part of the wallet password. What command can I use in btcrecover to find it?
I lost my password to a wallet that had 20 bitcoins in it, its now worth my effort to retrieve it. I tried using Revalins script found here https://bitcointalksearch.org/topic/m.942171 without any luck.
So I have modified it to brute force based off a base password that I know is correct, so I'm only have to brute force between 6-8 characters which is feasible.
This is going terribly slow though, but that is because I'm using CPU to try to crack this and I should take a lesson from the mining community and try to use my GPU through CUDA or OpenCL. I was wondering if anyone could help me adapt this script to python or a ruby OpenCL/CUDA library so that I can harness my GPU power to try to crack my password to recover it.
If not perhaps this will help someone else who ends up losing their wallet password and needs to brute force it. At 3-5 characters this would work find with a Quadcore.
So I have modified it to brute force based off a base password that I know is correct, so I'm only have to brute force between 6-8 characters which is feasible.
Code:
#!/usr/bin/ruby -w
class Cracker
def initialize(char_array, password_range)
@char_array = char_array
@password_range = password_range
end
def password_correct?(phrase)
print "basepassword" + phrase, "\t"
system("./bitcoind walletpassphrase basepassword#{phrase} 20")
case $?.exitstatus
when 0
puts "Found it! basepassword#{phrase}"
exit 0
end
return false
end
def generate_password( perm_number, password_length )
password=""
(1..password_length).each do |char_number| # loop through characters
char_reference = (perm_number / @char_array.length**(char_number-1)).floor % @char_array.length
character = @char_array[char_reference]
password << character
end
password
end
def do_combination( num_combinations, password_length )
(0..num_combinations-1).each do |perm_number| # loop through combinations for a given length
password = generate_password( perm_number, password_length )
return password, perm_number if password_correct?(password)
end
end
def crack()
(@password_range).each do |password_length| # loop to gradually increase password length
num_combinations=@char_array.length**password_length
password, perm_number = do_combination(num_combinations, password_length)
if password
puts "#{password} | Access Granted | #{perm_number} / #{num_combinations}"
return password
end
end
end
end
# I removed characters I was sure I didn't use
characters = "!$@01235@ABCDEFGIKLMNOSTWYZabcdefgiklmnopqrstuwyz".split(//)
cracker = Cracker.new( characters, (6..8) )
password = cracker.crack()
puts "No luck."
exit 1
This is going terribly slow though, but that is because I'm using CPU to try to crack this and I should take a lesson from the mining community and try to use my GPU through CUDA or OpenCL. I was wondering if anyone could help me adapt this script to python or a ruby OpenCL/CUDA library so that I can harness my GPU power to try to crack my password to recover it.
If not perhaps this will help someone else who ends up losing their wallet password and needs to brute force it. At 3-5 characters this would work find with a Quadcore.
Dear Sir,
I have many time tried to find tested password as "abc11" but it is not find. Could you please give me a guideline to operate the script. I have run your script before i have run the C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe please ask me anything wrong......
silverfuture and btchris, would you mind telling me (or through PM) about how complicated the password is (length? consists of upper-case/lower-case/special/numeric characters?) and how long the brute-forcing process takes?
I hope you'll understand that I will not... that's up to silverfuture to decide.
Although if you have a set of password criteria in mind, I might be able to estimate such a thing for your circumstances, but you'd need to be fairly specific (about the password, about your wallet software, and possibly about your PC as well).
silverfuture and btchris, would you mind telling me (or through PM) about how complicated the password is (length? consists of upper-case/lower-case/special/numeric characters?) and how long the brute-forcing process takes?
Just wanted to let folks know that btchris cracked a password for me and I would consider him a trustworthy individual. He could have stolen the btc but did not.
btchris I sent you a PM.
Been away for a while and I'm slowly catching up. I did get it, will hopefully reply soon...
btchris I sent you a PM.
I want proudly annonce that Btcris made it. I gave my key-file and then crack/hack/brute-force(for all jibberish) and he is a man of Honor, he could steal 1,0 Btc, but he got his fee,w hat was negoniated under us 10%, so 0,1 Btc
So he is the Heisenberg of BTC
So he is the Heisenberg of BTC
Nice that you finally get your bitcoin back.
