Seed phrases wrong - but having Ledger Security Card | Screwed or not?

[Nejigs]

Hello,

I must begin to say that I don't have a big experience with crypto hard-wallets.
So I have an old ledger blue wallet that I couldn't login for some reason a couple of months ago, although till then I could log-in to it
without having any troubles.
So I updated the wallet and it couldn't found my "account" after I did that.
I know that you can restore your wallet with another wallet if you have the seed phrases for it.
So I tried that with another (newer) ledger and a trezor ones.
But I can't do it because after some words it says I got the wrong words.

From what I remember (I know how stupid it sounds, believe me...) I did a minor modification some time at a couple of seed phrases,
so most of them are the same.

So can the Ledger Security Card hep to retrieve my "account"?

Has anybody experienced something similar and has a solution?

ANY bit of information is highly appreciated!!

G

[1715105197]

1715105197

[1715105197]

1715105197

[AB de Royse777]

So can the Ledger Security Card hep to retrieve my "account"?

What is this Ledger Security card? I have a Ledger nano S and I can not recall to have any such card. They gave a card with the box so that I can write down the words of the seed I created and that's all you need.

Do you remember or have you wrote down the seed when you initialized your ledger device?

So I updated the wallet and it couldn't found my "account" after I did that.

Did you update the framework or you are talking about Ledger live app?

[Nejigs]

The Ledger Wallet security card is a credit card shape kind of plastic card that in the back it has some numbers and letters.
I think its for a 2FA purpose, but maybe somebody knows something more...

I have the seed written down (2 two different cards as well) but they don't check out and if I recall correctly I did some switch between 2-3 of them for
(dumb) security reasons...

I updated the device itself (hardware).

I hope this info is useful to help me!

Thanks a lot again!!

[mocacinno]

The Ledger Wallet security card is a credit card shape kind of plastic card that in the back it has some numbers and letters.
I think its for a 2FA purpose, but maybe somebody knows something more...

I got a card like that with my HW.1. I haven't used my Hw.1 in ages, it's laying around at the office while i'm working from home, so i don't have physical access to it right now. But IIRC, it is a card with a very basic cypher, translating each letter and number into a different letter and number.

When signing a transaction, you'd be presented with a keyword, and you'd have to use your security card to translate the keyword letter by letter in order to verify your transaction. A HW.1 doesn't have an oled screen or buttons, so the card was necessary since you were unable to enter a pincode or verify a tx on your hw wallet.

The security card was custom for each device IIRC.

But, if my memory serves me correctly, the security card was basically a sort of 2FA mechanism. If you had the seed, you could still restore your wallet without the security card.

[AB de Royse777]

The Ledger Wallet security card is a credit card shape kind of plastic card that in the back it has some numbers and letters.
I think its for a 2FA purpose, but maybe somebody knows something more...

Forget about the Ledger security card. I do not think we have any use of it. Seed is the one we need here to restore the wallet.

I have the seed written down (2 two different cards as well) but they don't check out and if I recall correctly I did some switch between 2-3 of them for
(dumb) security reasons...

I updated the device itself (hardware).

You have updated the device framework meaning you will need to restore the wallet using the seeds and the pin (In ledger nano S I have a pin and hopefully in your one you also have one) you had.

I did some switch between 2-3 of them for
(dumb) security reasons...

I am concerned here and I hope we will be able to figure out the correct one. Before we do I need you to understand something:
A seed consists of few words. Normally 12 or 24 words.

Let's consider a seed of 12 words: Word1 Word2 Word3 Word4 Word5 Word6 Word7 Word8 Word9 Word10 Word11 Word12
Using this seed you will have a wallet with your ledger.

But if you switch between 2-3 words or even one word then for every switch you are basically creating a new wallet. For example:

Word1 Word2 Word3 Word4 Word5 Word6 Word7 Word8 Word9 Word10 Word11 Word12 : is a seed of one wallet
Word2 Word1 Word3 Word4 Word5 Word6 Word7 Word8 Word9 Word10 Word11 Word12 : is a seed of another wallet

Notice I switched only one word on the 2nd one. Word2 came first and Word1 moved to 2nd made a completely new wallet.

If you understand this then you will really need to figure out in which combination you had your BTC? Because every combination you make, you are actually accessing a new wallet each time.

[mocacinno]

What i find strange is the absense of the checksum?
You shouldn't be able to just switch some words in your seed phrase or replace one word by another one (minor modification)... The last word of the seed should have been a checksum, and it should have been invalid if you tampered your seed manually.

Could you elaborate on how you did those minor modifications?

[Nejigs]

Hmmm. What you say makes sense. Well I might be wrong about changing some words...
The bottom line is that they don't work in order to restore my wallet.
So could this card help in any way?
Is there a way to retrieve it using this card and maybe an old sheet of seeds?

[AB de Royse777]

Hmmm. What you say makes sense. Well I might be wrong about changing some words...
The bottom line is that they don't work in order to restore my wallet.
So could this card help in any way?
Is there a way to retrieve it using this card and maybe an old sheet of seeds?

Clear us one thing. Do you have any coin in your hardware wallet? I hope not by the way.

[Lucius]

But, if my memory serves me correctly, the security card was basically a sort of 2FA mechanism. If you had the seed, you could still restore your wallet without the security card.

That's right, I found an old 2016 thread asking about this card, and it's actually something that has nothing to do with the wallet restore process.

From what I remember (I know how stupid it sounds, believe me...) I did a minor modification some time at a couple of seed phrases,
so most of them are the same.

Try to remember what modifications you did, and if you don't succeed in that, maybe btcrecover can help you - although I’m not sure if it helps in case you made too many modifications and mixed up the words to the point where the process would take too long.

[Nejigs]

Thank you for the link! I'll try that! Hope I manage to do it...
 

[mocacinno]

Keep us updated!

I hope you'll remember which modifications you did... The security card alone is only usefull to spend funds, and only if you're going to use the same hardware device to restore you seed. If you're going to use a different wallet (like electrum) it's useless. If you're messing around, i'd probably use a brute-force script or at least electrum to restore your wallet. Just make sure you download electrum from it's official source and check the signatures AND move your funds to a new wallet as soon as you restored your wallet (consider the hardware wallet to be compromised).

I do hope you didn't mess up the seed to much. If you have an 11 word seed that's scrambled (+ checksum) you'll have 11^11 possible combinations. That's 285.311.670.611 combinations. Your brute force script will have to iterate trough every combination, calculate the checksum, calculate the xprv, derive private keys, calculate public keys, hash these keys, look up any unspent outputs funding (or used to fund) these addresses

[o_e_l_e_o]

If you have an 11 word seed that's scrambled (+ checksum) you'll have 11^11 possible combinations. That's 285.311.670.611 combinations.

Provided he has the correct 12 words but in an unknown order, a scrambled 12 word seed is "only" 12! = 479,001,600 combinations. This is easily bruteforced using the software from my post Lucius linked above. If we are talking 24 words, however, then the number of possibilities becomes impractically large.

OP, how many words have you written down in your seed phrase? You say they are split across two cards? How many are on each card? What do you remember about "switching" them? Did you simply switch the order of some of them, or did you switch them for different words altogether?

[mocacinno]

Provided he has the correct 12 words but in an unknown order, a scrambled 12 word seed is "only" 12! = 479,001,600 combinations.

yeah... I made a mistake in assuming the re-use of an already used word. An 11 word seed (not including the checksum) has 11! potential combinations, not 11^11... Thanks for correcting me

I can't seem to find benchmarks for bruteforcing this tough... Generating 11! potential combinations should be fast enough, but generating the "checksum => xprv => private key => public key => address => lookup" sounds like it's using a lot of resources... Not including the fact that you should probably check multiple derivation paths AND derive more than 1 private key per path just to be sure.

[dkbit98]

Best thing you can do when you are creating your wallet and generating seed words is to double check before sending any coins to your address.
For hardware wallet that would mean you need to reset the device and restore it using your written seed words.
If you written your words correctly everything should work ok, and you can now use that wallet and address for receiving coins (same goes for any software wallet)
This way you are reducing chances for making any errors in typing or words order mistake.
Backup seed words in safe location(s).

I have the seed written down (2 two different cards as well) but they don't check out and if I recall correctly I did some switch between 2-3 of them for
(dumb) security reasons...

I hope you figure it our what words you changed, but it's never a good idea to overcomplicate things.

[o_e_l_e_o]

Generating 11! potential combinations should be fast enough, but generating the "checksum => xprv => private key => public key => address => lookup" sounds like it's using a lot of resources...

Unscrambling 11 words will be more work than unscrambling 12. Since the final word is only 4 bits checksum and 7 bits entropy, you can't just calculate the checksum from the first 11 words. For each 11 word combination you would need to append every one of the 128 possible configurations of 7 bits, then calculate the checksum, go through PBKDF2, etc., which would be (11!)*128 combinations. This is all assuming it is definitely the last word that is missing. If you don't know which word is missing, then the possible combinations becomes (12!)*2048.

Unscrambling a 12 word seed, provide you know all the words, should be doable in a few hours using btcrecover: https://github.com/3rdIteration/btcrecover/blob/master/docs/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example.md

[Lucius]

Unscrambling a 12 word seed, provide you know all the words, should be doable in a few hours using btcrecover.

If I'm not mistaken the OP has Ledger Blue and there are 24 words that he very likely mixed up in a way that swapped places for a few words. It is probably a simple substitution of the first and second words, and perhaps the last and penultimate. I guess such a case would be solvable in a reasonable amount of time, but let’s say the OP made 4-5 word substitutions - for 24 seed words, what time are we talking about when it comes to btcrecover?


Nejigs, can you remember the moment when you first wrote down the words, did you mix them up right away or did you do it sometime later? I'm asking you this because it's possible that there may be a backup with the correct seed somewhere - and as a reminder, Ledger Blue gave words in a series of 4 in the setup process.

https://support.ledger.com/hc/en-us/articles/360000105374-Ledger-Blue-manual

[mocacinno]

@Lucius

I'm going on a limb here, some back-of-an-enveloppe estimations using o_e_l_e_o's link (for a lack of better benchmarks).

On a 48 core Linode you can expect to...

Descramble a 12 word Electrum seed in less than 15 minutes…
Descramble a 12 word BIP39 seed in less than 50 minutes…
You can expect things to take about 5 times this long on a current (mid 2020), mid-range CPU.

source: https://github.com/3rdIteration/btcrecover/blob/master/docs/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example.md

It's a bip39 seed we're talking about here, so 250 minutes for 12! combinations
479.001.600 tries take 15000 seconds.

So, that's about 32.000 seeds/second.

Now, a 24 words seed has 24! possible combinations:
620.448.401.733.239.439.360.000 possible seeds / 32.000 seeds/sec = 614.821.554.863 years

HOWEVER, this is only true IF the OP has the first derived address AND the derivation path!!! This is one of the two things i did wrong earlyer estimations: if you have to check multiple derivation paths, and check multiple addresses per path if they were once funded it'll take a hell of a lot longer...
I'm still unsure wether if you do not have the first derived address AND the derivation path, wether it is a good idear to test 11! combinations and calculate the checksum, or test 12! combinations... Sure, you'll win some cpu cycles while iterating over combinations when testing out 12! combinations, but you'll lose a lot of time testing derivation paths, creating addresses, checking them vs your node,...

You can probably win a lot of time if you'd assume groups of 4 words to be correct, or if you'd only scramble within groups of 4 words... but then again, nobody knows what happened exactly... I'm just estimating the "worst case" scenario

[o_e_l_e_o]

Now, a 24 words seed has 24! possible combinations:
620.448.401.733.239.439.360.000 possible seeds / 32.000 seeds/sec = 614.821.554.863 years

Yeah, 24 scrambled words with no further information is essentially impossible.

If OP can give some more information as to how he scrambled the words, then the search could be optimized and the time cut down enough to perhaps make it feasible. For example, if as you suggest he knows he made 4 word swaps - in other words, directly swapped one word with another one, and did that twice, to swap 4 words in total - then that only gives 24!/(22!*2!) * 22!/(20!*2!) = 63,756 combinations, which is easily brute forcible with the right code in a matter of seconds.

If thinks he swapped up to 4 words around, but can't remember more than that, then there are 24!/(20!*4!) = 10,626 ways to pick 4 words from 24 words, and there are 24 ways to arrange a set of 4 words, giving 255,024 combinations in total, against easily brute forcible with the correct code.