|
PA992 (OP)
|
 |
March 13, 2014, 09:49:10 AM |
|
I created a password for my Bitcoin wallet using passwordsgenerator.net, set to 15 characters of all types. I wrote the password down, but when I tested it I was surprised to see it didn't work. I counted the amount of characters I had written down and there were only 14 characters. Obviously, I missed a character. Since I know all but one character in this 15 character password, I was wondering if it would be possible to successfully brute force my way back into my wallet.
|
|
|
|
|
OnkelPaul
Legendary
 Offline
Activity: 1039
Merit: 1005
|
|
March 13, 2014, 10:02:56 AM |
|
That should be absolutely possible.
If you consider the 15 possible positions of the missing character, and about 60-90 possible characters (depends on whether the password generator used only letters and digits or other characters, too), that would be about 900-1350 different passwords to try - if it wasn't so tedious you could even do this semi-manually (generate the passwords using a very simple program, and enter them into the wallet program using copy-and-paste) within 3 or four hours.
A program that can check wallet passwords from a given list automatically would do it in 1-2 seconds.
Onkel Paul
|
|
|
|
|
PA992 (OP)
|
|
March 13, 2014, 10:05:20 AM |
|
Awesome! I hope there's a brute force program that can be applied to Bitcoin-Qt.
|
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1005
|
|
March 13, 2014, 10:19:58 AM |
|
If you can code you could write such a program, for example in python (best choice would probably be to use the bitcoind walletpassphrase command over JSON-RPC). I don't have time at the moment, otherwise I'd offer to code it for a small fee  Onkel Paul |
|
|
|
|
PA992 (OP)
|
|
March 13, 2014, 10:52:05 AM |
|
Unfortunately I can't code. Would it be feasible to learn how within a week's time?
|
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1005
|
|
March 13, 2014, 11:41:46 AM |
|
Unfortunately I can't code. Would it be feasible to learn how within a week's time?
Probably yes, it depends on how fast you learn and how valuable your own time is. The programming task is pretty simple (listing all the passwords takes just 5-6 lines of code, checking them against bitcoind would probably be somewhat similar, and since this is a one-shot task, you don't have to go through all the tedious error-handling and GUI stuff). If you've got some free time and not much money to spend on someone else who does it for you, you should definitely go for it. Programming is a valuable skill, and being able to write small pieces of code (or even just understanding how some code works) is pretty useful. Search for a python tutorial on the web, and try to work through it, then you should be able to write a bruteforce tool for your wallet Onkel Paul |
|
|
|
Cyrus
Ninja
Administrator
Legendary
 Online
Activity: 3948
Merit: 3152
|
|
March 13, 2014, 11:52:47 AM |
|
If you're interested to learn, https://codecademy.com is a great resource with interactive lessons, including Python. |
|
|
|
|
cp1
|
|
March 15, 2014, 01:36:21 AM |
|
It's a pretty simple program. If you can install python I can probably whip something up tonight, or somebody else might beat me.
|
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 05:13:21 AM |
|
I'd appreciate it. Was planning on taking an online class in programming, even before this happened. SkilledUp is a great website that reviews all different educational entities. |
|
|
|
|
|
|
|
psionin
|
|
March 15, 2014, 09:04:36 AM |
|
|
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1005
|
|
March 15, 2014, 09:29:21 AM |
|
Be very careful with external services offering to crack your password. They might have hidden agendas...
Onkel Paul
|
|
|
|
|
cp1
|
|
March 15, 2014, 03:23:58 PM |
|
There you go, check post #26. You just need to install ruby. You can delete the parts you don't need, since you just want to insert a character. |
|
|
|
cooldgamer
Legendary
Offline
Activity: 1218
Merit: 1003
We are the champions of the night
|
|
March 15, 2014, 03:54:51 PM |
|
Well this site screams bad idea... |
|
|
|
|
davidpbrown
|
|
March 15, 2014, 04:25:26 PM |
|
Perhaps you misread two of the characters or missed one such as : at the start. If there might have been '' mistaken for " or ^; ] for l or | etc; or a duplicate character; etc, then those might be worth looking at. I'd expect it's just one error, so limited number of those to check.
Since you have the wallet, you could post the password here and see if there are obvious typo errors that can be suggested for that.
|
฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 06:24:25 PM |
|
There you go, check post #26. You just need to install ruby. You can delete the parts you don't need, since you just want to insert a character. I imagine I just copy his code into a text document and rename it .rb or .rbw or something (the two file types the installer mentioned)? Also, I have no idea what this means: -- edit: This also requires a running bitcoind. 1. set "rpcpassword=somerandomcrap" in .bitcoin/bitcoin.conf 2. run "./bitcoind -daemon" 3. run "./bitcoind getinfo" until it starts returning data instead of errors 4. then run the script above. -- Also, in his post below that one he presents an alternative code that will try "double substitutions." What does he mean by that? Well this site screams bad idea... I was about to download it, but it wouldn't let me download it without giving my email address, which I see as very poor etiquette. |
|
|
|
|
|
davidpbrown
|
|
March 15, 2014, 06:39:25 PM |
|
Also, I have no idea what this means:
--
edit: This also requires a running bitcoind.
1. set "rpcpassword=somerandomcrap" in .bitcoin/bitcoin.conf
2. run "./bitcoind -daemon"
3. run "./bitcoind getinfo" until it starts returning data instead of errors
4. then run the script above.
--
At least on Linux, where the wallet.dat is stored is normally also a bitcoin.conf with configure options as a text file. If it doesn't exist, above is suggesting create that with at least a line that is rpcpassword=randompassword; then run the daemon rather than the GUI QT by running ./bitcoind -daemon; the ./bitcoind getinfo is just a check that it's completed scanning the blockchain and is ready to reply to requests from the script. ".bitcoin/bitcoin.conf" is normally in the user's home directory on Linux as a hidden directory which is the . before bitcoin. So == ~/.bitcoin/bitcoin.conf - on other OS, look to where ever your wallet is for similar. Be very careful if you download that other application.. paranoid careful. At least disconnect the internet and reboot before reconnecting in case it's a trap. |
฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
|
|
|
|
cp1
|
|
March 15, 2014, 06:39:43 PM |
|
Don't trust that recoinvery website.
First, what OS are you using?
|
|
|
|
|
PA992 (OP)
|
|
March 15, 2014, 07:06:01 PM |
|
Windows 7
|
|
|
|
|
|
cp1
|
|
March 15, 2014, 07:12:20 PM |
|
You need to allow command line access to bitcoind because the program needs to automatically check whether the password works. See here: https://en.bitcoin.it/wiki/Running_Bitcoin#Bitcoin.conf_Configuration_FileBasically you need to create a textfile named bitcoin.conf in C:\Users\username\AppData\Roaming\Bitcoin\ (change username to your username) In the textfile you probably only need: rpcuser=somename rpcpassword=somepassword Make the password a long gibberish thing Once you have that file, open a command window (start, type cmd in the box, and select cmd.exe) then type: cd C:\Users\username\AppData\Roaming\Bitcoin\ (replacing username) bitcoind --daemon Count to 10 and type bitcoind getinfo If it gives you some information (current block, etc) that means you're connected and you can then run the ruby script If it says not connected then count to 10 and try again. |
|
|
|
|