It is not so easy to encrypted a wallet with GPU brute forcing, because encryted wallet has a very complicated security, as example in blockchain.info, if you lost your passwrod, you must enter some random words, which given at the time of first registration, hopefully you can find the lost password wallet
It is nice to know that the problem is finally solved now, and it is nice to see you haven't trusted the wrong person.
Well done, btchris.
Well done, btchris.
I want proudly annonce that Btcris made it. I gave my key-file and then crack/hack/brute-force(for all jibberish) and he is a man of Honor, he could steal 1,0 Btc, but he got his fee,w hat was negoniated under us 10%, so 0,1 Btc
So he is the Heisenberg of BTC
So he is the Heisenberg of BTC
@Chris
This file is getting complicated, they ask me if i repair/remove/change...I do not I klick somewhere--But i think i did not right cuz,warning: can't find pycrypto..maybe give me a more detail Hoe to put pycrypto in btc-recover
This file is getting complicated, they ask me if i repair/remove/change...I do not I klick somewhere--But i think i did not right cuz,warning: can't find pycrypto..maybe give me a more detail Hoe to put pycrypto in btc-recover
Please give this a try.
1. Go to Start -> Control Panel.
2. Click on Uninstall a Program.
3. Find everything that has "Python" in the program name, you should find at least two, maybe more.
4. Double-click each one to remove it.
5. Install Python 2.7.8 Windows X86-64 Installer from here.
6. Install PyCrypto 2.6 for Python 2.7 64bit from here.
Let me know if you still get the "warning: can't find pycrypto" message...
I did try first myself on trying to recover my wallet but then I gave up and contacted someone over at the services section and they finally found it wasn't far from my prediction but I probably would of never got it...or would of took me a long time for a small amount.
If you can't do it yourself and find your self struggling you should probably just hire a more technical person they will probably find it in no time if its near the correct password.
@Chris
This file is getting complicated, they ask me if i repair/remove/change...I do not I klick somewhere--But i think i did not right cuz,warning: can't find pycrypto..maybe give me a more detail Hoe to put pycrypto in btc-recover
This file is getting complicated, they ask me if i repair/remove/change...I do not I klick somewhere--But i think i did not right cuz,warning: can't find pycrypto..maybe give me a more detail Hoe to put pycrypto in btc-recover
Does anyone have a comparison of how long this would take with a script/interpreter language like Ruby or Python, vs. a compiled and highly parallized computation on a GPU? I guess we're talking 4-5 orders of magnitude here?
Much much faster. Try 20x.
Still it will take many years to bruteforce.
Dictionary attack will be faster if they have a weak password.
Maybe you could program rainbow tables if you have many wallet.dat files to crack
The wallet.dat password is seeded, rainbow tables wouldn't help.
While there is a speed difference between Python and native code, for this particular application it's much closer than 20x. Most of the time is spent inside cryptographic code, and most scripting languages implement cryptographic primitives in native code.
Here's a comparison between btcrecover and John the Ripper, including columns which show what language each cryptographic primitive is actually written in. The interesting comparisons are the Bitcoin Core lines, which show a speedup of 2.75x from 44 P/s to 128 when going from btcrecover to JtR, and the speedups that you get with GPU acceleration (pretty good speedups with Bitcoin, but a measly 4 - 6x speedup for Armory which uses a memory-hard KDF).
All of these tests were run on my aging i5-2500k and 2x 560 Ti's. Wallets were created on the same system using default KDF parameters, except for the Blockchain.info wallet with 10,000 iterations (10 is the default).
BBcode tables are pretty ugly, the original spreadsheet if you want to see it is here.
| Wallet | Software | Language | KDF | Hash | AES-256 | ECDSA? | Iterations | Memory | GPUs | P/s | ||
| Armory | BTCR | Python 2.7 | ROMix | C++ | SHA-512 | C++ | C++ | Yes | 4 | 2 MiB | 20 | |
| Armory | BTCR | Python 2.7 | ROMix | OpenCL (GPU) | SHA-512 | OpenCL (GPU) | C++ | Yes | 4 | 2 MiB | 1 | 79 |
| Armory | BTCR | Python 2.7 | ROMix | OpenCL (GPU) | SHA-512 | OpenCL (GPU) | C++ | Yes | 4 | 2 MiB | 2 | 128 |
| Bitcoin Core | BTCR | Python 2.7 | PBKDF1 | Python | SHA-512 | C | C | No | 67,908 | 44 | ||
| Bitcoin Core | JtR | C w/OpenMP | PBKDF1 | C | SHA-512 | asm | asm w/AES-NI | No | 67,908 | 121 | ||
| Bitcoin Core | BTCR | Python 2.7 | PBKDF1 | OpenCL (GPU) | SHA-512 | OpenCL (GPU) | C | No | 67,908 | 1 | 1,070 | |
| Bitcoin Core | BTCR | Python 2.7 | PBKDF1 | OpenCL (GPU) | SHA-512 | OpenCL (GPU) | C | No | 67,908 | 2 | 2,110 | |
| Blockchain.info | BTCR | Python 2.7 | PBKDF2 | Python | SHA-1 | C | C | No | 10 | 27,000 | ||
| Blockchain.info | BTCR | Python 2.7 | PBKDF2 | C | SHA-1 | C | C | No | 10 | 82,000 | ||
| Blockchain.info | JtR | C w/OpenMP | PBKDF2 | C | SHA-1 | C w/SSE4.1 | asm w/AES-NI | No | 10 | 533,000 | ||
| Blockchain.info | JtR | C w/OpenMP | PBKDF2 | OpenCL (GPU) | SHA-1 | OpenCL (GPU) | asm w/AES-NI | No | 10 | 1 | 3,996,000 | |
| Blockchain.info | BTCR | Python 2.7 | PBKDF2 | Python | SHA-1 | C | C | No | 10,000 | 41 | ||
| Blockchain.info | BTCR | Python 2.7 | PBKDF2 | C | SHA-1 | C | C | No | 10,000 | 262 | ||
| Electrum | BTCR | Python 2.7 | PBKDF1 | Python | SHA-256 | C | Python | No | 2 | 25,000 | ||
| Electrum | BTCR | Python 2.7 | PBKDF1 | Python | SHA-256 | C | C | No | 2 | 396,000 | ||
| MultiBit | BTCR | Python 2.7 | custom | Python | MD5 | C | Python | No | 3 | 26,000 | ||
| MultiBit | BTCR | Python 2.7 | custom | Python | MD5 | C | C | No | 3 | 415,000 |
What i can do now? Just restart but it would provide the same results. Or i was wrong about password, but it is unusual that is a long pw, i am too lazy, It is 100% a word not combination of letters and numbers. But maybe something like Number1, but is ridicolous such a word i would not write.
So what should i do write notepad to enlarge the bruteforce?
So what should i do write notepad to enlarge the bruteforce?
First, just a reminder, if there was an umlaut over any of the vowels, btcrecover will never find it. It can't handle non-ASCII.
The only option would be to try more passwords. I guess I'd try this:
Code:
#--pause --no-dupchecks --wallet multibit.key --autosave progress.sav
%ia%0,5a%d %ia%6a
%ia%0,5a%d %ia%6a
This tries passwords that have a single number at the end, and also passwords that are 7 letters long. It will take 36 times longer to run, so it's pretty important that you install PyCrypto 2.6 for Python 2.7 64bit from here first.
It will autosave to a file in the same directory, so you can close it and restart it without losing any progress (but only after the initial counting phase). I just added a small improvement related to autosave, so you should probably download a new copy of btcrecover first.
Does anyone have a comparison of how long this would take with a script/interpreter language like Ruby or Python, vs. a compiled and highly parallized computation on a GPU? I guess we're talking 4-5 orders of magnitude here?
Much much faster. Try 20x.
Still it will take many years to bruteforce.
Dictionary attack will be faster if they have a weak password.
Maybe you could program rainbow tables if you have many wallet.dat files to crack
What i can do now? Just restart but it would provide the same results. Or i was wrong about password, but it is unusual that is a long pw, i am too lazy, It is 100% a word not combination of letters and numbers. But maybe something like Number1, but is ridicolous such a word i would not write.
So what should i do write notepad to enlarge the bruteforce?
So what should i do write notepad to enlarge the bruteforce?
Jump to: