Author

Topic: Private Key recovery from WIF format (Read 636 times)

member
Activity: 124
Merit: 37
April 26, 2023, 05:33:39 PM
#13
Here is another thought.
WIF keys are in sequential order relative to private keys so you could use one of the sites to find  wif's to give you a range. For instance:

5KFQJLBTf2TMJgnjP9bq5m7Tu27pgZ7KZwfHcL7W9KKWx5c7CLn is past your
5KFE3ScWZMf4TdAuVNYKDU7UtTBmHf9M so could be the end range.

the private key to  5KFQJLBTf2TMJgnjP9bq5m7Tu27pgZ7KZwfHcL7W9KKWx5c7CLn is BCB9833C674C672A695A0C3703F63FF6E6E7DC5FEE8F964D04A5F0BD41C83909
Check here https://gobittest.appspot.com/PrivateKey

Now use the same process to get a value lower than  5KFE3ScWZMf4TdAuVNYKDU7UtTBmHf9M

using these two KNOWN private keys, as a range you can use them as inputs for  keyhunt  BSGS or JLP's Kangaroo program to find the correct private key.

Obviously the smaller the range the sooner you will find the key.
Good luck
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
January 25, 2022, 07:12:00 AM
#12
--snip--
Code:
10989651.89 * $0.332 = $3,648,564.4 (about 87 BTC when i write this post)
Using my program numbers look more optimistic:
on vast.ai single rtx3090 costs 0.414, single rtx3080Ti costs 0.314. I think their performance is similar (maybe paying 25% less for 3080Ti makes sense, I do not know now).
On rtx3090 I measured performance around 3450Mkeys. It gives 58^11/3450000000/3600s = 2011807 hours => $832 888

According to Wikipedia, RTX 3080 Ti and RTX 3090 have very similar TFLOPs. So it should be cheaper to rent 3080 Ti where you could reduce the cost up to 25% (rough estimation).

Code:
            | Half            | Single          | Double
RTX 3080 Ti | 27.955 (34.100) | 27.955 (34.100) | 0.437 (0.533)
RTX 3090    | 29.284 (35.581) | 29.284 (35.581) | 0.458 (0.556)

Anyway, the question is where to find - let's say - 6000 cards to solve it in +-2 weeks...

I expect you'll need to register to many GPU renting marketplace and VPS provider. But VPS provider usually offer enterprise GPU instead (such as A5000) which is far more expensive.
legendary
Activity: 952
Merit: 1386
January 24, 2022, 11:46:03 AM
#11
With data from https://bitcointalksearch.org/topic/m.55552855 and https://vast.ai/, here's rough cost estimation using single RTX 2080 Ti at cost $0.332/hour

Code:
58^11 / 631.57 MKeys/s
= 24986644000165537792 / 631570000
= 39562746805.84185 second
= 10989651.89 hours

Code:
10989651.89 * $0.332 = $3,648,564.4 (about 87 BTC when i write this post)

Using my program numbers look more optimistic:
on vast.ai single rtx3090 costs 0.414, single rtx3080Ti costs 0.314. I think their performance is similar (maybe paying 25% less for 3080Ti makes sense, I do not know now).
On rtx3090 I measured performance around 3450Mkeys. It gives 58^11/3450000000/3600s = 2011807 hours => $832 888
Anyway, the question is where to find - let's say - 6000 cards to solve it in +-2 weeks...
legendary
Activity: 952
Merit: 1386
January 19, 2022, 02:50:02 PM
#10
If you really want to solve your problem, you must first have a proper tool. You must have kind of BitCrack which would calculate address based not on private key + stride, but on "extended" private key (key+checksum) + stride, then cut off checksum part and then check public key, address. I believe it is doable and I have planned to do something like that for a long time, but I never had a good motivation ;-) Maybe now I will start.

Done!
https://bitcointalksearch.org/topic/wifsolvercuda-new-project-for-solving-wifs-on-gpu-5382190
https://github.com/PawelGorny/WifSolverCuda
legendary
Activity: 952
Merit: 1386
January 09, 2022, 04:31:53 AM
#9
Just a remark.
I am not aware of any tool based on WIF creation which would use GPU. Maybe I am wrong and you have something extra.
The problem I see is that with your WIF it is not easy to calculate stride for tools like BitCrack. Like I described in one of my posts (later I will try to find it and attach link) solving by BitCrack is based on:
1) calculating range (or at least startKey) - by base85 decoding WIF with missing characters filled with 1111... Then taking only private key part.
2) calculating stride - as a 58^(index of first missing character from right), then from stride (hex) you must remove last characters (8 or 10) to obtain only the part which has impact on private key. 8 in your case, as you do not have compression flag encoded
BUT it works only if last characters of stride are ZEROs.
In perfect situation, if you take private part of decoded initial WIF, add shortened stride and encode again, you should receive WIF where missing characters will look like 111112 - having correct stride you "changed" one missing character into next one.
But there is also checksum encoded and if your stride collides with checksum (last 8 characters are not ZEROs), then change of private key part is not linear and adding shortened stride in tool which works on private key only would produce wrong results - you may have a lot of luck and hit correct "key/character", or most likely you will miss it.

If you really want to solve your problem, you must first have a proper tool. You must have kind of BitCrack which would calculate address based not on private key + stride, but on "extended" private key (key+checksum) + stride, then cut off checksum part and then check public key, address. I believe it is doable and I have planned to do something like that for a long time, but I never had a good motivation ;-) Maybe now I will start.
member
Activity: 141
Merit: 62
January 09, 2022, 03:11:51 AM
#8
If the public key of your address isn't known and that address doesn't hold lots of Bitcoin, i would advice you to preserve your paper wallet and make additional backup (address, WIF and position of missing char in the WIF). In future CPU/GPU will be faster and hopefully Bitcoin price will rise so it might be worth to attempt brute-force.



With data from https://bitcointalksearch.org/topic/m.55552855 and https://vast.ai/, here's rough cost estimation using single RTX 2080 Ti at cost $0.332/hour

Code:
58^11 / 631.57 MKeys/s
= 24986644000165537792 / 631570000
= 39562746805.84185 second
= 10989651.89 hours

Code:
10989651.89 * $0.332 = $3,648,564.4 (about 87 BTC when i write this post)

due to wallet content this assessment is quite feasible, not factoring in amount of time I must spent to address development related issues...

Issue had now been shifted to parallel almost hundreds, or almost near a thousands of those GPUs so recovery reasonable amount of time.  This require significant retooling of existing tools available and have it parallelized without incurring excessive space complexity penalties.  I guess will be spending quite a bit of time diving into those topics.
member
Activity: 141
Merit: 62
January 09, 2022, 02:56:30 AM
#7
You may want to read Missing 10 Characters in WIF Private Key - Can I recover them?
Judging by that topic, I don't think recovering 11 missing characters is (currently) very feasible, unless you've made a transaction out of the address or have a signed message (for instance to proves ownership back in the days). Both aren't very likely with paper wallets, but if you have one of those, you'll know the public key. Knowing the public key (not to be confused with the address), makes it much easier to recover the private key.

I am afraid you are correct..  blocks were mined approx 5 years ago with dozens of coinbase transactions went into it.
Should have kept wallet for each block mined, something satoshi have done and now I understands why.

Satoshi probably would never have to worry about it since in those days it was P2PK
legendary
Activity: 952
Merit: 1386
January 06, 2022, 07:33:13 AM
#6
Do you have any compute hardware locally by any chance? GPUs, FPGAs or anything like that?

I can give you a calculation of how many days years it will take using WIF brute-force, if I know what hardware is available.

I made such a calculation for the guy in the other thread and I came around to 3.7 days with 2x nvidia gtx 1070 cards and 8 missing characters.

It was an optimistic estimation for BitCrack. Following that, just multiply 4 days * 58 * 58 * 58...
But his problem cannot be converted easily into BitCrack.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 06, 2022, 07:31:12 AM
#5
Do you have any compute hardware locally by any chance? GPUs, FPGAs or anything like that?

I can give you a calculation of how many days years it will take using WIF brute-force, if I know what hardware is available.

I made such a calculation for the guy in the other thread and I came around to 3.7 days with 2x nvidia gtx 1070 cards and 8 missing characters.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
January 06, 2022, 06:53:59 AM
#4
If the public key of your address isn't known and that address doesn't hold lots of Bitcoin, i would advice you to preserve your paper wallet and make additional backup (address, WIF and position of missing char in the WIF). In future CPU/GPU will be faster and hopefully Bitcoin price will rise so it might be worth to attempt brute-force.



With data from https://bitcointalksearch.org/topic/m.55552855 and https://vast.ai/, here's rough cost estimation using single RTX 2080 Ti at cost $0.332/hour

Code:
58^11 / 631.57 MKeys/s
= 24986644000165537792 / 631570000
= 39562746805.84185 second
= 10989651.89 hours

Code:
10989651.89 * $0.332 = $3,648,564.4 (about 87 BTC when i write this post)
legendary
Activity: 952
Merit: 1386
January 06, 2022, 04:47:22 AM
#3
Your problem is complicated.
Because of the position of missing characters it cannot be quickly and simply converted into problem for tools like BitCrack.
You my try using tools for WIFs, like finderouter or my WifSolver (https://github.com/PawelGorny/WifSolver) but with 11 characters it is rather hopeless - of course you may always try your luck and launch search on subset of base58 characters, not all (for example you may assume that on position X you test only digits).
If you have public key (you had outgoing transaction) problem could be potentially solved using my version of Kangaroo, but as it is untouched paper wallet I guess it is not the case.
Do you have by chance any other data? Is it hand-written or printed? Do you have maybe (even partially) visible QR code - in the past I was able to restore some WIFs decoding less than half of QRcode. So anything you have may increase your chances.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 06, 2022, 02:09:22 AM
#2
You may want to read Missing 10 Characters in WIF Private Key - Can I recover them?
Judging by that topic, I don't think recovering 11 missing characters is (currently) very feasible, unless you've made a transaction out of the address or have a signed message (for instance to proves ownership back in the days). Both aren't very likely with paper wallets, but if you have one of those, you'll know the public key. Knowing the public key (not to be confused with the address), makes it much easier to recover the private key.
member
Activity: 141
Merit: 62
January 06, 2022, 12:58:24 AM
#1
my WIF paper wallet from around 2013 was damaged due to rats chowing thru area where it was stored, it held majority of my bitcoin holdings from years of solo-mining and after consulting various local experts it appears to require significant computing resources to have it recovered

Now I am giving bitcointalk a try to see if someone here could shed some light on actual algorithmic complexity so to have an idea when would it be technologically / economically feasable to have it recovered

I am using the following example to give you guys an idea on scope of damage:

Let

5KFE3ScWZMf4TdAuVNYKDU7UtTBmHf9M           LHs1AkbD

be the damaged key, and:

suppose the DHiTxZ8xUrg portion was damaged (rat chewed it away..), where the full key *if* successfully recovered in this example should be

5KFE3ScWZMf4TdAuVNYKDU7UtTBmHf9MDHiTxZ8xUrgLHs1AkbD

with 11 char missing now the complexity for recovery is somewhere around 2498664400016553792, or 2.5 x 10^19!

The problem is further complicated by the fact that WIF algorithmically requires 2 rounds of sha256 calculation, which is very slow to checksum in my poor attempt to "guess at" even with access to computing resources with large number of cores (like AWS).

Not sure if someone can offer some formal asymptotic analysis on the aforesaid situation.  Maybe I am not approaching this problem correctly, but I guess someone might have a better idea in similar situations

and of course Happy new year all! 恭喜發財!
Jump to: