Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Pantalaim0n on November 05, 2017, 02:01:06 PM



Title: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: Pantalaim0n on November 05, 2017, 02:01:06 PM
Few years ago I encrypted my Bitcoin private key for cold storage with an offline app called Bippy. Recently I tried to access my wallet by decrypting the private key, but my password was rejected.

I've checked out this Bippy program again, and I'm beginning to suspect it's faulty somehow. It seems that private keys beginning with a '5' - encrypted with Bippy - won't decrypt with the same password. Other prefixes seem to work OK.

Now, this Bippy app is open-source and written in Python, and I got it from here (https://github.com/inuitwallet/bippy). I've tried, as a test, to encrypt the private key 5Ka1Bv4RpKayZygPhZbBcREejqeYwq2iSRzWPKsg49SPgVRTnpW with password testingOneTwo (it's a fresh pk, no bitcoins there ;)). In Bippy this encrypts to 6PYMN8WT4CW7xLYczLvYfXZCtQWND7XEesk32QbXujMgKhf2v5A2ZQANpL, however, using the above password fails to decrypt it to its original... I've tried several other '5'-private keys and passwords, and the same happens every time.

Luckily the program is open-source; sadly, the project seems abandoned a few years back and my knowledge of Python and encryption is not at a level good enough to pinpoint the bug at play here, and hoping for some help here :)


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: bob123 on November 05, 2017, 03:03:25 PM
Are you able to export your encrypted private key?
If so, you could just easily try to write a small python script with several "possible passwords" to be used decrypting your private key.
Just install a libary of your choise (e.g. graphenlib, http://python-graphenelib.readthedocs.io/en/latest/installation.html (http://python-graphenelib.readthedocs.io/en/latest/installation.html))  and use encrypt/decrypt functions:

Code:
from graphenebase import PrivateKey
from graphenebase.bip38 import decrypt

format(decrypt("your_encrypted_priv_key","SecretPassPhrase"),"wif"),

>> "your_decrypted_priv_key",

Afterwards you also could use a bitcoin libary to check your balance to make sure its worth recovering it to a wallet.



Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: jackg on November 05, 2017, 03:18:46 PM
Few years ago I encrypted my Bitcoin private key for cold storage with an offline app called Bippy. Recently I tried to access my wallet by decrypting the private key, but my password was rejected.

I've checked out this Bippy program again, and I'm beginning to suspect it's faulty somehow. It seems that private keys beginning with a '5' - encrypted with Bippy - won't decrypt with the same password. Other prefixes seem to work OK.

Now, this Bippy app is open-source and written in Python, and I got it from here (https://github.com/inuitwallet/bippy). I've tried, as a test, to encrypt the private key 5Ka1Bv4RpKayZygPhZbBcREejqeYwq2iSRzWPKsg49SPgVRTnpW with password testingOneTwo (it's a fresh pk, no bitcoins there ;)). In Bippy this encrypts to 6PYMN8WT4CW7xLYczLvYfXZCtQWND7XEesk32QbXujMgKhf2v5A2ZQANpL, however, using the above password fails to decrypt it to its original... I've tried several other '5'-private keys and passwords, and the same happens every time.

Luckily the program is open-source; sadly, the project seems abandoned a few years back and my knowledge of Python and encryption is not at a level good enough to pinpoint the bug at play here, and hoping for some help here :)


That doesn't look like bip38 encrypted. In my understanding, those keys stre with a U not a 6.
It's probably quite simple to try to convert between that original code and it's inverse (unless it's hashed at some point).

In the meantime, as bob says, get yourself a script and try to decrypt it that way using different character versions.
I'd suggest you make a new encryption with a password 1 character in length as it'll be much easier to brute force (probably).


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: Pantalaim0n on November 05, 2017, 03:32:13 PM
Prefix 6PY means Compression, no EC multiply

I already have a bruteforce script in place that checks every variation of the password that should unlock it. So far, no luck. And if the encryption in Bippy is faulty, it's pretty much futile anyways :)


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: jackg on November 05, 2017, 04:26:29 PM
Prefix 6PY means Compression, no EC multiply

I already have a bruteforce script in place that checks every variation of the password that should unlock it. So far, no luck. And if the encryption in Bippy is faulty, it's pretty much futile anyways :)

Try a shorter password?
If it is using a regular encryption type you should be able to find what the password string is and use that to work out how the system actually functions and then work out how to get your other password from it. Although, since the developers gave up on it a few years ago, it probably has a few bugs in it that they couldn't fix.


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: Pantalaim0n on November 05, 2017, 09:45:29 PM
Well, it turns out the Bippy encryption method is faulty. See this reddit-post (https://www.reddit.com/r/Bitcoin/comments/7axbqk/lost_password_to_bip38_encrypted_private_key/dpdsbcg/) for details from the guy who figured it out.


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: Spendulus on November 05, 2017, 10:02:41 PM
Well, it turns out the Bippy encryption method is faulty. See this reddit-post (https://www.reddit.com/r/Bitcoin/comments/7axbqk/lost_password_to_bip38_encrypted_private_key/dpdsbcg/) for details from the guy who figured it out.

Indeed it is faulty.

Well, here is the BIP 38 specification.

https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki#Prefix

I would take bippy and run tests at it in an attempt to find a way to encrypt and then decrypt a phrase. There may be a way. Saying it's faulty doesn't mean you can't use it. Maybe there is a systematic error.

For example, maybe the encoded phrase, you must drop the first digit before attempting to decrypt the remainder.

There's another bip38 decrypt in the java code that you can download and run offline at bitcoinpaperwallet.org....the tab that says "validate or decrypt".

https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html#


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: LoyceV on November 06, 2017, 10:25:43 AM
That doesn't look like bip38 encrypted. In my understanding, those keys stre with a U not a 6.
When I create a BIP38 encrypted key on https://bitcoinpaperwallet.com, it does start with 6PR:
5Ka1Bv4RpKayZygPhZbBcREejqeYwq2iSRzWPKsg49SPgVRTnpW with passphrase  testingOneTwo gives 6PRLKpRdHRsMJcjuMYoE4wpKYUZEX11oB9LejdU8JuDLxynpDZFZWMNkDv.

Well, it turns out the Bippy encryption method is faulty. See this reddit-post (https://www.reddit.com/r/Bitcoin/comments/7axbqk/lost_password_to_bip38_encrypted_private_key/dpdsbcg/) for details from the guy who figured it out.
I didn't get it to work in my VM-Ubuntu, but this guy clearly has your answer.


To prevent this in the future: When creating encrypted storage, or backups in general, it's important to test if you can get it back before actually using it.


Title: Re: "Lost" password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Post by: Spendulus on November 06, 2017, 11:33:53 PM
....
I didn't get it to work in my VM-Ubuntu, but this guy clearly has your answer.


To prevent this in the future: When creating encrypted storage, or backups in general, it's important to test if you can get it back before actually using it.


I think the question here is can one show the situation/schenarios/cases/test-phrases where it works, or where the error is obvious, and then extrapolate from that to the case in question.