Multibit: Corrupt Wallets

[aintnobody]

I have wallets created with Multibit Classic (specifically, v0.5.14).

Shortly after creating my wallets, I added passwords to them. Later, on one wallet, I changed the password.

Flash forward some years and these wallets do not unlock even though I am 1000% using the correct password.

When I compare these wallets to other Multibit wallets (without passwords) by File Size, they are much smaller.

When I attempt to unlock these wallets with the correct password I receive the error "Provided AES key is wrong" whereas all other strings return "Could not decrypt bytes"

Since the software can distinguish between a correct and incorrect password yet cannot make sense of the contents, I can only conclude that this means the wallet is corrupted, and that the corruption occurred in the encryption process and not on the filesystem afterwards. I have tested HardCorePawn's utility on GitHub (https://github.com/HardCorePawn/multibit_recovery) and similarly I receive different output when entering the correct password, proving that the password is right, but the contents are corrupt.

This is a very big deal. We're likely talking about an eventual 100's of millions if not billions of dollars in BTC between all the Multibit users who will have been struck by this issue, many of whom probably still hold out hope of one day 'cracking that password'... not knowing it isn't the password that is the problem.

I'm looking at broken software that corrupts precisely the wallets you most want to protect, simply by using the software as was intended. And as a modest person and true believer, I trusted that one day I'd be able to come back to those wallets, but now I see.

My question is, what now?

This is a pretty gutt-wrenching thing, my heart goes out to everyone else facing the same. I just hate the feeling of 'well, that's it, there's nothing I can do'...

[1715333545]

1715333545

[1715333545]

1715333545

[vamosrafa]

I am facing the same problem. Some other people on reddit said they have the same error message and it ended up being an incorrect password. It is highly suspect that we are facing the exact same issue though. I have a wallet that I created in 0.5.14 that gives me the same error message when I entered in one of the main passwords I used.

Someone also told me there were messages in the code indicating that the way the wallet was encrypted changed between 0.5.14. and 0.5.15. It is also strange that they removed that version for download. Not saying that is a cover-up but I did want to try decrypting the wallet with that version in case by some miracle it is able to decrypt the keys/ wallet.

Are there other threads you know of with people facing this same issue?

[vamosrafa]

https://www.reddit.com/r/Bitcoin/comments/7hjhs2/need_help_recovering_10_btc_from_multibit_classic/dqsbbl3?utm_source=share&utm_medium=web2x&context=3

Here is the dude who claimed the same thing. I have never been able to pin one of them down and get a definitive answer.

At this point my locked wallet is a nice payday for someone to figure out. If you want DM me what you are comfortable offering as a bounty for a solution.

[evergreentrone]

Bonjour

J'ai un problème et j'ai besoin de vos lumières 
J'ai utilisé sur mon mac le logiciel MULTIBIT version ANCIENNE 0.5 il y a des 8 ans. J'avais une adresse Bitcoin que j'ai créé directement sur le logiciel. Je n'utilisai pas de mot de passe pour me connecter à Multibit et je n'ai jamais cliqué su exporter ma clé privé ou le wallet. J'ai utilisé cette adresse pendant une année à envoyer et recevoir des soussous.
Un jour je lance le logiciel et la!! l'adresse n'est plus la même elle a changée ... De ce que j'ai lu sur internet c'était à cause du renouvellement des clés. Par la suite j'ai laissé ça de côté et j'ai supprimer le logiciel.

1- Est ce que si je n'ai pas exporté ma private key ou mon wallet il y aurait pu avoir une exporte lorsque j'ai fait des échanges de soussous ?
2- J'ai fouillé mon MAC, l'emplacement caché du logiciel et rien.
3- J'ai fait des recherches de fichiers supprimées avec des logiciels mais pas de wallet ou de private key..

Comme j'ai fait des échanges, j'ai l'adresse en question. Voilà voilà ...

Pouvez me donner des idées ? des méthodes pour retrouver mes BITCOINS ?

Merci à vous !


"""Hello

I have a problem and I need your lights
I used MULTIBIT OLD version 0.5 software on my mac 8 years ago. I had a Bitcoin address that I created directly in the software. I did not use a password to connect to Multibit and I never clicked to export my private key or the wallet. I used this address for a year to send and receive subs.
One day I run the software and the !! the address is not the same it has changed ... From what I read on the internet it was because of the renewal of the keys. Then I left that aside and removed the software.

1- If I did not export my private key or my wallet, there could have been an export when I made sub-sub exchanges?
2- I searched my MAC, the hidden location of the software and nothing.
3- I searched for deleted files with software but no wallet or private key.

As I made exchanges, I have the address in question. There you go ...

Can you give me some ideas? methods to find my BITCOINS?

Thank you ! """"

[HCP]

Don't crosspost the same thing in other people's threads... you should really have created your own thread... anyway, I answered on your other post here: https://bitcointalk.org/index.php?topic=5315902.msg56447153#msg56447153

[vanupied]

I'm not sure I understand your line of thinking, OP.
Do you believe Multibit's authors purposely inserted bugs in the software to prevent users from accessing their own wallets?

I discovered Multibit last year only and I'm curious since I've been researching various approaches to help a friend recover his BTC from Multibit 0.5.18.

