Topic: [HOW-TO] Export Bitcoin private keys (in WIF) from Bitcoin Android (schildbach) (Read 409 times)

Reviving an old thread. I tried doing the steps HCP and exiledotome laid out but I get the same message as jonathan. Doing this in Windows 10 with all the prerequisites installed. Also, upon decrypting the file (tested it on a newly-created wallet), it does not show me a text output but rather a bunch of symbols that are quite unintelligible. I was hoping I could just get the encrypted file decrypted and do another approach.

I'm pretty sure I followed all the steps correctly, but not too sure why my decrypted wallet file seems different than what you guys are seeing. I was expecting to see strings of text but that doesn't seem to be my case.

EDIT: managed to restore my wallet to electrum. This guide has been super helpful, especially the derivation path mentioned by HCP. It's important to note that people should do this in a machine that is not connected to the internet, and deleting the files generated by the process after you have successfully restored your wallet to electrum or any wallet of your choice just in case.

Debian 11 user here. Apt install gradle, and git cloned bitcoinj as instructed. And then in bash...:

... yields the message:

... has anybody got a fix for the --args= problem please?

Google have added a new "Install from nearby sources" feature in Android (https://9to5google.com/2021/02/17/google-play-store-share-apps-nearby-devices/)... whereby you can effectively copy APKs from nearby devices. Not sure if that might be of any use in getting a hold of the latest version from a "Trusted" source... I suspect that it might actually require that you still have Play Store installed on the receiving device

Would it be so bad to use a VM or BlueStacks or something android emulator and a throwaway google account to download the APK from the Google Play store then sideload that version? Or is it the principle of the thing? Understandably, F-Droid and other non-google app stores have a lot less and sometimes are not as updated.

Thank you for your response!

Yes, I'm paranoid enough that I did it offline. Doing it on an offline linux machine that would otherwise use a package manager has its added difficulties. I ended up just downloading the source for all the additional packages I needed onto a thumb drive and built them as that was easier than the alternative.

After a couple hours of no luck trying to figure out how to do it, and before finding this posting, I'd considered just performing an on-chain move of all wallet funds. But Schildbach's app doesn't offer the ability to select the exact transaction fee or another way to move the entire contents of a wallet and that was my goal.

Additionally, the Schildbach app had recently crashed in such a way that it would immediately crash every subsequent time when starting. This made it completely unusable. So I would've needed to uninstall, reinstall, and I'm guessing recover from an encrypted backup. This crash was the final straw for me for the Schildbach app.

For context: in my quest to remove Google from my life I've been using MicroG for LineageOS on my phone. I don't use the Google Play Store anymore, and have been relying on F-Droid. There's been some ongoing issue with getting the Schildbach app from F-Droid. The short version is that Schildbach blames F-Droid and posters to the F-Droid forum say there's "reproducability issues". It feels like both sides are pointing fingers at each other and refusing to fix the issue, but the end result is that it hasn't been updated there since 2019.

I'd been fine with that for a while, but a few months ago I decided I wanted to start storing BTC offline on paper wallets. Imagine my frustration when, as a test, I tried to sweep a paper wallet back into the app and it gave me an error. After searching for a solution and finding nothing I looked at the code for the error message, and when trying to correlate that with commit messages my best guess was the version of the app I was using used an outdated API to get some blockchain information needed for the sweep operation. I could be misremembering the details, but I tried it multiple times over a couple weeks with the same failure each time. Whatever the cause was, this was an issue that had been fixed for many months.

While many later versions of the app had this issue fixed, they weren't available to me since they weren't on F-Droid. I later spent an entire evening trying to build the Schildbach app without success. I ended up coming back to it later and eventually had to create a new VM just to build the app. This worked after struggling through a number of frustrating issues with the Shildbach's brief but outdated build process. It's like so many other things: it's an easy thing to do if you know how to do it.

As I'd never built an Android app before I didn't realize that I had to sign the app. IIRC my signing key has to be signed by Google or something like that such that I was never able to get the app installed.

Since I'm venting about my issues with Schildbach's app I'll add the following. With all my other issues I needed to upgrade my phone's firmware at one point and decided it would be best to just completely wipe it clean and start over. Imagine my frustration when I tried to restore the wallet backup and when selecting the wallet backup file I get an error that the file can't be found. There was no help to be found on this issue. After pouring through hundreds of commit messages I finally found a clue that suggested there was a change in the app that was causing it. After installing the oldest version of the app from F-Droid I was able to restore the wallet and subsequently install the "new" version (from 2019). This seems like the sort of thing that should've been documented somewhere other an obscure commit message.

That was the long way of answering your question. No, I'm not trying to permanently move to Electrum--you might someday find a similar rant about the difficulties I've had with Electrum. But I'm done with Schildbach's app and can't imagine I'll ever want to come back to it.

I appreciate all that Schildbach and his team do, but it sure as heck seems to suffer some of the same lack of cohesiveness, purpose, direction, and diversity of skills that open source projects are known for.

I'll step off my soap box now

... until my next post.

Thanks again!
cdoug

Not really... using the 12 word seed should generate all the addresses your Bitcoin Wallet for Android would have ever created, so you don't need to worry about missing an address or anything like that.

The biggest concern would be whether or not you have potentially exposed either the seed and/or the unencrypted wallet file backup. Did you do all of this on an "online" computer? ie. one that was connected to the internet? Or did you do it all "offline"?

If you did it "online", you'd probably be better off creating a completely new wallet in Electrum using the "File -> New -> Standard Wallet -> Create a new seed" option, then move all your coins from the wallet created from the backup, to the new Electrum wallet.

Was this an exercise in making sure you could recover your Bitcoin Wallet for Android, or were you trying to permanently move to Electrum?

Thanks so much for this! I'd been banging my head against the wall for hours, trying different things I've found elsewhere.

I think the actual missing step for me--for at least one of the methods that I'd tried--was HCP's instructions for the wallet type to use (native segwit) and his specific, and correct, derivation path (m/1') to go along with it.

I did have some issues completing the last steps of exiledotome's method, but once I completed his step 4 I was able to find and read the 12 seed words within the unencrypted binary file using a text editor.

So I essentially ended up doing:
1. exiledotome's steps 1-4
2. Read the words from the unencrypted file
3. Followed this procedure: https://bitcoinelectrum.com/restoring-your-standard-wallet-from-seed/ but I used HCP's instructions of using a native segwit wallet and a derivation path of m/1'

Looking at my new electrum wallet, it looks like I have everything, and it looks to me like I didn't really need the private keys to transfer the wallet to electrum. Assuming nobody can get hold of the unencrypted seed words, are there any shortcomings to the way I did it?

After some mucking around today... I finally figured out that the "derivation path" that is required to restore your "Bitcoin Wallet for Android" into Electrum using the BIP39 seed extracted from the decrypted wallet file) is as follows:

For the "bc1" addresses, you select "native segwit (p2wpkh)" option and set path to: m/1'



If you have any legacy addresses (from "Request to legacy address" option), then you select "legacy (p2pkh)" and set path to: m/0'



Note: this is working from a Bitcoin Wallet for Android wallet generated in the current version of Bitcoin Wallet for Android (version 8.08)

I just used the openssl to decrypt the wallet backup file, then opened it in a text editor... the 12 words are right at the beginning:

This guide will be about extracting Bitcoin private keys from Bitcoin Android encrypted wallet backup file, commonly known as "schildbach wallet" or "protobuf wallet".

Before beginning, let me bust out some myth. No, you don't need to use Linux. In fact, the whole process is done in Windows 10.
The reason I wrote this because:

• The official guide is outdated: https://github.com/bitcoin-wallet/bitcoin-wallet/blob/master/wallet/README.recover.md
  BitcoinJ stopped using Maven as its build automation tool (https://github.com/bitcoinj/bitcoinj/commit/aaa5262ef42c084406db09bb55f02fb58bfc9789), but the guide still uses Maven. Obviously, the guide will fail to work.
  
• There's a lot of Python scripts that spits out invalid seed (mostly because the derivation path is incorrect). Even when importing the seed those script produces in Electrum and activating BIP39 option, it would derive the wrong private keys. I might be wrong setting the derivation path, but this option never worked for me, even if I would set the apparently same derivation path Bitcoin Android use.

Instead of generating a seed, I'll show you how to extract the actual private keys itself in WIF, not some seed that needs to be derived.
WIF is portable across every wallet program, because it is the actual private keys itself you use to spend Bitcoins.

I will be using Chocolatey so I don't need to mess with PATH. If you don't, I assume you're comfortable with command-line interface and willing to build OpenSSH from sources or put your trust into OpenSSH binaries for Windows that other has built.

1. Remove spending PIN (if set), and export your Bitcoin Android wallet
Supply a password. It will be used on step 4.

2. Copy over your Bitcoin Wallet encrypted wallet backup file to your computer. Use USB cable, or whatever method you are comfortable with (adb pull, Bluetooth, Nearby Share, Pushbullet, etc.)

3. Install required dependencies: Gradle, OpenSSH, and Git.

4. Decrypt the wallet
A prompt will appear "enter aes-256-cbc decryption password:"
Type in your password that you have set in step 1.
The warning below is normal. The file would be successfully decrypted regardless.
Be warned. Your wallet is now decrypted. Anyone who gains possession of this file would be able to spend your Bitcoins.

5. Clone the BitcoinJ repository

6. Navigate to wallet-tools directory

7. Run wallet-tools to dump the private keys out of the wallet
You can dump it to a text file instead to the text output (stdout) instead:

8. Inspect the private keys dump
The dump would be separated into several sections for each output script type.  My wallet is made by Bitcoin Android Version 8.08, so there's two types of address I have, namely P2PKH (legacy) and P2WPKH (SegWit Bech32). Find "Ouput script type:" (yes, it's an typo, and yes, that's the actual output of bitcoinj's wallet-tool. someone raise an issue pls.)
Each wallet would hold multiple private keys. The actual private keys itself are after the words "priv WIF=". You can use the Find function (Ctrl+F) to find all the keys.

Don't forget to securely wipe your unencrypted wallet file and the dumped private keys, should you dump it into a file. Use any secure erase utility you prefer, but if you don't have any, EraserDrop is a small utility that would do so, and has a PortableApp package.
To wipe file and folders using EraserDrop, select them, drag and drop into the EraserDrop's icon on your screen. Don't forget to close Command Prompt and Notepad before wiping the files, else the file would be locked and EraserDrop won't be able to securely wipe it.
To quit EraserDrop, right click on the EraserDrop's icon on your screen or in your taskbar tray's, then select Exit.

BONUS: How to sweep private keys to Electrum.
Prefix the P2PKH (legacy, address starts with 1) WIF private keys with "p2pkh:", so "p2pkh:yourwifprivatekey"
Prefix the P2WPKH-in-P2SH (SegWit, address starts with 3) WIF private keys with "p2wpkh-p2sh:", so "p2wpkh-p2sh:"
Prefix the P2WPKH (SegWit Bech32, address starts with bc1) private keys with "p2wpkh:", so "p2wpkh:yourwifprivatekey"

On Electrum, CREATE a new wallet. DO NO USE THE IMPORT FUNCTION, because else you can't backup your wallet into Electrum's seed format, nor use Lightning Network.

Then go to Wallet > Private keys > Sweep and paste EVERY of your private keys (your wallet will have multiple private keys, don't miss any of them) ONE private key EVERY LINE.