BTC keys...what format?

[onisuk20]

Hi all,

I've been searching old HHDs for my 2011 mining activities, I found an old address I used to payout from a pool with 1btc in still but have no clue about the keys, but that's another story lol  

I did, however, find a text file named "bitcoin-wallet-keys" which got my interest.
when I open it the format isn't something I recognise, anyone care to point in the right direction?

this is what's in the file 4 lines of text, 239 chars.....?


U2FsdGVkX18t9gd33tXiL96rJziNr5+sPcvZL**********+iLcAKkXnRWZikJScyryi5BhsK8g0
eJu91+wZzG**********rR75Asms/gzVdNT4p4XtTkQzQ1Vvl9P/DSqN9ZVNxTn5AdCHP3ZewwmD
yFpcJ/KK6aVKUN67bUSWzT1KtyiQn4jn+lgeE3XcOqyq83UIoYyqNk**********Tdb0kUiBNr66
tyzwShQ=


Cheers onis

[o_e_l_e_o]

Those characters are not a private key.

Those characters are OpenSSL encrypted Base64 data. You can tell by the first 10 characters "U2FsdGVkX1", which decode to "Salted_". It is almost certainly an encrypted master private key from "Bitcoin Wallet for Android" by Andreas Schildbach, which uses this encryption method and this file naming system. Have you used this app in the past? You will need to use that app to restore the file, and you will need to remember the encryption key/password you used.

[onisuk20]

See, this is why you come to a forum of experts, such exacting information!

Yes I have, the logo and app looks familiar, I'll have a go at restoring now, many thanks 

[o_e_l_e_o]

Is there any way of telling what the wallet address is from this? to see if it's even empty?

Not unless you have other backs ups which would tell you what address that encrypted key is linked to. There is no way to extract that information from the encrypted data you have without the password.

The best you can do is either try every password you can think of, or look for a wallet recovery service which would try to brute force the password for you (for a fee).

[onisuk20]

yep thought as much! Oh well, guess I'm going back to work Monday then, I'll take the champagne out the fridge too...

[happyNewEasterYearEve]

I can help you with brute-forcing the password, I have experience cracking old wallet.dat(s), but I think it wouldn't be harder.

PM if you wish to contact me.

[Krislaw]

Do not trust anyone that comes to you to offer you help to recover your wallet. They are going to steal your funds and don't wanna be like that guy that lost his 7 years savings to malware.
Check this thread if you need to bruteforce the wallet https://bitcointalk.org/index.php?topic=240779

[onisuk20]

Those characters are not a private key.

Those characters are OpenSSL encrypted Base64 data. You can tell by the first 10 characters "U2FsdGVkX1", which decode to "Salted_". It is almost certainly an encrypted master private key from "Bitcoin Wallet for Android" by Andreas Schildbach, which uses this encryption method and this file naming system. Have you used this app in the past? You will need to use that app to restore the file, and you will need to remember the encryption key/password you used.

Yes, this is exactly what the file is...
I've just been reading this https://github.com/bitcoin-wallet/bitcoin-wallet/blob/master/wallet/README.recover.md

to see if I can recover the keys but i don't think i even know what the password is.

Does anyone know what the password requirements would have been on this app back then?

[o_e_l_e_o]

Does anyone know what the password requirements would have been on this app back then?

It didn't have any. If you set a weak password then it simply displayed a warning that the password was weak, but you were still allowed to proceed. Therefore, your password could be literally anything.

If you have absolutely no idea what the password is then the chances of recovery are very low. Your best bet would be to use software such as btcrecover to try to brute force it, but without any idea of what it might be or even how long it is, then it will likely be unsuccessful unless you chose a very weak password.

https://github.com/3rdIteration/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial

[manfredmann]

Does anyone know what the password requirements would have been on this app back then?

It didn't have any. If you set a weak password then it simply displayed a warning that the password was weak, but you were still allowed to proceed. Therefore, your password could be literally anything.

If you have absolutely no idea what the password is then the chances of recovery are very low. Your best bet would be to use software such as btcrecover to try to brute force it, but without any idea of what it might be or even how long it is, then it will likely be unsuccessful unless you chose a very weak password.

https://github.com/3rdIteration/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial

Nice thread OP, I had been reading some replies and learn to it. I thought that the message encryption is new since @OgNasty is doing it for merits in b&h section. However,  read about digital signatures or message encryption and it is quite amazing how these works through the use of codes and to how to decrypt it.

We will be waiting the result if ever there will be an improvemet with the OP.

It is hard to participate in this kind of discussion due to lack of experience encountering this kind of scenario but hopefully I will be able to learn on it just even the process alone how it was done.

[o_e_l_e_o]

However,  read about digital signatures or message encryption and it is quite amazing how these works through the use of codes and to how to decrypt it.

So there are a couple of different things going on here. In OP's case, he has encrypted his wallet file with a password. He must provide that exact password to be able to decrypt it, and without that password, cannot access the private keys contained within that wallet. This is a type of symmetric encryption, in that the same password is used to both encrypt and decrypt the data.

Using bitcoin keys or PGP to encrypt a message is different. You can use someone's public key to encrypt a message in such a way that only the owner of that public key can decrypt and read the message, specifically by using the private key which generated that public key. This is known as asymmetric cryptography, in that you use different keys to encrypt and decrypt the data - the public key to encrypt, and the private key to decrypt.

[onisuk20]

Yes I just realised the password could be anything by installing the app and going through the process again of exporting the keys of a new wallet and then restoring them.

Why didn't I use bitcoin core wallet back then...around this time 08-2011 they only just introduced encryption on 0.3.24 and apparently it at vulnerabilities, which would have made brute force much more likely.

So I can use btcrecover on the file, I have ran the software before in Linux so have some experience, I can also create a dictionary of Lilley keywords I guess.

Btcrecover has obviously grown over the years to cover many kinds of wallets, do you know what kind of file this is that I'm trying to decrypt? B39/44??

Cheers
Onis

[ranochigo]

Why didn't I use bitcoin core wallet back then...around this time 08-2011 they only just introduced encryption on 0.3.24 and apparently it at vulnerabilities, which would have made brute force much more likely.

So I can use btcrecover on the file, I have ran the software before in Linux so have some experience, I can also create a dictionary of Lilley keywords I guess.

Btcrecover has obviously grown over the years to cover many kinds of wallets, do you know what kind of file this is that I'm trying to decrypt? B39/44??

HD wallet didn't exist that far back and it was only adopted in the (relatively) more recent versions of Bitcoin Core. You'll want to try to see this [1]. There's a section specific to the Bitcoin Android wallet.


[1] https://github.com/3rdIteration/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial

[onisuk20]

I might try setting this up today
https://github.com/glv2/bruteforce-salted-openssl
Seems like a more direct attack on this specific file.

Does anyone know what cipher and digest combination was used to encrypt the file by the Android wallet? So I don't have to blindly try them all...

[onisuk20]

I didn't see that,and Bitcoin & KNC Wallets for Android

Thanks I'll check it out

Just had a read, the only section that speaks of the android wallet is about spending pins...!?

[ranochigo]

Just had a read, the only section that speaks of the android wallet is about spending pins...!?

Nope. I just tested it out myself. If you don't specify --android-pin, it'll automatically try to bruteforce using the passwords. Of course, if you have even the slightest idea of the passwords, you can try using tokenlist or passwordlist argument to greatly speed up the process. You'll have to test it out yourself though, I couldn't find my old android backup so I had to create a new one myself.

[onisuk20]

yes, I've just taken a password dump from chrome to see if that has managed to capture it by chance over the years, i'll build a list from that.

I've even got the password to my MtGox account in there still haha!

[onisuk20]

So, I used Btcrecover on my chrome PW list and it found the password!!!  I then used OpenSSL to extract my private key, imported it into Electrum and BAM............. 0.00 BTC 

Looks like this file is a wallet from 2013 even though its called Bitcoin-wallet-keys-2011 dam it, back to square one!