"Provided AES key is wrong."

[CrazyMiata]

Alright so I am getting ready to format my laptop and going through backing everything up and I realize I forgot my password! Oyyy!

It was imported from a private key that I printed from Armory but I deleted that PDF and no longer have access to the private key(fuck!)

I'm trying to systematically go through my passwords and combinations but it drives me INSANE that I cannot hit enter to try a password.
The dialog I am using to test for my password is the remove password dialog. On all of my tries it will say that the error is that it "Could not decrypt bytes"

How ever when trying one of my familiar more secure passwords I get "Provided AES key is wrong."

This is driving me crazy because this is where my ASICMINER dividends get paid out to! As a worst case scenario I do have a bunch of GPUs maybe I can use Hashcat and try to brute force the wallet password, is this possible?

Does this mean that password that yields AES key is wrong is a correct password? or maybe its missing something? If I add a character I get the could not decrypt bytes message.

Any help would be immensely appreciated and will lead to a tip if I can remember or recover my damn password, for now I will quietly weep in a corner.

https://i.imgur.com/KKxV9DX.png

[jim618]

The error text shown between the quotes comes from the crypto code. I wouldn't read too much into the text being different in that one case - the decryption is still failing.

Because of the security problems it would create there is no record of the password used to encrypt your MultiBit wallets anywhere on either your machine or any other machine (unless you manually made such a copy).

There is only bruteforcing to crack it I am afraid.

[CrazyMiata]

I had the private key in a PDF but that was weeks ago and not recoverable. By any chance you know how I can brute force or at least how it's encrypted? Sorry if its a noob question.

[jim618]

As far as I know noone has written software to do this yet.

The encryption algorithm is:
+ convert password to AES 256 key using Scrypt (there are some parameters you can set that get stored in the wallet but there are defaults that I use).
+ random salt (16 bytes if I remember correctly. This is stored in the wallet and used  as the initialisation vector for the AES encryption)
+ the bytes of the private keys are then encrypted with the AES key and IV and stored in the wallet.

So the wallet contains the salt/IV, encrypted private keys, Scrypt parameters if not default.
The wallet is stored in protobuf format - the message definition is in bitcoinj.

Edit: the salt is also used as an input to scrypt to prevent dictionary attacks.

[Mike Hearn]

Someone should probably write a simple brute forcing tool that takes a list of possibilities as an input. If you have a small list of combinations that you know it might be, it's feasible to break the encryption.

It's not hard to write such a tool but I think Jim and I are both busy right now. You could try posting a bounty or reward, or hiring someone to write it for you.

[vamosrafa]

I am in a similar situation, I have a wallet with a pretty good amount of BTC in it, and get the same error message when I try one of my common passwords. I wonder if the backup is corrupted, did you ever find a solution to this?? I wonder if it some variation of this password. All other passwords give the "could not decrypt bytes"

[btchris]

I am in a similar situation, I have a wallet with a pretty good amount of BTC in it, and get the same error message when I try one of my common passwords. I wonder if the backup is corrupted, did you ever find a solution to this?? I wonder if it some variation of this password. All other passwords give the "could not decrypt bytes"

(better a late response than never...)

If you think the wallet file might be corrupted (and you have no wallet backups to try), you can try to import one of the private key backup files. They are located in a directory named walletname-data/key-backup, and have filenames which look like this: walletname-20140905084530.key (see here for more info). After you locate them, first create a new wallet (no reason to close the old wallet), then try to import one or more of the .key files into the new wallet (via the Tools -> Import Private Keys menu).

If that doesn't help, you can try a password recovery tool (which only has a decent chance of succeeding if you remember enough about your password). btcrecover supports MultiBit key files. If you'd like to give it a try, you can start with the Quick Start section in the Tutorial here.

[vamosrafa]

Ill have a look at your utility seems like it might be worth a go, as importing the private key with the password that gives me the different error message does not do anything. I am wondering if maybe the password I am typing was fat fingered somehow hence giving me the different error message. It would certainly help since I would probably have to try a lot of parameters for different passwords after looking at your tool.

Are the password recovery guys using your script to brute force passwords?

[btchris]

Are the password recovery guys using your script to brute force passwords?

I've no idea... none has admitted doing so. At least one of the recovery services predates the initial release of btcrecover, but that doesn't mean that a recovery service couldn't be using btcrecover today, if they felt it was better than whatever the used to be using.

(Not that there's anything wrong with a commercial service using btcrecover -- it's released under GPLv2 which means that anyone is welcome to use it, even for commercial purposes, as long as it's not redistributed in closed-source form. Of course, a mention is always nice )