Pages:
Author

Topic: Missing 10 Characters in WIF Private Key - Can I recover them? - page 3. (Read 1980 times)

member
Activity: 78
Merit: 133
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.
Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.
So that would be very easy. ~60 missing bits, we would have the private key within minutes.

1 year ago, user PawGo calculated exactly your case (10 missing WIF characters) but with the public key in less than 11 minutes.

Not bad, no?  Wink 10 missing WIF characters - Less than 11 minutes on old CPU. GPU performance - to be seen.
That's fantastic. I'll have to go back to check Pollard's kangaroo algorithm again.

Thread: Using Kangaroo for WIF solving https://bitcointalksearch.org/topic/--5315607



Edit: PawGo posted

Hi,
1) you may check my program WifSolver to see if it helps.
https://github.com/PawelGorny/WifSolver

2) in your case I think it is possible to convert program into task for BitCrack. Using Gpu solution will be find much faster. Let me know if you need help with configuring bitcrack - how to configure range start/stop, stride etc

3) BUT! If you say that you know publickey, we may use even faster solution, Kangaroo. I have prepared a special version of it to work with custom stride, somewhere on the forum I post explanation how it works. If it works, for 10 missing characters result will be done in VERY reasonable time.

Check the post:
https://bitcointalksearch.org/topic/--5315607

What kind of hardware did he have to solve 10 characters in 11 minutes! Thats awesome and is exactly what I need. going to look into this as well now!
**EDIT** I just saw he did it with just a CPU. Thats crazy! But I don't have public key, so thats not gonna help me much right? And since this address has never sent anything I can't get it right?
member
Activity: 78
Merit: 133

Pollard's Kangaroo method also uses a start and end range. However, it does not support strides (AFAIK) because Pollard's Kangaroo algo is using it's own kind of stride while making the tame and wild kangaroos hop. There's no way to tell Kangaroo: "OK, there is a part of the private key at the end that's already known, don't search those bits". The consequence is that for this particular situation, Kangaroo will take longer to find the PK (way too long actually).



Normal Kangaroo yes, but I have already patched it for solving WIFs, custom stride is supported. Link in post above

I will check it out. I have two 1070s in a rig I can dedicate this too, so hopefully it can do some fast solving. I will message back if I need help. Thank you!

Also I should note I only have the WIF key and public address. I don't have the private address or public key. THe WIF is missing 10 character exactly due to damage of paper wallet. Does this make any difference?
legendary
Activity: 952
Merit: 1386

Pollard's Kangaroo method also uses a start and end range. However, it does not support strides (AFAIK) because Pollard's Kangaroo algo is using it's own kind of stride while making the tame and wild kangaroos hop. There's no way to tell Kangaroo: "OK, there is a part of the private key at the end that's already known, don't search those bits". The consequence is that for this particular situation, Kangaroo will take longer to find the PK (way too long actually).



Normal Kangaroo yes, but I have already patched it for solving WIFs, custom stride is supported. Link in post above
full member
Activity: 233
Merit: 253
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.
Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.
So that would be very easy. ~60 missing bits, we would have the private key within minutes.

1 year ago, user PawGo calculated exactly your case (10 missing WIF characters) but with the public key in less than 11 minutes.

Not bad, no?  Wink 10 missing WIF characters - Less than 11 minutes on old CPU. GPU performance - to be seen.
That's fantastic. I'll have to go back to check Pollard's kangaroo algorithm again.

Thread: Using Kangaroo for WIF solving https://bitcointalksearch.org/topic/--5315607



Edit: PawGo posted

Hi,
1) you may check my program WifSolver to see if it helps.
https://github.com/PawelGorny/WifSolver

2) in your case I think it is possible to convert program into task for BitCrack. Using Gpu solution will be find much faster. Let me know if you need help with configuring bitcrack - how to configure range start/stop, stride etc

3) BUT! If you say that you know publickey, we may use even faster solution, Kangaroo. I have prepared a special version of it to work with custom stride, somewhere on the forum I post explanation how it works. If it works, for 10 missing characters result will be done in VERY reasonable time.

Check the post:
https://bitcointalksearch.org/topic/--5315607
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Keep in mind that this method is significantly slower than to simply test each character permutation.
You see each character at the start of the string (from left) converts to a much bigger integer than any character from the end of the string. So even the difference between 1 char missing becomes huge.
Take the following example:
Ky**DfuvLpt8eSb8EQzhZwDCQeCaycKeAoxJMY8pfPZXmn3uB38R
Even though only 2 characters are missing the difference between Ky11Df... and KyzzDf... as integer is
Code:
13491826005831086771641399365157222283117801812915393869332949675679483454208
While the permutations are only 3364.

The program I'm using is able to skip-count so I think that can mitigate the speed penalty. So I can jump through each next value, adding the huge difference to the previous each time to get the next.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
Do you have a faster way I can do this with GPUs? I have used your tool, but with just CPU its going to take far too long for 10 missing characters.
Unfortunately I haven't been able to add GPU support to FinderOuter yet.
member
Activity: 78
Merit: 133
And then I pasted the characters after the lost 10 chars inside the page. Before the characters, I pated the 'w' (since you know you have that), followed the 10 characters lowest possible private keys that still base-58 encode into w........JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 - replace the dots with 10 "1" (the number one) characters. Because 1 is the first digit of base8 number system. The resulting hex gives the starting range.
Keep in mind that this method is significantly slower than to simply test each character permutation.
You see each character at the start of the string (from left) converts to a much bigger integer than any character from the end of the string. So even the difference between 1 char missing becomes huge.
Take the following example:
Ky**DfuvLpt8eSb8EQzhZwDCQeCaycKeAoxJMY8pfPZXmn3uB38R
Even though only 2 characters are missing the difference between Ky11Df... and KyzzDf... as integer is
Code:
13491826005831086771641399365157222283117801812915393869332949675679483454208
While the permutations are only 3364.

Do you have a faster way I can do this with GPUs? I have used your tool, but with just CPU its going to take far too long for 10 missing characters.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
And then I pasted the characters after the lost 10 chars inside the page. Before the characters, I pated the 'w' (since you know you have that), followed the 10 characters lowest possible private keys that still base-58 encode into w........JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 - replace the dots with 10 "1" (the number one) characters. Because 1 is the first digit of base8 number system. The resulting hex gives the starting range.
Keep in mind that this method is significantly slower than to simply test each character permutation.
You see each character at the start of the string (from left) converts to a much bigger integer than any character from the end of the string. So even the difference between 1 char missing becomes huge.
Take the following example:
Ky**DfuvLpt8eSb8EQzhZwDCQeCaycKeAoxJMY8pfPZXmn3uB38R
Even though only 2 characters are missing the difference between Ky11Df... and KyzzDf... as integer is
Code:
13491826005831086771641399365157222283117801812915393869332949675679483454208
While the permutations are only 3364.
member
Activity: 78
Merit: 133
...
This will probably not take minutes unless you have a large GPU farm, but a few weeks is a more accurate estimate. Since Bitcrack can only talk to 1 GPU as far as I know.

Without an outgoing transaction, we don't have the public key, it will take longer.

Pollard's Kangaroo method also uses a start and end range. However, it does not support strides (AFAIK) because Pollard's Kangaroo algo is using it's own kind of stride while making the tame and wild kangaroos hop. There's no way to tell Kangaroo: "OK, there is a part of the private key at the end that's already known, don't search those bits". The consequence is that for this particular situation, Kangaroo will take longer to find the PK (way too long actually).

Bitcrack, on the other hand, lets us specify an arbitrarily large stride and it converts it to a 256-bit int. Since in this case, 80% of the private key is already known, we can make the stride equal to that huge PK chunk at the end and effectively, only search keys between Kw11111111...... and Kwzzzzzzzzzz.......

so I am plugging the value into that site: w1111111111JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 and for hex I am getting:

64 B3 82 BA 7E 44 5B 0F 02 B1 26 EE 95 04 62 B9 E3 A8 8D 67 7C 5D E1 74 E6 44 88 6D 5B 20 F8 8F F0 10 E5 FF A5 C0. I feel like I am doing something wrong on the site.

Any insight? I am not getting the hex values you got in your original post.

My hex for w1111111111 came from the following input: w1111111111JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7oQX1cWCo92tAA3ihLJ7 (I accidentally duplicated the last part).

Ok, so I get how to get the range for the start and finish in hex to then use in the --keyspace. What I don't know is how did you get the decimal number that starts with 244 that goes after --stride?

Also do I plug the public address in anywhere?

Thank you,
S.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
...
This will probably not take minutes unless you have a large GPU farm, but a few weeks is a more accurate estimate. Since Bitcrack can only talk to 1 GPU as far as I know.

Without an outgoing transaction, we don't have the public key, it will take longer.

Pollard's Kangaroo method also uses a start and end range. However, it does not support strides (AFAIK) because Pollard's Kangaroo algo is using it's own kind of stride while making the tame and wild kangaroos hop. There's no way to tell Kangaroo: "OK, there is a part of the private key at the end that's already known, don't search those bits". The consequence is that for this particular situation, Kangaroo will take longer to find the PK (way too long actually).

Bitcrack, on the other hand, lets us specify an arbitrarily large stride and it converts it to a 256-bit int. Since in this case, 80% of the private key is already known, we can make the stride equal to that huge PK chunk at the end and effectively, only search keys between Kw11111111...... and Kwzzzzzzzzzz.......

so I am plugging the value into that site: w1111111111JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 and for hex I am getting:

64 B3 82 BA 7E 44 5B 0F 02 B1 26 EE 95 04 62 B9 E3 A8 8D 67 7C 5D E1 74 E6 44 88 6D 5B 20 F8 8F F0 10 E5 FF A5 C0. I feel like I am doing something wrong on the site.

Any insight? I am not getting the hex values you got in your original post.

My hex for w1111111111 came from the following input: w1111111111JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7oQX1cWCo92tAA3ihLJ7 (I accidentally duplicated the last part).
member
Activity: 78
Merit: 133
I thought WIF keys that began with K or L were compressed keys and WIF keys that began with 5 were the uncompressed ones? Also I am a bit confused how I get those big numbers with only the public address and a WIF key that is missing characters. Could you elaborate anymore? I apologize I am fairly new to learning about all this.

Yeah you're right - my memory was a bit rusty. In any case just replace the -u flag with -c.

I simply converted the base58 of the lower characters to decimal (and hex). First I went to this page: https://www.dcode.fr/base-58-cipher

And then I pasted the characters after the lost 10 chars inside the page. Before the characters, I pated the 'w' (since you know you have that), followed the 10 characters lowest possible private keys that still base-58 encode into w........JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 - replace the dots with 10 "1" (the number one) characters. Because 1 is the first digit of base8 number system. The resulting hex gives the starting range.

Then to get the end range, you repeat the process but instead of ten 1 characters, you insert 10 'z' characters (the highest character in base58 is lowercase 'z').

To get the stride, I simply converted the lower part of the base58 you had (the one after the dots).

To determine the start and end ranges and the stride, you only need part of the WIF, not the public address.

These steps will create a range and strie that is suitable to input inside Bitcrack.
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.

Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.

No problem, because Bitcrack is more efficient than Kangaroo for your problem (also, Kangaroo will only work if you have the public key, not the address).

Really? I thought with 10 missing characters that was 58^10th or a large number and it was going to take centuries to solve this. How exactly do I solve this in minutes? What tool should I use, or is there something custom? I am willing to pay a bounty for someone assisting me to set this up on machine.


58**10 is a very large number, however to estimate the difficulty, you need the equivalent power in base 2, so what we do is we take the log2 of the result: log2(58**10). Then if gives us the difficulty in bits: such that 2**bits == 58**10 (here, bits equals 58.a_fractional_part).

Difficulty can also be written as "10 base 8 characters", but its common for programs to estimate it in terms of bits as well.

This will probably not take minutes unless you have a large GPU farm, but a few weeks is a more accurate estimate. Since Bitcrack can only talk to 1 GPU as far as I know.

so I am plugging the value into that site: w1111111111JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 and for hex I am getting:

64 B3 82 BA 7E 44 5B 0F 02 B1 26 EE 95 04 62 B9 E3 A8 8D 67 7C 5D E1 74 E6 44 88 6D 5B 20 F8 8F F0 10 E5 FF A5 C0. I feel like I am doing something wrong on the site.

Any insight? I am not getting the hex values you got in your original post.
full member
Activity: 233
Merit: 253
the paper turned to mush. There is no hope of any kind of analysis.
Do you have the compressed/uncompressed public key or outgoing transactions from that address?

I thought, you have the public key too.

You said above that we could do it in minutes. Is that not possible now since we don't have any outgoing TXs?
...
This will probably not take minutes unless you have a large GPU farm, but a few weeks is a more accurate estimate. Since Bitcrack can only talk to 1 GPU as far as I know.

Without an outgoing transaction, we don't have the public key, it will take longer.

I wish you good luck.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I thought WIF keys that began with K or L were compressed keys and WIF keys that began with 5 were the uncompressed ones? Also I am a bit confused how I get those big numbers with only the public address and a WIF key that is missing characters. Could you elaborate anymore? I apologize I am fairly new to learning about all this.

Yeah you're right - my memory was a bit rusty. In any case just replace the -u flag with -c.

I simply converted the base58 of the lower characters to decimal (and hex). First I went to this page: https://www.dcode.fr/base-58-cipher

And then I pasted the characters after the lost 10 chars inside the page. Before the characters, I pated the 'w' (since you know you have that), followed the 10 characters lowest possible private keys that still base-58 encode into w........JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7 - replace the dots with 10 "1" (the number one) characters. Because 1 is the first digit of base8 number system. The resulting hex gives the starting range.

Then to get the end range, you repeat the process but instead of ten 1 characters, you insert 10 'z' characters (the highest character in base58 is lowercase 'z').

To get the stride, I simply converted the lower part of the base58 you had (the one after the dots).

To determine the start and end ranges and the stride, you only need part of the WIF, not the public address.

These steps will create a range and strie that is suitable to input inside Bitcrack.
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.

Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.

No problem, because Bitcrack is more efficient than Kangaroo for your problem (also, Kangaroo will only work if you have the public key, not the address).

Really? I thought with 10 missing characters that was 58^10th or a large number and it was going to take centuries to solve this. How exactly do I solve this in minutes? What tool should I use, or is there something custom? I am willing to pay a bounty for someone assisting me to set this up on machine.


58**10 is a very large number, however to estimate the difficulty, you need the equivalent power in base 2, so what we do is we take the log2 of the result: log2(58**10). Then if gives us the difficulty in bits: such that 2**bits == 58**10 (here, bits equals 58.a_fractional_part).

Difficulty can also be written as "10 base 8 characters", but its common for programs to estimate it in terms of bits as well.

This will probably not take minutes unless you have a large GPU farm, but a few weeks is a more accurate estimate. Since Bitcrack can only talk to 1 GPU as far as I know.
member
Activity: 78
Merit: 133
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.
Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.
So that would be very easy. ~60 missing bits, we would have the private key within minutes.
Really? I thought with 10 missing characters that was 58^10th or a large number and it was going to take centuries to solve this. How exactly do I solve this in minutes? What tool should I use, or is there something custom? I am willing to pay a bounty for someone assisting me to set this up on machine.

We don't have an outgoing transaction, so we can't do it with pollard or kangaroo.

You said above that we could do it in minutes. Is that not possible now since we don't have any outgoing TXs?

Thanks,
S.
full member
Activity: 233
Merit: 253
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.
Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.
So that would be very easy. ~60 missing bits, we would have the private key within minutes.
Really? I thought with 10 missing characters that was 58^10th or a large number and it was going to take centuries to solve this. How exactly do I solve this in minutes? What tool should I use, or is there something custom? I am willing to pay a bounty for someone assisting me to set this up on machine.

We don't have an outgoing transaction, so we can't do it with pollard or kangaroo.
member
Activity: 78
Merit: 133
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.

Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.

So that would be very easy. ~60 missing bits, we would have the private key within minutes.

Really? I thought with 10 missing characters that was 58^10th or a large number and it was going to take centuries to solve this. How exactly do I solve this in minutes? What tool should I use, or is there something custom? I am willing to pay a bounty for someone assisting me to set this up on machine.
full member
Activity: 233
Merit: 253
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.

Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.

So that would be very easy. ~60 missing bits, we would have the private key within minutes.
member
Activity: 78
Merit: 133
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.

Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.
member
Activity: 78
Merit: 133
See my answer on Jean Luc's Kangaroo thread:

I have a question. Recently there was a flood and a notebook containing a offline wallet was damage and it destroyed part of a WIF private key, so now I basically have:

Kw**********(I have the next 40 characters, just not posting for obvious reasons), so I am missing 10 characters in all.

I also have the public key. Is it possible to use this software to start a search at Kw... and iterate over the missing 10 characters with the known 40 characters also in the key.

For example : 1GuqEWwH5iRZ89oo5xw26FqmyZFMWZrtPi - is the public address

and for the WIF private key I'd have Kw**********JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7

basically I want to always have search for private key start at 'Kw', then search for missing 10, and end with 'JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7'

Any advice is appreciated and examples are even more appreciated

Thank you,
S.

The "K" at the beginning stands for an uncompressed private key so effectively one character is ruled out.

You should probably use bitcrack with a stride of "244 62 8 66 47 124 80 157 248 14 101 42 20 166 75 38 90 171 48 143 193 217 43 86 127 213 68 99 176 225 142 231 221 232 209 1 232 119 87 59 159 250 92" (these are grouped in three digits - where there's less than three digits then put zeros at the beginning).

Then you set the start range to "62 15 48 27 224 252 140 123 196 154 246 145 249 147 190 242 245 119 253 137 57 120 87 229 177 249 235 57 188 105 162 106 16 38 232 62 226 68 207 61 60 159 137 16 30 135 117 115 185 255 165 192" (3E 0F 30 1B E0 FC 8C 7B C4 9A F6 91 F9 93 BE F2 F5 77 FD 89 39 78 57 E5 B1 F9 EB 39 BC 69 A2 6A 10 26 E8 3E E2 44 CF 3D 3C 9F 89 10 1E 87 75 73 B9 FF A5 C0, or: w1111111111JzXa.....)

and the end range to "63 53 101 37 224 105 133 154 79 164 116 14 184 245 198 239 210 247 218 39 60 17 143 67 53 249 245 92 6 253 234 184 11 67 248 114 161 110 81 101 39 66 237 125 158 135 117 115 185 255 165 192" (3F 35 65 25 E0 69 85 9A 4F A4 74 0E B8 F5 C6 EF D2 F7 DA 27 3C 11 8F 43 35 F9 F5 5C 06 FD EA B8 0B 43 F8 72 A1 6E 51 65 27 42 ED 7D 9E 87 75 73 B9 FF A5 C0, or: wzzzzzzzzzzJzXa....).

Make sure you only search for uncompressed keys to speed things up.

In one command:

./bitcrack -u --keyspace 0x3E0F301BE0FC8C7BC49AF691F993BEF2F577FD89397857E5B1F9EB39BC69A26A1026E83EE244C F3D3C9F89101E877573B9FFA5C0:0x3F356525E069859A4FA4740EB8F5C6EFD2F7DA273C118F4335F9F55C06FDEAB80B43F872A16E5 1652742ED7D9E877573B9FFA5C0 --stride 2440620080660471240801572480141010420201660750380901710481431932170430861272130 68099176225142231221232209001232119087059159250092

It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.

Note: it's important to place your public address at the end of the command (after the stride), although I did not write that in the other post.
'

I thought WIF keys that began with K or L were compressed keys and WIF keys that began with 5 were the uncompressed ones? Also I am a bit confused how I get those big numbers with only the public address and a WIF key that is missing characters. Could you elaborate anymore? I apologize I am fairly new to learning about all this.
full member
Activity: 233
Merit: 253
It has a difficulty of log2(58**10) = 58.5798 bits, this is doable if you have a few GPUs.
If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.
Pages:
Jump to: