I have address and BIP32 root key, How to brute force to find derived pathway?

[shivam72]

I have xpub, xpri, address and BIP32 root key, I need to get private key to my address, its HD wallet, My thought process is if I brute force using BIP32 root key, xpub, address. I'll get the derived pathway then using it I can get pair of private and public key which I need.

Please tell me if this is the right process and if yes what would be the best way/script to brute force?

[Charles-Tim]

If you want to check the corresponding private key and public key for your address, use https://iancoleman.io/bip39/ offline. Using the HTML file (https://github.com/iancoleman/bip39/releases/latest/) on a word edit on an airgapped device is most secure.

You will see the space that you can paste the master or the extended private key (that begins with xpri) and also you will see where you can paste the BIP32 root key. Use any of the two and it will generate the child keys and addresses. Scroll down to check the address and its corresponding keys.

Do not use is Coleman tool to generate seed phrase, keys and addresses because JavaScript is not secure but you can use it to check for what you posted. If done offline, you are good to use the tool.

[shivam72]

Already tried but its not able to generate my address, since I think the pathway used is not upto the BIP32 standard and more on the older pathways used by developers or maybe custom pathways. Thats where the situation got tricky.

[Cricktor]

Am I correct to assume that you speak of the unknown derivation path which you want to brute-force and what you call "pathways"?

Can you tell from which wallet you have your details? Any hint on which wallet was in use here will help because someone might know what derivation path pattern might have been used.

btcrecover seems to have the ability to search derivation paths via its --pathlist command option. I haven't tried and used this option with btcrecover, so I'm not entirely sure if it's a valid recommendation and if you can even start with the details you know about your wallet.

Ability to search multiple derivation paths simultaneously for a given seed via --pathlist command (example pathlist files in the )

The problem is that the search space can grow pretty large especially when some sort of weird and deliberately non-standard derivation path was used. It's also unclear how many address indices should you check to find your matching public address.

[nc50lc]

Please tell me if this is the right process and if yes what would be the best way/script to brute force?

It's only possible if the derivation path is one of the commonly used derivation paths,
Example list: https://github.com/spesmilo/electrum/blob/master/electrum/bip39_wallet_formats.json

Generally, the "right process" is to check the wallet's documentation or source code depending on the availability.
With that, telling the wallet's name should be sufficient for experts to tell the correct derivation path to your address or if it's possible even.

btcrecover seems to have the ability to search derivation paths via its --pathlist command option. I haven't tried and used this option with btcrecover, so I'm not entirely sure if it's a valid recommendation and if you can even start with the details you know about your wallet.

The arg will only take a file containing a list of derivation paths that the user provided but wont bruteforce a combination of indices based from the list unlike a token file.

[Cricktor]

The arg will only take a file containing a list of derivation paths that the user provided but wont bruteforce a combination of indices based from the list unlike a token file.

Ah, ok, the command option name is a hint to what you say. So not really suitable to extensively seach derivation path tree branches. Given that every derivation path step after m/ can have 2³¹ unhardened and 2³¹-1 hardened branches, it's better to know quite specifically where and what to search for, otherwise as I wrote earlier the search space blows up quickly.

Another reason to document well what derivation path a wallet uses when it's not any common standard derivation path.


Does any such tool exist to extensively search through derivation path branches? I can't remember ever having seen such an option, maybe because it gets unfeasible pretty quickly.

[shivam72]

I had created a mnemonic seed and address using MMGEN wallet but forgot to store the mnemonic seed, but did store the bip 32 root key by using the mnemonic seed on Ian colmen

Now I want to derive the same address using a derivation path and bip 32 root key. can you please tell me what would be the derivation path, since it is mentioned in the wiki, that the wallet is deterministically deriving its keys, but uses a non-hierarchical scheme differing from the BIP32.

Please help me if anyone has any idea which derivation path they are using.

[nc50lc]

-snip- but did store the bip 32 root key by using the mnemonic seed on Ian colmen

Based on that tool's labeling, the "bip32 root key" that you have is the "master private key" derived from your mnemonic via BIP39 standard.

Unfortunately, upon looking at: Recovering-Your-Keys-Without-the-MMGen-Wallet-Software.md
That wallet isn't utilizing variants of BIP32 derivation like BIP44 or BIP84, etc. or even BIP39.

Firstly, derivation of the seed (binary seed) from the mnemonic phrase (seed phrase) is not the same as BIP39 (Converting an MMGen mnemonic to hexadecimal format)
So, your xprv that's derived using IanColeman's BIP39 tool wont be of any use since it can't be used retrieve the binary seed since it's already an output of a "one-way hash function".

Secondly, even if there's a possibility (which is extremely hard that it's deemed impossible);
The binary seed used to create that xprv key is a product of BIP39's mnemonic seed to seed algorithm which is entirely different from mmgen's algorithm. (refer to 'mnemonic to hex' link above)
So it's not what you've used in mmgen.

And lastly, they have their own method of "scrambling" the 'binary seed' depending on the target cryptocurrency.
They do not use "derivation path" like any standard wallet does.

TL;DR: In other words, you either need the mnemonic phrase (words) or binary seed in hex format to retrieve your bitcoins.