Bitcoin Forum

Hello everyone.

I went through some of my older private keys and in one of them i've seem to have lost 3 out of the 24 words of my passphrase. I'll spare you the details of my idiocy  :-\. There wasn't really that much money in there but I was wondering if bruteforcing these 3 words is possible since I have the other 21. I don't really know how this stuff works but if it is possible, how would I go about doing this?

thx in advance.

First of all, do you have them in order (first, second, third...)?

If yes, then the problem lies in simply brute-forcing the 3 words, which is about 8 billion tries.
This number may look scary, but in fact it's doable even on an average PC in a few days at most.

How exactly did you lose the last words?
If you still have some parts of them left, this will make the brute-forcing process easier by several orders of magnitude.

No, please don't spare us, entertain me, I'm curious how you managed to lose 3 but keep the other 21.
How did you create these 24 words in the first place? Usually it comes with a (hardware) wallet: did you destroy that too?

Any idea how much we're talking about here? It makes a difference if it's $10 or $1000, especially if you'll end up getting a specialist to do it for you.

8 billion means you're extremely unlucky :P

If you know the order and the position of the missing ones it may be possible...

2048^3 conforms 8.589.934.592 different combinations. On average you need to search half of the space [1] (= 4.294.967.296).
The last word is a checksum. This makes it much easier to test whether the seed is valid or not. This makes it pretty easy for a halfway modern pc to bruteforce the seed.



I would recommend to take a look at btcrecover (https://github.com/gurnec/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md (https://github.com/gurnec/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md)).
This tool gives you the opportunity to bruteforce the missing words of your seed. You'll need python to run it. There are quite a few tutorials on the internet on how to install python.
If you'll need some help doing so, feel free to ask further questions.



He may stored those 24 words seperated in 24 different places? In shoes, jackets, .. Over time he may have lost / can't remember where he stored the missing 3. Just my guess  ::)





[1] For further information read more about the birthday paradox here https://en.wikipedia.org/wiki/Birthday_problem (https://en.wikipedia.org/wiki/Birthday_problem) and here https://en.wikipedia.org/wiki/Birthday_attack (https://en.wikipedia.org/wiki/Birthday_attack).

If you're referring to a seed then just look at the source code for your wallet and identify the possible words that could have been used.

Well, I had the words written down on a notebook. Don't quite recall why but some time ago I wrote something on the verse of the page and ripped that part off, not realizing the words were on the other side. Only noticed it today when looking for it. Either way, it has no BTC in it, I moved it a couple of months ago, but I could use it to recover some pocket change worth of BCD.

I do know the position of all the words, as well as the last 2 letters in one of the lost ones. I'll take a look at btcrecover and the python tutorials and see if I can figure it out.

Thanks a lot guys! I'll keep you posted.

Cool story :D

Those 2 letters help you a LOT!
If you share those 2 letters, I'll shorten the full list (https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt) for you. Of course, don't share the other words, but 2 letters should be fine.

Last 2 letters of one of the words are "re". The other word's last letter is "t" and I can sort of make out the letter before that, it's either an "r" or and "f"

Words ending on rt:

Words ending on ft:

This limits your search to 2048*42*31, or 2.6 million possibilities.

Seems quite reasonable! I'll try to get this btcrecover working and I'll get back to you

Ok, so the recovery tool is quite simple but I ran into a wall. When asked to input a public adress, it was giving me this error: "An entered address is invalid (not a bitcoin p2pkh adress; version byte is 0x05)". Did some research and apparently this has to do with the fact that this was an segwit address, which uses a different format, and this recovery tool still doesn't support. This was the only address I had in this wallet.

Any ideas? Otherwise I guess I'll have to wait till they implement this.

Theoretically, it should be possible to modify the seed_recovery tool to generate SegWit addresses to test against... the algorithm for creation of P2SH-P2WPKH addresses is fairly straight forward (https://bitcoincore.org/en/segwit_wallet_dev/#creation-of-p2sh-p2wpkh-address)

waaaaay beyond my expertise. On the issues section of the github, the dev says it's planned for the future but unlikely to be implemented this month. Oh well, I suppose I'll recover it eventually.

Simple google search brought me to this https://github.com/jonathancross/segwit-p2sh I think this might be a thing you are looking for, get back to us if that helps, if not I might even take time to modify the code myself

Let us know how you get on! I'd be interested in seeing if you manage to get into in in the end

Did you finally manage to recover it?