Topic: Has anyone here been able to decode the backup of bitcoin wallet (schildbatch)? (Read 4653 times)

Installed Ubuntu on a VirtualBox and followed your instructions down to the letter. It worked.

Thank you so much HCP - you went above and beyond here. Legend.

Really appreciated.

Awesome, glad you got it sorted...

I wish I had know about this "-md md5" business a couple of years ago when the whole multibit shutting down thing kicked off. There were a lot of people struggling with various multibit backup files and "incorrect password" issues... I now suspect that this might also be the reason why the openssl method did not work for a lot of people back then.

I am not overly familiar with "git bash", but I don't think you can use "general" Linux commands with it... it seems to be a "git" specific terminal emulator, ie. it's really only designed for working with "git" and not with general unix/linux shell commands.

You'd either need to setup something like Cygwin and use openssl with that, refer: https://www.ssl.com/how-to/install-openssl-on-windows-with-cygwin/
or
Install/Setup the Windows Subsystem for Linux (WSL) and install a linux distro like Ubuntu, refer: https://ubuntu.com/wsl


Also, I downloaded the oldest Bitcoin Wallet APK that I could find from the app github (version v3.11). I installed it on the Bluestacks Android Emulator and then created an encrypted "wallet-keys" export file... after mucking around in Ubuntu (in WSL) trying to decrypt this export with "openssl", I found a stackexchange comment that indicated that "old versions of OpenSSL" used a different hash function when generating the encrypt/decrypt key from the user entered passphrase... essentially, they moved from MD5 to SHA-256 by default:
(NOTE: I suspect this is also why newer versions of the app cannot read older backup files!)


So, by adding the "-md md5" flag to the command, the decrypt (of "old" files) works:

---

---

For reference, here is my "test" data...

Contents of my bitcoin-wallet-keys file:
Can be downloaded here: https://keybase.pub/hcp/bitcoin-wallet-keys-2020-11-17


commandline:


Contents of the generated "out" file

Thank you for the reply HCP.

I have tried installing the latest version of the schildbatch wallet as you suggested, and attempted to import the keys using the restore wallet function but unfortunately it just returns the error "Wallet could not be restored - unreadable wallet".

The second one - openssl enc -d -aes-256-cbc -a -in bitcoin-wallet-keys-YYYY-MM-DD -out bitcoin-wallet-keys-YYYY-MM-DD-decrypted . Using the Gitbash terminal on Windows, this command just returns nothing. No error, but nothing happens it just sits on the next line and there is no output file created in the directory. Am I doing something wrong here?

I believe that is likely to be the same encryption method, just it's private keys instead of the "protobuf" formatted wallet file.

Have you tried using a more recent version of the wallet application (ie. Bitcoin Wallet for Android) and importing the "bitcoin-wallet-keys-YYYY-MM-DD" file?

If that doesn't work, you might be able to decrypt the file using the openssl command with your bitcoin-wallet-keys-YYYY-MM-DD file:

Assuming that works without error, if you open the "decrypted" file in a text editor... do you see the keys listed?

....

No. The full wordlist is here: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

As you can see, hardly is not there... "hard" is... maybe try that. If it doesn't work, you'll probably need to try the "seed recovery" script included as part of "btcrecover" to try and figure out what the correct word is supposed to be: https://github.com/gurnec/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md

I tried using your programme, but I get an error saying "hardly not in wordlist, did you mean barely?" I clearly don't mean "barely" - is "hardly" a word you can add to your list? Thanks!

I have decrypted the wallet backup file from the android app (same as the one mentioned in first post) using this command

I have found my 12 word Mnemonic, I put it in the tool with suggested settings. I have received addresses, four that I recognize, however my first ever used address is not listed. Note that it is a very old address since 2013, maybe some configuration has changed?

