Title: Options for Armory lost passphrase Post by: vect0rz on April 02, 2021, 06:21:11 PM Hi everyone,
I'm reaching out on this forum since I know some of the software developpers are here and lot of crypto experts. I'm wondering what are my potential options to gain access back to my Armory wallet based on the following :
Here is what I tried so far with no luck :
I'm curious to see if you guys see alternatives or suggestion about what I should try next? There is a few bitcoins left in the wallet and would appreciate any help : great tip for sure included if advise leads to success :) Thank you, Title: Re: Options for Armory lost passphrase Post by: goatpig on April 03, 2021, 08:47:33 AM Quote I have the encrypted .wallet file And I'm guessing no paper backup? Quote Using btcrecover with my RTX GPU to bruteforce any possible typos, typos-maps, word combinations, tokens etc. This stuff supports Armory? Have you tested it? (i.e. create a wallet, give it to btcrecover with 1-2 characters off of the password and see if it can figure it out) Quote Gave a try to the Finder Outer nice tool to recover root key but since I don't have any characters from it, it would take billion of years to crack Same test applies. Quote Look for vulnerabilities with Armory, I could find a fragmented backup vulnerability that indeed impact the version of the wallet (0.88.1). Not sure if it can be exploited or not. If someone could help exploiting this vulnerability or giving pointers, that would be really appreciated. The fragmented backup vulnerability doesn't erode the security that much. It messes up the SSS setup but there is no real world attack against that. This is all theoretical. The recommendation I stickied here was for people using SSS to proactively redo their backups with the fixed implementation. At any rate, to even begin exploring this angle, it would mean you have a set of fragmented paper backups. If that's the case, you don't have to crack anything in the first place. Quote I have a list of possible passwords but its been so long, I'm not sure anymore if its really within the list I could think of Once you've established that the bruteforce software you're using actually works on these specific Armory wallets, you can start building a strategy to brute force whatever you remember. If you use a typical pattern across all your passwords or use a password manager, that can be useful too. First ensure you aren't wasting energy getting false negatives. Title: Re: Options for Armory lost passphrase Post by: vect0rz on April 03, 2021, 01:58:07 PM Hi Goatpig, thanks for taking the time to reply and all your work within the community!
Please see my answers bellow : Quote And I'm guessing no paper backup? That's correct, unfortunately. Quote This stuff supports Armory? Have you tested it? (i.e. create a wallet, give it to btcrecover with 1-2 characters off of the password and see if it can figure it out) Yes it does support it, I gave it a try with a wallet created on version 93.3 and 0.85, both worked and were able to find the test password I created. Also, I figured out that some Armory versions have different unlock times and results in much faster attempt at bruteforcing. Please see test results here : C:\btcrecover-master>btcrecover.py --wallet armory_2ZeUsv9ZR_.wallet --tokenlist tokens4.txt --enable-gpu --global-ws 600 --typos-case Starting btcrecover 0.17.10 on Python 2.7.7 64-bit, 16-bit unicodes, 32-bit ints btcrecover.py: warning: --typos COUNT not specified; assuming 1 Usage: btcrecover.py [options] btcrecover.py: error: no such option: --language btcrecover.py: warning: each --global-ws should probably be divisible by 32 for good performance Wallet difficulty: 8 MiB, 3 iterations + ECC Using OpenCL GPU GeForce RTX 2060 2376 of 2830 [##################################-------] 0:00:19, ETA: 0:00:03 Password found: 'Test1234$' The tokens4.txt file only contains the following : + test : means the word test is anywhere in the password. Combined with typos-case, it tests uppercase for all letters in possible combinations + 1234 : means 1234 is anywhere in the password %p : means any possible ASCII characters Quote Same test applies. Will do! Quote The fragmented backup vulnerability doesn't erode the security that much. It messes up the SSS setup but there is no real world attack against that. This is all theoretical. The recommendation I stickied here was for people using SSS to proactively redo their backups with the fixed implementation. At any rate, to even begin exploring this angle, it would mean you have a set of fragmented paper backups. If that's the case, you don't have to crack anything in the first place. Thank you for the detailed answer, didn't know the fragmented paper backup was a prerequisite. Can't go this path indeed. Quote Once you've established that the bruteforce software you're using actually works on these specific Armory wallets, you can start building a strategy to brute force whatever you remember. If you use a typical pattern across all your passwords or use a password manager, that can be useful too. First ensure you aren't wasting energy getting false negatives. Right, since I know the btcrecover is working fine, I guess my best bet is to put more energy in bruteforcing the list of passwords. Yes I have a pattern accross my passwords and I was using a password manager, what can be useful about it? Do you know perhaps, where I could find version 0.88.1? Thank you, Title: Re: Options for Armory lost passphrase Post by: goatpig on April 03, 2021, 08:05:22 PM Quote Also, I figured out that some Armory versions have different unlock times and results in much faster attempt at bruteforcing. KDF difficulty is targeted for the machine the wallet is creating, aiming for a 0.5sec unlock time. You can manually set it too. This isn't a version thing, it has operated like this across all Armory versions. Quote I guess my best bet is to put more energy in bruteforcing the list of passwords. As long as it won't cost you more than what's on the wallet. Ignoring this for a few years and trying again in a few years is a viable strategy too. Quote Yes I have a pattern accross my passwords and I was using a password manager, what can be useful about it? You may still have access to the drive the password manager was running on or you can be a little more liberal about your search space if you know that pattern the password was using. The more degrees of freedom you know you can restrict in the search, the more you can broaden the other areas. It's a more efficient way to use your energy. Quote Do you know perhaps, where I could find version 0.88.1? https://github.com/goatpig/BitcoinArmory/releases/tag/v0.88-beta Title: Re: Options for Armory lost passphrase Post by: vect0rz on April 04, 2021, 09:55:15 PM Great, thanks a lot for the detailed answers. At least, I know I'm on the right path and don't have much alternatives. Might try cloud GPU services on vast.ai ! I'll also try to build 0.88.1 even tho I don't have much experience building programs.
There is over 50 BTC left so its definately worth it :) Cheers, |