Forgot parts of my wallet password - need help with a script

[l0ud]

Hi,

First of all I just wanted to let you know that I have been searching the forum for different solutions and so far I feel that I am on the right track considering that I have gotten the script posted here working:

https://bitcointalk.org/index.php?topic=85495.msg942171#msg942171


HOWEVER - I am 99,999% sure that I remember the first say 20 characters of my pwd - it's the last 15-20 characters I need to bruteforce.

The script I linked to lets you put in a phrase (for instance "Password") - then it tries to capitalize (or de-capitalize) one letter at a time, finally it tries to replace one letter at a time with a special character of some sort.

So in a hypothetic case where the password starts with the word "Password" but there might be a special character or an upper- or lowercase letter snuck in there somewhere, this script is perfect.

But in my case, i know the first part of my password and I need some help creating a script where it sequentially adds letters and characters to the end of the "Password"

In other words, I would love to get some help with a script that first tries every combination betweeen "PasswordA" and "PasswordZ" before adding another letter to the brute force pwd and it starts again from "PasswordAA" and runs through all the upper- and lowercase letters and characters again until it has added at least 15 characters to the end of the password it tries to brute force...

any ideas?

[1713939639]

1713939639

[1713939639]

1713939639

[Mikej0h]

I'm not sure if it's a good thing to answer here.

But here would be my approach.

Create a multi dimentional array, add to each dimention 0-9, a-z and A-Z and a "empty" line.

Calculate how much items are in each dimention (0-9 = 10, a-z = xx etc).
Create a for loop that loops through each dimention and creates a "password" for each possitility.

EDIT: That's how far I would go, not want to contribute to actual hacking/cracking...

[greyhawk]

So you stole a wallet.dat and managed to shoulder surf the first 20 characters of the password before but messed up somewhere in the later part?

[l0ud]

So, greyhawk - have you remembered to restock your nuclear apocalypse shelter lately?


No, its quite simple - I have 4 BTC wallets and one of which is refusing to accept the password I thought was the right one for it - luck would have it that I have approx 600 btc here and I need help to find a solution as to how I can try and bruteforce the latter part of the password.



Mikej0h: thanks, a bit too technical for my part - but I understand the scepticism you have with helping out.

[l0ud]

btw, greyhawk - if you have any valuable suggestions for me as to how I can recover my BTC wallet & funds - even without bruteforcing the wallet.dat - then please by all means contribute.

if you don't have any idea but all you can help with is to suggest that I'm trying to steal other peoples money I'll do just fine without more posts from you..

thanks...

[greyhawk]

Indeed I do have some advice.

I did some math and if we are conservatively talking about a 15 character combo of letters/numbers/special characters, we come out at about 395 octillion combinations. Assuming a standard PC we can thus infer your brute force script will run for about  11.504.505.492.039.100.000,00 hours. (or 1.313 quadrillion years)

[l0ud]

Yes, but I know the contents of these 15 additional characters ...

So if the first part of my password is without a doubt "Password" and I know that the last part of my password contains the characters "0123456789abcdf" but not necesarrily in that order, there must surely be some talented people out here in the world who can assist me with a script that only tries to add random selections from the last part of my password and sequentially tries to append it to the first part of my password.

And in that case, I think there are possibilities to cut down on your 1,313 quadrillion year estimate.. at least slightly

[greyhawk]

I redid the math for 15 characters out of a known subset of 15 characters and this indeed cuts down brute force time significantly (in galactic terms). It still comes down to 12744389 hours = ~1455 years.

[Mikej0h]

Lets assume your password does start with "Password" and then you still need to know 7 characters.
In the given example of you it would be 14 characters (note: capitals not calculated here).

Your result would be 7^14 = 678.223.072.849 different codes --> good luck :-).

Edit: where 7 is the amount of characters still to-do, and 14 the amount of possibilities 0-9, a-f

[Lord F(r)og]

...there must surely be some talented people out here in the world who can assist me with a script that only tries to add random selections from the last part of my password and sequentially tries to append it to the first part of my password.

maybe you can extract, deduce or at least get assistance form someone there:

https://bitcointalk.org/index.php?topic=119327.0

good luck

[Mikej0h]

I don't know how much BTC you had in your wallet, but if it's a few, better put that time in mining....

[l0ud]

I see your point

However, I still have some things that might work to my advantage:

I am pretty sure that I know all of the 15 characters and in what order - what I'm not sure of is where the upper and lowercase should kick in, if you take a look at the forum post I linked to in my first post, Revalin made an excellent script to try and replace every character in a password with an upper- or lowercase letter or a special character - so what I need is an "improvement" of that script where the first 20 letters are left intact, but the last 15 are treated like Revalins original script treats the entire passphrase.

EDIT: I had 660 BTC in my account so I figure its worth spending a few hours online to see how far I can get while I try to kickstart my brain

[Mikej0h]

I am pretty sure that I know all of the 15 characters and in what order - what I'm not sure of is where the upper and lowercase should kick in, if you take a look at the forum post I linked to in my first post, Revalin made an excellent script to try and replace every character in a password with an upper- or lowercase letter or a special character - so what I need is an "improvement" of that script where the first 20 letters are left intact, but the last 15 are treated like Revalins original script treats the entire passphrase.

You can still follow the concept I gave you before, only add to the multidimentional array the values in order you think it should be with the given options.
This would indeed limit the amount of options, but it's still heck-of-work.

[DeathAndTaxes]

If you do know the EXACT password ending (other than case) and it is 15 characters then trying all case combinations will require:
2^15 = 32,768 permutations (trivially easy).

If there are spaces mixed in then it becomes 3^15 = 14348907 (still easy)

If there are say 2 substitutions (P@ssw0rd) in addition to unknown case then it starts to get more complex especially if the passphrase has lots of potential substitutions.  max of 5^15 = 1073741824 (doable depending on how many rounds the client used but starting to take real time)

If it is more complex (say 4+ substitutions, spaces, extra symbols intermixed, root word unknown or multiple possible combinations) it quickly escalates to impossible.

Remember just because Revalin script worked on a relatively short password with a few typos doesn't mean there are enough seconds left in your life for it to work on a very long one with lots of combinations.

Things like this " it's the last 15-20 characters I need to bruteforce." indicate you don't know the exact password suffix.  So which is it?  The suffix is 15-20 charecters or you know EXACTLY how long the unknown portion is and the root word(s) used to construct it? 


BTW: at this point being "stealthy" is likely to be a complete waste of time.   Give people willing to help EXACTLY what you know and what you don't know.  It will allow them to give you better chances and provide better advice and/or algorithm selection.   Being uber "secure" is partially what got you into this mess and trying to obfuscate and provide limited info may result in you never cracking the passphrase.

[greyhawk]

I see your point

However, I still have some things that might work to my advantage:

I am pretty sure that I know all of the 15 characters and in what order - what I'm not sure of is where the upper and lowercase should kick in, if you take a look at the forum post I linked to in my first post, Revalin made an excellent script to try and replace every character in a password with an upper- or lowercase letter or a special character - so what I need is an "improvement" of that script where the first 20 letters are left intact, but the last 15 are treated like Revalins original script treats the entire passphrase.

EDIT: I had 66 BTC in my account so I figure its worth spending a few hours online to see how far I can get while I try to kickstart my brain

Wait. You KNOW the ORDER? So that means 2 possiblities per character space at most? This takes the keyspace down to 32768. That would take less then a second to run. Now you're on to something.

You should contract someone in Services to script this for you for like a quick 10 BTC or something. It's pretty much trivial. gweedo comes to mind as a candidate.

[DeathAndTaxes]

I see your point

However, I still have some things that might work to my advantage:

I am pretty sure that I know all of the 15 characters and in what order - what I'm not sure of is where the upper and lowercase should kick in, if you take a look at the forum post I linked to in my first post, Revalin made an excellent script to try and replace every character in a password with an upper- or lowercase letter or a special character - so what I need is an "improvement" of that script where the first 20 letters are left intact, but the last 15 are treated like Revalins original script treats the entire passphrase.

EDIT: I had 66 BTC in my account so I figure its worth spending a few hours online to see how far I can get while I try to kickstart my brain

Wait. You KNOW the ORDER? So that means 2 possiblities per character space at most? This takes the keyspace down to 32768. That would take less then a second to run. Now you're on to something.

Except the OP says 15-20 charecters.   If one knows the base word(s) how is the length unknown.  I mean password is always 8 charecters regardless of if it is PassworD or p@ssWORD.

As I posted above if the OP keeps trying to play "super secret squirrel" and including half truths and misinformation it makes any chance of a recovery exactly 0%.   The algorithm and search methods which need to be used will depends on what info is known, what is unknown, and what is partially known.

[greyhawk]

Except the OP says 15-20 charecters.   If one knows the base word(s) how is the length unknown.  I mean password is always 8 charecters regardless of if it is PassworD or p@ssWORD.

Absolutely. Which is exactly what made me pose the "did you steal this wallet.dat" question in the first place.

But, as he did not meltdown and instead posted a witty comeback, I'm reasonably sure it is indeed his own wallet.dat. Thieves always immediately meltdown instead.

Now I don't know what to think anymore.

[DannyHamilton]

. . . In other words, I would love to get some help with a script . . .

I've never really done any work with ruby, but if someone else doesn't post a script to help you I may give it a try tonight.  It'd be a fun chance to try my hand at a new language.

Assuming I get this done, unless you post some other conditions that help reduce the work necessary I'll go on the following assumptions for now:

The script will use 2 passphrases.
"firstphrase" will be the initial portion of the phrase that you know for certain you have everything correct.
"secondphrase" will the the terminal portion of the phrase where you know for certain that you have all the correct characters in the correct order, but you are uncertain if you have the "case" correct for the alphabetical characters.

The script will try all combinations of upper/lower case in the secondphrase and concatenate each combination to the end of firstphrase to see if it is correct.

Obviously if you don't know the exact characters of "secondphrase" in the exact order, then this script won't work.  It won't add additional characters anywhere. It won't substitute numbers, punctuation, or any other special characters.  It won't strip any characters out.  All it will do (based on what you've said you need) is try all combinations of capitalization of the alphabetical portions of "secondphrase".

If you need it to do more than this, you'll need to let us know so we design a script that will meet your needs.

[l0ud]

was offline for a few hours while on my way home from work but I'm glad to see that more people have replied although it seems as my intentions are still under questions, thats fine I guess - I've never been a member of a BTC forum before and I have no idea whether or not people actually come here to try to get other peoples help to steal money..


DeathAndTaxes: not sure what you mean by me serving misinformation? but I would imagine that you surely do see my wish to not conceal any part of the password on this forum? not that any of you would gain access to my dat file or that I have used the password other places, but I kind of consider a large portion of it to be my "fundation" password on which I build other secure passwords and passphrases.



greyhawk: I'm glad to see you're finally warming up to me, or getting closer at least :p and yeah, I think I have a lot to go on to reduce the computation needed to crack this one so thanks for the tip, I'll have a look around the Services section !!

DannyHamilton: If you would like to give it a try then I would be really grateful no matter what the result! Your assumptions are pretty much correct, the only thing would be that it might even be necessary with a "thirdphrase" part where after trying "firstphrase"+"secondphrase"&"thirdphrase" with all upper & lowercases, one could switch and try the same with "firstprase"+"thirdphrase"&"secondphrase".

I hope I did not make that to hard to understand but my passphrases are usually built up by a few words I find suitable for passwords and then I do the basic password tricks like replacing an o with an 0 or an s with a $ etc ...

I also PM'ed riX and Revalin from the thread I linked to in my original post as I feel like Revalin's script might just need some adjustments and as I told both of them - by BTC account isn't huge (66) but its half my damn rent so I would love to get it back - and if anyone can cook up a script for me where I can actually figure out what the hell I used for a password when I changed it the last time I'll gladly send them 16 BTC..

[greyhawk]

greyhawk: I'm glad to see you're finally warming up to me, or getting closer at least

Don't worry. That first question was basically just a shit test. As I mentioned a thief usually goes ballistic at that point. You didn't, you had a witty comeback, explained the situation. Sounds good in my book.