Bitcoin Forum

Back in 2012 I've used Bitaddress to create a brain wallet.
I've forgotten about it until yesterday when I organized my closet, and found the paper, only to find out that it due to my kid, most of the private key is torn, except of 4 characters in the middle (I know where they start).  And the first character is L.
I don't remember the words I've been using to create the key.

More information: Bitaddress V1.6 SHA1
I know my public BTC address.

Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.

Is there a way to use brute force algorithm (like Brainflayer) to find my key?

0.2 BTC to whoever will find a way to retrieve my key.

With 4 characters and no idear which sentence you used to create your brain wallet... I don't like your chances to be honest...

There might be some tools to help you brute force those brain wallets, but they're really slow... You'd need a pretty good idear about which sentence you might have used to have a shot at bruteforcing tbh...
The fact that you know the address might help a bit while bruteforcing, since the tool you use doesn't have to check for unspent outputs once it generated an address, it just has to match the generated address to the address you have on file... Still, i don't like your odds...

First private key character is L, I have another 4 characters in the middle.

Have you tried to put together torn paper? Maybe try to investigate which side belongs to other? Maybe with the help of magnifying glass. You kid is not a shredder, he wont tore it into one millimeter dust. What is the amount of Bitcoin you are trying to get access to? You know 4/64 characters - with enough money, powers and time I'm sure you can brute force it. But are you sure it will be worth doing ?

To be honest, that only reduces the searchspace from "super duper incredibly totally impossible" to "super incredibly totally impossible".
Scanning the keyspace is a big no-no... It simply cannot be done in finite time, at least not with only 4 characters that are known to you... If you'd be missing 4 characters it would be something completely different.

Your only option is to dig deep and write down whatever words you might have used as passphrases around that time... Think about passwords you haven't used in a long time, names or dates or addresses that might have mattered to you in that timeframe... Then find a tool that iterates over these words and maybe add some variation to them. The brain is a terrible source of entropy (source for that quote is unknow, but it's not mine), so it should be far easyer to remember the passphrase than it is to bruteforce the actual private key given the first letter and 4 characters in the middle... The first letter isn't that important anyways...

Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.

Sorry to be the barer of bad news, but that's still not nearly enough to bruteforce your key in finite time... Really... Unless you suddenly find another 40 or so characters in the right sequence, i would just stop with the path of trying to bruteforce the actual private key, and concentrate on the phrase you used to generate your brain wallet.
I know you said you don't remember, but even if you don't remember your odds are better than the odds of bruteforcing a private key with so little of the key known to you.

Don't get your hopes up tough... Your odds are very small either way.

EDIT: since it doesn't seems to sink in, here are some numbers from https://en.bitcoin.it/wiki/Vanitygen
Vanitygen is a tool that iterates over private keys, derives the public key, hashes said key to form the address, then sees if the address matches a predefined regex.
It seems to max out on:
GeForce RTX 2080 SUPER (48x64 cores) Grid(384x256)   2002 Mkey/s

So, basically, if you run a super-optimised tool on a GPU you can create up to 2.002.000.000 private keys/address pairs PER SECOND.

Now, you're missing 52 - (1+1+6) = 44 characters.
So there are 58⁴⁴ combinations that can be made with 44 unknown characters out of a characterset of 58, and 8 known characters to form a compressed key in WIF

Divide those two, and you end up with billions of years needed to bruteforce the key...

The breaking point is somewhere around 9 unknown characters:
(58⁸ keys)/(2002000000 keys/second * 60 seconds/minute * 60 minutes/hour * 24 hours/day) =~ 1 day to bruteforce the complete keyspace
(58⁹ keys)/(2002000000 keys/second * 60 seconds/minute * 60 minutes/hour * 24 hours/day) =~ 43 days to bruteforce the complete keyspace
(58¹⁰ keys)/(2002000000 keys/second * 60 seconds/minute * 60 minutes/hour * 24 hours/day) =~ 7 YEARS to bruteforce the complete keyspace

So, even if you have 10 GPU's, and you find a tool that's twice as fast as the once i posted benchmarks for, and you only need to scan 50% of the keyspace, missing 10 characters will still take you more than 2 months to bruteforce... Now let it sink in you're missing 44 characters instead of 10, and you don't have 10 GPU's laying around, you don't have an optimised program, and you might have to scan allmost 100% of the keyspace...
Trying to remember what kind of phrase you might have used is your only option mate... Really... Even if you have no clue, it's still better than trying to bruteforce a private key...

No QR code? Sometimes it could be more helpful.

Thank you for explaining the math.
My next question - isn't the odds are (a little) better due to the known position of the 8 characters, the known public key, and that it was generated with SHA1 and probably dictionary phrase? 

Is there a tool out there that I can test possible phrases and position the known characters?

How much bitcoin is inside the wallet? Maybe it will not be financilly feasible to bruteforce the wallet key, if possible , if the funds inside the wallet is less than the money you have to spend in processing power.

and A tool works on an algorithm and algorithm is created by maths, that you saw above.

https://github.com/MrMaxweII/repairPrivKey

https://user-images.githubusercontent.com/34688939/75074392-dc6ee100-54fb-11ea-8273-e5a6f540dee7.png

The running time is displayed.

Looks like it's a really nice tool... I wouldn't run it on an online machine without reading the actual code tough... Also, like i already said: this tool is perfect for when you're missing 4 or 5 characters... Running it with 44 missing characters won't do you any good...

Open Source

yes offline!

No , you have 44 characters missing. Like the maths shown above 58^10 takes 7 years approx. for 10 characters.

I don't think SHA1 was used for your brainwallet, that was the signature for the webpage itself and has nothing to do with your brainwallet. A small change in your brainwallet phrase will have an avalanche effect in your resultant WIF private key, having knowledge of that can possibly help you to verify if the key is correct but won't help you to reduce the time if you were to bruteforce using the phrase.

If it's a dictionary phrase, I would expect it to be wiped by now. I'm not exactly sure how Bitaddress used to generate them but I presume they are not salted.

I thought that brain wallets are weaker than random keys, aren't they?

yes

Single SHA256 of the passphrase while enforcing a minimum 15 character length passphrase.
https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/ninja.detailwallet.js#L58-L62

It is insecure so if OP has some idea about the passphrase they used there could be a chance to brute force it rather easily.

I does not matter really.
Or let's say differently - it depends on the vector of attack.
In your case there are 2 possibilities: you try to recover WIF or you try to recover seed phrase.
With WIF - usually if there is more than 7-8 characters missing (not counting the last 4-5, which are checksum and are not critical for the problem), it becomes difficult (it not really makes sense, or in other words - it would take a log time. Of course there is chance that you will hit the correct WIF after one second, but I would not have too much hope.
You may play with my simple program for that: https://github.com/PawelGorny/WifSolver
Maybe you should think about seed phrase you used? Or you definitely abandon that idea?

Just to make sure the OP isn't getting any false hopes: Coding Enthusiast is using a different way of saying what i've said before: OP could brute force his passphrase if he has an idea what it might have been... If it was a completely random passphrase, it's still allmost impossible... Bruteforcing the actual private key is impossible (well, theoretically it's possible, but in reality it's not)

Yes, I understand that.
I wrote some words that I might use to create the key, now how can I check them?

I'm not sure if there's an off-the-shelve tool for your specific situation... tbh, i've never tried to bruteforce brainwallets ;)
This being said, if a tool doesn't exist, it shouldn't be to hard for a programmer to write one... What you're asking isn't exactly rocket science

if it's just a brainwallet then you can use a simple SHA256 script that rotates the words and hashes them and then creates a keypair and then checks the outcome against a given address.

It depends on the amount of combinations you want to check.
It its just a few, use website you have used to generate your brain paper wallet.

If you want to check tons of information, you'd need a tool to do so. If there is no, you could ask someone to write one for you.
Maybe someone is doing this for free, otherwise it shouldn't cost too much anyway.

But you need a relatively good idea on how the password was. Otherwise there is little to no hope.

Brainflayer (https://github.com/ryancdotorg/brainflayer) is pretty much the "standard" when it comes to brainwallet "cracking"... there are loads of tutorials on google/blogs/youtube etc that show it in action.

You feed it a list of potential passphrases (wordlists, phrase lists, book quotes, song lyrics etc), it then generates the "brainwallet+address" and compares with a bloom filter of addresses you're interested in...

Installed and ran brainflayer with my public key & possible word list that I've made.
within an hour it said that it found the key, but it's 40 characters, which looks like hex format (starts with 83).
Do I need to convert it to WIF somehow, or it is just a false-positive?

I converted my public key to hex and placed it in example.hex.
Than:
hex2blf example.hex example.blf

Than:
brainflayer -v -b example.blf -i phraselist.txt

Hello all.
I have been following various discussions in this forum for quite some time.
Wouldn't Vanity Search be useful in this case?

https://github.com/JeanLucPons/VanitySearch

It is described in Step 3, plus the wildcards for the missing digits, that should be much faster.

If I am wrong please ignore my post.
Greetings

Put your private key in electrum wallet to check if it is real or not and the balance.

Public Key? Or your address converted back into Hash160 form? ???


When you ran brainflayer... and it popped out a result... the "passphrase" should have been on the end of the line of output... like this example where I found that "abc123" was the passphrase used:
https://talkimg.com/images/2023/11/15/zsbQq.png

The 40 char hex at the start of the line should be the "RIPEMD-160(SHA-256(public key))" (aka HASH160) that you derived from your address (convert Base58check address back to Hex) and put into the example.hex file before you ran hex2blf


Anyway, simply put that "passphrase" into a brainwallet generator like: https://www.bitaddress.org/ (use the "Wallet Details" tab)
or, if your passphrase is too short to be recognised using BitAddress (like my example) try: https://brainwalletx.github.io/#generator (click "Toggle Key" to see private key in WIF format)

NOTE: don't run these tools "online"... you should download them and run them "offline"... both have links to github and/or .zip files at the bottom of the page!

This gives:
https://talkimg.com/images/2023/11/15/zspfj.png


(You may need to check both the "uncompressed" and "compressed" options to see the correct address)

Thanks for that.
I got 20 different results (I used a custom generator key-word + downloaded the English dictionary txt file), none of them match my address.
How it's even possible to get those results if I only type one (mine) address inside the "example.hex" file (and converted it to example.blf)?

You used bitaddress to make that brainwallet and chances are you probably did not type random characters as the password there.

Yes brainflayer is an option but the speed will not be great because A) it is not multi-thteaded or GPU-accelerated in any way, and B) you are only searching for the private key of one address, this makes the bloom filter that brainflayer uses very inefficient because bloom filters can check tons of different HASH160s of an address at the same speed. Still, try it anyway, especially if you can guess what kind of password you might have used.

I would not use VanitySearch for this task because while it can use (Nvidia) GPUs, it was not designed with brute-forcing addresses in mind. You need to already know the public key, which cannot be derived from the address, and even if you do have that, it's just a generator program which will terminate as soon as it finds address with a prefix in front of it, while you're looking for the private key, or rather it's WIF specifically.

The alternatives are not much better either and you may have to resort to brute forcing the address with Bitcrack (https://github.com/brichard19/BitCrack) if you cannot remember your password.

I am almost certain that I've used a combination of three words, I have a list of words that I might use (around 2000 words). Is there an easy way to create a "mixed" list from them (without those who are less than 15 characters) to test?

There's an online tool for that. Put all your words in https://textmechanic.com/text-tools/combination-permutation-tools/combination-generator/ and optionally select the "repeated words" checkbox if you know that you used some words twice. This won't filter the result list by length though but you can try sorting the list by length using https://miniwebtool.com/sort-text-by-length/ and delete the lines they are shorter than 15 characters.

2000 combinations of 3 words gives you at most 8 billion possibilities before removing the ones that are too short, so your odds with using brainflayer is good even though it is single-threaded.

Sheesh... you have an almost impossible task to get "Humpty dumpty" together again. A lesson is to be learnt from this .... always make duplicate copies of your Paper wallets and store them at two separate geographical locations.

I also laminate my Paper wallets to protect them from natural elements and also bugs. (Mites / Silverfish etc.)  I went through something very similar, so I share your frustration.

Tip : DO NOT store loads of coins on a single paper wallet... I distribute small amounts on several wallets. (More convenient if you have to sweep a small amount to use in emergencies and also lower risk when you have to do it)  ;)