my best friend lost his wallet password..

nambich

newbie

Activity: 28

Merit: 0

Quote from: onemorexmr on March 08, 2015, 06:40:15 AM

at least he can remember some parts of it:

PW{bitcoin|bitcoin-wallet|bitcoin-core-wallet|bitcoin-kern-wallet|bitcoin-core|wallet|bitcoin-kern|bank|geld}123!

variants of "bitcoin" i have tested: bitcoin, BitCoin, Bitcoin

i have written a very small (and ugly) nodejs script which tries this permutations:
- first letter as uppercase (and camel e.g. Bitcoin-Core-Wallet and BitcoinCoreWallet)
- with removed '-'s
- leet-replacements

(all recursive) any other ideas or common mistypes i could check?

it only contains about 1btc - but for him thats much.

regards

I guess here you can find few wallet recovery services but try the above mentioned script first

so in case you have any luck with that you can have the whole recovered money

rev0lt

newbie

Activity: 27

Merit: 0

Maybe it would be best to open one thread for this issue. It looks very common to me.

ebliever

legendary

Activity: 1708

Merit: 1036

Quote from: onemorexmr on March 08, 2015, 04:31:47 PM

Quote from: specgamer on March 08, 2015, 04:25:30 PM

Did some research this is a great way, I actually tried it out too. WORKS great Wink

https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/

i fail to see how this is related to my question? (ah i see... sig ad Wink

)
i know how to secure my bitcoins...

for 1btc (the only bitcoin my friend has) a wallet password is secure enough... he should just have written it down somewhere (damn)

Yes, for non-trivial accounts, passwords should be stored somewhere besides a person's mind. The risk over a lifetime of a head injury, or just going 10 years without using it and forgetting it, is too great. Unless it's a very simple password in which case the account is not secure anyway. The recording of the password, of course, should be done with care. It should be in a secured location, and not plainly spell out what software/system the password is for, if practical. (A spouse, child, parent etc., or instructions in a will or similar setup should have the knowledge required to retrieve the password and access to the wallet as well. Many people are not thinking long term on this.)

yeponlyone

hero member

Activity: 504

Merit: 500

Its very hard to get the password since the encryption of wallet.dat is designed such that the rate of tries would be slow. Unless your friend has a weak password or some idea what the password is, it would nearly be impossible to recover the password.

notlist3d

legendary

Activity: 1456

Merit: 1000

Out of curiosity did you happen to be able to get password?

Know it 's a long shot but I like when a story ends happy

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: onemorexmr on March 13, 2015, 09:04:45 AM

i really like it - esp with pipes Wink

that way even other typos-file and options will work easily... and it follows the unix-philosphy...

i'd really like to help you (and increase my py skills) but i am busy developing monero-tools atm...maybe in a few month Wink

FYI a just committed a version with an --exclude-passwordlist option.

onemorexmr

sr. member

Activity: 252

Merit: 251

Quote from: btchris on March 13, 2015, 08:22:46 AM

So here's what I'm thinking.

New feature 1: add an "--exclude-passwordlist [FILE]" command line option. Passwords read from the FILE will be skipped. FILE defaults to stdin.

This allows you to run btcrecover along these lines:

Code:

btcrecover --tokenlist old-tokens.txt --listpass | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

You could even combine multiple old runs, e.g. (Linux / OS X only):

Code:

( btcrecover --tokenlist old-tokens-1.txt --listpass ; btcrecover --tokenlist old-tokens-2.txt --listpass ) | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

(maybe) new feature 2: add an "--exclude-tokenlist FILE" command line option (FILE is required).

Code:

btcrecover --exclude-tokenlist old-tokens.txt --tokenlist new-tokens.txt --wallet wallet.dat

It's a little more convenient than the first feature for common cases, but it's less flexible and more difficult to implement.

(BTW I definitely liked your idea of multiple sections in a single tokenlist file, but keeping the files separate would be easier to code.)

What do you think?

i really like it - esp with pipes Wink

that way even other typos-file and options will work easily... and it follows the unix-philosphy...

i'd really like to help you (and increase my py skills) but i am busy developing monero-tools atm...maybe in a few month Wink

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: btchris on March 12, 2015, 09:27:32 PM

Quote from: onemorexmr on March 12, 2015, 09:13:09 PM

edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.

eg
token1
token2

[before]
token1

[before]
token2

this shouldnt change anything in your security/thread model.

That's an interesting idea. Keep in mind it's not just the token / typos-map files that that I need to keep track of, it's also the command-line options too. Still, that could be doable.

So here's what I'm thinking.

New feature 1: add an "--exclude-passwordlist [FILE]" command line option. Passwords read from the FILE will be skipped. FILE defaults to stdin.

This allows you to run btcrecover along these lines:

Code:

btcrecover --tokenlist old-tokens.txt --listpass | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

You could even combine multiple old runs, e.g. (Linux / OS X only):

Code:

( btcrecover --tokenlist old-tokens-1.txt --listpass ; btcrecover --tokenlist old-tokens-2.txt --listpass ) | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

(maybe) new feature 2: add an "--exclude-tokenlist FILE" command line option (FILE is required).

Code:

btcrecover --exclude-tokenlist old-tokens.txt --tokenlist new-tokens.txt --wallet wallet.dat

It's a little more convenient than the first feature for common cases, but it's less flexible and more difficult to implement.

(BTW I definitely liked your idea of multiple sections in a single tokenlist file, but keeping the files separate would be easier to code.)

What do you think?

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: onemorexmr on March 12, 2015, 09:13:09 PM

a password for the autosave file is a little crazy... but you could extend your passwortcracker to crack your autosave file Cheesy

couldnt resist...

Quote from: onemorexmr on March 12, 2015, 09:13:09 PM

is it possible to let the user enter a new password for wallet.dat as soon as you found it (maybe even let the user enter it as soon as you program starts (this seems(!) to be a good way to store it in mem: https://pypi.python.org/pypi/keyring)?

That hurts my head to even think about.... btcrecover supports (depending on how you count) between 10 and 15 different wallet formats, and for many of them it only understands the bare minimum required to test passwords (and not nearly enough to read or write an entire wallet file).

Cool library though (keyring), I haven't heard of it before.

Quote from: onemorexmr on March 12, 2015, 09:13:09 PM

edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.

eg
token1
token2

[before]
token1

[before]
token2

this shouldnt change anything in your security/thread model.

That's an interesting idea. Keep in mind it's not just the token / typos-map files that that I need to keep track of, it's also the command-line options too. Still, that could be doable.

(FYI I'm signing off for the night.)

onemorexmr

sr. member

Activity: 252

Merit: 251

Quote from: btchris on March 12, 2015, 09:05:20 PM

Agreed that could work, but I've intentionally avoided saving any sensitive information inside the autosave file. I save the command-line arguments in plaintext, but I only save an SHA1 of the tokenlist file in the autosave. It's bad enough with all of the insecure handling of password information that I do (see here), so I really wanted to avoid surprisingly saving any sensitive data inside the autosave file. (I only bother saving an SHA1 of the tokenlist file to ensure that someone doesn't try to resume a session with a changed tokenlist file, which would be a pretty bad idea...)

a password for the autosave file is a little crazy... but you could extend your passwortcracker to crack your autosave file Cheesy

couldnt resist...

but as you said: you already dont handle passwords that well...
imho a warning message should do it.

is it possible to let the user enter a new password for wallet.dat as soon as you found it (maybe even let the user enter it as soon as you program starts (this seems(!) to be a good way to store it in mem: https://pypi.python.org/pypi/keyring)?

edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.

eg
token1
token2

[before]
token1

[before]
token2

this shouldnt change anything in your security/thread model.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: onemorexmr on March 12, 2015, 08:30:35 PM

Quote from: btchris on March 12, 2015, 08:23:49 PM

I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?

It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...

exactly...

just one idea: use the old autosave file to calculate the old worldlist again and skip all entries for the new one (this may require to save the token / typos file inside the autosave).

Agreed that could work, but I've intentionally avoided saving any sensitive information inside the autosave file. I save the command-line arguments in plaintext, but I only save an SHA1 of the tokenlist file in the autosave. It's bad enough with all of the insecure handling of password information that I do (see here), so I really wanted to avoid surprisingly saving any sensitive data inside the autosave file. (I only bother saving an SHA1 of the tokenlist file to ensure that someone doesn't try to resume a session with a changed tokenlist file, which would be a pretty bad idea...)

onemorexmr

sr. member

Activity: 252

Merit: 251

Quote from: btchris on March 12, 2015, 08:23:49 PM

I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?

It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...

exactly...

just one idea: use the old autosave file to calculate the old worldlist again and skip all entries for the new one (this may require to save the token / typos file inside the autosave).
then its just the question what is faster: try the password or search it

but i dont have any good solution for this problem, just a thought which came to my mind after trying it.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: onemorexmr on March 12, 2015, 07:39:07 PM

well i tried... 12cores / 4days but i think its lost...i have given up...

Really sorry to hear that... Sad

if it makes you feel any better, the reason I started working on this in the first place was to recover my own password... and despite a sh*tload of effort, I still haven't gotten it back yet. Roll Eyes

Quote from: onemorexmr on March 12, 2015, 07:39:07 PM

but i like this app! very good work from you and i will recommend it (in fact i already did in another thread)

Thank you!

Quote from: onemorexmr on March 12, 2015, 07:39:07 PM

just one suggestion: sometimes people use chars between the tokens (eg bitcoin-core vs bitcoincore) would be nice if you could support that.

I think this is a great idea. It would also help people who use passphrases with space-separated words. It's sort of possible to do today (by being clever with anchored tokens), but it's pretty painful. I'll definitely give this some thought.

Quote from: onemorexmr on March 12, 2015, 07:39:07 PM

another idea (though i have no idea if this is even possible to implement): i have started with a narrow token definition and with --typos=1. as this did not work i tried to widen that definition which has lead to many duplicate checks. would be nice if somehow this can be reduced.

I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?

It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...

onemorexmr

sr. member

Activity: 252

Merit: 251

Quote from: btchris on March 12, 2015, 07:25:38 PM

Quote from: onemorexmr on March 08, 2015, 06:43:47 AM

Quote from: elasticband on March 08, 2015, 06:41:54 AM

https://github.com/gurnec/btcrecover

thank you. i'll give it a shot.
i'll tell my friend if it worked and that he should donate something (he'll like do this)

Hi, onemorexmr. By all means, if you have a question or need a hand with something, just let me know (here in this thread or via PM if you'd prefer).

Quote from: elasticband on March 08, 2015, 06:41:54 AM

https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalksearch.org/user/btchris-1171

Quote from: KaChingCoinDev on March 11, 2015, 08:15:32 AM

Definitely want to use this: https://github.com/gurnec/btcrecover

The developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for.

Uhhmm... wow.. I'm not even sure my wife would describe me so nicely Tongue

(Thanks!)

well i tried... 12cores / 4days but i think its lost...i have given up...
but i like this app! very good work from you and i will recommend it (in fact i already did in another thread)

just one suggestion: sometimes people use chars between the tokens (eg bitcoin-core vs bitcoincore) would be nice if you could support that.

another idea (though i have no idea if this is even possible to implement): i have started with a narrow token definition and with --typos=1. as this did not work i tried to widen that definition which has lead to many duplicate checks. would be nice if somehow this can be reduced.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: onemorexmr on March 08, 2015, 06:43:47 AM

Quote from: elasticband on March 08, 2015, 06:41:54 AM

https://github.com/gurnec/btcrecover

thank you. i'll give it a shot.
i'll tell my friend if it worked and that he should donate something (he'll like do this)

Hi, onemorexmr. By all means, if you have a question or need a hand with something, just let me know (here in this thread or via PM if you'd prefer).

Quote from: elasticband on March 08, 2015, 06:41:54 AM

https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalksearch.org/user/btchris-1171

Quote from: KaChingCoinDev on March 11, 2015, 08:15:32 AM

Definitely want to use this: https://github.com/gurnec/btcrecover

The developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for.

Uhhmm... wow.. I'm not even sure my wife would describe me so nicely Tongue

(Thanks!)

KaChingCoinDev

sr. member

Activity: 364

Merit: 250

Definitely want to use this: https://github.com/gurnec/btcrecover

The developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for.

onemorexmr

sr. member

Activity: 252

Merit: 251

Quote from: specgamer on March 08, 2015, 04:25:30 PM

Did some research this is a great way, I actually tried it out too. WORKS great Wink

https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/

i fail to see how this is related to my question? (ah i see... sig ad Wink

)
i know how to secure my bitcoins...

for 1btc (the only bitcoin my friend has) a wallet password is secure enough... he should just have written it down somewhere (damn)

specgamer

sr. member

Activity: 252

Merit: 250

I love bitcoins.

Did some research this is a great way, I actually tried it out too. WORKS great Wink

https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/

E.exchanger

hero member

Activity: 714

Merit: 500

NEED CRYPTO CODER? COIN DEVELOPER? PM US FOR HELP!

i guess here you can find few wallet recovery services but try the above mentioned script first so in case you have any luck with that you can have the whole recovered money

onemorexmr

sr. member

Activity: 252

Merit: 251

Quote from: elasticband on March 08, 2015, 06:41:54 AM

https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalksearch.org/user/btchris-1171

thank you. i'll give it a shot.
i'll tell my friend if it worked and that he should donate something (he'll like do this)

Topic: my best friend lost his wallet password.. (Read 2986 times)