GPU brute forcing an encrypted wallet

[elliwilli]

You are kinda screwed...
the wallet is encrypted with multiple rounds of AES making it much, much harder to crack by almost any means.
Try getting a quantum computer  

Wrong. It's indeed very possible to crack a password if you know a little about it. I've found around 8 passwords within a week. That is because they knew a little bit about their password. If you know the majority of your password you should be able to get it. If you are certain you used it but, might of made a typo(s) then it takes under a hour usually to find. The less you know about the password the more the chance of recovery failing.

Remember, we are not trying to crack a private key, but a password. It's much easier and is possible.


If anyone, needs help. Feel free to contact me about the matter.

Ahh OK, I misunderstood, in that case than sure, just bruteforce it to death.

[Sonny]

You are kinda screwed...
the wallet is encrypted with multiple rounds of AES making it much, much harder to crack by almost any means.
Try getting a quantum computer 

Wrong. It's indeed very possible to crack a password if you know a little about it. I've found around 8 passwords within a week. That is because they knew a little bit about their password. If you know the majority of your password you should be able to get it. If you are certain you used it but, might of made a typo(s) then it takes under a hour usually to find. The less you know about the password the more the chance of recovery failing.

Remember, we are not trying to crack a private key, but a password. It's much easier and is possible.


If anyone, needs help. Feel free to contact me about the matter.

Not sure about OP's case, but for Ronya, his password is very short and simple, and it is not really hard to brufe-force it.

I know for certain it was short and german. Maximun 5-6 letters(no numbers). Normally the first Letter is Big, you know what i mean, not frog, but Frog.

[Welsh]

Not sure about OP's case, but for Ronya, his password is very short and simple, and it is not really hard to brufe-force it.

Yes. Ronya should be able to crack it pretty soon, I'm surprised it's taking as long as  it is though, guess it depends on the hardware you got pumping that script. I'm unsure how fast btcrecover is though.(a quick glance and the code is actually pretty clean and should run at decent speeds depending on hardware and whether it is able to utilize cores) I've had some similar scenarios and it's taken a few hours at most.

I wish you the best of luck Ronya and hope you can get access back, if you can't you can always send me a message and we'll discuss more about the issue.

[aronnov]

You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

Maybe you are confusing cracking the user password for the wallet with cracking a private key? A wallet password would crack easier or harder depending on what the password was.

i hope this program cannot open my wallet and the others
make something useful for humankind, not a kind of destructable
ok ...

[Ronya]

So bad news....exhausted...
But i am so sure short word 5-6 letters and it is a word, not jibberish like adjkgs. But I think this is it, of course i could pay fees, i am not greedy, just it would be nice get just my old bitcoin..

But thabnks for all the help

[MakeBelieve]

So bad news....exhausted...
But i am so sure short word 5-6 letters and it is a word, not jibberish like adjkgs. But I think this is it, of course i could pay fees, i am not greedy, just it would be nice get just my old bitcoin..

But thabnks for all the help

Sad to hear I would keep trying and if you do fail and cant think of any thing else I should think you wouldn't mind paying much of a fee.

[HarmonLi]

Does anyone have a comparison of how long this would take with a script/interpreter language like Ruby or Python, vs. a compiled and highly parallized computation on a GPU? I guess we're talking 4-5 orders of magnitude here?

[Ronya]

What i can do now? Just restart but it would provide the same results. Or i was wrong about password, but it is unusual that is a long pw, i am too lazy, It is 100% a word not combination of letters and numbers. But maybe something like Number1, but is ridicolous such a word i would not write.

So what should i do write notepad to enlarge the bruteforce?

[Wilhelm]

Does anyone have a comparison of how long this would take with a script/interpreter language like Ruby or Python, vs. a compiled and highly parallized computation on a GPU? I guess we're talking 4-5 orders of magnitude here?

Much much faster. Try 20x.
Still it will take many years to bruteforce.
Dictionary attack will be faster if they have a weak password.
Maybe you could program rainbow tables if you have many wallet.dat files to crack

[btchris]

What i can do now? Just restart but it would provide the same results. Or i was wrong about password, but it is unusual that is a long pw, i am too lazy, It is 100% a word not combination of letters and numbers. But maybe something like Number1, but is ridicolous such a word i would not write.

So what should i do write notepad to enlarge the bruteforce?

First, just a reminder, if there was an umlaut over any of the vowels, btcrecover will never find it. It can't handle non-ASCII.

The only option would be to try more passwords. I guess I'd try this:

Code:

#--pause --no-dupchecks --wallet multibit.key --autosave progress.sav
%ia%0,5a%d %ia%6a 

This tries passwords that have a single number at the end, and also passwords that are 7 letters long. It will take 36 times longer to run, so it's pretty important that you install PyCrypto 2.6 for Python 2.7 64bit from here first.

It will autosave to a file in the same directory, so you can close it and restart it without losing any progress (but only after the initial counting phase). I just added a small improvement related to autosave, so you should probably download a new copy of btcrecover first.

[btchris]

Does anyone have a comparison of how long this would take with a script/interpreter language like Ruby or Python, vs. a compiled and highly parallized computation on a GPU? I guess we're talking 4-5 orders of magnitude here?

Much much faster. Try 20x.
Still it will take many years to bruteforce.
Dictionary attack will be faster if they have a weak password.
Maybe you could program rainbow tables if you have many wallet.dat files to crack

The wallet.dat password is seeded, rainbow tables wouldn't help.

While there is a speed difference between Python and native code, for this particular application it's much closer than 20x. Most of the time is spent inside cryptographic code, and most scripting languages implement cryptographic primitives in native code.

Here's a comparison between btcrecover and John the Ripper, including columns which show what language each cryptographic primitive is actually written in. The interesting comparisons are the Bitcoin Core lines, which show a speedup of 2.75x from 44 P/s to 128 when going from btcrecover to JtR, and the speedups that you get with GPU acceleration (pretty good speedups with Bitcoin, but a measly 4 - 6x speedup for Armory which uses a memory-hard KDF).

All of these tests were run on my aging i5-2500k and 2x 560 Ti's. Wallets were created on the same system using default KDF parameters, except for the Blockchain.info wallet with 10,000 iterations (10 is the default).

BBcode tables are pretty ugly, the original spreadsheet if you want to see it is here.

Wallet

Software

Language

KDF

Hash

AES-256

ECDSA?

Iterations

Memory

GPUs

P/s

Armory

BTCR

Python 2.7

ROMix

C++

SHA-512

C++

C++

Yes

4

2 MiB

20

Armory

BTCR

Python 2.7

ROMix

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C++

Yes

4

2 MiB

1

79

Armory

BTCR

Python 2.7

ROMix

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C++

Yes

4

2 MiB

2

128

Bitcoin Core

BTCR

Python 2.7

PBKDF1

Python

SHA-512

C

C

No

67,908

44

Bitcoin Core

JtR

C w/OpenMP

PBKDF1

C

SHA-512

asm

asm w/AES-NI

No

67,908

121

Bitcoin Core

BTCR

Python 2.7

PBKDF1

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C

No

67,908

1

1,070

Bitcoin Core

BTCR

Python 2.7

PBKDF1

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C

No

67,908

2

2,110

Blockchain.info

BTCR

Python 2.7

PBKDF2

Python

SHA-1

C

C

No

10

27,000

Blockchain.info

BTCR

Python 2.7

PBKDF2

C

SHA-1

C

C

No

10

82,000

Blockchain.info

JtR

C w/OpenMP

PBKDF2

C

SHA-1

C w/SSE4.1

asm w/AES-NI

No

10

533,000

Blockchain.info

JtR

C w/OpenMP

PBKDF2

OpenCL (GPU)

SHA-1

OpenCL (GPU)

asm w/AES-NI

No

10

1

3,996,000

Blockchain.info

BTCR

Python 2.7

PBKDF2

Python

SHA-1

C

C

No

10,000

41

Blockchain.info

BTCR

Python 2.7

PBKDF2

C

SHA-1

C

C

No

10,000

262

Electrum

BTCR

Python 2.7

PBKDF1

Python

SHA-256

C

Python

No

2

25,000

Electrum

BTCR

Python 2.7

PBKDF1

Python

SHA-256

C

C

No

2

396,000

MultiBit

BTCR

Python 2.7

custom

Python

MD5

C

Python

No

3

26,000

MultiBit

BTCR

Python 2.7

custom

Python

MD5

C

C

No

3

415,000

[MakeBelieve]

Does anyone have a comparison of how long this would take with a script/interpreter language like Ruby or Python, vs. a compiled and highly parallized computation on a GPU? I guess we're talking 4-5 orders of magnitude here?

Much much faster. Try 20x.
Still it will take many years to bruteforce.
Dictionary attack will be faster if they have a weak password.
Maybe you could program rainbow tables if you have many wallet.dat files to crack

The wallet.dat password is seeded, rainbow tables wouldn't help.

While there is a speed difference between Python and native code, for this particular application it's much closer than 20x. Most of the time is spent inside cryptographic code, and most scripting languages implement cryptographic primitives in native code.

Here's a comparison between btcrecover and John the Ripper, including columns which show what language each cryptographic primitive is actually written in. The interesting comparisons are the Bitcoin Core lines, which show a speedup of 2.75x from 44 P/s to 128 when going from btcrecover to JtR, and the speedups that you get with GPU acceleration (pretty good speedups with Bitcoin, but a measly 4 - 6x speedup for Armory which uses a memory-hard KDF).

All of these tests were run on my aging i5-2500k and 2x 560 Ti's. Wallets were created on the same system using default KDF parameters, except for the Blockchain.info wallet with 10,000 iterations (10 is the default).

BBcode tables are pretty ugly, the original spreadsheet if you want to see it is here.

Wallet

Software

Language

KDF

Hash

AES-256

ECDSA?

Iterations

Memory

GPUs

P/s

Armory

BTCR

Python 2.7

ROMix

C++

SHA-512

C++

C++

Yes

4

2 MiB

20

Armory

BTCR

Python 2.7

ROMix

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C++

Yes

4

2 MiB

1

79

Armory

BTCR

Python 2.7

ROMix

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C++

Yes

4

2 MiB

2

128

Bitcoin Core

BTCR

Python 2.7

PBKDF1

Python

SHA-512

C

C

No

67,908

44

Bitcoin Core

JtR

C w/OpenMP

PBKDF1

C

SHA-512

asm

asm w/AES-NI

No

67,908

121

Bitcoin Core

BTCR

Python 2.7

PBKDF1

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C

No

67,908

1

1,070

Bitcoin Core

BTCR

Python 2.7

PBKDF1

OpenCL (GPU)

SHA-512

OpenCL (GPU)

C

No

67,908

2

2,110

Blockchain.info

BTCR

Python 2.7

PBKDF2

Python

SHA-1

C

C

No

10

27,000

Blockchain.info

BTCR

Python 2.7

PBKDF2

C

SHA-1

C

C

No

10

82,000

Blockchain.info

JtR

C w/OpenMP

PBKDF2

C

SHA-1

C w/SSE4.1

asm w/AES-NI

No

10

533,000

Blockchain.info

JtR

C w/OpenMP

PBKDF2

OpenCL (GPU)

SHA-1

OpenCL (GPU)

asm w/AES-NI

No

10

1

3,996,000

Blockchain.info

BTCR

Python 2.7

PBKDF2

Python

SHA-1

C

C

No

10,000

41

Blockchain.info

BTCR

Python 2.7

PBKDF2

C

SHA-1

C

C

No

10,000

262

Electrum

BTCR

Python 2.7

PBKDF1

Python

SHA-256

C

Python

No

2

25,000

Electrum

BTCR

Python 2.7

PBKDF1

Python

SHA-256

C

C

No

2

396,000

MultiBit

BTCR

Python 2.7

custom

Python

MD5

C

Python

No

3

26,000

MultiBit

BTCR

Python 2.7

custom

Python

MD5

C

C

No

3

415,000

OH wow great information there thanks for the information chris.

[Ronya]

@Chris
This file is getting complicated, they ask me if i repair/remove/change...I do not I klick somewhere--But i think i did not right cuz,warning: can't find pycrypto..maybe give me a more detail Hoe to put pycrypto in btc-recover

[MakeBelieve]

If you can't do it yourself and find your self struggling you should probably just hire a more technical person they will probably find it in no time if its near the correct password.

[MakeBelieve]

I did try first myself on trying to recover my wallet but then I gave up and contacted someone over at the services section and they finally found it wasn't far from my prediction but I probably would of never got it...or would of took me a long time for a small amount.

[btchris]

@Chris
This file is getting complicated, they ask me if i repair/remove/change...I do not I klick somewhere--But i think i did not right cuz,warning: can't find pycrypto..maybe give me a more detail Hoe to put pycrypto in btc-recover

Please give this a try.

  1. Go to Start -> Control Panel.
  2. Click on Uninstall a Program.
  3. Find everything that has "Python" in the program name, you should find at least two, maybe more.
  4. Double-click each one to remove it.
  5. Install Python 2.7.8 Windows X86-64 Installer from here.
  6. Install PyCrypto 2.6 for Python 2.7 64bit from here.

Let me know if you still get the "warning: can't find pycrypto" message...

[Ronya]

I want proudly annonce that Btcris made it. I gave my key-file and then crack/hack/brute-force(for all jibberish) and he is a man of Honor, he could steal 1,0 Btc, but he got his fee,w hat was negoniated under us 10%, so 0,1 Btc

So he is the Heisenberg of BTC

[Sonny]

It is nice to know that the problem is finally solved now, and it is nice to see you haven't trusted the wrong person.
Well done, btchris.

[DhaniBoy]

It is not so easy to encrypted a wallet with GPU brute forcing, because encryted wallet has a very complicated security, as example in blockchain.info, if you lost your passwrod, you must enter some random words, which given at the time of first registration, hopefully you can find the lost password wallet

[Gumbork]

I want proudly annonce that Btcris made it. I gave my key-file and then crack/hack/brute-force(for all jibberish) and he is a man of Honor, he could steal 1,0 Btc, but he got his fee,w hat was negoniated under us 10%, so 0,1 Btc

So he is the Heisenberg of BTC

Nice that you finally get your bitcoin back.