See in the screenshot my first address 1JunK8dbYKp1pJEeTqmdWq3aburcHuRgAT and also my current generated address that matches the second screenshot from the tool. Any advice would be appreciated. Thanks!

http://soubori.qry.me/cryptowallet_1.png
http://soubori.qry.me/cryptowallet_2.jpg

@HCP
Unfortunately if the wallet has spending PIN or password (not backup password) decrypt_bitcoinj_seed still wants to enter it
The program first prompt for backup password (or not if the file is decrypted) and then prompts "This wallet's seed is encrypted with a PIN or password, please enter it:"
If I enter the correct password it shows the seed.
Is there a way to recover the seed or private keys from encrypted android wallet??
(well btcrecover can do it but has speed 10 passwords/sec not so efficient)
I am able to dump encrypted seed and private keys with bitcoinj:
./wallet-tool raw-dump --dump-privkeys --password=XXX --wallet=backpassremoved > backpassremoved_dmp

this is example empty wallet, I get this:
...
key {
  type: DETERMINISTIC_MNEMONIC
  creation_timestamp: 1506101580000
  encrypted_data {
    initialisation_vector: "|A\274\361c\214\2121\220\203%\3247\r}\357"
    encrypted_private_key: "K\264=\256D\255\"\235\340\336\001R\310A\276\377\203 -\017?\353\251\353Y\340\310\356Y5(
\217<\221\243\253\326\370\376\026lr1D\006\203\300k\v\004q\356\313\377\243\361>\037hI\b\365\213w\326\340\320\344[\2
04\021\314\275\242\222\333I\332S"
  }
  encrypted_deterministic_seed {
    initialisation_vector: "\210\365\345\004J\357\323\376\243\344\227G\323\243\220K"
    encrypted_private_key: "\222\256N\365P8Nk\2750\n\377 \215\366\fO1dzP\221\274S\377m]R\021Qa\262\201{\004\024[uO
]\"\034\300x\201I\343\017m\fQ\214l\030\274\262\371\335\314\334*\242\034}\350\336\023\356\t\340\336q(\027\256\320a\
275\226"
  }
}
key {
  type: DETERMINISTIC_KEY
  public_key: "\003gN6\'\353\322\347\034\320\026\032\217+^\275\034\242\233\234t\022\"\277\227\356\335\030\353\377\
270\374\356"
  creation_timestamp: 1506101580000
  encrypted_data {
    initialisation_vector: "\022\223{\312@q\350\217wy\373\246\331q\316\363"
    encrypted_private_key: "y\367,\361i\223m\315\364\360\225^\362\v7G\032A\262\250i(\005je)\250\2630p\347\346`\241
t\000\272\256\210u\212?\377\304\313\201@\360"
  }
...
and so on...
is there a way to covert it for John The Ripper or hashcat readable hash format???

Hi HCP, I was happy to see you create a script so I can claim my BCC, unfortunally I receive the same seed or psw is incorrect (which it is not)

Can you please help me I buy you more than a one beer.

Many thanks in advance!

Yes. I don't recall there being many light wallets when i started either (though that wasn't so long ago as it was 2015 when I started). I resorted to using an exchange to store my coins which is also now considered a bad idea (possibly worse than using multibit).

Thanks for advise. Its just an old account and no longer use wallet. I like use it several years ago, when "light" wallet still not many.

I'd advise you stop using multibit and start using electrum instead. As multibit is no longer being developed on as the developers gave up on it so it is no longer reieving any fixes.

I use multibit to take the private key but this one is also good

Did you watch the video?

You can also import this bitcoin wallet seed to Electrum, bitcoin wallet is compatible with multibit HD because it has the same bitcoin wallet seed generation scheme. See it:

If the addresses do not match, then the "Derivation Path" you are using is most likely incorrect. Double check that you have used:

m/0'/0

and

m/0'/1

The ' (apostrophe) characters are important!

Hi, I am a complete noob to the whole thing and have been racking my brain trying to figure this stuff out for a week or so. I got through the part where the first decrypt_bitcoinj_seed  spit out the words and I copied it into an offline copy of the page. However following the instructions I get as many keys at the bottom as I select. If I say to view 20 I get 20 if I say `180 it is 180 I have only used the wallet for a half a dozen transactions. I am not sure what I am doing wrong. I am trying to get the keys so I can get the Bit Coin Cash but so far it looks like it is just going to be stuck there. Can you shed some light on what I might be doing wrong?
 Also- I thought I would mention, none of the public addresses shown match any of the ones I can see in the wallet.

Many thanks, I got it!