Author

Topic: Password Recovery Freelancer For Hire (Read 1542 times)

full member
Activity: 124
Merit: 101
November 24, 2013, 10:22:02 AM
#5
I've updated the OP with instructions for how to safely send the minimal parts of your wallet required to crack the password. There is no way to steal from a wallet using only the information gathered using these instructions that I know of (although beware of some forum hacker changing the instructions in the future - if you store my GPG key 986D1761 with fingerprint 4574 6F20 AB00 974B 5578  387A DD2D 3762 986D 1761 now you can check that it hasn't changed in the future).
full member
Activity: 124
Merit: 101
November 23, 2013, 07:12:28 AM
#4
That's a pretty cool service... but how exactly would they go about doing it so you can't get their wallet information?  Not sure how that would work.

A Bitcoin wallet contains multiple addresses encrypted by the same key - turns out you only need one of those addresses, and it can be an empty address (no coins in it), to recover the password. I'll post more instructions here soon (maybe tomorrow) so stay tuned.
hero member
Activity: 490
Merit: 500
November 23, 2013, 12:03:59 AM
#3
I think this may be a useful service to many

Will keep you in mind
member
Activity: 84
Merit: 10
November 22, 2013, 08:04:57 PM
#2
That's a pretty cool service... but how exactly would they go about doing it so you can't get their wallet information?  Not sure how that would work.
full member
Activity: 124
Merit: 101
November 22, 2013, 07:40:33 PM
#1
If you are one of the dozens of people on this forum who have been locked out of their encrypted Bitcoin wallet, even that you're almost certain you're remembering your password right, I'd like to try to help you.

I recently, through what felt like temporary insanity, lost an important password. I ended up developing a remarkably ambitious "password typo" generator during days of desperation.

My password generator covers a wide range of small and large mistakes that could easily have altered an original password into something other than what was intended, even when it was typed twice to confirm. I believe my system goes far beyond garden variety password permutators.

I am not trying to start a commercial service here but I'd like to give password recovery a shot as a freelancer. If you're tethering on the brink of madness, locked out of a high value wallet, let me give it a shot. You don't need to send me the wallet - only the pieces necessary to crack it. You can (and should) exclude any actual addresses with money - see instructions below.

I can't promise anything but if you give me a precise description of your likely password and how it was probably formed, I think my script stands a good chance to recover your actual password. I will test a hundred thousand combinations or so. If I succeed I'd appreciate a customary 15% tip. Smiley

Example of a good password recollection description:
"I'm POSITIVE it was horse staple battery but it just won't work. Maybe I added a number somewhere or maybe the words were in a different order. I do know I didn't use any symbols, and it was all lower case."

This is a limited time offer - I don't intend to make this my day job (unless of course I turn out to be amazingly successful and everyone keeps telling me how smart and handsome I am).



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

## How to Safely Share a Wallet with a Password Recovery Service

Say you've lost your password for your Bitcoin wallet and you need to send it to a password recovery specialist. How can you send it without risking the coins inside?

Your wallet consists of many addresses encrypted with the same password. There will be some empty addresses which your client has generated ahead of time. What you want to do is to extract two of those empty addresses, plus the master key, giving away just enough to find and verify the password. The pieces you need are:

* The master key and its salt.
* The encryption algorithm used and its parameters.
* Two *empty* Bitcoin addresses from your wallet's set of reserve addresses.

If you send this, and only this, the specialist can find your password. Should a bad actor get the details and successfully crack the password, they'd only have 2 empty addresses to show for it.

### Instructions

Here's how to get the pieces:

1. Download the `pywallet.py` tool: https://raw.github.com/joric/pywallet/b80346d4282dff804315230e1ff26aa4d86502a2/pywallet.py
2. Install Python: http://www.python.org/getit/releases/2.7.6/
3. Open a command prompt. In Windows, press the Windows key + R. Then enter "cmd" and hit enter. On the Mac, type in "Terminal" into Spotlight and press enter.
4. Enter the following commands:

        cd ""
        python pywallet.py --dumpwallet >wallet.json

5. Open up the generated file, `wallet.json` in a text editor.
6. Scroll down to the line with `"mkey": {`  and copy and paste the whole section to the closing `}`.
7. Go up and look for 2 addresses with `"reserve": 1`. Copy everything between the `{` and `}`.

The parts you copy will look something like this:

    "mkey": {
        "crypted_key": "3ad6dc1a1e0005bf4961c145288502a30fad2732f0d52fcb94c4fbbbb12905e9f02a22f5a0fd712 68a1aca16a72c6b78",
        "nDerivationMethod": 0,
        "nDeriveIterations": 40122,
        "nID": 1,
        "salt": "47efc45626b21ffa",
        "vchOtherDerivationParameters": ""
    },
    {
        "addr": "13gUHnjSFD5uwByAuJ3RisrPwAE6pBmspn",
        "ckey": "66cf275830696f0a698722f55ce70c0c472030a27895b0bfd29b15cfee5e8a10ba8fa3ef0f6241a 50653085a0c040ebd",
        "pubkey": "03fb2183f295bd4ea92b32dc5c9a8673dca4977d0b04ce759c9b26ecd101a18472",
        "reserve": 1
    },
    {
        "addr": "19o6DUEghMRPxBBDSwYtVa8m2JjdS4mA2T",
        "ckey": "741b9d7a6cec9b1fafbcdc01cdaa0ed77d3637657ebbaccf8844ade333b6f6f733b090ea205c13c a3a79a3e9004d09a7",
        "pubkey": "03fdb290680879669af48b2ecd3304b2af54789793e5db6bc9cd6bca34aa1e9714",
        "reserve": 1
    }

(Note: if you use the pywallet version by jackjack-jj, pywallet 2.1.7, the sections will look a little different. For instance you'll see `encrypted_key` instead of `crypted_key` and `ckey` in your address will be `encrypted_privkey`.)

### What's Next?

Privately message the copied text together with every single detail you can remember about your password.

If the password is successfully recovered you need to do one last thing: get a new wallet and transfer all your coins to it (minus the generous tip to your hero password recovery specialist, of course).

The reason you must create a new wallet is that once the master key has been cracked, changing the passphrase won't "uncrack" it. You will get a new encrypted master key, but the secret it contains will remain the same. In addition, those 2 empty addresses you sent might come into use in the future if you stick with the same wallet.

Anyone who eavesdropped on your password recovery emails and successfully decrypted your master key would be able to access those previously empty addresses. What's worse, if they ever got a copy of the original wallet.dat (with all those addresses you didn't send to the recovery specialist) they could unlock everything even without knowing the new password.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJSkhg7AAoJEN0tN2KYbRdhEZwP+gKFPE+fQ1nONODUZRjGLz6w
KzYsgYxN9eIUCHyw5/9SAe5ZXi4qs+DpJbQfxbUN11lKztqQc5YdNvNvlMwcCaOj
/nDodLSGty0/GgBSy9S3+cRO3h8uiSrSrJriDhcKwfbkNwahlZ3w6Mrra4xPsrlY
1qrrDq2+Xs6uY0OZybtrTYB3haplxs3inl2u9Nt6MgmB4ZGL+uEZKriWz7TEQWON
3wpC2L70zs9l/24hSLRNKUtnw8gHubhGZc8VMFYmyZOfKwCv3wM3P5g+i1K0N4o6
u9nTA7OF4yMkUw7zk4538A5EDKMaK8AZ+bJJEPk2fRyJ03WUXxvng9Aci/TDimUF
FA/gUG04surPzNboKQQPEP65eRc0IvXvtklMx25Jc2FSOEw8UUd/bOCQXv5h0BdP
70vb9tPfHtYpBzSgRl2mOZnkZEOEh+yf2ZEM34b6zt//OljFkixuaTgFuVdSUqhP
Q1gJQIemULmSF4TOZPySbrdhk7Tx20Ar7cgfU36lSKF7K+ngUSyyQkI3eIXz3rsN
O5tn5f7H9hosW6QI1A2Yfr3eyIUdQzn+ayZFvFY8IA9yqG07wguDEj7aBsXOvzK0
gI4CzL1UCUIx7aBkXGaUsSH6SgJKen3G9kksDgvqhu5NIcx8n/yYxfLV0PVjq3wG
273BrytCbip+5JpRT2I7
=C7Yg
-----END PGP SIGNATURE-----



Jump to: