|
PA992 (OP)
|
 |
March 13, 2014, 09:49:10 AM |
|
I created a password for my Bitcoin wallet using passwordsgenerator.net, set to 15 characters of all types. I wrote the password down, but when I tested it I was surprised to see it didn't work. I counted the amount of characters I had written down and there were only 14 characters. Obviously, I missed a character. Since I know all but one character in this 15 character password, I was wondering if it would be possible to successfully brute force my way back into my wallet.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"Governments are good at cutting off the heads of a centrally
controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem
to be holding their own." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
OnkelPaul
Legendary
 Offline
Activity: 1039
Merit: 1003
|
|
March 13, 2014, 10:02:56 AM |
|
That should be absolutely possible.
If you consider the 15 possible positions of the missing character, and about 60-90 possible characters (depends on whether the password generator used only letters and digits or other characters, too), that would be about 900-1350 different passwords to try - if it wasn't so tedious you could even do this semi-manually (generate the passwords using a very simple program, and enter them into the wallet program using copy-and-paste) within 3 or four hours.
A program that can check wallet passwords from a given list automatically would do it in 1-2 seconds.
Onkel Paul
|
|
|
|
|
PA992 (OP)
|
|
March 13, 2014, 10:05:20 AM |
|
Awesome! I hope there's a brute force program that can be applied to Bitcoin-Qt.
|
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1003
|
|
March 13, 2014, 10:19:58 AM |
|
If you can code you could write such a program, for example in python (best choice would probably be to use the bitcoind walletpassphrase command over JSON-RPC). I don't have time at the moment, otherwise I'd offer to code it for a small fee  Onkel Paul |
|
|
|
|
PA992 (OP)
|
|
March 13, 2014, 10:52:05 AM |
|
Unfortunately I can't code. Would it be feasible to learn how within a week's time?
|
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1003
|
|
March 13, 2014, 11:41:46 AM |
|
Unfortunately I can't code. Would it be feasible to learn how within a week's time?
Probably yes, it depends on how fast you learn and how valuable your own time is. The programming task is pretty simple (listing all the passwords takes just 5-6 lines of code, checking them against bitcoind would probably be somewhat similar, and since this is a one-shot task, you don't have to go through all the tedious error-handling and GUI stuff). If you've got some free time and not much money to spend on someone else who does it for you, you should definitely go for it. Programming is a valuable skill, and being able to write small pieces of code (or even just understanding how some code works) is pretty useful. Search for a python tutorial on the web, and try to work through it, then you should be able to write a bruteforce tool for your wallet Onkel Paul |
|
|
|
Cyrus
Ninja
Administrator
Legendary
Offline
Activity: 3766
Merit: 2949
|
|
March 13, 2014, 11:52:47 AM |
|
If you're interested to learn, https://codecademy.com is a great resource with interactive lessons, including Python. |
|
|
|
|
cp1
|
|
March 15, 2014, 01:36:21 AM |
|
It's a pretty simple program. If you can install python I can probably whip something up tonight, or somebody else might beat me.
|
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 05:13:21 AM |
|
I'd appreciate it. Was planning on taking an online class in programming, even before this happened. SkilledUp is a great website that reviews all different educational entities. |
|
|
|
|
|
|
|
psionin
|
|
March 15, 2014, 09:04:36 AM |
|
|
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1003
|
|
March 15, 2014, 09:29:21 AM |
|
Be very careful with external services offering to crack your password. They might have hidden agendas...
Onkel Paul
|
|
|
|
|
cp1
|
|
March 15, 2014, 03:23:58 PM |
|
There you go, check post #26. You just need to install ruby. You can delete the parts you don't need, since you just want to insert a character. |
|
|
|
cooldgamer
Legendary
Offline
Activity: 1218
Merit: 1003
We are the champions of the night
|
|
March 15, 2014, 03:54:51 PM |
|
Well this site screams bad idea... |
|
|
|
|
davidpbrown
|
|
March 15, 2014, 04:25:26 PM |
|
Perhaps you misread two of the characters or missed one such as : at the start. If there might have been '' mistaken for " or ^; ] for l or | etc; or a duplicate character; etc, then those might be worth looking at. I'd expect it's just one error, so limited number of those to check.
Since you have the wallet, you could post the password here and see if there are obvious typo errors that can be suggested for that.
|
฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 06:24:25 PM |
|
There you go, check post #26. You just need to install ruby. You can delete the parts you don't need, since you just want to insert a character. I imagine I just copy his code into a text document and rename it .rb or .rbw or something (the two file types the installer mentioned)? Also, I have no idea what this means: -- edit: This also requires a running bitcoind. 1. set "rpcpassword=somerandomcrap" in .bitcoin/bitcoin.conf 2. run "./bitcoind -daemon" 3. run "./bitcoind getinfo" until it starts returning data instead of errors 4. then run the script above. -- Also, in his post below that one he presents an alternative code that will try "double substitutions." What does he mean by that? Well this site screams bad idea... I was about to download it, but it wouldn't let me download it without giving my email address, which I see as very poor etiquette. |
|
|
|
|
|
davidpbrown
|
|
March 15, 2014, 06:39:25 PM |
|
Also, I have no idea what this means:
--
edit: This also requires a running bitcoind.
1. set "rpcpassword=somerandomcrap" in .bitcoin/bitcoin.conf
2. run "./bitcoind -daemon"
3. run "./bitcoind getinfo" until it starts returning data instead of errors
4. then run the script above.
--
At least on Linux, where the wallet.dat is stored is normally also a bitcoin.conf with configure options as a text file. If it doesn't exist, above is suggesting create that with at least a line that is rpcpassword=randompassword; then run the daemon rather than the GUI QT by running ./bitcoind -daemon; the ./bitcoind getinfo is just a check that it's completed scanning the blockchain and is ready to reply to requests from the script. ".bitcoin/bitcoin.conf" is normally in the user's home directory on Linux as a hidden directory which is the . before bitcoin. So == ~/.bitcoin/bitcoin.conf - on other OS, look to where ever your wallet is for similar. Be very careful if you download that other application.. paranoid careful. At least disconnect the internet and reboot before reconnecting in case it's a trap. |
฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
|
|
|
|
cp1
|
|
March 15, 2014, 06:39:43 PM |
|
Don't trust that recoinvery website.
First, what OS are you using?
|
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 07:06:01 PM |
|
Windows 7
|
|
|
|
|
|
cp1
|
|
March 15, 2014, 07:12:20 PM |
|
You need to allow command line access to bitcoind because the program needs to automatically check whether the password works. See here: https://en.bitcoin.it/wiki/Running_Bitcoin#Bitcoin.conf_Configuration_FileBasically you need to create a textfile named bitcoin.conf in C:\Users\username\AppData\Roaming\Bitcoin\ (change username to your username) In the textfile you probably only need: rpcuser=somename rpcpassword=somepassword Make the password a long gibberish thing Once you have that file, open a command window (start, type cmd in the box, and select cmd.exe) then type: cd C:\Users\username\AppData\Roaming\Bitcoin\ (replacing username) bitcoind --daemon Count to 10 and type bitcoind getinfo If it gives you some information (current block, etc) that means you're connected and you can then run the ruby script If it says not connected then count to 10 and try again. |
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 07:42:00 PM |
|
Basically you need to create a textfile named bitcoin.conf in C:\Users\username\AppData\Roaming\Bitcoin\ (change username to your username)
In the textfile you probably only need:
rpcuser=somename
rpcpassword=somepassword
Make the password a long gibberish thing This part confuses me. Thanks a lot for your help! |
|
|
|
|
|
cp1
|
|
March 16, 2014, 03:11:31 AM |
|
Download notepad++
Make a new file, enter:
rpcuser=krkfifeioefwk
rpcpassword=34kjjrkjr4kljfu9vf9uvfu98vdskj34kjfsadup9gfi9gtr0u89t484thu
save as bitcoin.conf in C:\Users\username\AppData\Roaming\Bitcoin\ (change username to your windows username)
|
|
|
|
|
PA992 (OP)
|
|
March 16, 2014, 05:08:46 AM |
|
When I type in bitcoind -daemon (Revalin's instructions have one dash, not two as you indicated) in the command prompt, it puts it into a state where I'm unable to type anything. The cursor or whatever just remains there, blinking, and there's nothing I can do but close the program. Bitcoin Roaming folder, bitcoin.conf file, and what is described above ->   NOTE: I don't use the armory, but I ran it once.  |
|
|
|
|
|
cp1
|
|
March 16, 2014, 07:55:25 AM |
|
Try two dashes
|
|
|
|
|
PA992 (OP)
|
|
March 16, 2014, 06:41:54 PM |
|
Same fuckin' thing. It just deadens the cursor.  |
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1011
760930
|
|
March 16, 2014, 07:03:37 PM
Last edit: March 16, 2014, 08:26:48 PM by flatfly |
|
Same fuckin' thing. It just deadens the cursor. Add "-printtoconsole" so you can see what it's actually doing: bitcoind.exe -daemon -printtoconsole Once the daemon has finished initializing and is actually in listening mode, start your Ruby script. |
|
|
|
|
|
cp1
|
|
March 16, 2014, 08:12:36 PM |
|
Maybe it just does that on windows. You can open a second cmd.exe and try bitcoind getinfo and see if it's responding.
|
|
|
|
|
PA992 (OP)
|
|
March 17, 2014, 01:12:43 AM |
|
I tried what flatfly reccommended. It revealed a process that just kept building text (one thing I caught was that it kept trying connections). I eventually accidentally unplugged my computer.  |
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1011
760930
|
|
March 17, 2014, 09:08:14 AM
Last edit: March 17, 2014, 06:31:43 PM by flatfly |
|
I tried what flatfly reccommended. It revealed a process that just kept building text (one thing I caught was that it kept trying connections). I eventually accidentally unplugged my computer. That's probably just your daemon trying to catch up with the blockchain. Anyway, we don't need this to bruteforce the wallet, so add '-maxconnections=0' to the command line to disable connections: bitcoind.exe -daemon -printtoconsole -maxconnections=0 |
|
|
|
|
|
PA992 (OP)
|
|
March 17, 2014, 10:29:14 AM |
|
Every fifteen minutes or so a new one of these pops up. Unable to type anything.  |
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1003
|
|
March 17, 2014, 03:05:41 PM |
|
Open another console window and do whatever you need to do in that window.
It looks as if the bitcoind isn't really backgrounding when started in a Windows console.
Onkel Paul
|
|
|
|
|
PA992 (OP)
|
|
March 18, 2014, 03:46:43 AM |
|
Guess what guys? I re-gained access to my wallet. |
|
|
|
|
|
cp1
|
|
March 18, 2014, 03:52:10 AM |
|
Congrats
|
|
|
|
|
RoxxR
|
|
March 18, 2014, 04:23:49 AM |
|
Great news! Would be nice to tip the people that helped, and/or post the script that you used, so it can be helpful to others in the future...
|
|
|
|
|
|
PA992 (OP)
|
|
March 18, 2014, 04:40:20 AM |
|
After reviewing the thread, it seems like flatfly, cp1, and OnkelPaul are tip-worthy (not to sound condescending). Multiple people combined with the fact that I only have $100 bitcoins and $150 in the bank, I'll tip those who specifically ask me for a tip. and/or post the script that you used, so it can be helpful to others in the future...
It was already referenced on the first page. |
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1011
760930
|
|
March 18, 2014, 04:50:09 AM |
|
Glad to hear that you recovered access. I for one wouldn't mind a little tip - always motivating! My address is in my signature.
|
|
|
|
|
|
PA992 (OP)
|
|
March 18, 2014, 05:08:35 AM |
|
Is there no such thing as a free bitcoin transaction? I'd also like to propose knol.pw invites as a tip. Ebook website with an amazing selection, extraordinary discounts on all books (most books are under one dollar).  |
|
|
|
|
|
cp1
|
|
March 18, 2014, 07:50:33 AM |
|
Bitcoin's become so popular that it's hard to get a free transaction processed now.
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
March 18, 2014, 08:19:24 AM |
|
I thought the OP was a spammer. He's been dropping website URLs since his first post. 3 so far now.
|
|
|
|
|
|
PA992 (OP)
|
|
March 18, 2014, 09:05:47 AM
Last edit: March 18, 2014, 09:17:49 AM by PA992 |
|
I thought the OP was a spammer. He's been dropping website URLs since his first post. 3 so far now.
What a bunch of nonsense. If you look at the history of my posts, you'll see that all of my original posts are typical newcomer questions with no links to outside sites. The only website I can recall mentioning (and sometimes I don't even link to it as I exclude the http) is the one mentioned in my last post in this thread, which is actually a good quality website and you'll find people on the web asking for invites for it ( http://www.reddit.com/r/Invites/comments/1y794m/w_ebookoidcomknolpw_invite/). And I made a thread on bitcointalk specifically asking if it was OK to promote this website ( Against the rules?) before I ever even posted it! I'd also like to point out that when I first made a thread about this website, it wasn't even invite-only, it was open to everyone, and I was simple generously passing it along. And the only deal I ever made was asking someone to send me a dollar because I needed at least one dollar to keep my account -- and the site went back into invite-only mode which means I wouldn't be able to simply re-register -- and in exchange for the dollar I would give an invite. And once again, when I initially promoted the website, invitation was completely open and I was totally unaware that it was subject to close and become exclusive; my initial motivation was nothing more than passing a long an incredibly valuable website that takes bitcoins. Anyway, I eventually got someone to give me a dollar, which enabled me to keep my account. You're obviously not keeping track of things too well and your accusation is ridiculous. |
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1011
760930
|
|
March 18, 2014, 09:37:26 AM |
|
Is there no such thing as a free bitcoin transaction? I'd also like to propose knol.pw invites as a tip. Ebook website with an amazing selection, extraordinary discounts on all books (most books are under one dollar). I'd rather go for the regular btc tip - perhaps you can just make it 0.0001 less, to account for the required fee... Thanks |
|
|
|
|
|
PA992 (OP)
|
|
March 18, 2014, 09:49:14 AM |
|
I had already sent it before I made that post.  |
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1011
760930
|
|
March 18, 2014, 10:26:13 AM |
|
I had already sent it before I made that post. Great, thanks |
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
March 18, 2014, 10:43:36 AM |
|
I was referring to your 3 posts in this thread. Numbers 1, 9, 37
|
|
|
|
|
|
