Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.
I know it's possible bruteforce 4 missing words, but how about the following scenario:
Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.
Is there a known tool that I can play with to solve such puzzle?
Do you know the addresses you are looking for? I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for. Yes, I know the public address. OK, I will try to do this tomorrow. Did you have time to do that? Thanks! Yes, I have prepared a new release: https://github.com/PawelGorny/lostword/releases/tag/v0.8.0Now it works with a candidates on the given positions, for example: POOL
bc1q0v5q36eaculyrykjnjsyuey6ctd3802ft4jdcc
6
brother
window master canal cat
?
black master remove cat
pitch
hill |
|
|
|
https://www.bbc.com/news/technology-56012952Cambridge researchers say it consumes around 121.36 terawatt-hours (TWh) a year - and is unlikely to fall unless the value of the currency slumps. The online tool has ranked Bitcoin’s electricity consumption above Argentina (121 TWh), the Netherlands (108.8 TWh) and the United Arab Emirates (113.20 TWh) - and it is gradually creeping up on Norway (122.20 TWh). “Bitcoin is literally anti-efficient,” David Gerard, author of Attack of the 50 Foot Blockchain, explained. “So more efficient mining hardware won't help - it'll just be competing against other efficient mining hardware. “This means that Bitcoin's energy use, and hence its CO2 production, only spirals outwards. “It’s very bad that all this energy is being literally wasted in a lottery.” The price of Bitcoin rose rapidly on Monday after Tesla announced its investment. But commentators say the investment clashes with the electric car firm's previous environmental stance. “Elon Musk has thrown away a lot of Tesla's good work promoting energy transition,” Mr Gerard said. “This is very bad... I don't know how he can walk this back effectively. "Tesla got $1.5bn in environmental subsidies in 2020, funded by the taxpayer. "It turned around and spent $1.5bn on Bitcoin, which is mostly mined with electricity from coal. Their subsidy needs to be examined."
|
|
|
|
i have a question, does this work with missing chars at the end of the wif, really want to know, stuck on reading here past 2 days.  No, in fact currently it works good only for missing beginning (first 19-20 characters). But this is when we talk about WIFs. When we talk about pure private key solving, it works well. Which means you my try puzzle #120 with a custom stride if you do not want to wait to long and believe in yours luck  |
|
|
|
|
Oh, it was just a simple calculator, I would not focus now on it - you may always calculate it manually, it was just a easy piece of code for him.
Anyway, I have started to have doubts if the case witch checksum is doable at all. I must verify carefully because I have a huge increase of used memory (without any result) and I think that the problem is in the fact that checksum may cause the private keys are not 'linear'. I do not have this problem when I do not use checksum, so it must be this...
In other words:
For virtualprivate key X we recalculate using stride&checksum and receive public key related to realkey X1.
For virtualprivate key Y we recalculate using stride&checksum and receive public key related to realkey Y1.
If checksum does not have impact, we may get point from X (it will be in fact point from X1), do (Y-X) operations and we should receive point related to Y (in fact Y*stride). But because checksum may have impact on which point we return as a point corresponding to Y, it becomes to be untrue. If checksum have impact, we may have for example situation where point for Y would be point from real private key Y1=Y*stride+1. And we expected to have point from Y*stride.
|
|
|
|
Just a lazy solution: import java.math.BigInteger;
public class K {
public static void main(String[] args) {
BigInteger start = new BigInteger("0552e025571c01bcd9eda59365a2fb3ae0bd7547dfeeeb13d971d848bcbf0467", 16);
BigInteger stride = BigInteger.valueOf(58L).pow(32);//depends on the position of most-right unknown character
BigInteger range = BigInteger.valueOf(58L).pow(5);//5=number of unknown characters
BigInteger end = start.add(range);
System.out.println("START: "+start.toString(16));
System.out.println("END: "+end.toString(16));
System.out.println("STRIDE: "+stride.toString(16));
}
} Going back to this version of Kangaroo: I think there is still something wrong with calculations with checksum - for longer ranges (>6 unknown characters) it does not return result, while when there is case without checksum (just a stride) it works good. |
|
|
|
Then why make the checksum bits part of the stride in the first place? It doesn't need to be guessable because this part can be derived after the private key is known, so passing the checksum bits makes no sense in this context because it lets the program look for invalid checksums as if it were part of the private key.
Because checksum has impact on addition result. Example (in dec): Imagine you have stride 530. And you have checksum 70. If I do like you said, so I will remove 2 last digits of stride, I will have private keys: 5, 10, 15, 20, 25. But if I do the correct addition and then remove 2 last digits, I will have: 600->6, 1130->11, 1650->16, 2180->21, 2710->27. And the problem is that some group of checksums will create the same private keys and some checksums completely different. |
|
|
|
Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.
I know it's possible bruteforce 4 missing words, but how about the following scenario:
Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.
Is there a known tool that I can play with to solve such puzzle?
Do you know the addresses you are looking for? I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for. Yes, I know the public address. OK, I will try to do this tomorrow. |
|
|
|
The code extracts are from my helper, written in java - so yes, you would be able to use it under linux. For decoding WIF you may use BitcoinJ library or just a webpage: https://learnmeabitcoin.com/technical/wif |
|
|
|
Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.
I know it's possible bruteforce 4 missing words, but how about the following scenario:
Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.
Is there a known tool that I can play with to solve such puzzle?
Do you know the addresses you are looking for? I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for. |
|
|
|
For these examples - result is instant. I have made test with 10 missing characters (CPU only, on my dev machine I do not have GPU). 5HrdZxkxn__________keiLe1k4AmSDaAhqQVUYVxVSBkf5VfUu
5HrdZxkxn1111111111keiLe1k4AmSDaAhqQVUYVxVSBkf5VfUu
0552e02556fb5aeb9aedc2ea64efec8ac200eb71a9653cfaad25d4c2a5b4d5c7
Range: BigInteger.valueOf(58L).pow(10).toString(16) =
5fa8624c7fba400
Fake end: new BigInteger("0552e02556fb5aeb9aedc2ea64efec8ac200eb71a9653cfaad25d4c2a5b4d5c7",16).add(new BigInteger("5fa8624c7fba400",16)).toString(16) =
552e02556fb5aeb9aedc2ea64efec8ac200eb71a9653cfab3205ae76db079c7
Config file: 0552e02556fb5aeb9aedc2ea64efec8ac200eb71a9653cfaad25d4c2a5b4d5c7
552e02556fb5aeb9aedc2ea64efec8ac200eb71a9653cfab3205ae76db079c7
04777c026b8085951da7117395bf269c055f36bf2ddf623281962855edee36d4e73bec2fa87b122a0f1b2841ef4f7afdec2443f89c151ee2597feac18ae0d62bdf
Test: $ ./kangaroo -stride af820335d9b3d9cf58b911d87035677fb7f5281 testBig.txt
Kangaroo v2.2
Start:552E02556FB5AEB9AEDC2EA64EFEC8AC200EB71A9653CFAAD25D4C2A5B4D5C7
Stop :552E02556FB5AEB9AEDC2EA64EFEC8AC200EB71A9653CFAB3205AE76DB079C7
Keys :1
Stride:
MaxRange: 5FA8624C7FBA400
Jump: AF820335D9B3D9CF58B911D87035677FB7F5281
Number of CPU thread: 2
Range width: 2^59
Jump Avg distance: 2^28.96
Number of kangaroos: 2^11.00
Suggested DP: 15
Expected operations: 2^30.59
Expected RAM: 13.9MB
DP size: 15 [0xfffe000000000000]
SolveKeyCPU Thread 1: 1024 kangaroos
SolveKeyCPU Thread 0: 1024 kangaroos
[3.28 MK/s][GPU 0.00 MK/s][Count 2^30.87][Dead 0][10:49 (Avg 08:13)][3.8/12.4MB]
verify PK 552E02556FB5AEB9AEDC2EA64EFEC8AC200EB71A9653CFAB01FDAB8EEA94AF2
Key# 0 [2N]Pub: 0x03777C026B8085951DA7117395BF269C055F36BF2DDF623281962855EDEE36D4E7
Priv: 0x552E02556FB5AEB9AEDC2EA64EFEC8AC200EB71A9653CFAB01FDAB8EEA94AF2
RealPriv: 0x552E025571C01BCDA0297C22731D74BECBD30D07E4EC355C741825FFFC0A672
Done: Total time 10:49
Not bad, no? 10 missing WIF characters - Less than 11 minutes on old CPU. GPU performance - to be seen. |
|
|
|
Hello I would like to share with you my modifications of Jean-Luc's famous Kangaroo program. I adapted it to be used as a 'WIF solver'. In general, there are 2 cases - where stride is large enough not to collide with WIF checksum or when it is more complicated and stride collides. I described it and showed test examples on github: https://github.com/PawelGorny/Kangaroobut I will also rewrite it here. Let's take WIF: 5HrdZxkxnVst8Q3qCLJkeiLe1k4AmSDaAhqQVUYVxVSBkf5VfUu which encodes the private key 0552e025571c01bcda0297c22731d74becbd30d07e4ec355c741825fffc0a672. Decoded WIF shows checksum 524412caThe corresponding public key is 04777c026b8085951da7117395bf269c055f36bf2ddf623281962855edee36d4e73bec2fa87b122 a0f1b2841ef4f7afdec2443f89c151ee2597feac18ae0d62bdf- Search without checksum (large stride)
Let's take WIF 5HrdZxkxnVst8Q_____keiLe1k4AmSDaAhqQVUYVxVSBkf5VfUuNow, we may find the first WIF to be tested, it will be 5HrdZxkxnVst8Q11111keiLe1k4AmSDaAhqQVUYVxVSBkf5VfUu. When we decode it, we find the private key which is the beginning of our range: 0552e025571c01bcd9eda59365a2fb3ae0bd7547dfeeeb13d971d848bcbf0467Now, we must calculate the number of WIFs in our range. Beause we have 5 missing characters, it will be 58^5 = 656356768 (271f35a0 hex) To have the end of range for Kangaroo, we must calculate fake end which is start + range new BigInteger("0552e025571c01bcd9eda59365a2fb3ae0bd7547dfeeeb13d971d848bcbf0467",16).add(new BigInteger("656356768",10)).toString(16) =
552e025571c01bcd9eda59365a2fb3ae0bd7547dfeeeb13d971d848e3de3a07We check where is the most right unknown character - it's position will tell us what is the stride. In our case it is 58^32 = af820335d9b3d9cf58b911d87035677fb7f528100000000Because WIFs encodes checksum, we must observe if stride collides with checksum. Fortunately - not, because the last 8 characters (length of checksum) are 0s. We may remove these zeros and get shorter stride. The final configuration file is: 552e025571c01bcd9eda59365a2fb3ae0bd7547dfeeeb13d971d848bcbf0467
552e025571c01bcd9eda59365a2fb3ae0bd7547dfeeeb13d971d848e3de3a07
04777c026b8085951da7117395bf269c055f36bf2ddf623281962855edee36d4e73bec2fa87b122a0f1b2841ef4f7afdec2443f89c151ee2597feac18ae0d62bdf and test: $ ./kangaroo -stride af820335d9b3d9cf58b911d87035677fb7f5281 test_af820335d9b3d9cf58b911d87035677fb7f5281.txt
Kangaroo v2.2
Start:552E025571C01BCD9EDA59365A2FB3AE0BD7547DFEEEB13D971D848BCBF0467
Stop :552E025571C01BCD9EDA59365A2FB3AE0BD7547DFEEEB13D971D848E3DE3A07
Keys :1
Stride:
MaxRange: 271F35A0
Jump: AF820335D9B3D9CF58B911D87035677FB7F5281
Number of CPU thread: 2
Range width: 2^30
Jump Avg distance: 2^15.04
Number of kangaroos: 2^11.00
Suggested DP: 1
Expected operations: 2^16.11
Expected RAM: 13.3MB
DP size: 1 [0x8000000000000000]
SolveKeyCPU Thread 1: 1024 kangaroos
SolveKeyCPU Thread 0: 1024 kangaroos
verify PK 552E025571C01BCD9EDA59365A2FB3AE0BD7547DFEEEB13D971D848BEA7DAF2
Key# 0 [2N]Pub: 0x03777C026B8085951DA7117395BF269C055F36BF2DDF623281962855EDEE36D4E7
Priv: 0x552E025571C01BCD9EDA59365A2FB3AE0BD7547DFEEEB13D971D848BEA7DAF2
RealPriv: 0x552E025571C01BCDA0297C22731D74BECBD30D07E4EC355C741825FFFC0A672 - Search with checksum (small stride)
Let's take WIF 5HrdZxkxnVst8Q3qCLJkeiLe1k4Am____hqQVUYVxVSBkf5VfUuNow, we may find the first WIF to be tested, it will be 5HrdZxkxnVst8Q3qCLJkeiLe1k4Am1111hqQVUYVxVSBkf5VfUu. When we decode it, we find the private key which is the beginning of our range: 0552e025571c01bcda0297c22731d74becbd30cfb218f04dc91299473f61ffdeNow, we must calculate the number of WIFs in our range. Beause we have 4 missing characters, it will be 58^4 = 11316496To have the end of range for Kangaroo, we must calculate fake end which is start + range new BigInteger("0552e025571c01bcda0297c22731d74becbd30cfb218f04dc91299473f61ffde",16).add(new BigInteger("11316496",10)).toString(16) =
552e025571c01bcda0297c22731d74becbd30cfb218f04dc9129947400eaceeWe check where is the most right unknown character - it's position will tell us what is the stride. In our case it is 58^18 = 2b85840fc1d6a480ae7fa240000Unfortunately the stride collides with checksum (last 8 characters are not 0s). It means that for our calculations we must take into account the proper checksum And this is difficult part, because the real checksum is unknown. In our test it is known, but in real-life it could be needed to see how many possibilities there are. For example, in this case, playing with missing characters of WIF we may observe that last 4 characters of checksum are fixed. The first 4 could be changed, BUT the 4th character gets only 4 values. It means that if we want to use this method for real-life problem, we may need to do calculations for 16*16*16*4 checksums (in fact will less operations needed, because many checksums will generate the same private key in addition to the stride). Because stride collides with checksum, we will have to use the full (long) value and pass checksum as a parameter. The final configuration file is: 552e025571c01bcda0297c22731d74becbd30cfb218f04dc91299473f61ffde
552e025571c01bcda0297c22731d74becbd30cfb218f04dc9129947400eacee
04777c026b8085951da7117395bf269c055f36bf2ddf623281962855edee36d4e73bec2fa87b122a0f1b2841ef4f7afdec2443f89c151ee2597feac18ae0d62bdf and test: $ ./kangaroo -stride 2b85840fc1d6a480ae7fa240000 -checksum 524412ca test_2b85840fc1d6a480ae7fa240000_524412ca.txt
Kangaroo v2.2
Start:552E025571C01BCDA0297C22731D74BECBD30CFB218F04DC91299473F61FFDE
Stop :552E025571C01BCDA0297C22731D74BECBD30CFB218F04DC9129947400EACEE
Keys :1
Stride:
MaxRange: ACAD10
Jump: 2B85840FC1D6A480AE7FA240000
checksum:
Number of CPU thread: 2
Range width: 2^24
Jump Avg distance: 2^11.97
Number of kangaroos: 2^11.00
Suggested DP: 0
Expected operations: 2^13.25
Expected RAM: 12.4MB
DP size: 0 [0x0]
SolveKeyCPU Thread 1: 1024 kangaroos
SolveKeyCPU Thread 0: 1024 kangaroos
verify PK 552E025571C01BCDA0297C22731D74BECBD30CFB218F04DC91299473FAD12F9
Key# 0 [2N]Pub: 0x03777C026B8085951DA7117395BF269C055F36BF2DDF623281962855EDEE36D4E7
Priv: 0x552E025571C01BCDA0297C22731D74BECBD30CFB218F04DC91299473FAD12F9
RealPriv: 0x552E025571C01BCDA0297C22731D74BECBD30D07E4EC355C741825FFFC0A672 |
|
|
|
I was able to download Blockstack .18 on Ubuntu thanks to the instructions PawGo gave my via DM (thanks PawGo). @PawGo: can you post your instructions here for future reference? I used cygwin on Windows ( https://www.cygwin.com/) but if you have Ubuntu, the actions should be this same. For me it was easier to emulate linux using cygwin, that's why I tried. So, download the installation package and launch. It will connect to server and try to download needed packaged. You may select packages you want - or first install empty cygwin and then launch installation again just to add missing packages. I send you the list of all packages I have - as I wrote before you will need python2-devel and libssl-devel packages. And python2.7 of course. The rest normally comes with the installation. Maybe I am missing something - I had this environment configured before - but I think it will be easy to find which package is required. https://ibb.co/dPJ3sQzhttps://ibb.co/b3mF0Wwhttps://ibb.co/xjqxrQ7then you receive access to console. I have launched curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py python2.7 -m pip install --upgrade pip python2.7 -m pip install onedrivesdk==1.1.8 python2.7 -m pip install blockstack==0.18.0.10 and now blockstack is installed $ blockstack --version
/usr/lib/python2.7/site-packages/virtualchain/lib/ecdsalib.py:26: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
from cryptography.hazmat.backends import default_backend
0.18.0.10 -------- @NotATether: you may mark this post, and maybe also one of (already merited by ETFbitcoin): https://bitcointalk.org/index.php?topic=5306458.msg56010431#msg56010431https://bitcointalk.org/index.php?topic=5306458.msg56011477#msg56011477https://bitcointalk.org/index.php?topic=5306458.msg56017358#msg56017358My other posts you merited already |
|
|
|
One last thing: all the forks (e.g. bitcoin cash) is also connected with my BTC...so when I send out BTC to anther wallet, will it also send out BCH?
Congratulations! Remember that now you have a lot of forks... You may check here: http://www.findmycoins.ninja/Only BCH has some sensible value, but if you want to play, now you may collect many of them. Just be careful with software you install (maybe do it on virtual machine) and do it after you empty BTC. |
|
|
|
Is it possible to add the "--stride" parameter to the program like in bitcrack? This is needed to calculate the private key if public key and part of the private key is known, for example: 5JgvpXDfzXbqqtFmLJy?  ??7aR9n6WoTWvPSb1oUEm4 When can we calculate the start point, end point and step. I worked on that. https://github.com/PawelGorny/KangarooThe solution is not perfect, but for me it was enough. As a entry parameters it expects to have: - the real beginning of the range - the fake end of the range. If you know the real end and stride, divide the difference by stride and result add to the real beginning. - the real public key and then launching program use parameter -stride to specify the stride. In the sources there is an example with the configuration file test_240921C8BE82FD68A2A77FBA0089F71029354609C9.txtef235aacf9050dd4d345af03378ba06d2108b927f084b2ab133c9b7d1187e6be
ef235aacf9050dd4d345af03378ba06d2108b927f084b2ab133d050abbcaa8a6
02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737 If you launch program using: ./kangaroo -stride 240921C8BE82FD68A2A77FBA0089F71029354609C9 test_240921C8BE82FD68A2A77FBA0089F71029354609C9.txt you will receive result: Key# 0 [2N]Pub: 0x02B4632D08485FF1DF2DB55B9DAFD23347D1C47A457072A1E87BE26896549A8737
Priv: 0xEF235AACF9050DD4D345AF03378BA06D2108B927F084B2AB133CD85B91858012
RealPriv: 0xEF235AACF90D9F4AADD8C92E4B2562E1D9EB97F0DF9BA3B508258739CB013DB2 Where Priv is a fake priv from the fake range, and EF235AACF90D9F4AADD8C92E4B2562E1D9EB97F0DF9BA3B508258739CB013DB2 is the real result. I used that modified version of Kangaroo as a one more implementation of the method I described here: https://bitcointalk.org/index.php?topic=5265788 |
|
|
|
In the future Dave should buy both domains...
I think users should just learn about basic security practices. Double-checking the addresses is not that hard. Buying a domain might cost you from $100 to more than $1000. Sometimes users do not know what they want and then the one with better google-positioning wins. |
|
|
|
I thought that brain wallets are weaker than random keys, aren't they?
I does not matter really. Or let's say differently - it depends on the vector of attack. In your case there are 2 possibilities: you try to recover WIF or you try to recover seed phrase. With WIF - usually if there is more than 7-8 characters missing (not counting the last 4-5, which are checksum and are not critical for the problem), it becomes difficult (it not really makes sense, or in other words - it would take a log time. Of course there is chance that you will hit the correct WIF after one second, but I would not have too much hope. You may play with my simple program for that: https://github.com/PawelGorny/WifSolver Maybe you should think about seed phrase you used? Or you definitely abandon that idea? |
|
|
|
Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.
No QR code? Sometimes it could be more helpful. |
|
|
|
|
Show Posts
