Author

Topic: Trying to run Coinbase multisig-tool locally on Linux (Read 715 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Also, is this idea of Leo a viable option that could potentially generate different results/addresses? If yes, how hard is it to set this up?

And moving forward, since we can't seem to get this tool working for you, then we could instead try going down the path of manually extracting the necessary xprv from your two keys and then recreating the multi-sig wallet in Electrum.

I just read how Coinbase multisig vault works and it seems to be regular 2-of-3 multisig address[1]. Creating multi-sig wallet on Electrum isn't hard either[2]. But if Electrum generate different address, you'll need to check why it happens (such as different derivation or spend script) which could be tricky.

[1] https://help.coinbase.com/en/coinbase/managing-my-account/other/the-multisig-vault
[2] https://bitcoinelectrum.com/creating-a-multisig-wallet/
newbie
Activity: 14
Merit: 5
99% of the time deprecated in software means that it does work to an extent but is no longer supported.
In this case it is no longer supported and certain things do not work like the API call but, the addresses that it generates are going to be the same.

The math the generates the addresses did not change.

-Dave



Is it a 100% certainty that the addresses it generates are going to be the same?

Because when I enter the public keys from her Coinbase multisig PDF into the deprecated online tool, it generates the exact same addresses as the ones that Leo generated using the dlajarretie fork (using the same public keys). The addresses it generates all have zero transactions.

If there is even a fraction of a percentage chance that there is a chance the addresses it generates are not the correct ones, I still want to try different ways to check it.

Also, is this idea of Leo a viable option that could potentially generate different results/addresses? If yes, how hard is it to set this up?

And moving forward, since we can't seem to get this tool working for you, then we could instead try going down the path of manually extracting the necessary xprv from your two keys and then recreating the multi-sig wallet in Electrum.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
99% of the time deprecated in software means that it does work to an extent but is no longer supported.
In this case it is no longer supported and certain things do not work like the API call but, the addresses that it generates are going to be the same.

The math the generates the addresses did not change.

-Dave

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
My question now is, why would the "deprecated" multisig tool provide the same addresses as the functional forked version?

If the deprecated online tool is broken, shouldn't it generate different addresses?

Does it mean that the deprecated multisig tool shows the addresses correctly but is only called deprecated because it simply can't display the balance and shows "Failed!"?

AFAIK "deprecated" doesn't necessarily mean it's broken (generating wrong address in this case). forked/dlajarretie version have 3 additional commits, where the commit message mention about fixing API which used to fetch UTXO/address and adding redeem address field[1]. So i would also guess the original/coinbase version have warning "deprecated" because it can't show balance.

[1] https://github.com/dlajarretie/multisig-tool/commits/master/
newbie
Activity: 14
Merit: 5
Here's what i promised few days ago...

Sorry again for taking so long to respond back to the thread. Thank you a lot for taking the time to do this.

I can confirm that I see the exact same addresses that you do after I enter the 3 xpub's you provided into tool (see screenshot):

https://ibb.co/zQC2KYr

My question now is, why would the "deprecated" multisig tool provide the same addresses as the functional forked version?

If the deprecated online tool is broken, shouldn't it generate different addresses?

Does it mean that the deprecated multisig tool shows the addresses correctly but is only called deprecated because it simply can't display the balance and shows "Failed!"?

Or could it mean that the functional forked version has also become deprecated recently without anyone's awareness? I have seen o_e_l_e_o use the dlajarretie forked version successfully in previous threads (~1 year ago) and retrieved funds for other people, so it means the tool was working correctly at some point.

If indeed there is a possibility that the forked version has stopped working, would there be any way to figure that out?

now the whole thing

Also alexeyneu, I see you also were able to run the tool in your own way. I would very much appreciate if you could also enter the same xpub's as ABCbits in your own locally run version of the tool to see if your version generates the same addresses. He generated these xpub's on https://coinb.in/#newHDaddress but it shouldn't matter or be different than the xpubs from a real coinbase multisig to run this experiment right?

Coinbase key: xpub661MyMwAqRbcGqtAaT4hM49fAHjAcjwFAjJ5Mm6jvj7i3gShCFBZCP3KTK77LMsRaoMEWnxfQVm rSQzwkKTkRLTzGAbVW6VALJLbYTZB6Xv

Shared key: xpub661MyMwAqRbcFmLMQnbT1nCWXifijB3oT5FTzxpDnGUHKdzfuZgrBnr72LTwYvdr2nHr9Y2bzgS r2sP2GphvhsjxSVAP3Agr5UXbw4rtQLr

User key:
xpub661MyMwAqRbcGsXgZhydEeP6tbbsJUMuPQDoyq4fiwWC4ZBqgoe96VkG7mGbPop67pkKLB6uj9N PFwPbV8v85o7i62N7phFCXcSTBtAn12Z

member
Activity: 351
Merit: 37
now the whole thing

Code:
curl -OL http://security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.13_amd64.deb
curl -OL http://security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0-dev_1.0.2n-1ubuntu5.13_amd64.deb
sudo dpkg -i libssl1.0.0_1.0.2n-1ubuntu5.13_amd64.deb
sudo dpkg -i libssl1.0-dev_1.0.2n-1ubuntu5.13_amd64.deb
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libsqlite3-dev libreadline-dev libffi-dev curl libbz2-dev -y
curl -OL https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz
tar -xf Python-2.7.18.tar.xz
sudo mv Python-2.7.18 /opt/Python2.7.18
cd /opt/Python2.7.*
./configure --enable-optimizations --enable-shared
make -j4
sudo make altinstall
sudo ldconfig //opt/Python2.7.18
whereis python2.7

sudo ln -s /usr/local/bin/python2.7 /usr/bin/python

//then cd to some folder you have write access to

git clone https://github.com/coinbase/multisig-tool
cd *
sudo apt install  nodejs
sudo apt install  npm
npm install bip38 crypto-browserify --save
./node_modules/.bin/browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
make compile
make run

http://127.0.0.1:8000/

member
Activity: 351
Merit: 37
let me show it

thing i've written early (with exception of libssl-dev )  +
Code:
curl -OL http://security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.13_amd64.deb
curl -OL http://security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0-dev_1.0.2n-1ubuntu5.13_amd64.deb
sudo dpkg -i libssl1.0.0_1.0.2n-1ubuntu5.13_amd64.deb
sudo dpkg -i libssl1.0-dev_1.0.2n-1ubuntu5.13_amd64.deb
export LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/


dpkg goes without --force-all 
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
you're programmer right? but you say you do not know how to install python

It's not python but an older version of python.
You can't run the 3.x for this you need 2.x which as @ABCbits said can be a PITA to install.

Same with old versions of other things too.

It's why I have a bunch of linux DVDs from 2012. Just in case I have to install some package that disappeared off the internet.

-Dave

Nowadays the best way to get python 2.7 quickly is by using a Docker image, or else you're going to be dealing with dependency hell while you compile the Python source code because it needs a few older dependencies which are not packaged by most distributions anymore. (In particular: PyQt4 is the worst offender).

I actually prefer this method to booting up a VM and installing 2.7 from source.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Here's what i promised few days ago. I use Debian 11 installer from https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/archive/11.9.0-live+nonfree/amd64/iso-hybrid/debian-live-11.9.0-amd64-xfce+nonfree.iso and install it on Virtual Machine (VM).

Use these command to prepare the environment.

Code:
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install nodejs npm python2 python-is-python2

Here's version of the environment.

Code:
$ node --version
v12.22.12
$ npm --version
7.5.2
$ python3 --version
Python 3.9.2
$ python2 --version
Python 2.7.18

Use https://coinb.in/#newHDaddress to generate xPrv and xPub.

Code:
xPub Address
xPrv Address

xpub661MyMwAqRbcGqtAaT4hM49fAHjAcjwFAjJ5Mm6jvj7i3gShCFBZCP3KTK77LMsRaoMEWnxfQVmrSQzwkKTkRLTzGAbVW6VALJLbYTZB6Xv
xprv9s21ZrQH143K4MohURXgyvCvcFtgDHDPoWNUZNh8NPajAt7YehsJeaiqc4Svno46y7gKUQYdEd6AS6n4HRZdy1KFG6BJc99WEyDyfieUee2

xpub661MyMwAqRbcFmLMQnbT1nCWXifijB3oT5FTzxpDnGUHKdzfuZgrBnr72LTwYvdr2nHr9Y2bzgSr2sP2GphvhsjxSVAP3Agr5UXbw4rtQLr
xprv9s21ZrQH143K3HFtJm4SeeFmygqEKiKx5rKsCaQcDvwJSqfXN2NbdzXdB5g9HWeB6eUPNKcV2YrSRU5GPRD28Bmsm8AUFCpDLgtHDp96xqq

xpub661MyMwAqRbcGsXgZhydEeP6tbbsJUMuPQDoyq4fiwWC4ZBqgoe96VkG7mGbPop67pkKLB6uj9NPFwPbV8v85o7i62N7phFCXcSTBtAn12Z
xprv9s21ZrQH143K2kWyyszkBHDS1ScBi3384YzHTVr7rtdQVUc9KfdtPPWFy8CmqcHpfsw4yYzfMcwTw2QJ7jKBmszTcyyJKPxsnyQsrmNQprz

Setup and run multisig-tool.

Code:
$ git clone --depth 1 https://github.com/dlajarretie/multisig-tool
Cloning into 'multisig-tool'...
remote: Enumerating objects: 29, done.
remote: Counting objects: 100% (29/29), done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 29 (delta 0), reused 12 (delta 0), pack-reused 0
Receiving objects: 100% (29/29), 109.27 KiB | 128.00 KiB/s, done.
$ cd multisig-tool/
$ npm install

added 149 packages, and audited 150 packages in 16s

10 vulnerabilities (2 moderate, 5 high, 3 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ npm install bip38 crypto-browserify --save

added 3 packages, and audited 153 packages in 6s

10 vulnerabilities (2 moderate, 5 high, 3 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ ./node_modules/.bin/browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
$ make compile
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
$ make run
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...

Open browser and type "http://127.0.0.1:8000/", then enter 3 xpub and click button "Continue". Afterwards, i see following page.



Here's screenshot when i do same thing on https://coinbase.github.io/multisig-tool/ on different OS. At a glance, both https://github.com/dlajarretie/multisig-tool and https://coinbase.github.io/multisig-tool/ generate same address.



https://coinbase.github.io/multisig-tool/ shows many "Loading..." due to error when obtaining balance of the generated address.

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
you're programmer right? but you say you do not know how to install python

It's not python but an older version of python.
You can't run the 3.x for this you need 2.x which as @ABCbits said can be a PITA to install.

Same with old versions of other things too.

It's why I have a bunch of linux DVDs from 2012. Just in case I have to install some package that disappeared off the internet.

-Dave

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
you're programmer right? but you say you do not know how to install python

I never say i'm programmer, although i know how to operate computer. I also never say i don't know to install Python. What i said is difficulty installing Python 2 on newer Linux distro.
member
Activity: 351
Merit: 37
you're programmer right? but you say you do not know how to install python
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
--snip--
I know it's a hassle for you to set up the environment again but if you could do this one last time I'd really appreciate it.

--snip--

I need to install Debian 11 on VM and setup few things. I'll give an update (whether success or failure) in next few days.

And Ubuntu makes it particularly hard to install Python 2 in recent versions of the distro, so you should start with an older Ubuntu version such as Trusty (14.04) or Precise (12.04) that have Python 2.7 bundled.

Not only Ubuntu, but most newer version of linux distro. And i'd recommend to use Debian 11 since it's newest version of Debian and still ship Python 2.7[1] rather than using EOL version of Ubuntu.

[1] https://packages.debian.org/bullseye/python2.7
wtf really

Code:
Install Python 3.8 

curl -OL https://www.python.org/ftp/python/3.8.12/Python-3.8.12.tar.xz 

Extract the Python archive. 

tar -xf Python-3.8.12.tar.xz 
mv Python3.8.12 /opt/Python3.8.12 

Now install the dependencies required to install Python 3.8: 

sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev curl libbz2-dev -y 

Navigate to the directory and run the ./configure –enable-optimizations command: 

cd /opt/Python3.8.12/ 
./configure --enable-optimizations --enable-shared 

Note, The script performs several checks to make sure all of the dependencies on your system are present. The ./configure –enable-optimizations will optimize the Python binary by running multiple tests, which will make the build process slower. 

Now that you have built and configured the environment, it is time to compile it with the command make. 
 
make 
 
A handy trick is to specify the -j as this can significantly increase compiling speed if you have a powerful server. For example, the LinuxCapable server has 6 CPUs, and I can use all 6 or at least use 4 to 5 to increase speed. 
 
make -j 6 

Once you have finished building, install Python binaries as follows: 

sudo make altinstall 

Note, it’s advised to use the make altinstall command NOT to overwrite the default Python 3 binary system. 

Next, after the installation, you need to configure the dynamic linker run-time bindings: 

sudo ldconfig /opt/Python3.8.12 

Note, do not skip this, or you will face issues. You will also need to replace the path with your directory name and version. 

Confirm that Python 3.8 is installed and the build version by running the following command: 

python3.8 –version 

Example output: 

Python 3.8.12



I don't understand why you quote my old post and said "wtf really".
member
Activity: 351
Merit: 37
And Ubuntu makes it particularly hard to install Python 2 in recent versions of the distro, so you should start with an older Ubuntu version such as Trusty (14.04) or Precise (12.04) that have Python 2.7 bundled.

Not only Ubuntu, but most newer version of linux distro. And i'd recommend to use Debian 11 since it's newest version of Debian and still ship Python 2.7[1] rather than using EOL version of Ubuntu.

[1] https://packages.debian.org/bullseye/python2.7
wtf really

Code:
Install Python 3.8 

curl -OL https://www.python.org/ftp/python/3.8.12/Python-3.8.12.tar.xz 

Extract the Python archive. 

tar -xf Python-3.8.12.tar.xz 
mv Python3.8.12 /opt/Python3.8.12 

Now install the dependencies required to install Python 3.8: 

sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev curl libbz2-dev -y 

Navigate to the directory and run the ./configure –enable-optimizations command: 

cd /opt/Python3.8.12/ 
./configure --enable-optimizations --enable-shared 

Note, The script performs several checks to make sure all of the dependencies on your system are present. The ./configure –enable-optimizations will optimize the Python binary by running multiple tests, which will make the build process slower. 

Now that you have built and configured the environment, it is time to compile it with the command make. 
 
make 
 
A handy trick is to specify the -j as this can significantly increase compiling speed if you have a powerful server. For example, the LinuxCapable server has 6 CPUs, and I can use all 6 or at least use 4 to 5 to increase speed. 
 
make -j 6 

Once you have finished building, install Python binaries as follows: 

sudo make altinstall 

Note, it’s advised to use the make altinstall command NOT to overwrite the default Python 3 binary system. 

Next, after the installation, you need to configure the dynamic linker run-time bindings: 

sudo ldconfig /opt/Python3.8.12 

Note, do not skip this, or you will face issues. You will also need to replace the path with your directory name and version. 

Confirm that Python 3.8 is installed and the build version by running the following command: 

python3.8 –version 

Example output: 

Python 3.8.12

newbie
Activity: 14
Merit: 5
I did quick testing on Debian 11 and it seems to works. But i can't verify whether it works on next step since i only have 3 xpub generated from https://coinb.in/#newHDaddress. Here are the steps,

1. Check my environment.

Code:
$ node --version
v12.22.12
$ npm --version
7.5.2
$ python3 --version
Python 3.9.2
$ python2 --version
Python 2.7.18

2. Setup and run multisig-tool.

Code:
$ git clone --depth 1 https://github.com/dlajarretie/multisig-tool
Cloning into 'multisig-tool'...
remote: Enumerating objects: 29, done.
remote: Counting objects: 100% (29/29), done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 29 (delta 0), reused 12 (delta 0), pack-reused 0
Receiving objects: 100% (29/29), 109.27 KiB | 34.00 KiB/s, done.
$ cd multisig-tool/
$ npm install

added 149 packages, and audited 150 packages in 1m

9 vulnerabilities (1 moderate, 4 high, 4 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ npm install bip38 crypto-browserify --save

added 3 packages, and audited 153 packages in 19s

9 vulnerabilities (1 moderate, 4 high, 4 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ ./node_modules/.bin/browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
$ make compile
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
$ make run
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
...

3. Open on Firefox by typing localhost:8000, enter 3 xpub and click continue. Here's the screenshot some time after i click continue.

https://i.ibb.co/FYcpF5G/a.png

Take note i assume it works since,
1. Firefox only show error message about favicon on it's console (F12).
2. I do not see "Failed!" message or each address turning red.


I know it's a hassle for you to set up the environment again but if you could do this one last time I'd really appreciate it.

Could you please run the Coinbase tool (the forked version that's apparently the one that works): https://github.com/dlajarretie/multisig-tool

And then use the exact same 3 pub keys and use it on the online tool https://coinbase.github.io/multisig-tool/

So that I can see if both versions give you the exact same results (addresses generated)?

Please make sure that for the forked "dlajarretie" version, you use the correct computer environment and run the tool locally. And for the online website version tool, make sure you do NOT use the computer environment and do not run it locally.

If it does, then it means that either the forked "dlajarretie" version isn't working correctly, or it means that the online website version is working correctly.

If you don't mind, please also post the 3 pub keys you used here so I can check and see if I get the same results.

Thank you.
newbie
Activity: 14
Merit: 5
If no one can test it with a real Coinbase PDF, would it be possible to test it with the method ABCbits provided earlier on generating 3 random xpub's?
Quote from: ABCbits

I would really appreciate any help and guidance on this. The vault belongs to my love and if there is any bitcoins in there it'll help her tremendously.

Can you be specific which kind of help or guidance you need? I already mention my computer environment and command used to run Coinbase tool.

I would like to know if the *Coinbase Multisig Vault recovery tool* (https://coinbase.github.io/multisig-tool/) (which is supposedly no longer working correctly) would generate the EXACT same addresses as the "functional" forked version which is supposedly working correctly (https://github.com/dlajarretie/multisig-tool).

I want to know that for certain. Is there any way to find out if both (non-functional and functional) versions of this coinbase recovery tool will generate the exact same addresses in *Step 1* when you enter all 3 public keys?

Because when I enter the 3 public keys in step 1, the addresses that are generated in the list are all empty with zero transactions. Yet, the addresses that are generated are identical in both the non-functional and functional version of the tool. Can someone who has their own PDF with their own 3 public keys test this out and let me know if the 2 tools generate identical addresses for them as well?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
If no one can test it with a real Coinbase PDF, would it be possible to test it with the method ABCbits provided earlier on generating 3 random xpub's?
Quote from: ABCbits

I would really appreciate any help and guidance on this. The vault belongs to my love and if there is any bitcoins in there it'll help her tremendously.

Can you be specific which kind of help or guidance you need? I already mention my computer environment and command used to run Coinbase tool.
newbie
Activity: 14
Merit: 5
I got very sad to learn that Leo has said his farewell to the community. He was extremely helpful to me and I did not get to say a proper goodbye to him. I was meaning to send him a message for weeks but I kept postponing it. I can't believe that he is now gone and I am beating myself up for not sending the message just 1 week earlier. I hope wherever he is, he can somehow find the strength to beat his disease. I want to thank you a lot for so much effort and help you put into helping me. So thank you.


And for the community who was following this thread earlier, I want to give some updates and ask for some insights.

Earlier in December I finally managed to message Leo the 3 xpub keys so that he can check the addresses for me. However the addresses that he generated for are the exact same ones that the DEPRECATED Coinbase multisig recovery website generates when I enter the xpub keys myself.

When I followed the instructions in this thread and used the forked version instead (with correct API) and ran it locally (as per instructions), it also generated the exact same addresses. I assumed I had done it wrongly, because when I clicked F12 on Chrome, it did show the errors I previously mentioned in this thread:
Quote
Quote
Access to XMLHttpRequest at 'https://insight.bitpay.com/api/addr/3CSa...zYGno8MTeLYGM/utxo' from origin 'http://0.0.0.0:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am surprised that the addresses Leo generated are the exact same ones as the DEPRECATED "Coinbase Multisig Vault recovery tool" which can be found on this link: https://coinbase.github.io/multisig-tool/

Based on threads of many other users I assumed this tool is no longer working correctly and you'd need a forked version: https://github.com/dlajarretie/multisig-tool

The only difference when I used the deprecated one and the forked one is that in the latter it does not show the "Failed!" message, but both tools still generate the exact same addresess. Shouldn't they generate different addresses if it's deprecated / broken?

All addresses show 0 transactions and I am hoping that somehow there's still a way to figure this out.

Can someone here with more knowledge than me explain to me if this is correct? Does anyone have access to their own Coinbase PDF and can enter their xpub on the deprecated one and the forked one to see if it generates the same ones?

If no one can test it with a real Coinbase PDF, would it be possible to test it with the method ABCbits provided earlier on generating 3 random xpub's?
Quote from: ABCbits

I would really appreciate any help and guidance on this. The vault belongs to my love and if there is any bitcoins in there it'll help her tremendously.
legendary
Activity: 2268
Merit: 18771
Have you at least managed to identify the addresses and balances you are trying to gain access to here? You mentioned to me in your PMs that you are not sure how much bitcoin is stored in this vault.

Since we are struggling to get this to work for you, if you like you could send me your three xpubs (not private keys) and I could at least look up the addresses and balance for you. The only thing you lose by doing so is privacy by account of me knowing the addresses - there is no way for me to steal your coins from only knowing your xpubs. At least then we would know if you are wasting all this time trying to recover a very small amount of money. If you like I can provide you with my PGP key so you can encrypt any communication.

And moving forward, since we can't seem to get this tool working for you, then we could instead try going down the path of manually extracting the necessary xprv from your two keys and then recreating the multi-sig wallet in Electrum.
newbie
Activity: 14
Merit: 5
I did quick testing on Debian 11 and it seems to works. But i can't verify whether it works on next step since i only have 3 xpub generated from https://coinb.in/#newHDaddress. Here are the steps,

1. Check my environment.

Code:
$ node --version
v12.22.12
$ npm --version
7.5.2
$ python3 --version
Python 3.9.2
$ python2 --version
Python 2.7.18

2. Setup and run multisig-tool.

Code:
$ git clone --depth 1 https://github.com/dlajarretie/multisig-tool
Cloning into 'multisig-tool'...
remote: Enumerating objects: 29, done.
remote: Counting objects: 100% (29/29), done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 29 (delta 0), reused 12 (delta 0), pack-reused 0
Receiving objects: 100% (29/29), 109.27 KiB | 34.00 KiB/s, done.
$ cd multisig-tool/
$ npm install

added 149 packages, and audited 150 packages in 1m

9 vulnerabilities (1 moderate, 4 high, 4 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ npm install bip38 crypto-browserify --save

added 3 packages, and audited 153 packages in 19s

9 vulnerabilities (1 moderate, 4 high, 4 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ ./node_modules/.bin/browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
$ make compile
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
$ make run
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
...

3. Open on Firefox by typing localhost:8000, enter 3 xpub and click continue. Here's the screenshot some time after i click continue.

https://i.ibb.co/FYcpF5G/a.png

Take note i assume it works since,
1. Firefox only show error message about favicon on it's console (F12).
2. I do not see "Failed!" message or each address turning red.

In order to check if "Failed!" message is due to my setup, opposed to the xPub keys, I tried generating it through the link you provided.
I went on "https://coinb.in/#newHDaddress" and clicked "generate", then clicked on the ">" arrow next to xPub address. Then I changed "1" to "3" in the "Index (End)" section.
I copied address 1, 2 and 3 and entered them in the step 1 of the Coinbase multisig tool.
This time when I click "continue" in step 1, it generated a different list of addresses than before when I used the xPub's on the PDF, however the "Failed!" message and text turning red still occured (so "balance" never shows).

Did I generate the xPub keys correctly? If so, then the fault here lies in my setup right?

Before I started troubleshooting in this thread, I used ChatGPT for tons of hours and did a lot of things (nano editor, re-cloning and weird commands etc.) that I don't understand. So I think at this point it's better if I completely start from scratch (formatting and installing Debian 11).

However, this time I want to do it right and not enter any commands that are unnecessary.
Could you please tell me step by step what I need to do after I install Debian 11?

The lines starting with "$" are the command prompts you used right? I tried to do the same in ubuntu but this one didn't work:
Quote
$ ./node_modules/.bin/browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
legendary
Activity: 2268
Merit: 18771
-snip-
This is essentially my experience on two different machines, one running Debian and the other Ubuntu, albeit with slightly different versions.

Running the clean and compile commands that I gave earlier only deletes and then recompiles the multisig.js file. There is no reason it would make http.server start throwing errors. There is something strange in OP's set up which is messing everything up.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I did quick testing on Debian 11 and it seems to works. But i can't verify whether it works on next step since i only have 3 xpub generated from https://coinb.in/#newHDaddress. Here are the steps,

1. Check my environment.

Code:
$ node --version
v12.22.12
$ npm --version
7.5.2
$ python3 --version
Python 3.9.2
$ python2 --version
Python 2.7.18

2. Setup and run multisig-tool.

Code:
$ git clone --depth 1 https://github.com/dlajarretie/multisig-tool
Cloning into 'multisig-tool'...
remote: Enumerating objects: 29, done.
remote: Counting objects: 100% (29/29), done.
remote: Compressing objects: 100% (28/28), done.
remote: Total 29 (delta 0), reused 12 (delta 0), pack-reused 0
Receiving objects: 100% (29/29), 109.27 KiB | 34.00 KiB/s, done.
$ cd multisig-tool/
$ npm install

added 149 packages, and audited 150 packages in 1m

9 vulnerabilities (1 moderate, 4 high, 4 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ npm install bip38 crypto-browserify --save

added 3 packages, and audited 153 packages in 19s

9 vulnerabilities (1 moderate, 4 high, 4 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
$ ./node_modules/.bin/browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
$ make compile
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
$ make run
cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
...

3. Open on Firefox by typing localhost:8000, enter 3 xpub and click continue. Here's the screenshot some time after i click continue.



Take note i assume it works since,
1. Firefox only show error message about favicon on it's console (F12).
2. I do not see "Failed!" message or each address turning red.
newbie
Activity: 14
Merit: 5
Being unable to find a favicon file is irrelevant. This is simply the little logo icon that different websites use.

In the absence of any other errors, something is stopping your browser from correctly fetching the balances. Your browser can visit other websites normally? You don't have any firewall or similar running?

The first thing I would try would be to open a terminal in the usual multisig tool directory, and then run the following two commands:
Code:
make clean
make compile

The first will delete the multisig.js file (which is responsible for this look up); the second will recompile it from scratch. This is to rule out any error in the file.

If that doesn't work then I'm afraid I'm running out of ideas... Huh

-Firewall is inactive.
-I am connected to a VPN however.
-Tried both Firefox and Chrome.

After the make clean & make compile command, I did the "python3 -m http.server" again but this time got this error: BrokenPipeError: [Errno 32] Broken pipe

Also Chrome's F12 now shows 165 issues:
-
Quote
Access to XMLHttpRequest at 'https://insight.bitpay.com/api/addr/3CSa...zYGno8MTeLYGM/utxo' from origin 'http://0.0.0.0:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
-
Quote
Failed to load resource: net::ERR_FAILED insight.bitpay.com/a…YGno8MTeLYGM/utxo:1

(Changed the address in the error code just in case it's not safe to share publicly).

The other issues are basically a repeat of the above but with all the other addresses in the list.

Btw, user "HCP" also mentioned something about the "Insight API" missing in this thread: https://bitcointalksearch.org/topic/--5316286

Quote from: WillyAP
If that doesn work post your permission sets of the folders/files which cause issues.
Not sure if ChatGPT explained correctly on how to do this but I typed "ls -l" in the multisig-tool directory and got the following:
Quote
total 572
-rw-rw-r--   1 revived revived   2265 mrt 12 18:12 CONTRIBUTING.md
drwxrwxr-x   2 revived revived   4096 mrt 12 18:12 css
drwxrwxr-x   4 revived revived   4096 mrt 12 19:01 env
-rw-rw-r--   1 revived revived   4610 mrt 12 18:12 index.html
drwxrwxr-x   3 revived revived   4096 mrt 12 18:12 lib
-rw-rw-r--   1 revived revived  11344 mrt 12 18:12 LICENSE
-rw-rw-r--   1 revived revived    428 mrt 12 18:12 Makefile
-rw-rw-r--   1 revived revived 421914 mrt 17 23:00 multisig.js
-rw-rw-r--   1 revived revived    181 mrt 12 18:12 multisig-tool.sublime-project
drwxrwxr-x 142 revived revived   4096 mrt 13 21:17 node_modules
-rw-rw-r--   1 revived revived    704 mrt 12 18:52 package.json
-rw-rw-r--   1 revived revived 100713 mrt 13 21:20 package-lock.json
-rw-rw-r--   1 revived revived   3734 mrt 12 18:12 README.md
member
Activity: 910
Merit: 31
Looking for guilt best look first into a mirror
If that doesn't work then I'm afraid I'm running out of ideas... Huh

If that doesn work post your permission sets of the folders/files which cause issues.
legendary
Activity: 2268
Merit: 18771
Being unable to find a favicon file is irrelevant. This is simply the little logo icon that different websites use.

In the absence of any other errors, something is stopping your browser from correctly fetching the balances. Your browser can visit other websites normally? You don't have any firewall or similar running?

The first thing I would try would be to open a terminal in the usual multisig tool directory, and then run the following two commands:
Code:
make clean
make compile

The first will delete the multisig.js file (which is responsible for this look up); the second will recompile it from scratch. This is to rule out any error in the file.

If that doesn't work then I'm afraid I'm running out of ideas... Huh
newbie
Activity: 14
Merit: 5
What error do you see in the console (F12) now?

:8000/favicon.ico:1          Failed to load resource: the server responded with a status of 404 (File not found)


Also as soon as I go on "http://0.0.0.0:8000/", then the terminal shows these 2 messages:
-code 404, message File not found
-"GET /favicon.ico HTTP/1.1" 404 -
legendary
Activity: 2268
Merit: 18771
What error do you see in the console (F12) now?
newbie
Activity: 14
Merit: 5
Is the alternative "HTTP Server method" the "Running Locally" / make run method?
The make run command simply compiles the multisig.js file (which seems to be working fine for you - you can tell for sure by the presence of a file called multisig.js in your multisig-tool folder), and then attempts to launch an HTTP server. Running an HTTP server is the alternative to trying to launch chrome with --allow-file-access-from-files.

Since the make run command is trying to launch an HTTP server using a Python 2 command, and you have Python 3 installed, then instead of using make run you can just launch the HTTP server directly using the command I gave above:
Code:
python3 -m http.server

You should run it from your multisig-tool folder, the one with "index.html" in it. Open a terminal here and enter the command. If it has worked, it should say something like:
Code:
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/)

Then you just open any web browser, and navigate to that address - http://0.0.0.0:8000. The tool will load and hopefully(!) be fully functional.

Indeed, the multisig.js file is in the multisig-tool folder. However if I'm not mistaken it was already there (the icon however is changed from a notepad thingy to "JS" in big yellow letters).

Also entering "python3 -m http.server" in the same repository terminal did indeed show "Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/)".

And typing "http://0.0.0.0:8000" in the browser did automatically show the Coinbase Multisig Vault recovery tool similar to the web version. However, after entering the 3 xpub keys, I still got the exact same list of addresses, followed by a "Failed!" message and each address turning red, as I did before (using the web version)

legendary
Activity: 2268
Merit: 18771
Is the alternative "HTTP Server method" the "Running Locally" / make run method?
The make run command simply compiles the multisig.js file (which seems to be working fine for you - you can tell for sure by the presence of a file called multisig.js in your multisig-tool folder), and then attempts to launch an HTTP server. Running an HTTP server is the alternative to trying to launch chrome with --allow-file-access-from-files.

Since the make run command is trying to launch an HTTP server using a Python 2 command, and you have Python 3 installed, then instead of using make run you can just launch the HTTP server directly using the command I gave above:
Code:
python3 -m http.server

You should run it from your multisig-tool folder, the one with "index.html" in it. Open a terminal here and enter the command. If it has worked, it should say something like:
Code:
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/)

Then you just open any web browser, and navigate to that address - http://0.0.0.0:8000. The tool will load and hopefully(!) be fully functional.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I think you did it wrong that is why you get this error.
Would you mind to try to put the flag on the launcher properties dialog? Look for the chrome launcher open the properties dialog and you should see something like this below

Code:
/usr/bin/google-chrome %U

And replace it with this

Code:
/usr/bin/google-chrome --allow-access-from-files

This will make  --allow-access-from-files permanent but you can change it later if you didn't need it anymore. And don't forget to re-pin the launcher after modifying it.
member
Activity: 910
Merit: 31
Looking for guilt best look first into a mirror

I also can't make out what you mean by the "python3 -m http.server" command, I have Python 3.10.6 but what do I have to do after I enter that command (and should it be in the multisig-tool respository? I'm sorry, I'm a complete beginner and don't know what I'm doing so I need to know every step no matter how basic it is.

Could well be a permission issue, Linux requieres several permission levels. Have you tried running it as sudo (root)Huh
newbie
Activity: 14
Merit: 5
index.html:1 Access to fetch at 'file:///home/revived/multisig-tool/lib/multisig/bip38.js' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes
This means your --allow-file-access-from-files isn't working as intended. I've never used Chrome so can't advise otherwise here. I use the alternative HTTP Server method instead, which works just fine. Did you make any headway on that?

The command given above is for Python 2:
Code:
python -m SimpleHTTPServer

If you are using Python 3, try the following command:
Code:
python3 -m http.server

Is the alternative "HTTP Server method" the "Running Locally" / make run method?

I installed the BitcoinJS library. And if I'm not mistaken, I performed BIP38's step 1 & 2 correctly:
Quote
We use the BIP38 library to decrypt the encrypted shared key seeds.

To build the multisig/bip38.js we used:

    1. Install packages with npm: "npm install bip38 crypto-browserify --save"

    2. Use browserify to resolve dependencies: "browserify -r bip38 -s Bip38 > lib/multisig/bip38.js"

However, I haven't been able to figure out what I've to do in this following step:
Quote
Then we amend the "lib/multisig/bip38.js" to support progress callbacks and Web Worker messages handling.

We need this as a separate file, because we're using it with web workers.

I also can't make out what you mean by the "python3 -m http.server" command, I have Python 3.10.6 but what do I have to do after I enter that command (and should it be in the multisig-tool respository? I'm sorry, I'm a complete beginner and don't know what I'm doing so I need to know every step no matter how basic it is.
legendary
Activity: 2268
Merit: 18771
index.html:1 Access to fetch at 'file:///home/revived/multisig-tool/lib/multisig/bip38.js' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes
This means your --allow-file-access-from-files isn't working as intended. I've never used Chrome so can't advise otherwise here. I use the alternative HTTP Server method instead, which works just fine. Did you make any headway on that?

The command given above is for Python 2:
Code:
python -m SimpleHTTPServer

If you are using Python 3, try the following command:
Code:
python3 -m http.server
newbie
Activity: 14
Merit: 5
What is the next step? Am I supposed to open the index.html file? Because using Chrome to simply use the web version is not an option as the API is broken (I tried it again, which resulted into "Failed!" addresses.)
Yes, open your local copy of index.html.

Once you open it, hit F12 on your keyboard and click on the Console tab. Does it show you any errors?

Ah good to see your reply Leo!

It only says the following:
Quote
index.html:1 Access to fetch at 'file:///home/revived/multisig-tool/lib/multisig/bip38.js' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.
lib/multisig/bip38.js:1          Failed to load resource: net::ERR_FAILED
multisig.js:136                  Uncaught (in promise) TypeError: Failed to fetch
    at require.2 (multisig.js:136:1)
    at o (multisig.js:1:273)
    at multisig.js:1:324
    at require./vault../address (multisig.js:15193:19)
    at o (multisig.js:1:273)
    at HTMLDocument. (tool.js:14:15)
    at j (jquery-2.1.3.min.js:2:26911)
    at Object.fireWith [as resolveWith] (jquery-2.1.3.min.js:2:27724)
    at Function.ready (jquery-2.1.3.min.js:2:29518)
    at HTMLDocument.I (jquery-2.1.3.min.js:2:29709)
legendary
Activity: 2268
Merit: 18771
What is the next step? Am I supposed to open the index.html file? Because using Chrome to simply use the web version is not an option as the API is broken (I tried it again, which resulted into "Failed!" addresses.)
Yes, open your local copy of index.html.

Once you open it, hit F12 on your keyboard and click on the Console tab. Does it show you any errors?
newbie
Activity: 14
Merit: 5
Quote from: BitMaxz
That is I think it suggests running Chrome with this parameter "--allow-access-from-files"

Could you please tell me how I can set this up in Linux? Would I still need to perform the other steps?

For now, adding parameter --allow-access-from-files when you launch Chrome or chromium-based browser is needed since the current problem is when you execute make run, not silent error when you use the tool on the browser.

I launched Chrome with the "-allow-file-access-from-files"  parameter by typing the following command: "./chrome --allow-file-access-from-files"

What is the next step? Am I supposed to open the index.html file? Because using Chrome to simply use the web version is not an option as the API is broken (I tried it again, which resulted into "Failed!" addresses.)
newbie
Activity: 14
Merit: 5
All your replies are much appreciated.

I will try to install either Debian 11 or one of the older Ubuntu versions.

Quote from: BitMaxz
Why don't you just use the hosted one since it's ready to use?

The hosted version is not working correctly anymore (since years). According to other threads it's due to an SSL handshake error with an api at bipay.com. After inserting the 3 xpub keys in step 1, it generates a list of empty addresses followed by the "failure" message next to each address.

Quote from: BitMaxz
That is I think it suggests running Chrome with this parameter "--allow-access-from-files"

Could you please tell me how I can set this up in Linux? Would I still need to perform the other steps?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
And Ubuntu makes it particularly hard to install Python 2 in recent versions of the distro, so you should start with an older Ubuntu version such as Trusty (14.04) or Precise (12.04) that have Python 2.7 bundled.

Not only Ubuntu, but most newer version of linux distro. And i'd recommend to use Debian 11 since it's newest version of Debian and still ship Python 2.7[1] rather than using EOL version of Ubuntu.

[1] https://packages.debian.org/bullseye/python2.7
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
The error is trying to tell you that you need to install Python (2, not 3). SimpleHTTPServer is a Python 2 class and it has been deleted in Python 3.

And Ubuntu makes it particularly hard to install Python 2 in recent versions of the distro, so you should start with an older Ubuntu version such as Trusty (14.04) or Precise (12.04) that have Python 2.7 bundled.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
Never use this Coinbase vault recovery before but based on what I understand from the guide on Github under the "make run" it looks like a permission issue.

Code:
Running locally
If you wish to run the tool locally, you need to do it through a local web server. The easiest way to do that is by running:

make run
This is because we use Web Workers for decrypting your BIP38 encrypted shared key seed, and Web Workers are not permitted to run through the file:/// protocol.

Another alternative is to run Chrome with the --allow-access-from-files parameter.

That is I think it suggests running Chrome with this parameter "--allow-access-from-files"

Why don't you just use the hosted one since it's ready to use?
They do only need the online on the first step when pasting public keys after they found balances you can now turn internet off and start the recovery process.
newbie
Activity: 14
Merit: 5
After Coinbase multisig vault was discontinued in 2018, a third-party multisig-tool was introduced on Github.
But that one stopped working as well.

According to this thread: https://bitcointalksearch.org/topic/m.61722006 the forked version (https://github.com/dlajarretie/multisig-tool) still works correctly but needs to be run locally.

I am stuck halfway in the instructions provided on Github and would appreciate if someone could guide me through the rest.

My progress so far:
-I installed Linux Ubuntu on a spare computer
-I installed npm and browserify
-I cloned the repository from: https://github.com/dlajarretie/multisig-tool

I entered the following commands in the multisig-tool repository in the terminal:
-npm install bitcoinjs-lib
-npm install --save bip38
-npm install bip38 crypto-browserify --save
-browserify -r bip38 -s Bip38 > lib/multisig/bip38.js
The latter command didn't show anything in the terminal, but I do see the "bip38.js"  file in the lib/multisig folder so  it could've been successful.

Are there any other steps I've to perform before going further?

When I enter "make run", I get the following error:

cd lib/multisig && \
../../node_modules/.bin/browserify -r ./vault -r ./views/addresses_view > ../../multisig.js
python -m SimpleHTTPServer
make: python: No such file or directory
make: *** [Makefile:2: run] Error 127

I look forward to hearing from the community and very much appreciate the help.
Also shoutout to o_e_l_e_o for being extremely helpful in the DM's.
Jump to: