[overview] Recover Bitcoin from any old storage format - page 5.

dragonvslinux

legendary

Activity: 1722

Merit: 2213

Quote from: malevolent on July 12, 2019, 03:44:16 PM

Quote from: Stedsm on July 10, 2019, 05:53:00 PM

What IF:
- As some of the USB drives have their own security system software installed, I wish to know are these softwares actually trustworthy to be kept in it (like to add a password to password-protect it to secure our USB drive and/or even external hard drive)?

2. Use tested open source solutions such VeraCrypt or LUKS.

Personally, I'd zero-out (wipe) any USB you plan to use to store private keys or seeds on. Then reformat the USB on an offline laptop, ideally using a linux live system.
Luks might be more convenient but veracrypt is much more secure (when set to Serpent-Twofish-AES - 256x3). The Luks default is AES-256 if I'm not mistaken.
I'd also recommend creating both a veracrypt file as well as a partition on seperate disks. The files are more reliable, as well as to replicate, the partitions are less reliable.
The veracrypt partition option is useful for creating full disk encryption, such as with tiny useless USBs, that are more resistant than luks default encrypted partitions.
Finally I'd recommend never making just 1 backup (this is a single point of failure still), make multiple on cheap USBs for a distributed backup system instead.

malevolent

legendary

Activity: 3472

Merit: 1724

Quote from: Stedsm on July 10, 2019, 05:53:00 PM

What IF:

- I keep all the backup in a USB drive (removable media) or an external hard drive that goes either broken or completely corrupt?

- As some of the USB drives have their own security system software installed, I wish to know are these softwares actually trustworthy to be kept in it (like to add a password to password-protect it to secure our USB drive and/or even external hard drive)?

1. There are data recovery companies that may assist you with that. No guarantees, though.

2. Use tested open source solutions such VeraCrypt or LUKS.

Coding Enthusiast

legendary

Activity: 1042

Merit: 2805

Bitcoin and C♯ Enthusiast

Quote from: LoyceV on July 11, 2019, 01:26:20 PM

You can get a cheap letter punch on eBay, but most sets don't have lower case letters.

In these cases you can always change your encoding from any base to any other base that doesn't have mixed case digits. The most common is base-16 aka hexadecimal format, there is also base-36 (0-9 and a-z); neither one of these have the checksum that base-58 (WIF) has.
And finally there is bech32 which currently is only used for addresses but it can also be used for private keys although there is no standard for it yet but it offers the checksum and also error detection both of which are needed for storage purposes.

HCP

legendary

Activity: 2086

Merit: 4363

Or you can spend $$$ on things like:
https://bithd.com/Frozen-Armor.html
https://cryptosteel.com/
https://steel-wallet.de/
https://www.simbit.com/
etc

Noting that most of these solutions are aimed at storing BIP39 seed mnemonics... as you only need to store the first 4 chars of each seed word to be able to recreate it (it's a feature of BIP39 wordlist)... in general, they're not suitable for storing a full Base58 private key.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Stedsm on July 11, 2019, 12:32:24 PM

What kinda solution? Any preference you'd share here to make us aware of it?

I was thinking of something like KeePass (or KeePassX), or TrueCrypt (although I didn't know until now it's discontinued).

Quote

What IF:
- I've only stored my keys on paper wallet(s) and it is the only source that's prone to fire, water and tearing?

You'll need another backup at another location to be safe. I still haven't found the right balance between "the risk of having a wallet compromised" and "the risk of losing access myself". Well, I have a balance, but it still doesn't make me feel totally at easy.

Quote

On a side note, what's a steel wallet and how does it work? Can it help me save money on one hand while also providing me the level of security needed to store such sensitive data?

Basically, any piece of steel with a private key stamped into it will do. You can get a cheap letter punch on eBay, but most sets don't have lower case letters.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Stedsm on July 11, 2019, 12:32:24 PM

Quote from: LoyceV on July 11, 2019, 01:10:04 AM

Quote from: Stedsm on July 10, 2019, 05:53:00 PM

As some of the USB drives have their own security system software installed, I wish to know are these softwares actually trustworthy to be kept in it (like to add a password to password-protect it to secure our USB drive and/or even external hard drive)?

I guess this varies per device. I'd prefer an Open Source solution for encryption.

What kinda solution? Any preference you'd share here to make us aware of it?

Personally i'd recommend using LUKS or LUKS2 encryption. If you use linux, you could either use gnome-disks (GUI) or cryptsetup (terminal)

Stedsm

legendary

Activity: 3052

Merit: 1273

Quote from: LoyceV on July 11, 2019, 01:10:04 AM

Quote from: Stedsm on July 10, 2019, 05:53:00 PM

As some of the USB drives have their own security system software installed, I wish to know are these softwares actually trustworthy to be kept in it (like to add a password to password-protect it to secure our USB drive and/or even external hard drive)?

I guess this varies per device. I'd prefer an Open Source solution for encryption.

What kinda solution? Any preference you'd share here to make us aware of it?

As you asked me not to rely on one single device for the storage of all such wallets and privkeys,
What IF:
- I've only stored my keys on paper wallet(s) and it is the only source that's prone to fire, water and tearing?

On a side note, what's a steel wallet and how does it work? Can it help me save money on one hand while also providing me the level of security needed to store such sensitive data?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Stedsm on July 10, 2019, 05:53:00 PM

What IF:

- I keep all the backup in a USB drive (removable media) or an external hard drive that goes either broken or completely corrupt?

Then you're screwed Tongue

When using digital storage media, you shouldn't rely on just one copy, and you should check all copies once in a while (or, considering the price of storage media, just make a new one once in a while).
With properly stored paper, you can be pretty sure it lasts a lifetime and longer. With digital storage, I've seen too many defective disks and USB sticks to really rely on them.

Quote

- As some of the USB drives have their own security system software installed, I wish to know are these softwares actually trustworthy to be kept in it (like to add a password to password-protect it to secure our USB drive and/or even external hard drive)?

I guess this varies per device. I'd prefer an Open Source solution for encryption.

Stedsm

legendary

Activity: 3052

Merit: 1273

The 2nd post after OP asks us to:

Quote from: DaveF on August 26, 2018, 08:49:35 AM

MAKE A BACKUP ON REMOVABLE MEDIA BEFORE DOING ANYTHING.

Wanna know something.

What IF:

- I keep all the backup in a USB drive (removable media) or an external hard drive that goes either broken or completely corrupt?

- As some of the USB drives have their own security system software installed, I wish to know are these softwares actually trustworthy to be kept in it (like to add a password to password-protect it to secure our USB drive and/or even external hard drive)?

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: LoyceV on April 24, 2019, 07:18:57 AM

Old private key problem that I haven't seen until today

this is a "broken code" problem which you don't really see with "wallets" that people use.
the interesting thing about that topic is that it showed how broken the code of many of these tools are (even Electrum¹) they don't validate the input private key properly! instead they base58-decode, drop the extra bytes instead of validating them and use the leftover as the "key"!

edit: ¹ by the way, this was fixed in Electrum.

zenrog

member

Activity: 229

Merit: 45

The wallet was created in April or May 2013, and backup file is from June 2013.
I have 2 wallets on one email address, first wallet works perfectly without second password, second wallet has 2nd password and I forgot it.
I use a few passwords for all wallets, and probably making a mistake in one letter or number, but how can I use brute force or backup of wallet?

malevolent

legendary

Activity: 3472

Merit: 1724

Quote from: HCP on April 22, 2019, 06:32:18 PM

Quote from: zenrog on April 22, 2019, 04:54:46 PM

I have a wallet.aes.json file backup from blockchain.info (from 2013), I know first password, but I forgot second, I know about which might be but I do not know the exact variation, 12 phrase word is lost too.

You will likely not be able to open that file in any other wallet application...

There is no way to recover a "2nd password" from a blockchain.info wallet, except via brute force... And that will take a very long time unless you have a very good idea of what the password was.

The best you could probably hope for is a script (perhaps modified btcrecover) that will allow you to test 2nd password variations? As far as I'm aware, it only supports trying to brute force the first password.

It wouldn't also hurt to know when the wallet was created as the encryption schemes and KDF iterations changed even within the same wallet version.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

I found several topics with good information that I haven't had the time to check (and Merit) thoroughly, so I'll leave them here:
Re: How to decode an encrypted WIF key ?
Multibit HD seed in Electrum and another link on moving from Multibit HD to Electrum
Old private key problem that I haven't seen until today
I have recovered an old wallet.aes.json from Blockchain.info but its a raw key
decrypt the .key files using openssl

Update: HCP in MultiBit Classic fails to open wallet file
Update: HCP in Multi bit

HCP

legendary

Activity: 2086

Merit: 4363

Quote from: zenrog on April 22, 2019, 04:54:46 PM

I have a wallet.aes.json file backup from blockchain.info (from 2013), I know first password, but I forgot second, I know about which might be but I do not know the exact variation, 12 phrase word is lost too.

You will likely not be able to open that file in any other wallet application...

There is no way to recover a "2nd password" from a blockchain.info wallet, except via brute force... And that will take a very long time unless you have a very good idea of what the password was.

The best you could probably hope for is a script (perhaps modified btcrecover) that will allow you to test 2nd password variations? As far as I'm aware, it only supports trying to brute force the first password.

zenrog

member

Activity: 229

Merit: 45

Allright guys, I do not want to open a new topic, I have a problem.
I have a wallet.aes.json file backup from blockchain.info (from 2013), I know first password, but I forgot second, I know about which might be but I do not know the exact variation, 12 phrase word is lost too.
Can open a file in the text format Im getting something like this -

6qEGCe2PLD6I7bztlYT4PpHWEY7zx+SIXzY0LyID8Dw1o3cHl8whi4ay6bKBOSs/ui7MDEsQ/trDjfI0ze2t8xLj2h7ODmUT3Fis1ffOd1nvOwuejDx5xUVlREp5r9h+/K26Jl5jlzcXRwq8ase3ORmTO8GvfR7Koy7P4bUY8Kj85ecf7JGQ6WKftuXdKHdJTXuh6c5sUNEVBGoPzlLNolq/JMFwqzZSL17a4f9fA5HdbTd5JhLgWgAg9a0LT+6kDw5sN7e3dIX2YD0L/vmEnpqwnrdcB6iwH4MGdIAt7h8wZtXlMbs3rEmyDB/QSkTeheu/Zw6mT9828eY8irIXrAxDqltsz6chyfMXQ66885JyUolHQbU3c82cpMiliCvJ2vlKS+SpiyUfYtwjeKghFqdvPXXGEaJq7MQE04zLrHemt3x+l6Jc0k8zOVmmD2t0wjb3xKzJlG3fe1CnQwjvFJq7vfxCy8stYvefosLOpIwG2NYH82Vdsan/sXTziW3hekoXuhfwz6JewWfyfWzMauwgUNIL8IUrZS3GBsoSj4fw0i9aU1iUlyeTHUK88r4jeN2ZxnVQTNKgIgLslNVGL/7C0iFkJEjgMtdC8mXg32wZpeQOA01Y73dKy6A9S8TLOeN1sQiwgqOPKlINj3f2Zp/mWpcEYhub7c/u/q7nNRS5T1WFW22JMdUOE8yQJvs (I change some words)

Tried in Multibit, stuck in second password, same with Electrum.

Any help?

Thanks.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: KingZee on December 26, 2018, 03:12:19 PM

I remembered you said you were going to add my Wallet finder?

I've added this section:

Quote from: LoyceV on August 26, 2018, 08:09:32 AM

No wallet?
If you can't find your wallet.dat, because it's deleted or renamed, you can try these options (do this offline!!) after you've made a backup of the entire partition.

Pywallet can search for private keys on an entire partition, even when the wallet has been deleted.
Findwallet can search for a wallet file after it was renamed (but not deleted)

KingZee

sr. member

Activity: 938

Merit: 452

Check your coin privilege

Quote from: ?? on ??

Bump

I remembered you said you were going to add my Wallet finder?

To sum it up in one line :

Find wallet files without knowing the filename or extension:

findwallet : Use "findwallet -i your/path/to/search" to search the path for bitcoin core wallet files (and extract the private keys if it's not encrypted)

Coding Enthusiast

legendary

Activity: 1042

Merit: 2805

Bitcoin and C♯ Enthusiast

Quote from: LoyceV on November 22, 2018, 01:57:52 PM

Can you explain what h₂₅₆ is?

I haven't seen this term before but based on context he probably means a "256 bit hash"!

Quote from: LoyceV on November 22, 2018, 01:57:52 PM

I tried this:

Code:

$ echo 'Sf2i92UoH3kMooYXHdDQ4YQvLTdPrQ' | sha256sum
007aeefa33a979026a96153fa8358978afc09556ec7941aaccf46924bd3a20c0  -

And without adding a question mark, I do get a result starting with "00".

I am no linux expert but sha256sum in linux is for computing hash values of files and it adds a dash (-) at the end of the input so you are hashing your 'Sf2i....TdPrQ-' instead of 'Sf2i....TdPrQ'. Try this¹:

Code:

echo -n "Sf2i92UoH3kMooYXHdDQ4YQvLTdPrQ" | sha256sum | tr -d "[:space:]-"

and you will get the real sha256 hash result. Append the ? at the end and you will get the following hash:
00d3989fec08a5eefc3b2d891f579de60b59bc8fe90fb6af823592ced2372458

Bam!

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: ?? on ??

Thnx for guide. I took the liberty of placing its essence in front of Russian speaking ppl

Thanks for sharing knowledge!

Quote

and explained them how to check the validity of various keys. For example to check the validity of mini key you need to attach ? -chacter to its end and then compute h₂₅₆(Sf2i92UoH3kMooYXHdDQ4YQvLTdPrQ?) = 00D3989FEC08A5EEFC3B2D891F579DE60B59BC8FE90FB6AF823592CED2372458.

Can you explain what h₂₅₆ is? I tried this:

Code:

$ echo 'Sf2i92UoH3kMooYXHdDQ4YQvLTdPrQ' | sha256sum
007aeefa33a979026a96153fa8358978afc09556ec7941aaccf46924bd3a20c0  -

And without adding a question mark, I do get a result starting with "00".

Quote

The presence of two zeroes at the start of SHA256 output implies that the minikey is valid.

I did not know that.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Coding Enthusiast on September 14, 2018, 02:38:10 AM

~see above~

Thank you very much for your effort! I've added an Altcoin-chapter to the OP, and added a link to your work in the Stellar thread.

However, in this case it didn't solve it. I tried your software on some manual variations on Ronny-T's handwriting, and manually checked 300+ valid keys. None of them holds his funds (worth about 1 year salary where he lives).
That means he either made more than 2 mistakes, or part of the key has shifted a block of characters one (or more) position(s) left or right. A brute-force search for 3 mistakes would still be doable on standard hardware (a few hours); 4 characters would take close to a year. For doing this, it would need to automate checking if the key belongs to the right address (manually checking 20k keys is too much), but I can't say how likely this would be to succeed.

Topic: [overview] Recover Bitcoin from any old storage format - page 5. (Read 8731 times)