Bitcoin Forum

I created a password for my Bitcoin wallet using passwordsgenerator.net, set to 15 characters of all types. I wrote the password down, but when I tested it I was surprised to see it didn't work. I counted the amount of characters I had written down and there were only 14 characters. Obviously, I missed a character. Since I know all but one character in this 15 character password, I was wondering if it would be possible to successfully brute force my way back into my wallet.

That should be absolutely possible.
If you consider the 15 possible positions of the missing character, and about 60-90 possible characters (depends on whether the password generator used only letters and digits or other characters, too), that would be about 900-1350 different passwords to try - if it wasn't so tedious you could even do this semi-manually (generate the passwords using a very simple program, and enter them into the wallet program using copy-and-paste) within 3 or four hours.
A program that can check wallet passwords from a given list automatically would do it in 1-2 seconds.

Onkel Paul

Awesome! I hope there's a brute force program that can be applied to Bitcoin-Qt.

If you can code you could write such a program, for example in python (best choice would probably be to use the bitcoind walletpassphrase command over JSON-RPC).
I don't have time at the moment, otherwise I'd offer to code it for a small fee :)

Onkel Paul

Unfortunately I can't code. Would it be feasible to learn how within a week's time?

Probably yes, it depends on how fast you learn and how valuable your own time is.
The programming task is pretty simple (listing all the passwords takes just 5-6 lines of code, checking them against bitcoind would probably be somewhat similar, and since this is a one-shot task, you don't have to go through all the tedious error-handling and GUI stuff).

If you've got some free time and not much money to spend on someone else who does it for you, you should definitely go for it. Programming is a valuable skill, and being able to write small pieces of code (or even just understanding how some code works) is pretty useful.

Search for a python tutorial on the web, and try to work through it, then you should be able to write a bruteforce tool for your wallet :)

Onkel Paul

If you're interested to learn, https://codecademy.com is a great resource with interactive lessons, including Python.

It's a pretty simple program.  If you can install python I can probably whip something up tonight, or somebody else might beat me.

I'd appreciate it.

Was planning on taking an online class in programming, even before this happened.

SkilledUp (http://www.skilledup.com/) is a great website that reviews all different educational entities.

Look at this thread:  https://bitcointalk.org/index.php?topic=85495.0

You will find a whole lot of brute-forcing scripts by revalin. They rescued many, many coins...

http://www.recoinvery.com/ (http://www.recoinvery.com/)

http://www.recoinvery.com/images/recoinvery.png

Be very careful with external services offering to crack your password. They might have hidden agendas...

Onkel Paul

There you go, check post #26.  You just need to install ruby.  You can delete the parts you don't need, since you just want to insert a character.

Well this site screams bad idea...

Perhaps you misread two of the characters or missed one such as : at the start. If there might have been '' mistaken for " or ^; ] for l or | etc; or a duplicate character; etc, then those might be worth looking at. I'd expect it's just one error, so limited number of those to check.

Since you have the wallet, you could post the password here and see if there are obvious typo errors that can be suggested for that.

#26 (https://bitcointalk.org/index.php?topic=85495.msg942017#msg942017)

I imagine I just copy his code into a text document and rename it .rb or .rbw or something (the two file types the installer mentioned)?

Also, I have no idea what this means:

--
edit: This also requires a running bitcoind.
1. set "rpcpassword=somerandomcrap" in .bitcoin/bitcoin.conf
2. run "./bitcoind -daemon"
3. run "./bitcoind getinfo" until it starts returning data instead of errors
4. then run the script above.
--

Also, in his post below that one he presents an alternative code that will try "double substitutions." What does he mean by that?



I was about to download it, but it wouldn't let me download it without giving my email address, which I see as very poor etiquette.

At least on Linux, where the wallet.dat is stored is normally also a bitcoin.conf with configure options as a text file. If it doesn't exist, above is suggesting create that with at least a line that is rpcpassword=randompassword; then run the daemon rather than the GUI QT by running ./bitcoind -daemon; the ./bitcoind getinfo is just a check that it's completed scanning the blockchain and is ready to reply to requests from the script. ".bitcoin/bitcoin.conf" is normally in the user's home directory on Linux as a hidden directory which is the . before bitcoin. So == ~/.bitcoin/bitcoin.conf - on other OS, look to where ever your wallet is for similar.


Be very careful if you download that other application.. paranoid careful. At least disconnect the internet and reboot before reconnecting in case it's a trap.

Don't trust that recoinvery website.

First, what OS are you using?

Windows 7

You need to allow command line access to bitcoind because the program needs to automatically check whether the password works.  See here:

https://en.bitcoin.it/wiki/Running_Bitcoin#Bitcoin.conf_Configuration_File

Basically you need to create a textfile named bitcoin.conf in C:\Users\username\AppData\Roaming\Bitcoin\ (change username to your username)

In the textfile you probably only need:

rpcuser=somename
rpcpassword=somepassword

Make the password a long gibberish thing

Once you have that file, open a command window (start, type cmd in the box, and select cmd.exe)
then type:
cd C:\Users\username\AppData\Roaming\Bitcoin\  (replacing username)
bitcoind --daemon

Count to 10 and type
bitcoind getinfo

If it gives you some information (current block, etc) that means you're connected and you can then run the ruby script
If it says not connected then count to 10 and try again.

This part confuses me.

Thanks a lot for your help!

Download notepad++
Make a new file, enter:

rpcuser=krkfifeioefwk
rpcpassword=34kjjrkjr4kljfu9vf9uvfu98vdskj34kjfsadup9gfi9gtr0u89t484thu

save as bitcoin.conf in C:\Users\username\AppData\Roaming\Bitcoin\ (change username to your windows username)

When I type in bitcoind -daemon (Revalin's instructions have one dash, not two as you indicated) in the command prompt, it puts it into a state where I'm unable to type anything. The cursor or whatever just remains there, blinking, and there's nothing I can do but close the program.

Bitcoin Roaming folder, bitcoin.conf file, and what is described above ->

https://i.imgur.com/O0dgQGa.gif

https://i.imgur.com/k3voisk.gif

NOTE: I don't use the armory, but I ran it once.


https://i.imgur.com/ooMVfaf.gif

Try two dashes

Same fuckin' thing. It just deadens the cursor.

https://i.imgur.com/Cx0udL0.gif

Add "-printtoconsole" so you can see what it's actually doing:


Once the daemon has finished initializing and is actually in listening mode, start your Ruby script.

Maybe it just does that on windows.  You can open a second cmd.exe and try bitcoind getinfo and see if it's responding.

I tried what flatfly reccommended. It revealed a process that just kept building text (one thing I caught was that it kept trying connections). I eventually accidentally unplugged my computer. https://i.imgur.com/G9AaSDN.gif

That's probably just your daemon trying to catch up with the blockchain. Anyway, we don't need this to bruteforce the wallet, so add '-maxconnections=0' to the command line to disable connections:

Every fifteen minutes or so a new one of these pops up.

Unable to type anything.


https://i.imgur.com/egR8068.gif

Open another console window and do whatever you need to do in that window.
It looks as if the bitcoind isn't really backgrounding when started in a Windows console.

Onkel Paul

Guess what guys? I re-gained access to my wallet.  :)

Congrats

Great news!  Would be nice to tip the people that helped, and/or post the script that you used, so it can be helpful to others in the future...

After reviewing the thread, it seems like flatfly, cp1, and OnkelPaul are tip-worthy (not to sound condescending). Multiple people combined with the fact that I only have $100 bitcoins and $150 in the bank, I'll tip those who specifically ask me for a tip.


It was already referenced on the first page.

Glad to hear that you recovered access. I for one wouldn't mind a little tip - always motivating!  My address is in my signature.

Is there no such thing as a free bitcoin transaction? I'd also like to propose knol.pw invites as a tip. Ebook website with an amazing selection, extraordinary discounts on all books (most books are under one dollar).

https://i.imgur.com/PIMKDxD.gif

Bitcoin's become so popular that it's hard to get a free transaction processed now.

I thought the OP was a spammer. He's been dropping website URLs since his first post. 3 so far now.

What a bunch of nonsense. If you look at the history of my posts, you'll see that all of my original posts are typical newcomer questions with no links to outside sites. The only website I can recall mentioning (and sometimes I don't even link to it as I exclude the http) is the one mentioned in my last post in this thread, which is actually a good quality website and you'll find people on the web asking for invites for it (http://www.reddit.com/r/Invites/comments/1y794m/w_ebookoidcomknolpw_invite/ (http://www.reddit.com/r/Invites/comments/1y794m/w_ebookoidcomknolpw_invite/)). And I made a thread on bitcointalk specifically asking if it was OK to promote this website (Against the rules? (https://bitcointalk.org/index.php?topic=491417.0)) before I ever even posted it! I'd also like to point out that when I first made a thread about this website, it wasn't even invite-only, it was open to everyone, and I was simple generously passing it along. And the only deal I ever made was asking someone to send me a dollar because I needed at least one dollar to keep my account -- and the site went back into invite-only mode which means I wouldn't be able to simply re-register -- and in exchange for the dollar I would give an invite. And once again, when I initially promoted the website, invitation was completely open and I was totally unaware that it was subject to close and become exclusive; my initial motivation was nothing more than passing a long an incredibly valuable website that takes bitcoins. Anyway, I eventually got someone to give me a dollar, which enabled me to keep my account. You're obviously not keeping track of things too well and your accusation is ridiculous.

I'd rather go for the regular btc tip - perhaps you can just make it 0.0001 less, to account for the required fee...
Thanks :)

I had already sent it before I made that post.  ;)

Great, thanks :)

I was referring to your 3 posts in this thread. Numbers 1, 9, 37