Topic: Passphrase recovery with Btcrecovery (Read 398 times)

Thank you. You may hear from me soon. Just wanted to thank you publicly because I'm so grateful for your (and everyone else who has commented) inputs and advice! I really wish I had merit points to give to you!

Yes. If you don't specify it in the command line, then a pop up will ask for it.

No, two would be the minimum. You can't use one since one can't be compared to zero others, but you could use two with ^r1^ coming somewhere before ^r2^.

Note that with relative anchors (but not fixed anchors), you can use the same relative anchor on multiple lines. So if I had one line with ^r1^, and two different lines both with ^r2^, then both of the ^r2^ lines would come somewhere after ^r1^, but in either order.

As I say, it all depends on the format of your tokensfile, how many lines there are, the possibilities on each line, how much descrambling might be needed, etc. It also depends on how many guesses per second your hardware is capable of. If you share your tokensfile with the actual words redacted (feel free to PM it to me if you would prefer), I can do some rough math to work it out for you.

If you run without --no-eta, then it should calculate it for you, but in my experience this doesn't really work very well for large numbers and tends to just freeze up.

You just have to copy and paste the quote tags multiple times around each section of text you want to quote.

What's a doable and impossible number (hundreds of years) that can/can't be found?

Thank you! Replies in bold again.
Bonus question: Is there a post or tutorial I can learn where to quote properly? Lol

Not necessarily. If you've made more than one account under the same passphrase, then it could be m/84'/0'/1' and so on.

If you are searching using the xpub and --mpk, then you don't need to set an address limit anymore.

No, that would be the case if you were using fixed anchors rather than relative anchors.

Fixed anchors (^x^) place that word in a fixed position. Relative anchors (^rx^) place that word in relation to other relative anchors.

If you use ^3^Word3, then Word3 would be the 3rd word.
If you use ^r3^Word3, then Word3 would be placed somewhere between the words you set as ^r2^ and ^r4^, but there could be other words between them as well, and ^r3^ wouldn't necessarily be the third word.

It's all going to depend on the size of entire tokens file. But if you change the number of possibilities in a single line from 1 to 2, then that is going to double your search space. Change another line from 1 to 2, and the will double it again, so 4x in total. So even a few extra possibilities can dramatically increase the search space.

Again, it depends on what exactly you are searching. If you know all 12 words exactly but have them in the wrong order, then that's 12! = 479 million possibilities. If you know the order of 12 words, but each word could be one of four possibilities, then that's only 4¹² = 17 million possibilities. It will all depend on exactly how much you know and how much is unknown.

I don't have computers with GPU so could give it a try. In FinderOuter where should I enter the words I think they are? Is it in "CustomChars"? If yes, do I put Word1Word2Word3 and it will try all the combinations from that?

Thank you! For the derivation path, being a native segwit wallet, wouldn't it always be m/84'/0'/0'?

I've tried the combinations but need to narrow it down more I guess. I realize I may have used the wrong address limit now so while that was a waste of time, there is hope I find the right one now.

I have a couple of queries to clarify:
1. If I use relative anchors like ^r3^Word3, ^r4^Word4, does it means those words are going be the 3rd or 4th words in the passphrase?

2. If I have word1 woRd2 w0rd3 all in 1 line, and word2, woRd2 w0rd2 in another line, how much time does each extra word take?
I.e., I'm trying to figure out how many words is "doable". Is it 11, or 12? 20 takes thousands of years. So what's a doable limit to try and does each possible word in 1 line add to the time taken or not?

Thanks!

Almost. Take the fresh address it path it shows you under your xpub and knock the last two sets of digits off it to get the derivation path for your xpub. So if it shows m/84'/0'/0'/0/5, your xpub's path will be m/84'/0'/0'. Make sure to include the ' symbols, these are very important and will generate entirely different keys if you miss them out.

The last thing to be sure is that this xpub is definitely coming from the account protected by the passphrase, and not from the base account with no passphrase.

If the order is off, then you are really going to struggle. Based on your initial post of 15-20 words, and the fact that I can descramble 12 words in a little under an hour, then 15 words would come out at around 100 days and 20 words will be in the region of hundreds of thousands of years, even assuming you were 100% correct with all your words and symbols.

So, assuming you know the order, then I would try something like this initially:

And so on.

The ^x^ before each word fixes the position of that word. btcrecover will then take one entry from each line and assemble that in to a passphrase in that order to try. So on each line, you put every possible permutation of that word. This is also assuming no spaces between the words.

If that fails, then change your tokens file to all caps.
If that fails, then take your second wordlist (e.g. veg instead of fruit) and follow the same process.
If that fails, then combine your wordlists and follow the same process.

Note that if $ is the last character of a token, you will need to replace it with %S otherwise btcrecover will interpret it as an end anchor.

In terms of the numbers at the end, you can do what you are doing and put every possibility on a single line with $ at the end, or you can use a wildcard if you are unsure about the numbers. For example, %3,4d will try every 3 and 4 digit combination. Note that this will significantly increase your search space, however.

It's either one of these lists, or a combination of both. If separate, I'm confident of the order but yet it didn't work so something is off.

I think all caps but could be wrong. It was done on the Ledger Nano S so I don't think I would have gone and changed caps and spaces between words...

Fruit1fruit2fruit3fruit4
OR
Veg1veg2veg3veg4
OR
Fruit1veg1veg2fruit2
There are probably some known number combinations, at the end. So I know to put all those in 1 line and use $ after each one.

To make matters worse, I may have replaced a with @ and s with $ and o with 0.

I'm a moron!
(Clearly I don't know how to use the quotes properly, so I've put my responses in bold, sorry!)

How did you export the xpub? If you are sure it is correct, then you can just use that directly instead of then deriving an address from it. Your search will also be a little faster using the xpub since btcrecover does not have to derive one or more addresses for each attempt.

Instead of using the --addrs argument, replace it with --mpk xpub6ABC...
If you also know the derivation path for that xpub, then include the following as well to narrow down the search further, replacing xx with the relevant numbers:

If you can give us much information as you know about your passphrase (obviously without revealing the actual words), then we can try to optimize things as much as possible.

If ledger Live can show the address' derivation path, the first address should have "/0" at the end of the path, the 2nd address has "/1" and so on.

But if there's no way to show it, the xpub should do.
Use an offline machine for privacy reasons and load/import it in any tool/wallet that supports xpub.

E.g.: in Electrum, restore it in "new/restore" menu or "Install Wizard" by selecting "Standard wallet->Use a master key".
for xpub, Electrum will derive addresses that starts with '1'. If your addresss starts with 'bc1q',
convert the xpub first in the console (View->Show Console) into zpub via command: convert_xkey(xkey="xpub...",xtype="p2wpkh")

Finish creating the wallet, enable the 'Addresses' tab (Show->View Addresses) and open it.
Then the addresses with green highlight are your receiving addresses and it should be in the correct arrangement by address_index.
To make sure, right click on the address and select "Details", the derivation path for the first address from the extended pubKey should be m/0/0.

Thank you! I'm glad to see you're still active here. I've seen so many posts from you while helping others over the years. Thanks for clarifying about the relative anchors; it's much clearer now!

Do you suggest any other commands to use to reduce the number of variables?

From my other post: Is there a way to find out whether it's the first derived address or not? I do have the wallet in my Ledger desktop app. I also have the xpub but wasn't 100% certain I got it the correct way so thought using the address would be better.

Is there a way to find out whether it's the first derived address or not? I do have the wallet in my Ledger desktop app. I also have the xpub but wasn't 100% certain I got it the correct way so thought using the address would be better.

I think I read somewhere that it searches all the formats and stating the current format will reduce the search parameters. Perhaps that's been updated in the latest version?

Thank you for the support!

If you tried it on Windows it crashed while running it in a few hours maybe it crash because you didn't disable the hard disk sleep or anything that could interrupt the software from running. You might need to install dot net core according to their guide.


That's the only downside about this tool but they are planning to add support GPU on version 2.0 according to their roadmap. The only good thing about this tool it's easy to use compared to BTCrecover/Hashcat.

Separate runs. There is no straightforward way to tell it to change the case of your entire token file.

You can put multiple tokens on a single line, and it will only try one from each line, such as:
However, there is no way to say "If you pick the lowercase token from the first line, pick the lowercase token from all the other lines too". So you will simply have to make a token file with everything in lowercase, and once exhausted change everything to uppercase, and so on.

If you are certain a word appears somewhere, but you don't know where, then use +
If you know the exact position of a word, for example "This is definitely the fourth word", then use + ^4^
If you have three words you think WordA comes first, WordB somewhere later, and WordC later still, then you would use something like this:
This fixes these word positions relative to each other. WordB will never be tried before WordA, but there could still be other words between WordA and WordB.
If you have three words and you know they are consecutive, then combine them in to a single line like this:
The %s will be replaced by a single space.

Combine these on the same line to try only one of them at a time. Example:

• The "address limit" tells btcrecover how many 'address_indexes' to derive (address_index starts at '0'),
  so if you're not certain of your address' index, better leave it with higher or default value.
  But if you're absolutely certain that it's the very first address that you've derived (not just the first to receive bitcoins), then '1' is enough.
  
  
• You'll be providing it with your address with --addrs so why do you have to provide the format?
  Anyways, --skip-uncompressed can be added to skip searching from uncompressed pubKeys which Ledger doesn't support.

Basically, the command will look like this:
You should have a token file named "btcrecover-tokens-auto.txt" in btcrecover's directory containing your tokens or point to it with --tokenlist
(just add the necessary options depending on your needs, e.g.: --typos-capslock)

I have something to clarify. Blockchain explorer tells me that:


This address has transacted 1 times on the Bitcoin blockchain. It has received a total of XXX BTC $XYZ and has sent a total of 0.00000000 BTC $0.00 The current value of this address is XXX BTC $XXX.
The address format is Bech32 (P2WPKH). The address starts with bc1.

• In btcrecover, it's correct to say the address limit is 1, right?
  
• Is there a way to tell btcrecover the address format to speed it up and not check every format?

In my opinion, you should use Debian or at least Ubuntu! A Linux distro will be way more secured than Windows. Maybe, it is just my pro-linux propaganda which is talking right now  but it is never too late to start using Linux, and you won't regret it for sure

I didn't really realize that; thank you! I did plan on moving everything out, if ever found and changing the passphrase etc. before formatting the laptops and enabling wi-fi. I like your suggestions though.

Yeah it runs offline mate just go to https://github.com/sc0tfree/mentalist/releases/tag/v1.0 and download Mentalist-v1.0-OSX.zip


Also running something offline doesn't always make it secure, this is a protip. If you want to be extra safe, Run this on a live usb or an old laptop with the network device removed &/or disabled from the bios.


Malware can aggregate data offline for posting it out later on, also crash reports, memory persistence happen too.

Thank so much, Mentalist looks interesting. I hope I can run it offline!
I am using the latest version of Btcrecover as I only started this journey a few weeks ago. I hadn't used the Macbook at the time of creating the passphrase. Entering it on the Ledger Nano S was the only way. Nice tip though.