Bitcoin Forum
March 01, 2021, 02:00:49 PM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 »  All
  Print  
Author Topic: Bitcoin Wallet Recovery Services - for forgotten wallet password  (Read 62716 times)
walletrecoveryservices
Member
**
Offline Offline

Activity: 88
Merit: 18



View Profile WWW
June 23, 2013, 10:36:12 AM
 #21

Yes, absolutely. And I haven't taken offense at the aspersions cast on my service (or my character Smiley ).

As you said earlier: Trust takes time.

I myself would be skeptical of similar services. It is, in fact, really fortunate (was it planned?) that the structure of the encrypted bitcoin wallet is such that it allows for the 'remote' brute force decryption of the password by a third party without needing to trust that third party with all the bitcoin addresses in the wallet.

How did you become aware of this possibility? I wouldn't even have thought of that.
The fact (of the reduced trust required for a third party for password recovery) was raised in this forum previously. I can't claim credit for the original idea, although I have developed it.

Providing Cryptocurrency Wallet, Password and Seed Recovery Services since 2013
1614607249
Hero Member
*
Offline Offline

Posts: 1614607249

View Profile Personal Message (Offline)

Ignore
1614607249
Reply with quote  #2

1614607249
Report to moderator
There are several different types of Bitcoin clients. EWallets such as Coinbase are like banks -- a central organization has complete control over your money. You shouldn't put much money in EWallets.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1614607249
Hero Member
*
Offline Offline

Posts: 1614607249

View Profile Personal Message (Offline)

Ignore
1614607249
Reply with quote  #2

1614607249
Report to moderator
1614607249
Hero Member
*
Offline Offline

Posts: 1614607249

View Profile Personal Message (Offline)

Ignore
1614607249
Reply with quote  #2

1614607249
Report to moderator
1614607249
Hero Member
*
Offline Offline

Posts: 1614607249

View Profile Personal Message (Offline)

Ignore
1614607249
Reply with quote  #2

1614607249
Report to moderator
Liquid
Hero Member
*****
Offline Offline

Activity: 812
Merit: 500


Crypto Somnium


View Profile
June 23, 2013, 12:00:14 PM
 #22

Hello i need your very services

I will provide positive feedback if you are successful on breaking my wallet


Bitcoin will show the world what hard money really is.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2744
Merit: 1016



View Profile
June 24, 2013, 08:33:33 AM
 #23

Scammer Fails So Hard

Ok, let's harden the assumption he can't scam us.

I made a fresh wallet and encrypted it with password "s3cr3t"



I prepared the wallet dump I would send to the service for recovery following the instructions:

Code:
{
    "bestblock": "0000000000000027d106ec4bc7ac89c72c9fa91590f53027c7d4c3ec5ab084fe",
    "defaultkey": "19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b",
    "keys": [
        {
            "addr": "1ErroNQ8CAM85Ryw9Dn1Ye9GLX3qoLHZrd",
            "ckey": "73f64a4c34cc90b3a60feecae953b94b34c1358fcfe8b82ebd0256acd993ca84e763d0137ad18ce2213072c91e02260a",
            "pubkey": "03c49569aaffb9208507b96b150432cd95bbacfade16867430803d0c47f9219353",
            "reserve": 1
        },
        {
            "addr": "17J3e6ibabHLr1RxZDXcbs6dFaY9v8aDZe",
            "ckey": "3fea2dedcdbd7b7e74e51012b00b968ea43a42ae4d5e404048f50a34fc731ee50e6d3eeef981ca3250c2cab299a84b87",
            "pubkey": "03ca391703beda1af19a5a6190aa2041d4f185e6596e1b97ae58d453177a250f67",
            "reserve": 1
        }
    ],
    "minversion": 60000,
    "mkey": {
        "crypted_key": "6057c6954b2d264f4cb7ef43155bce87663b903b1525d1f760d1974ef997f908ebe8c57e982784367ddd226598629390",
        "nDerivationMethod": 0,
        "nDeriveIterations": 191354,
        "nID": 1,
        "salt": "a20c57149389df16",
        "vchOtherDerivationParameters": ""
    },
    "settings": {
        "addrIncoming": "0.0.0.0:0"
    },
    "version": 80202
}

I dare walletrecoveryservices to transfer some money to that address: 19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b, which is part of the wallet (but not the dump, obviously). I realise he has to trust me with the money, so I could understand if he doesn't do it.

If his method was flawed, anyone could take that money.

If noone takes the money after a week, I will send it back to walletrecoveryservices and we can be pretty sure his method doesn't enable him him to steal customer money.


PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
walletrecoveryservices
Member
**
Offline Offline

Activity: 88
Merit: 18



View Profile WWW
June 24, 2013, 09:49:30 AM
 #24

Scammer Fails So Hard

Ok, let's harden the assumption he can't scam us.


I accept your challenge, Molecular.!!!
I have transferred 1.00 BTC to that address, 19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b
You have published the details of that wallet above, so everyone reading this now knows the same details as the walletrecoveryservices.com website is asking for when it tries to decode a wallet.
There is 1.00 BTC in that wallet.
I can't steal it, and I do not believe that anyone else can either. Prove me wrong, skeptics!
If you think that the concept behind the wallet password recovery service is flawed, here is your chance to prove it, and earn some cash.

Here is the record of the 1.00BTC transaction: https://blockchain.info/address/19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b

I'm trusting Molecular to return my 1 BTC at the end of this exercise... sometimes you have to show some trust to earn some trust... Smiley

Providing Cryptocurrency Wallet, Password and Seed Recovery Services since 2013
molecular
Donator
Legendary
*
Offline Offline

Activity: 2744
Merit: 1016



View Profile
June 24, 2013, 11:23:18 AM
 #25

Scammer Fails So Hard

Ok, let's harden the assumption he can't scam us.


I accept your challenge, Molecular.!!!
I have transferred 1.00 BTC to that address, 19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b
You have published the details of that wallet above, so everyone reading this now knows the same details as the walletrecoveryservices.com website is asking for when it tries to decode a wallet.
There is 1.00 BTC in that wallet.
I can't steal it, and I do not believe that anyone else can either. Prove me wrong, skeptics!
If you think that the concept behind the wallet password recovery service is flawed, here is your chance to prove it, and earn some cash.

Here is the record of the 1.00BTC transaction: https://blockchain.info/address/19xTYJg3i1YuoHtYqtNhXcer65K9wZ1n4b

I'm trusting Molecular to return my 1 BTC at the end of this exercise... sometimes you have to show some trust to earn some trust... Smiley


Cool.

Money has arrived:



PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
J35st3r
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
June 24, 2013, 11:37:06 AM
 #26

Of course walletrecoveryservices could be a sock of molecular  Tongue

But what am I saying, given molecular's level of trust that would be a good thing, nay?

Time to brush up on my hacking skills, only a week to get that coin. But only a 1 in a gazillion chances of success!
...  Cheesy cos otherwise bitcoin is toast  Grin

1Jest66T6Jw1gSVpvYpYLXR6qgnch6QYU1 NumberOfTheBeast ... go on, give it a try Grin
WiW
Sr. Member
****
Offline Offline

Activity: 277
Merit: 250


"The public is stupid, hence the public will pay"


View Profile
June 24, 2013, 11:48:39 AM
 #27

Just a few months ago when I thought I forgot the password to 300 mili, I thought of a service exactly like this along with pricing models. In fact, I thought that this kind of service would demand trust and reputation. Kind of like John of these forums does for escrow.

Awesome to see an actual service for this stuff available.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2744
Merit: 1016



View Profile
June 24, 2013, 01:21:22 PM
 #28

Of course walletrecoveryservices could be a sock of molecular  Tongue

That's true.

It's pretty easy to become confident the info doesn't allow stealing of the money when one takes a look and thinks for a bit. Even just looking at my post above and thinking about how one would go about stealing the money should suffice.

It might be more effective to show people 1 BTC that doesn't move instead of asking them to go through some process and think.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
molecular
Donator
Legendary
*
Offline Offline

Activity: 2744
Merit: 1016



View Profile
June 24, 2013, 01:22:14 PM
 #29

Just a few months ago when I thought I forgot the password to 300 mili, I thought of a service exactly like this along with pricing models. In fact, I thought that this kind of service would demand trust and reputation. Kind of like John of these forums does for escrow.

Awesome to see an actual service for this stuff available.

Actually it doesn't demand trust at all.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
WiW
Sr. Member
****
Offline Offline

Activity: 277
Merit: 250


"The public is stupid, hence the public will pay"


View Profile
June 24, 2013, 01:46:57 PM
 #30

Actually it doesn't demand trust at all.

Either you pay per work or you pay per job.
  • If you pay per work you need a mechanism to gauge how much work was done even if there are no resulting passwords brute-forced. I could only think of an auditable system building trust.
  • If you pay per job, he needs to trust you that the password is not impossible to brute-force or else you can get him to waste computing power for nothing.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2744
Merit: 1016



View Profile
June 24, 2013, 03:12:20 PM
 #31

Actually it doesn't demand trust at all.

Either you pay per work or you pay per job.
  • If you pay per work you need a mechanism to gauge how much work was done even if there are no resulting passwords brute-forced. I could only think of an auditable system building trust.
  • If you pay per job, he needs to trust you that the password is not impossible to brute-force or else you can get him to waste computing power for nothing.

ok, true. I was still narrowly focussing on the "money stealing" aspect.

the service is bro-bono anyway, right? I guess someone regaining access to his funds will be grateful enough to donate generously.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
walletrecoveryservices
Member
**
Offline Offline

Activity: 88
Merit: 18



View Profile WWW
June 24, 2013, 06:45:30 PM
 #32


the service is bro-bono anyway, right? I guess someone regaining access to his funds will be grateful enough to donate generously.

Hi
Yes, I have been thinking about the best charging model:
If I make the service purely success-based, then I am at the mercy of people who send in false information and cause me to waste CPU cycles (money) for no reason.
If I make the service purely pay-as-you-go, (based on CPU time used), then I cannot charge 'high-end' customers more money than the average.
It may be that some combination of both charging models will be required in the long term - for instance a basic cost-recovery pay-as-you-go model, plus a % recovery fee, or similar.

However for now, yes, it is a pro-bono service.
I'm currently working on several wallet decryptions.
Cheers
Dave

Providing Cryptocurrency Wallet, Password and Seed Recovery Services since 2013
ibminer
Legendary
*
Offline Offline

Activity: 1552
Merit: 1926


Goonies never say die.


View Profile
June 24, 2013, 07:10:35 PM
 #33

I don't understand why people establish multiple identities/accounts here. Who is the true owner of the account?  Why hide it?    

If I had such a great idea, I'd want to be recognized for it, rather than starting a blank account and trying to sell something... it seems easier to sell things here when you have some type of history, unless the person already has a tarnished record and wants to start over or just get some quick coins out of a scam?

In the end, I will just consider this a scam until I need to recover my password...     Grin

:-: Bitcointalk Public Information Project (BPIP) :-: New stats, new reports, new design, new parsers, and more!
Don't be obsessed with your desires. The Zen philosopher Basho once wrote, 'A flute with no holes, is not a flute... and a donut with no hole, is a Danish.' He was a funny guy.
Abdussamad
Legendary
*
Offline Offline

Activity: 2758
Merit: 1308



View Profile
June 24, 2013, 07:40:11 PM
 #34

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.
QuestionAuthority
Legendary
*
Offline Offline

Activity: 2156
Merit: 1391


You lead and I'll watch you walk away.


View Profile
June 24, 2013, 07:40:58 PM
 #35

You say it yourself:

Quote
If you have no idea at all of your passphrase, and it was more than a handful of characters long, then we cannot help you. No-one in the world, including the NSA, CIA, D-Wave or anyone else can crack the encryption used in the bitcoin wallet if the passphrase is more than 15 fairly random characters. The bitcoin wallet encryption is strong by design. There are no known flaws in the implementation, and many people have tried to break it!

You cannot crack a good passphrase. Stupid people should be punished. If they lose one time they will be more careful or lose money again. It's a learning experience. I almost don't want you to provide this service because it will rob users of the valuable experience. People can now be lazy and make a simple password. If they forget it they can just come to you and all is well.

Also, have you thought about the possibility that a thief might use your service to crack a stolen wallet. Bots are easy to set up and can even be spread simply. If I were a bot operator and found that a few zombies had wallets I might be tempted to just have you crack all the wallets that I can find instead of setting up my own system to do it.

walletrecoveryservices
Member
**
Offline Offline

Activity: 88
Merit: 18



View Profile WWW
June 24, 2013, 08:15:35 PM
 #36

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.
Er... Have you looked at the instruction at walletrecoveryservices.com ?
The script to grab the required portion of the wallet is specifically open-source!

Providing Cryptocurrency Wallet, Password and Seed Recovery Services since 2013
walletrecoveryservices
Member
**
Offline Offline

Activity: 88
Merit: 18



View Profile WWW
June 24, 2013, 08:22:48 PM
 #37

You say it yourself:

Quote
If you have no idea at all of your passphrase, and it was more than a handful of characters long, then we cannot help you. No-one in the world, including the NSA, CIA, D-Wave or anyone else can crack the encryption used in the bitcoin wallet if the passphrase is more than 15 fairly random characters. The bitcoin wallet encryption is strong by design. There are no known flaws in the implementation, and many people have tried to break it!

You cannot crack a good passphrase. Stupid people should be punished. If they lose one time they will be more careful or lose money again. It's a learning experience. I almost don't want you to provide this service because it will rob users of the valuable experience. People can now be lazy and make a simple password. If they forget it they can just come to you and all is well.

Also, have you thought about the possibility that a thief might use your service to crack a stolen wallet. Bots are easy to set up and can even be spread simply. If I were a bot operator and found that a few zombies had wallets I might be tempted to just have you crack all the wallets that I can find instead of setting up my own system to do it.
Yes, I've thought about the bad guys using this service to crack other people's stolen wallets. I hate the idea of the site being used for evil. However, as you rightly quote from the walletrecoveryservices.com website, that would be a completely futile exercise unless the bad guy knows 'most' of the wallet password. Probably if they done a key-logging, then they know all the password already. If I move to using a pay-as-you-go model for the cracking service, I'm happy for them to try. Smiley But only the most stupid, basic passwords have any chance of being cracked when the user has no idea of the forgotten passphrase and I don't think many people are silly enough to have a super weak password. (oh, well, maybe some are...)
If I was to detect some user submitting many wallets for decryption, then I would stop them using the wallet recovery services.
Cheers,
Dave

Providing Cryptocurrency Wallet, Password and Seed Recovery Services since 2013
QuestionAuthority
Legendary
*
Offline Offline

Activity: 2156
Merit: 1391


You lead and I'll watch you walk away.


View Profile
June 24, 2013, 08:48:08 PM
 #38

You say it yourself:

Quote
If you have no idea at all of your passphrase, and it was more than a handful of characters long, then we cannot help you. No-one in the world, including the NSA, CIA, D-Wave or anyone else can crack the encryption used in the bitcoin wallet if the passphrase is more than 15 fairly random characters. The bitcoin wallet encryption is strong by design. There are no known flaws in the implementation, and many people have tried to break it!

You cannot crack a good passphrase. Stupid people should be punished. If they lose one time they will be more careful or lose money again. It's a learning experience. I almost don't want you to provide this service because it will rob users of the valuable experience. People can now be lazy and make a simple password. If they forget it they can just come to you and all is well.

Also, have you thought about the possibility that a thief might use your service to crack a stolen wallet. Bots are easy to set up and can even be spread simply. If I were a bot operator and found that a few zombies had wallets I might be tempted to just have you crack all the wallets that I can find instead of setting up my own system to do it.
Yes, I've thought about the bad guys using this service to crack other people's stolen wallets. I hate the idea of the site being used for evil. However, as you rightly quote from the walletrecoveryservices.com website, that would be a completely futile exercise unless the bad guy knows 'most' of the wallet password. Probably if they done a key-logging, then they know all the password already. If I move to using a pay-as-you-go model for the cracking service, I'm happy for them to try. Smiley But only the most stupid, basic passwords have any chance of being cracked when the user has no idea of the forgotten passphrase and I don't think many people are silly enough to have a super weak password. (oh, well, maybe some are...)
If I was to detect some user submitting many wallets for decryption, then I would stop them using the wallet recovery services.
Cheers,
Dave


I'm glad to see you say that and don't discount the stupidity of the average person.  Wink

Abdussamad
Legendary
*
Offline Offline

Activity: 2758
Merit: 1308



View Profile
June 24, 2013, 08:48:33 PM
 #39

Another thing is that they should create an opensource script that grabs the portions from the wallet that they need for a safe decryption. Because the script will be opensource people will have confidence that it is doing exactly what it is supposed to do and not anything else.
Er... Have you looked at the instruction at walletrecoveryservices.com ?
The script to grab the required portion of the wallet is specifically open-source!

pywallet is opensource but there is no script to grab the exact portions YOU need. Instead you are asking people to do it manually. I recommend creating an opensource script that grabs the parts you need so that non-techies don't have to muck about with pywallet.

Yes these non-techies will need assurances from techies that the script does what it says on the tin and nothing more. So maybe you can do this in the future when you have enough of a following that somebody reputable will take the time to look at the code and say it is safe.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2744
Merit: 1016



View Profile
June 24, 2013, 08:52:56 PM
 #40

However for now, yes, it is a pro-bono service.
I'm currently working on several wallet decryptions.

Cool. Do they look like they have a chance of success, i.e. did the users provide helpful enough info?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!