I ended up succeeding using scripts to bypass Multibit altogether.
Personally, I don't know if Multibit author's intentions were malicious or not.
What I know is this:
- the BTC were still in the wallet and there had been no transaction since the 3 original ones from 2014 and 2015. If their goal was to steal, they didn't succeed.
- my friend told me that the password I discovered was based on one of his old personal passwords
- BUT the working password had some unreadable unicode characters in it, the kind he wouldn't even know how to type on a keyboard (would require ALT+[XYZ] to generate on Windows)
- when I tried pasting the working password inside Multibit's UI input field (including the unicode characters), as a regular user would to export the private keys, I still got this message:

The wallet password is incorrect

Not sure I'm being clear, here's a screenshot:
https://imgur.com/a/4E3rDZY

So at the moment, I do believe Multibit 0.5.18 stores user passwords in a flawed way, preventing users to access their wallet even with the correct password.

You're not in this boat alone. I hope it helps you move on or try a new approach.

Good luck.

[HCP]

Just out of curiosity... how did you find the "working" password? Did you have a bruteforce script running that was trying all sorts of unicode characters in addition to the standard aA-zZ0-9 + "specials"?

Or were the unicode characters "accented" characters like you'd find in french and other european languages? like à etc?

[vanupied]

I did run bruteforce scripts several times at the beginning as it was a quick and easy way to get started.
Then, based on my friend's guesses of potential passwords he could have used, I tried many variations using dedicated machines with GPUs.
The unicode characters were not the kind you can find on any keyboard in any language. A real pain in the nose.
We had to be very creative coming up with new ideas for variations because of that. The positive aspect is that all these rules are coded now and I can run them anytime. The recovery potential is much higher when the owner has a basic idea of the password(s) he could have used at the time.

[aintnobody]

I'm not sure I understand your line of thinking, OP.
Do you believe Multibit's authors purposely inserted bugs in the software to prevent users from accessing their own wallets?

No. I believe that it is a bug.

[VanillaH]

The following blog post might be of interest to you: https://pascal-bergeron.com/en/posts/multibit-corrupt-password/

It explains a type of bug where the password is indeed corrupted by Multibit.

[btc2doge]

I have wallets created with Multibit Classic (specifically, v0.5.14).

Shortly after creating my wallets, I added passwords to them. Later, on one wallet, I changed the password.

Flash forward some years and these wallets do not unlock even though I am 1000% using the correct password.

When I compare these wallets to other Multibit wallets (without passwords) by File Size, they are much smaller.

When I attempt to unlock these wallets with the correct password I receive the error "Provided AES key is wrong" whereas all other strings return "Could not decrypt bytes"

Since the software can distinguish between a correct and incorrect password yet cannot make sense of the contents, I can only conclude that this means the wallet is corrupted, and that the corruption occurred in the encryption process and not on the filesystem afterwards. I have tested HardCorePawn's utility on GitHub (https://github.com/HardCorePawn/multibit_recovery) and similarly I receive different output when entering the correct password, proving that the password is right, but the contents are corrupt.

This is a very big deal. We're likely talking about an eventual 100's of millions if not billions of dollars in BTC between all the Multibit users who will have been struck by this issue, many of whom probably still hold out hope of one day 'cracking that password'... not knowing it isn't the password that is the problem.

I'm looking at broken software that corrupts precisely the wallets you most want to protect, simply by using the software as was intended. And as a modest person and true believer, I trusted that one day I'd be able to come back to those wallets, but now I see.

My question is, what now?

This is a pretty gutt-wrenching thing, my heart goes out to everyone else facing the same. I just hate the feeling of 'well, that's it, there's nothing I can do'...

This is a bug of the old wallet. unless you have made backup, there is low chance to recover it as the data is corrupted. if you have other files, there is still chance to recover it.

[btc2doge]

I'm not sure I understand your line of thinking, OP.
Do you believe Multibit's authors purposely inserted bugs in the software to prevent users from accessing their own wallets?

I discovered Multibit last year only and I'm curious since I've been researching various approaches to help a friend recover his BTC from Multibit 0.5.18.

I ended up succeeding using scripts to bypass Multibit altogether.
Personally, I don't know if Multibit author's intentions were malicious or not.
What I know is this:
- the BTC were still in the wallet and there had been no transaction since the 3 original ones from 2014 and 2015. If their goal was to steal, they didn't succeed.
- my friend told me that the password I discovered was based on one of his old personal passwords
- BUT the working password had some unreadable unicode characters in it, the kind he wouldn't even know how to type on a keyboard (would require ALT+[XYZ] to generate on Windows)
- when I tried pasting the working password inside Multibit's UI input field (including the unicode characters), as a regular user would to export the private keys, I still got this message:

The wallet password is incorrect

Not sure I'm being clear, here's a screenshot:
https://imgur.com/a/4E3rDZY

So at the moment, I do believe Multibit 0.5.18 stores user passwords in a flawed way, preventing users to access their wallet even with the correct password.

You're not in this boat alone. I hope it helps you move on or try a new approach.

Good luck.

This is caused by the bug of old multibit wlalet. if you still have the backup. there is still chance to decrypt the key file