Is there any way to make the script not check passwords with spaces between them? Sure: #!/usr/bin/ruby
require "net/http"
require "json"
$rpc_pass = "rpc-pass"
words = ['pass1', 'pass2', 'pass3', 'pass4']
max_words = 4
def test(passphrase)
puts passphrase.inspect
request = Net::HTTP::Post.new("/")
request.basic_auth "", $rpc_pass
request.body = { method:"walletpassphrase", params:[passphrase, 1] }.to_json
response = Net::HTTP.new("localhost", 8332).request(request)
if response.code == "401" ; puts "Incorrect RPC user/pass" ; exit 1 ; end
ret = JSON.parse response.body
if ret["error"].nil? ; puts "\nFound it! #{passphrase.inspect}" ; exit ; end
return if ret["error"]["code"] == -14 # wrong passphrase
raise "WTF? #{ret.inspect}"
end
(1..max_words).each do |n_words|
words.repeated_permutation(n_words).each { |p| test p.join }
end
puts "No luck."
This should be much faster. For a list of 30 words it will take less than a day, and 50 words will take about a week. |
|
|
|
I assume with this you have to navigate to the folder where brute.rb is?
Whether I run it on windows or ubuntu, I have the same problem - it says that my RPC password is incorrect, even when copying the password from the file.
I recommend that you rename bitcoin.conf to bitcoin.conf.old to disable it, then provide the password on the command line when you start Bitcoin: C:\"Program Files (x86)"\Bitcoin\daemon\bitcoind -rpcpassword=rpc-pass Here is the code I'm running (with my passwords censored)
(...)
My problem is that I have a list of words, but I don't know the order. I know that I used either 3 or 4 of these words.
That script is exactly what you need. Just fill in your list of words in this part: words = ['pass1', 'pass2', 'pass3', 'pass4'] |
|
|
|
I've just typed 77 combinations in, 1 missing and 2 missing still no luck
Here's an optimized delete-only script for you. It will try deleting up to 5 characters. #!/usr/bin/ruby
require "net/http"
require "json"
# Fill in your RPC username and password from your bitcoin.conf here.
$rpc_pass = "some-password"
passphrase = 'oops i forgot something'
def test(passphrase)
puts passphrase.inspect
request = Net::HTTP::Post.new("/")
request.basic_auth "", $rpc_pass
request.body = { method:"walletpassphrase", params:[passphrase, 1] }.to_json
response = Net::HTTP.new("localhost", 8332).request(request)
if response.code == "401" ; puts "Incorrect RPC user/pass" ; exit 1 ; end
ret = JSON.parse response.body
if ret["error"].nil? ; puts "\nFound it! #{passphrase.inspect}" ; exit ; end
return if ret["error"]["code"] == -14 # wrong passphrase
raise "WTF? #{ret.inspect}"
end
def del(p, n)
p.length.times.map do |i|
q = p[0,i] + p[(i+1)..-1]
n > 0 ? del(q,n-1) : q
end
end
5.times { |n| del(passphrase, n).flatten.uniq.each { |i| test i } }
puts "No luck."
|
|
|
|
Will this work with feathercoin wallets? The scripts should work with most wallets derived from the original Bitcoin program. For feathercoin try starting it like this: feathercoin-qt -server -rpcpassword=some-password -rpcport=8332 Then the scripts should work. There are more instructions here to get you started: https://bitcointalk.org/index.php?topic=85495.msg3746636#msg3746636 |
|
|
|
Revalin, I owe it to you man. I recovered my 18 LTC, currently worth about $820.
Please give me your bitcoin wallet address so I can tip you for your script and your help. The one below your name doesn't seem to show up on Blockchain.
Congrats and thanks.  165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g There doesn't seem to be a protosharesd.exe in my program files like there are with the other coins, just the main folder with protoshares-qt and the folder in the %appdata% containing the wallet.dat Try this: protoshares-qt -server -rpcpassword=some-password -rpcport=8332 If it's similar to Bitcoin, that should start it with both the GUI and the RPC interface. |
|
|
|
|
Litecoin uses port 9332 instead of 8332. Change it in the script and try again.
|
|
|
|
Basically I need something that will test a combination of words I supply
I know my password is a mix of two of my other passwords. Possiblly with a space between them. I'm a bit worried though because I manually tried this last night and failed (400 attempts later)
It would be useful to test combinations of three (or more) as some of my passwords are combinations of smaller elements.
Here you go. Just fill in the fragments in the words list and set a value for max_words. max_words has a very large effect on how long it will take so try to keep it under 7. #!/usr/bin/ruby
require "net/http"
require "json"
$rpc_pass = "some-password"
words = ['one', 'two', 'three', 'four', 'five']
max_words = 3
def test(passphrase)
puts passphrase.inspect
request = Net::HTTP::Post.new("/")
request.basic_auth "", $rpc_pass
request.body = { method:"walletpassphrase", params:[passphrase, 1] }.to_json
response = Net::HTTP.new("localhost", 8332).request(request)
if response.code == "401" ; puts "Incorrect RPC user/pass" ; exit 1 ; end
ret = JSON.parse response.body
if ret["error"].nil? ; puts "\nFound it! #{passphrase.inspect}" ; exit ; end
return if ret["error"]["code"] == -14 # wrong passphrase
raise "WTF? #{ret.inspect}"
end
(1..max_words).each do |n_words|
words.permutation(n_words).each do |perm|
[" ", ""].repeated_permutation(perm.count + 2).each do |j|
test(["", *perm, ""].zip(j).join)
end
end
end
puts "No luck."
|
|
|
|
Revalin suggested 15%, BTChap offers 5% - not a good start  My help is free. Fewer lost wallet disasters is good for Bitcoin, and I'm happy to help. Donations of any size or just a thank-you are always appreciated and certainly motivate me to stick around. could you write down a quick guide of the soft i need to install and the procedure to get going at cracking this? I posted some general instructions here: https://bitcointalk.org/index.php?topic=85495.msg3746636#msg3746636 . Try it, and if you get stuck we can help. I am sorry - prompt and where a script? ? Sorry, I don't understand your question. Can you rephrase it? Would anyone please be able to help me get this script working with litecoin? I can't help with PowerShell, but several people have reported success using my scripts (the Ruby ones) with Litecoin. The newer RPC scripts should work perfectly; the older ones running './bitcoind' in the test() function just need to be edited to say './litecoind', but I recommend the RPC method because it's much faster on Windows. |
|
|
|
The main problem is that i am noob in using script and i can't understand script language so if you can tell me step by step process i can do it or if you have video tutorial then that's makes me happy ! The specifics change if you're on Windows, Mac or Linux, but in general: Install Ruby 1.9 or newer (Ubuntu: "apt-get install ruby1.9.1"; Windows: http://rubyinstaller.org/downloads/) Choose one of the scripts from this thread depending on which one matches what you know about your password Paste the script into a new file called brute.rb Edit the file to fill in the passphrase as best as you can remember, an RPC password, and any other settings at the top of the script Start bitcoind (the daemon, not the GUI): Linux: ./bitcoind -rpcpassword=some-password ; Windows: "C:\Program Files (x86)\Bitcoin\daemon\bitcoind" -rpcpassword=some-password Run the script: ruby brute.rb Then wait. Try it, see how far you get, and post any questions if you get stuck. |
|
|
|
Holy sheepshit I found it already!!!!!!!!!!!!!!
Mr. Revalin .7 BTC is coming your way
Thank you! I'll make sure it's put to good use. Nobbie, sorry I missed you earlier. Did you get it working? |
|
|
|
You need to surround the strings with single quotes. If there are any single quotes or backslashes in the strings you need to represent them as \' or \\ . Like this:
#!/usr/bin/ruby
require 'base64'
require 'digest/sha2'
require 'open3'
require 'openssl'
# Double substitution for Electrum
# Put your best guess at your passphrase here
passphrase = 'I think i\'m a password'
# The full path to your electrum.dat or default_wallet
wallet_file = '/home/user/.electrum/wallets/default_wallet'
# Where to find Electrum. Use 1.9.2! Older versions may be incompatible.
$electrum = '/home/user/Electrum-1.9.3/electrum'
[/quote] |
|
|
|
The scripts need Ruby 1.9. Try this: sudo apt-get install ruby1.9.1
sudo ln -sf /usr/bin/ruby1.9.1 /etc/alternatives/ruby
Then run it again. If that doesn't work then paste the errors here so I can see what's wrong. |
|
|
|
I retort, and say why isn't everything done with cryptographically strong random numbers? Because we must let people be stupid? That's a reasonable opinion, but you're missing my point: Electrum does hash the seed to generate keypairs. Why is it done for one case but not the other? |
|
|
|
You should not be hashing anything multiple rounds that needs to maintain entropy. SHA256 probably isn't a random oracle, but the entropy loss is small. Typical passphrases have far less than 256 bits of entropy. Given those criteria, I think key stretching is beneficial. Let's say you're right, though, and we shouldn't waste entropy by hashing. Then why is the seed hashed before generating the keys? |
|
|
|
|
Thanks for the clarification. It's working as designed, then. Why not stretch the wallet key, though?
|
|
|
|
Are Electrum wallets doable as well? I've lost my pass and seed. Couldn't even get a dump with pywallet and an electrum.dat file.
Bounty for anyone who can help of course.
Sure, I can do Electrum. Their key stretching has an interesting flaw. This script exploits it to get a few hundred times speedup compared to simple brute force. My help is free but tips are always welcome. I suggest 15%, just like tipping your waiter. #!/usr/bin/ruby
require 'base64'
require 'digest/sha2'
require 'open3'
require 'openssl'
# Double substitution for Electrum
# Put your best guess at your passphrase here
passphrase = 'Oops I forgot'
# The full path to your electrum.dat or default_wallet
wallet_file = '/home/revalin/.electrum/wallets/default_wallet'
# Where to find Electrum. Use 1.9.2! Older versions may be incompatible.
$electrum = '/home/revalin/Electrum-1.9.2/electrum'
def test(phrase)
$cipher.reset
$cipher.key = Digest::SHA256.digest(Digest::SHA256.digest(phrase))
$cipher.update $seed
$cipher.final
puts phrase
i,o,t = Open3.popen2e($electrum, "-o", "getseed")
i.puts(phrase)
i.close
if t.value.success?
puts "Found it! #{phrase}"
exit
end
rescue OpenSSL::Cipher::CipherError
end
def scramble(passphrase)
characters = " !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
list = []
# transpose adjacent chars
(passphrase.length - 1).times do |i|
testphrase = passphrase.dup
testphrase[i] = passphrase[i+1]
testphrase[i+1] = passphrase[i]
list << testphrase
end
# delete one char
passphrase.length.times do |i|
testphrase = passphrase.dup
testphrase = testphrase[0,i] + testphrase[(i+1)..-1]
list << testphrase
end
# substitutute one char
passphrase.length.times do |i|
characters.chars.each do |c|
testphrase = passphrase.dup
testphrase[i] = c
list << testphrase
end
end
# insert one char
(passphrase.length + 1).times do |i|
characters.chars.each do |c|
testphrase = passphrase.dup
testphrase.insert(i, c)
list << testphrase
end
end
return list.uniq
end
wallet = File.read(wallet_file)
seed_base64 = wallet.match(/'seed': '([^']+)'/).captures.first
$seed = Base64.decode64(seed_base64)
$cipher = OpenSSL::Cipher.new('aes-256-cbc')
$cipher.iv = $seed.slice!(0,16)
Dir.chdir File.dirname $electrum
list1 = scramble(passphrase)
list1.each { |i| test i }
list1.each { |i| scramble(i).each { |j| test j }}
puts "No luck."
exit 1
|
|
|
|
|
Bitcoin is mostly hashing, so most of an ASIC would be SHA256 cores stamped out side by side on the chip. Such cores are fairly compact.
I'm not a Litecoiner, but I believe they have it set to require 128KiB of memory per core. That means you have to stamp out (core) (128KiB) (core) (128KiB) across the chip; therefore you get far fewer cores per chip.
The alternative is to have an ASIC with a memory bus to some external DRAM chips. That makes the RAM cheap but you now have to get a much bigger ASIC for all the bus lines, and you still won't get very many cores on a chip before the RAM speed becomes a bottleneck.
Originally people thought the RAM requirement would prevent GPUs from being useful at all. That was wrong, but I don't think they can escape the RAM bottleneck generally, so ASICs, like GPUs, will be limited mostly by the RAM you can attach. That might change if someone can put together an inexpensive ASIC with RAM on die. I don't expect that to happen faster than the rate GPU-mem-bandwidth-per-dollar increases, but you never know.
I do think LTC was too conservative with their memory size. They were trying to keep it in L2 cache to keep it targeted at general purpose processors, but I think they would have done better requiring a few hundred megs per core.
|
|
|
|
|
Show Posts
