Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Charles-Tim on February 01, 2021, 01:42:58 PM



Title: How can I match an address to a private key or seed phrase
Post by: Charles-Tim on February 01, 2021, 01:42:58 PM
Note: Never reveal your private key or seed phrase to anyone, it can lead to wallet being hack by attackers.


I am experimenting on a wallet, Abra wallet (not recommended in my opinion). I downloaded it today, it generated me 12 words seed phrase, which are:

mention country giant rice boss people bid asset boring midnight wise begin

The wallet do not give new addresses, only one address is used, and the address is:

Bitcoin address
19VT5sfnoQRnnzuJum5QkghN3oPJdE3DVc

I wanted to know if it is truly BIP39 seed phrase or not, I used iancoleman tool offline, it generated me the seed, extended private key, extended public key and addresses.

What I did not understand is that I check the first 500 addresses generated but I did not see 19VT5sfnoQRnnzuJum5QkghN3oPJdE3DVc generated by Abra's wallet. Is there a way I can match the address to the seed, private key or something. Or what am I getting wrong? Or is Abra's wallet fooling people. I am confused.


Title: Re: How can I match an address to a private key or seed phrase
Post by: NeuroticFish on February 01, 2021, 02:16:32 PM
The seed is not necessarily used in the same way by all the wallets (i.e. according to the standard)
The most known example is Electrum, which will also not work with IanColeman, but it's OK (there are known ways to overcome this if it's ever necessary, mainly because Electrum is open source).

On Abra I've read that they use a "custom derivation path".
More info:
https://bitcoin.stackexchange.com/questions/86119/which-derivation-paths-are-used-by-the-abra-wallet
https://www.reddit.com/r/Bitcoin/comments/87cis7/need_help_sweeping_private_key_from_abra_wallet/dyiz4fz/


Title: Re: How can I match an address to a private key or seed phrase
Post by: DaveF on February 01, 2021, 02:29:40 PM
I can't find the source code anyplace for the wallet, so unless I am missing where it is. As NeuroticFish said there is no way to find the derivation path that they used.
If they are even using a standard way of doing it anyway. Tough to say if it's a scam, bad programming, or just the way they did it which is different then most other wallets.

Unless you need to use that wallet for some reason. I would just walk away from it, except for learning about it. Would not trust it with any funds.
And that is coming from someone who uses coinomi....

-Dave


Title: Re: How can I match an address to a private key or seed phrase
Post by: BitMaxz on February 01, 2021, 02:45:10 PM
That's the problem they don't expose the derivation path one of their supports said they use a custom derivation path but they never mention if what path they used.

Anyway, If you can get the xPub of your wallet there is a tool to scan the wallet if what derivation path your bitcoin address belongs. But you must deposit a small amount first on that address so that it could scan the used address including the derivation path.

Here's the tool below.
- https://blockpath.com/wallets/local/101?action=appxpub

And it should look like this if they scanned used addresses.

https://i.imgur.com/DpEkjim.png
Source: https://www.reddit.com/r/Bitcoin/comments/a1gzqg/i_made_an_xpub_scanner_that_searches_all/


Title: Re: How can I match an address to a private key or seed phrase
Post by: Charles-Tim on February 01, 2021, 04:55:51 PM
Anyway, If you can get the xPub of your wallet there is a tool to scan the wallet if what derivation path your bitcoin address belongs. But you must deposit a small amount first on that address so that it could scan the used address including the derivation path.
Thanks for the answer, but I am not planing to use the wallet, only for experimental purpose to know if the seed phrase generated by the wallet is BIP39. Although, no conclusion about this for now, the wallet can not be trusted as commented not to be open source. I do not have any bitcoin to waste on this type of wallet, but your information is helpful.


Title: Re: How can I match an address to a private key or seed phrase
Post by: HCP on February 02, 2021, 08:50:13 AM
Why do companies do things like this? ??? The only explanation I can think of is "vendor lock in"... as there is simply no good reason for:

1. Using a custom derivation path
2. Not telling anyone what that custom derivation path is

That 12 word seed is effectively useless as a recovery tool without Abra... and what happens when they cease to exist? ??? :-\


Title: Re: How can I match an address to a private key or seed phrase
Post by: jackjack on February 04, 2021, 11:18:46 PM
and what happens when they cease to exist? ??? :-\
People lose money and see Bitcoin as a scam
And "hopefully" when there is enough lost money people reverse-engineer that wallet and find the derivation path


Title: Re: How can I match an address to a private key or seed phrase
Post by: pooya87 on February 05, 2021, 05:13:52 AM
This is yet another serious problem with closed source wallets, we have absolutely no idea what they are doing. The BIP39 to BIP32 or even the BIP32 implementation may be severely flawed and be deriving a wrong key (maybe even a weak key) at a known derivation path! Which may explain why none of the paths that were tried so far work.

Anyway, If you can get the xPub of your wallet there is a tool to scan the wallet if what derivation path your bitcoin address belongs. But you must deposit a small amount first on that address so that it could scan the used address including the derivation path.
This also ONLY works if your derivation path had absolutely no hardened indexes which may not be true since someone here (https://www.reddit.com/r/BitcoinBeginners/comments/879ven/need_help_sweeping_private_key_from_abra_wallet/) claims they told them the derivation path is m/1'/0/0, m/1'/0/1, m/1'/0/2 (although none of them worked with OP's mnemonic).


Title: Re: How can I match an address to a private key or seed phrase
Post by: asafmod on September 17, 2023, 09:01:09 PM
derivation path m/4'/0 worked in my case (deposit address was on m/4'/0/1)