GPU brute forcing an encrypted wallet

[yourstruly]

I lost my password to a wallet that had 20 bitcoins in it, its now worth my effort to retrieve it. I tried using Revalins script found here https://bitcointalk.org/index.php?topic=85495.msg942171#msg942171 without any luck.

So I have modified it to brute force based off a base password that I know is correct, so I'm only have to brute force between 6-8 characters which is feasible.

Code:

#!/usr/bin/ruby -w
class Cracker
  def initialize(char_array, password_range)
    @char_array = char_array
    @password_range = password_range
  end

  def password_correct?(phrase)
    print "basepassword" + phrase, "\t"
    system("./bitcoind walletpassphrase basepassword#{phrase} 20")
    case $?.exitstatus
    when 0
      puts "Found it!  basepassword#{phrase}"
      exit 0
    end
    return false
  end

  def generate_password( perm_number, password_length )
    password=""
    (1..password_length).each do |char_number| # loop through characters
      char_reference = (perm_number / @char_array.length**(char_number-1)).floor % @char_array.length
      character = @char_array[char_reference]
      password << character
    end
    password
  end

  def do_combination( num_combinations, password_length )
    (0..num_combinations-1).each do |perm_number| # loop through combinations for a given length
      password = generate_password( perm_number, password_length )
      return password, perm_number if password_correct?(password)
    end
  end

  def crack()
    (@password_range).each do |password_length|  # loop to gradually increase password length
      num_combinations=@char_array.length**password_length
      password, perm_number = do_combination(num_combinations, password_length)
      if password
        puts "#{password} | Access Granted | #{perm_number} / #{num_combinations}"
        return password
      end
    end
  end
end

# I removed characters I was sure I didn't use
characters = "!$@01235@ABCDEFGIKLMNOSTWYZabcdefgiklmnopqrstuwyz".split(//)

cracker = Cracker.new( characters, (6..8) )
password = cracker.crack()

puts "No luck."
exit 1

This is going terribly slow though, but that is because I'm using CPU to try to crack this and I should take a lesson from the mining community and try to use my GPU through CUDA or OpenCL. I was wondering if anyone could help me adapt this script to python or a ruby OpenCL/CUDA library so that I can harness my GPU power to try to crack my password to recover it.

If not perhaps this will help someone else who ends up losing their wallet password and needs to brute force it. At 3-5 characters this would work find with a Quadcore.

[peewee]

An ambitious project...curious to see the outcome...and thanks for the reminder not to lose my wallet info

[kokjo]

system("sudo bitcoind", "bruteforce", "basepassword" + phrase, "20")

WTF!! seriously how far up your butt are your head?
have you even tried cracking a password before, on your own?

SUDO Really?
the method you are using have way too much overhead to be anywhere possible even to crack a 4-char password.
1. you are comminucating with bitcoind over jsonrpc over http over tcp.
2. bitcoind are using berkeley DB, to check if the password s correct.

RLY? U CRAZY?

solution:
extract enough information from from wallet.dat, to be able to verify a password, look in berkeleyDB manuels, bitcoin source, and determent  what is needed.
implement algoritm in some sort of GPU code(cuda, opencl,...) that do this efficient.

[alig23]

system("sudo bitcoind", "bruteforce", "basepassword" + phrase, "20")

WTF!! seriously how far up your butt are your head?
have you even tried cracking a password before, on your own?

SUDO Really?
the method you are using have way too much overhead to be anywhere possible even to crack a 4-char password.
1. you are comminucating with bitcoind over jsonrpc over http over tcp.
2. bitcoind are using berkeley DB, to check if the password s correct.

RLY? U CRAZY?

solution:
extract enough information from from wallet.dat, to be able to verify a password, look in berkeleyDB manuels, bitcoin source, and determent  what is needed.
implement algoritm in some sort of GPU code(cuda, opencl,...) that do this efficient.

It would not work

[yourstruly]

system("sudo bitcoind", "bruteforce", "basepassword" + phrase, "20")

WTF!! seriously how far up your butt are your head?
have you even tried cracking a password before, on your own?

SUDO Really?
the method you are using have way too much overhead to be anywhere possible even to crack a 4-char password.
1. you are comminucating with bitcoind over jsonrpc over http over tcp.
2. bitcoind are using berkeley DB, to check if the password s correct.

RLY? U CRAZY?

solution:
extract enough information from from wallet.dat, to be able to verify a password, look in berkeleyDB manuels, bitcoin source, and determent  what is needed.
implement algoritm in some sort of GPU code(cuda, opencl,...) that do this efficient.

Yeah that line was bad, I fixed it.

I have no cracked before, you raise a great point that I had been noticing myself. My biggest bottleneck is the bitcoind client itself which is running on my CPU. The only way I could increase the speed is by running more bitcoind clients.

I will try to read more about your proposed solution, I think that is the right direction.

It would not work

Could you please elaborate?

[DannyHamilton]

This is going terribly slow though, but that is because I'm using CPU to try to crack this and I should take a lesson from the mining community and try to use my GPU through CUDA or OpenCL. I was wondering if anyone could help me adapt this script to python or a ruby OpenCL/CUDA library so that I can harness my GPU power to try to crack my password to recover it.

Mining involves generating hashes, which apparently GPU shaders are good at.  I'm not sure what algorithm is used for encrypting your private keys, but I guess the first thing to figure out is if a GPU would be any good at that algorithm anyhow.

Then assuming that it is, I would think you could pull an encrypted private key from the wallet and repeatedly attempt to decrypt it, looking to see if the result is a valid private key without having to go back to bitcoind every time.

[yourstruly]

This is going terribly slow though, but that is because I'm using CPU to try to crack this and I should take a lesson from the mining community and try to use my GPU through CUDA or OpenCL. I was wondering if anyone could help me adapt this script to python or a ruby OpenCL/CUDA library so that I can harness my GPU power to try to crack my password to recover it.

Mining involves generating hashes, which apparently GPU hashes are good at.  I'm not sure what algorithm is used for encrypting your private keys, but I guess the first thing to figure out is if a GPU would be any good at that algorithm anyhow.

Then assuming that it is, I would think you could pull an encrypted private key from the wallet and repeatedly attempt to decrypt it, looking to see if the result is a valid private key without having to go back to bitcoind every time.

I will look into this, who knows if bitcoins keeps going up cracking wallets with lost passwords will be worth greater and greater investment. I was considering writing a short story about it.

[kokjo]

Mining involves generating hashes, which apparently GPU shaders are good at.  I'm not sure what algorithm is used for encrypting your private keys, but I guess the first thing to figure out is if a GPU would be any good at that algorithm anyhow.

AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

[tminuszer0]

AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

You would be correct.

[kokjo]

AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

You would be correct.

Naah, multiple rounds of AES. bruteforcing sucks.

[yourstruly]

AES is used to encrypt the privatekeys, if i remember correctly. it is easy to brutefore on GPU

You would be correct.

Naah, multiple rounds of AES. bruteforcing sucks.

So since its multiple rounds I would be better off trying to just crack via multiple instances of the bitcoind rpc?

[Nicolai]

Don't use bitcoind RPC interface, it's waaaaaaay to slow.

Go to github, find the 'wallet unlock code'-part, extract and use this code to bruteforce.

[yourstruly]

Don't use bitcoind RPC interface, it's waaaaaaay to slow.

Go to github, find the 'wallet unlock code'-part, extract and use this code to bruteforce.

Great idea, thank you.

Ill share my code when it is ready, incase anyone else runs into this.

[el_rlee]

can you not somehow utilize hashcat or john the ripper for that?

[djdollabill]

You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

[silverfuture]

You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

Maybe you are confusing cracking the user password for the wallet with cracking a private key? A wallet password would crack easier or harder depending on what the password was.

[archaeopteryx]

You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

OP:

So I have modified it to brute force based off a base password that I know is correct, so I'm only have to brute force between 6-8 characters which is feasible.

He knows part of the password so has some a priori information to go off of, not like cracking a private key. It still might take a while.

[yourstruly]

You realize if you are successful you could brute force ANY BTC wallet whether you had legitimate claim to it or not.

In other words, bitcoin would be essentially dead, since you could take from any arbitrary wallet.  You would start with the biggest ones, of course, and eventually word would get out, and bitcoin would be officially dead.

So far, since the 2009 release of the bitcoin protocol, nobody has hacked an arbitrary wallet.  This is presumably not for lack of trying.

I would, to quote Justin Bieber, "Never say never," but if you want a way to open a wallet, you might be brute forcing for a long, long time.

Not quite, I'm trying to crack a wallet with a password I created that is over 14 characters long. Since I created it though I have a base password which I know for certain is in the password which brings down the length of the password I need to crack to an insecure length. It is already pretty much known you don't use passwords less than 8 characters, preferably 14 or greater.

All of this got me thinking, wouldn't it be crazy if after all the bitcoins were handed out the infrastructure once used to mine was turned to hack wallets because of their value.

[DannyHamilton]

All of this got me thinking, wouldn't it be crazy if after all the bitcoins were handed out the infrastructure once used to mine was turned to hack wallets because of their value.

Sure, but first you'd have to get ahold of the wallet.dat file somehow.  Then, even if you could do that, keep in mind that miners get the transaction fees of all the transactions in the block in addition to the newly minted bitcoins.  So in 136 years when all new bitcoins have been issued, you'd probably still be more profitable continuing to mine (and receiving the transaction fees), unless you could get ahold of the wallet.dat of someone who had a REALLY large number of bitcoins AND an insecure password.

[yourstruly]

All of this got me thinking, wouldn't it be crazy if after all the bitcoins were handed out the infrastructure once used to mine was turned to hack wallets because of their value.

Sure, but first you'd have to get ahold of the wallet.dat file somehow.  Then, even if you could do that, keep in mind that miners get the transaction fees of all the transactions in the block in addition to the newly minted bitcoins.  So in 136 years when all new bitcoins have been issued, you'd probably still be more profitable continuing to mine (and receiving the transaction fees), unless you could get ahold of the wallet.dat of someone who had a REALLY large number of bitcoins AND an insecure password.

I had not realized that the mining would continue because of ongoing transactions which makes sense now that you say it. Thanks for that insight.