Pages:
Author

Topic: The FinderOuter, a bitcoin recovery tool (v0.16.0 2022-09-19) - page 4. (Read 4274 times)

legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
4-bit checksum means 1 in 16. That's why you've written 261,774 (~ 20482 / 16) on the SetBip32() call count?
Essentially yes. I modified the code to add a simple counter that incremented on each call.

I still don't understand why you wrote 00:02:44. There is no machine that can do so many operations in such little time. On my pc, brute forcing a 12-words mnemonic with 2 words missing takes me around 12 hours. (Given only the address)
It's not really that many operations.
Each SetBip32() method consists of 2048 HMACSHA512 + (path depth * 1 HMACSHA512). That is 2050 HMACSHA512 for brute forcing m/0'/0'. The 2:44 min is to compute 536,636,700 HMACs in total (it's actually a lot less due to using "specialized" code).
The specialized part is that FinderOuter isn't using the general HMAC functions, everything is specialized to compute only what it's supposed to. For example each HMAC consists of computing at least 2 SHA512 and each SHA512 has at least 2 blocks to compress. PBKDF2 (the 2048 round) repeats this in a loop where roughly 50% of it (4094 block compressions) is skipped on each call which greatly improves the speed.

The only reason why it takes a much longer time (hours) to recover using an address is because of issue #9. ECC on its own is very slow and my implementation of it turns out to be terribly slow.
Additionally when the path is something like m/0/0 the final round (after the PBKDF2) is to compute public keys (so there is an ECMultiply) which is a slow process itself. As a result the recovery process becomes a lot slower and the slowness of FinderOuter on top of it makes it take that long.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I explained last time: https://bitcointalksearch.org/topic/m.56129399
Let me know if you have any additional questions.
Okay then, I'll reply on your previous post:

The number of times checksum is valid depends on the size of the checksum, the bigger it is the less collision occurs and SetBip32() is called less times.
A 12-words BIP39 mnemonic only has a 4-bit checksum while a 12-word Electrum mnemonic has at least 8 bits of checksum (8 bits for standard type, 12 bits for other types).
4-bit checksum means 1 in 16. That's why you've written 261,774 (~ 20482 / 16) on the SetBip32() call count?

Quote
                   SetBip32() call count         time
BIP39                    261,774                00:02:44
Electrum-Standard         16,464                00:00:12
Electrum-SegWit            1,064                00:00:02
Electrum-Legacy2FA         1,057                00:00:02
Electrum-SegWit2FA         1,015                00:00:02

I still don't understand why you wrote 00:02:44. There is no machine that can do so many operations in such little time. On my pc, brute forcing a 12-words mnemonic with 2 words missing takes me around 12 hours. (Given only the address)
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
Hi, I have a question. Let's assume that I've forgotten 1 word out of 12. This means that it'll have to try among 2048 combinations. Does it skip the checksum validation? Because if it checks for valid checksums it should not take that much time. For example, when I have 2 missing words, it has to check among 20482 different combinations. But if it counts the checksum, it should take less than an hour.
I explained last time: https://bitcointalksearch.org/topic/m.56129399
Let me know if you have any additional questions.

I remember a thread talking about mnemonic checksum, but I can't find it so I'll ask it here. How many are the valid mnemonics assuming that there is one word missing?
It is not possible to predict because it depends on how many collisions (purely by chance) we are going to get. It usually is somewhere between 120 and 130 for BIP39 and about 6 for Electrum.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Hi, I have a question. Let's assume that I've forgotten 1 word out of 12. This means that it'll have to try among 2048 combinations. Does it skip the checksum validation? Because if it checks for valid checksums it should not take that much time. For example, when I have 2 missing words, it has to check among 20482 different combinations. But if it counts the checksum, it should take less than an hour.

I remember a thread talking about mnemonic checksum, but I can't find it so I'll ask it here. How many are the valid mnemonics assuming that there is one word missing?
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
i noticed that with some lets say 17 characters
amount of total keys to check as with 16 characters missing, stayed the same.
It shouldn't be the same. We simply compute 58missCount using BigInteger (has no size limit) and report that as the total number of keys to check. So the result should always be different if the number of missing characters are different.
https://github.com/Coding-Enthusiast/FinderOuter/blob/26e3de339f56c702ddcfadaa8483dcc7ad1ea9c6/Src/FinderOuter/Services/Base58Sevice.cs#L106
newbie
Activity: 1
Merit: 0
Quote
I also have a plan to let the user limit the search space if that's what you meant. For example in mnemonic recovery user would be able to set a smaller range of words (like 5) to set in place of a particular missing word instead of using the entire 2048 words. This requires some major refactor so I'm putting it off for now.

That would be great. For missing characters inside a private key choosing options like "numbers only" or "letters only" or putting a range of potential characters that you would remember can be realy useful and a time changer.
full member
Activity: 431
Merit: 105
thanks for the fast response, and yes that was a bit with the "puzzle" thing in mind,
like the range 8000000-fffffff or like with the numbers 1-160? great thanks noticing all the
changes you applying to you'r  newer versions. i noticed that with some lets say 17 characters
amount of total keys to check as with 16 characters missing, stayed the same.

but anyway a 110% release. and good luck so far.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
thanks a lot for another greater release.
You're welcome.

i have a question, could you make it search in a specific bit range=x
If you mean something similar to the "puzzle solving" projects where they go from 2n to 2n+1 to find the private key to an address/pubkey then I don't think I'll ever add such an option to FinderOuter since the purpose of this tool is to help users recover their coins not to solve puzzles.
But in some ways FinderOuter is essentially doing the same thing (although it needs more optimization), each option with a missing base58, base16 or mnemonic is searching within a fixed range.

I also have a plan to let the user limit the search space if that's what you meant. For example in mnemonic recovery user would be able to set a smaller range of words (like 5) to set in place of a particular missing word instead of using the entire 2048 words. This requires some major refactor so I'm putting it off for now.
full member
Activity: 431
Merit: 105
thanks a lot for another greater release.
i have a question, could you make it search in a specific bit range=x
thanks a lot.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
Version 0.7.0 is released.
https://github.com/Coding-Enthusiast/FinderOuter/releases/tag/v0.7.0.0
See changelog for details.
  • General user interface improvements
  • AvaloniaUI is updated to version 0.10
  • Progressbar now shows the progress percentage
  • A warning is added to MainWindow to inform those who build from source and forget to use -release (ie. if they run FinderOuter in Debug mode by mistake)
  • Menu (help and about windows) is removed
  • Examples are improved, some new ones are added and the button is now showing the count and current example index
  • Recovery option descriptions are slightly improved
  • Fixed a bug in mnemonic recovery option when user entered a mnemonic with no missing words


FinderOuter is 1 year old
newbie
Activity: 8
Merit: 0
thanks,

But a wallet have not a lot of adress in it ?

in the past i go explore with python my wallet.dat and there was 50 or 100 adress in it...
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
Does it work with Wallet.dat ?
No.

Quote
i have a wallet.dat and btc never arrived to it...
That is not a problem that a "recovery tool" can solve.
newbie
Activity: 8
Merit: 0
Hi,

Does it work with Wallet.dat ?

i have a wallet.dat and btc never arrived to it...
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
Does it skip non-valid checksum mnemonics?
Of course it does. Example for 24 words

On electrum it takes much less time than on BIP39. Why does that happen?
It is because the slowest part of the code is SetBip32(...) method and it is only called when the checksum of the created mnemonic is valid. When we call it less times, the speed is going to be a lot higher.
The number of times checksum is valid depends on the size of the checksum, the bigger it is the less collision occurs and SetBip32() is called less times.
A 12-words BIP39 mnemonic only has a 4-bit checksum while a 12-word Electrum mnemonic has at least 8 bits of checksum (8 bits for standard type, 12 bits for other types).

Back to our 5th example
Code:
duck firm october practice soccer * result regret unveil * uncle ginger
child private key: L5fdNeFhX5Kgqnmbn6urPVt77eUocpbCF9f2ScEMu2HZwiFL3Viw
path m/0'/ (has to be the same for all for time comparison)
index: 1' (in order to make it fail and search the whole space in all cases)
(no passphrase)
                   SetBip32() call count         time
BIP39                    261,774                00:02:44
Electrum-Standard         16,464                00:00:12
Electrum-SegWit            1,064                00:00:02
Electrum-Legacy2FA         1,057                00:00:02
Electrum-SegWit2FA         1,015                00:00:02

The reason why the last 3 numbers are slightly different despite having the same checksum size is based on luck.

Another question, are there wallets that generate non-valid checksum mnemonics?
Not that I know of.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
About the BIP39 option: Does it skip non-valid checksum mnemonics? I was wondering, because it would make brute forcing much faster. On electrum it takes much less time than on BIP39. Why does that happen?

Another question, are there wallets that generate non-valid checksum mnemonics?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Switch to Released mode and you will experience a much faster run.
I switched it, built it and ran it from FinderOuter\Src\FinderOuter\bin\Release\net5.0\FinderOuter.exe. I tried the 5th example again. It should take few minutes, but still, it takes long.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
I believe your CPU is slower than mine but the main reason is that you are adding bottlenecks that are significantly slowing down the application.
First and biggest one is that you are running it in Debug mode which doesn't have a lot of the optimization. Switch to Released mode and you will experience a much faster run.

Additionally when you run any application through V.S. it automatically attaches a debugger that will consume some CPU power and can slightly slow down the application.
If you want to run it without V.S. then you either have to install .net or publish the application. Here is a walk-through: https://docs.microsoft.com/en-us/dotnet/core/tutorials/publishing-with-visual-studio
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Is your CPU older than mine? Or are you running FinderOuter in some sandbox/virtual machine that could limiting the CPU usage?

If I'm not mistaken I have I-Duo Core. I'm running FinderOuter from Visual studio. The purpose is that I can't open the executable.



Once I click "Yes", nothing happens. That's why I run it from visual studio.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
It most likely going to take more than 2 hours. I don't get why it only takes you 3 minutes to do that on BIP39. (On electrum it takes a minute to me)
Is your CPU older than mine? Or are you running FinderOuter in some sandbox/virtual machine that could limiting the CPU usage?

If in example 5 I switch BIP39 to Electrum and change the path from m/0 back to m/0' then it only takes 11 seconds to check all combinations.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
To compare your PC speed with mine in the most optimal case check out the fifth example. On my corei3 CPU it barely takes 3 min (0:02:40) to check the 4.1 million cases.
https://imgur.com/a/uRHbDef

This is me when I try the fifth example:



It most likely going to take more than 2 hours. I don't get why it only takes you 3 minutes to do that on BIP39. (On electrum it takes a minute to me)
Pages:
Jump to: