Problem with my private key

[mostafacar20]

Hi dear friends,

I used this script for generate public and private keys :

https://bitcointalk.org/index.php?topic=23081.0
https://github.com/RobKohr/PHP-Bitcoin-Address-Creator

I generated address and sent coins to public key . Now I want to import the private key and use my coins I see the blockchain site says invalid private key .
I checked the script now and I see the private keys that start with K seems to be wrong!

Sample output :

Array
(
    [private] => KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb
    [public] => 1Kxrx4WXNBF9dSzDqsJHFjdAEHo8ws1smL
)

My question is how can I recover my private key with this script . Is there any way to check the algorithm and create correct private key from wrong private key that generated?

Thanks for your help my friends

[1714117080]

1714117080

[1714117080]

1714117080

[1714117080]

1714117080

[1714117080]

1714117080

[AdolfinWolf]

The script you linked only generates adresses.

You can't recover any private keys with any script, since it is a one way function.

KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb seems to correlate with 1Ga6WqY53kc14BRqmR4wbwi9zwbtmtiptC (or uncompressed 1LKqSeEt7z1YkeZuTP85cg1B4AdyoNhpdj)

Both of which hold 0 balance and have no transactions?


Note that you shouldn't post your private keys in public, as you're bound to get robbed big time.

My question is how can I recover my private key with this script . Is there any way to check the algorithm and create correct private key from wrong private key that generated?

If you've lost a number of characters from your private key, it's possible to bruteforce, yes, but i don't think that's what you're asking for here, is it?

[mostafacar20]

The script you linked only generates adresses.

You can't recover any private keys with any script, since it is a one way function.

KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb seems to correlate with 1Ga6WqY53kc14BRqmR4wbwi9zwbtmtiptC (or uncompressed 1LKqSeEt7z1YkeZuTP85cg1B4AdyoNhpdj)

Both of which hold 0 balance and have no transactions?


Note that you shouldn't post your private keys in public, as you're bound to get robbed big time.

My question is how can I recover my private key with this script . Is there any way to check the algorithm and create correct private key from wrong private key that generated?

If you've lost a number of characters from your private key, it's possible to bruteforce, yes, but i don't think that's what you're asking for here, is it?

Thank you for your reply.

This was a sample output from the script . My private key also start with K . Is there any mistake in this script generating pair of keys?
I tested this script 3 times and I was sure that keys are correct , but the tested private keys started with 5 . My key now started with K .

[mostafacar20]

Also this is strange for me :


http://i67.tinypic.com/30atkxz.jpg

https://i.ibb.co/VDwJw55/screencapture-bitcoinpaperwallet-bitcoinpaperwallet-generate-wallet-html-2019-04-24-15-01-46.png

[AdolfinWolf]

The script you linked only generates adresses.

You can't recover any private keys with any script, since it is a one way function.

KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb seems to correlate with 1Ga6WqY53kc14BRqmR4wbwi9zwbtmtiptC (or uncompressed 1LKqSeEt7z1YkeZuTP85cg1B4AdyoNhpdj)

Both of which hold 0 balance and have no transactions?


Note that you shouldn't post your private keys in public, as you're bound to get robbed big time.

My question is how can I recover my private key with this script . Is there any way to check the algorithm and create correct private key from wrong private key that generated?

If you've lost a number of characters from your private key, it's possible to bruteforce, yes, but i don't think that's what you're asking for here, is it?

Thank you for your reply.

This was a sample output from the script . My private key also start with K . Is there any mistake in this script generating pair of keys?
I tested this script 3 times and I was sure that keys are correct , but the tested private keys started with 5 . My key now started with K .

I haven't extensively looked into it, but the script seems to be from 2011,12.
Hence why they're not using compressed public keys, but uncompressed ones. There's nothing necessarily wrong with that, it's just that compressed ones are smaller, and faster to generate (?)

Looks like the script does generate K.. keys. their method of doing so is probably considered a bit unorthodox by now? https://github.com/RobKohr/PHP-Bitcoin-Address-Creator/blob/master/README

Also, about the 5 vs K, if your private key starts with a K their public key is compressed.

If they start with a 5, they're not. (hence why the script gives you 5..., i'm pretty sure there was no compression of keys back then..)
Read more about it here; https://bitcointalk.org/index.php?topic=80861.0

But why exactly are you using a script from 2011 to generate keys in the first place..? I don't understand?

[mostafacar20]

The script you linked only generates adresses.

You can't recover any private keys with any script, since it is a one way function.

KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb seems to correlate with 1Ga6WqY53kc14BRqmR4wbwi9zwbtmtiptC (or uncompressed 1LKqSeEt7z1YkeZuTP85cg1B4AdyoNhpdj)

Both of which hold 0 balance and have no transactions?


Note that you shouldn't post your private keys in public, as you're bound to get robbed big time.

My question is how can I recover my private key with this script . Is there any way to check the algorithm and create correct private key from wrong private key that generated?

If you've lost a number of characters from your private key, it's possible to bruteforce, yes, but i don't think that's what you're asking for here, is it?

Thank you for your reply.

This was a sample output from the script . My private key also start with K . Is there any mistake in this script generating pair of keys?
I tested this script 3 times and I was sure that keys are correct , but the tested private keys started with 5 . My key now started with K .

I haven't extensively looked into it, but the script seems to be from 2011,12.
Hence why they're not using compressed public keys, but uncompressed ones. There's nothing necessarily wrong with that, it's just that compressed ones are smaller, and faster to generate (?)

Also, about the 5 vs K, if your private key starts with a K their public key is compressed.

If they start with a 5, they're not. (hence why the script gives you 5..., i'm pretty sure there was no compression of keys back then..)
Read more about it here; https://bitcointalk.org/index.php?topic=80861.0

What's your idea about above images bro?

[NeuroticFish]

I've got something that should be of help.
Clearly Electrum imports the private key returning the address @AdolfinWolf posted.
But:

I found http://gobittest.appspot.com/PrivateKey
If I put KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb into the first editbox
I get 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB in the 4th editbox.

If I go to http://gobittest.appspot.com/Address
And put 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB into first editbox
I get exactly your 1Kxrx4WXNBF9dSzDqsJHFjdAEHo8ws1smL in the last editbox.

So alongside some numbers should be good after all, just something has change. Maybe somebody better than me can fill the gap. I'll also research a little more.


Edit: clearly don't paste the private key for the address with funds in any place that is online. That website is not mine, I googled for it.
Edit2: sadly I couldn't find more useful info; maybe somebody else can help..
Edit3: I think I've got it. New post coming.

[mostafacar20]

I've got something that should be of help.
Clearly Electrum imports the private key returning the address @AdolfinWolf posted.
But:

I found http://gobittest.appspot.com/PrivateKey
If I put KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb into the first editbox
I get 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB in the 4th editbox.

If I go to http://gobittest.appspot.com/Address
And put 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB into first editbox
I get exactly your 1Kxrx4WXNBF9dSzDqsJHFjdAEHo8ws1smL in the last editbox.

So alongside some numbers should be good after all, just something has change. Maybe somebody better than me can fill the gap. I'll also research a little more.


Edit: clearly don't paste the private key for the address with funds in any place that is online. That website is not mine, I googled for it.

Thanks @NeuroticFish ,

I think this is big help for find correct private key!

[NeuroticFish]

Edit: I posted to the end an easier solution: https://bitcointalk.org/index.php?topic=5135547.msg50757746#msg50757746
I suggest you read that one instead of this since it uses tools available online.

OK. I found a strange way to get your wallet back. Or at least I think so.
First read, get all you need, then do it offline.

Step 1.
Go to http://gobittest.appspot.com/PrivateKey (actually to a local copy, with your internet disconnected)
put KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb into the first editbox
you get 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB in the 4th editbox.
ignore the first two zeros, keep BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB

Step 2.
For this step I modified the known tool "Bitcoin Address Utility" and added some functionality for you.
As I said, my knowledge in Bitcoin / cryptography... could be better.
So, I uploaded this here: https://wsi.li/eQho6D43nn1yV2/1452081
If you go to tools->address utility, at bottom is a test area.
If you paste BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB there, a new WIF is calculated and put in the next editbox (5KGg1jDTCw9U3wZKk1XohzRztbpwZtWnBrQEN84ChYAqT6Ev2hR)
That WIF works in Electrum and it is for the address 1Kxrx4WXNBF9dSzDqsJHFjdAEHo8ws1smL

(Edit: clearly use this also offline, maybe on a virtual computer or sandbox)


Now, I know that it's a trust issue here with an exe, I don't even know if the link is not hidden by the forum.
If you PM me an e-mail I gladly post the link again (or I'll simply send it by e-mail). I can also give you the source code, it's 99% the old good "Bitcoin Address Utility", it's in c#, just ask.

[HCP]

Your WIF format private key (KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb) seems to be converting to a "bad hex"... if we look at the length:

Code:

00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB
123456789012345678901234567890123456789012345678901234567890123456

We can see that it is 66 characters (33 bytes) long!!?! Private keys are only supposed to be 64 characters (32 bytes) of hex!

I would guess there is an error somewhere in private key generation in your script... most likely because it doesn't include this patch from the botg.sh shell script:

0.0.3 -remake key if it's not exactly 64

I believe the exact bit of code is:

Code:

hexsize=$(openssl ec -text -noout -in data.pem | head -5 | tail -3 | fmt -120 | sed 's/[: ]//g' ) 

while [ ${#hexsize} -ne 64 ]
do
openssl  ecparam -genkey -name secp256k1 | tee data.pem &>/dev/null && hexsize=$(openssl ec -text -noout -in data.pem | head -5 | tail -3 | fmt -120 | sed 's/[: ]//g' ) 
done

openssl ec -text -noout -in data.pem | head -5 | tail -3 | fmt -120 | sed 's/[: ]//g' 

It generates hex keys until it gets one that is exactly 64 chars long... this size check is NOT in that .php script... and I believe this is the likely reason why your script is generating "invalid" hex private keys and then converting them to invalid WIF keys.

Now, I know that it's a trust issue here with an exe, I don't even know if the link is not hidden by the forum.
If you PM me an e-mail I gladly post the link again (or I'll simply send it by e-mail). I can also give you the source code, it's 99% the old good "Bitcoin Address Utility", it's in c#, just ask.

Why reinvent the wheel?

Once you have the "correct" hex... you can simply plug it into the "Private key to wallet import format" part of http://gobittest.appspot.com/PrivateKey or bitaddress.org (download and run offline etc)... or even the bitcoinpaperwallet.com that he was checking with will work just fine with HEX private keys...

[NeuroticFish]

We can see that it is 66 characters (33 bytes) long!!?! Private keys are only supposed to be 64 characters (32 bytes) of hex!

If we delete the leading 00 we end up with 32 bytes, which looks like a correct size, still Ian Coleman's website doesn't recognize it.
On the other hand BouncyCastle.Crypto.dll 1.8.15362.1 has no problem with it.

[HCP]

If we delete the leading 00 we end up with 32 bytes, which looks like a correct size, still Ian Coleman's website doesn't recognize it.
On the other hand BouncyCastle.Crypto.dll 1.8.15362.1 has no problem with it.

That's because Ian Coleman's Bitcoin Key Compression website will only accept hex public keys... private keys have to be WIF or BIP38

Input Key
Can be a public key (hex encoded) or a private key (WIF or BIP38 encoded)

[NeuroticFish]

Why reinvent the wheel?

Once you have the "correct" hex... you can simply plug it into the "Private key to wallet import format" part of http://gobittest.appspot.com/PrivateKey or bitaddress.org (download and run offline etc)... or even the bitcoinpaperwallet.com that he was checking with will work just fine with HEX private keys...

Simply because everywhere I've tested I tried with the leading zeros and got bad results.
I've got to the idea to remove the leading zeros while debugging. And from there to simply alter the code was the obvious step forward.
But you're right. And this means that there's a solution that doesn't involve .exe, even better. Thanks!

[AdolfinWolf]

I would guess there is an error somewhere in private key generation in your script... most likely because it doesn't include this patch from the botg.sh shell script:

0.0.3 -remake key if it's not exactly 64

I was already thinking that there probably was something off about the code used for generation. I still find it quite weird that they're invalid and valid at the same time though..  

How exactly does KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb == KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REGDgzcJ1 ? Does the checksum not matter with wif keys?

Or i guess they share the same private key, from which the adress is derived, and this WIF encoded from again, correct?

[mostafacar20]

OK. I found a strange way to get your wallet back. Or at least I think so.
First read, get all you need, then do it offline.

Step 1.
Go to http://gobittest.appspot.com/PrivateKey (actually to a local copy, with your internet disconnected)
put KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb into the first editbox
you get 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB in the 4th editbox.
ignore the first two zeros, keep BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB

Step 2.
For this step I modified the known tool "Bitcoin Address Utility" and added some functionality for you.
As I said, my knowledge in Bitcoin / cryptography... could be better.
So, I uploaded this here: https://wsi.li/eQho6D43nn1yV2/1452081
If you go to tools->address utility, at bottom is a test area.
If you paste BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB there, a new WIF is calculated and put in the next editbox (5KGg1jDTCw9U3wZKk1XohzRztbpwZtWnBrQEN84ChYAqT6Ev2hR)
That WIF works in Electrum and it is for the address 1Kxrx4WXNBF9dSzDqsJHFjdAEHo8ws1smL

(Edit: clearly use this also offline, maybe on a virtual computer or sandbox)


Now, I know that it's a trust issue here with an exe, I don't even know if the link is not hidden by the forum.
If you PM me an e-mail I gladly post the link again (or I'll simply send it by e-mail). I can also give you the source code, it's 99% the old good "Bitcoin Address Utility", it's in c#, just ask.

You saved my life...
You're legend.

[NeuroticFish]

Since there's an easier solution, I'll post it here clearly so anyone can get the problem solved.
Meanwhile I noticed that http://gobittest.appspot.com/PrivateKey needs the internet in order to work.
This means that I'll post the unsafe steps, using the internet tools.

Step 1.
Go to http://gobittest.appspot.com/PrivateKey
put KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb into the first editbox and press Send
you get 00BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB in the 4th editbox.
ignore the first two zeros, keep BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB

Step 2.
Go to https://www.bitaddress.org or a local copy. Go to tab "wallet details".
Paste BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB as private key and press "view details"

You will see at the left under the first QR code the address 1Kxrx4WXNBF9dSzDqsJHFjdAEHo8ws1smL
and at the left under the second QR code the private WIF key 5KGg1jDTCw9U3wZKk1XohzRztbpwZtWnBrQEN84ChYAqT6Ev2hR which is just fine for Electrum.

Step 3.
Start electrum. Pick "import bitcoin addresses or private keys" and in the next step paste this 5KGg1jDTCw9U3wZKk1XohzRztbpwZtWnBrQEN84ChYAqT6Ev2hR
Send the funds to a new clean and safe wallet address. This is important since online tools (at least gobittest) have "seen" your private key.

[HCP]

I was already thinking that there probably was something off about the code used for generation. I still find it quite weird that they're invalid and valid at the same time though.. 

How exactly does KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REf1wxAQb == KwFAa6AumokBD2dVqQLPou42jHiVsvThY1n25HJ8Ji8REGDgzcJ1 ? Does the checksum not matter with wif keys?

Or i guess they share the same private key, from which the adress is derived, and this WIF encoded from again, correct?

No, they're effectively different private keys... it is just the way the individual sites are coded to do their conversions.

It would appear that some of the sites (ie. bitaddress.org and bitcoinpaperwallet.com) are simply truncating the generated HEX when converting from WIF to HEX. So they're effectively ignoring the last couple of digits... and keeping the "bad" leading 00's... which gives the impression that the "...wxAQb" WIF key == "...DgzcJ1" WIF key... which is obviously NOT true!



Whereas, the gobittest.appspot.com script... keeps the WHOLE hex and doesn't discard anything:


So, if we manually discard the leading 00's and keep the last 64 characters (32 bytes)... we get the "correct" hex key of: BF9C46A7C40AAF96ED20CFC0AB0F929D9BE1748AF89B37E9EFB4CDB98DA6B0CB