Damaged paper wallet - Help!!

[eranglr]

--snip--
Single SHA256 of the passphrase while enforcing a minimum 15 character length passphrase.
https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/ninja.detailwallet.js#L58-L62

It is insecure so if OP has some idea about the passphrase they used there could be a chance to brute force it rather easily.

Just to make sure the OP isn't getting any false hopes: Coding Enthusiast is using a different way of saying what i've said before: OP could brute force his passphrase if he has an idea what it might have been... If it was a completely random passphrase, it's still allmost impossible... Bruteforcing the actual private key is impossible (well, theoretically it's possible, but in reality it's not)

Yes, I understand that.
I wrote some words that I might use to create the key, now how can I check them?

[mocacinno]

I'm not sure if there's an off-the-shelve tool for your specific situation... tbh, i've never tried to bruteforce brainwallets
This being said, if a tool doesn't exist, it shouldn't be to hard for a programmer to write one... What you're asking isn't exactly rocket science

[BASE16]

if it's just a brainwallet then you can use a simple SHA256 script that rotates the words and hashes them and then creates a keypair and then checks the outcome against a given address.

[bob123]

I wrote some words that I might use to create the key, now how can I check them?

It depends on the amount of combinations you want to check.
It its just a few, use website you have used to generate your brain paper wallet.

If you want to check tons of information, you'd need a tool to do so. If there is no, you could ask someone to write one for you.
Maybe someone is doing this for free, otherwise it shouldn't cost too much anyway.

But you need a relatively good idea on how the password was. Otherwise there is little to no hope.

[HCP]

I wrote some words that I might use to create the key, now how can I check them?

Brainflayer is pretty much the "standard" when it comes to brainwallet "cracking"... there are loads of tutorials on google/blogs/youtube etc that show it in action.

You feed it a list of potential passphrases (wordlists, phrase lists, book quotes, song lyrics etc), it then generates the "brainwallet+address" and compares with a bloom filter of addresses you're interested in...

[eranglr]

Installed and ran brainflayer with my public key & possible word list that I've made.
within an hour it said that it found the key, but it's 40 characters, which looks like hex format (starts with 83).
Do I need to convert it to WIF somehow, or it is just a false-positive?

[eranglr]

I converted my public key to hex and placed it in example.hex.
Than:
hex2blf example.hex example.blf

Than:
brainflayer -v -b example.blf -i phraselist.txt

[RobGo]

Hello all.
I have been following various discussions in this forum for quite some time.
Wouldn't Vanity Search be useful in this case?

https://github.com/JeanLucPons/VanitySearch

It is described in Step 3, plus the wildcards for the missing digits, that should be much faster.

If I am wrong please ignore my post.
Greetings

[cajancharles]

I converted my public key to hex and placed it in example.hex.
Than:
hex2blf example.hex example.blf

Than:
brainflayer -v -b example.blf -i phraselist.txt

Put your private key in electrum wallet to check if it is real or not and the balance.

[HCP]

I converted my public key to hex and placed it in example.hex.
Than:
hex2blf example.hex example.blf

Public Key? Or your address converted back into Hash160 form?

Installed and ran brainflayer with my public key & possible word list that I've made.
within an hour it said that it found the key, but it's 40 characters, which looks like hex format (starts with 83).
Do I need to convert it to WIF somehow, or it is just a false-positive?

When you ran brainflayer... and it popped out a result... the "passphrase" should have been on the end of the line of output... like this example where I found that "abc123" was the passphrase used:


The 40 char hex at the start of the line should be the "RIPEMD-160(SHA-256(public key))" (aka HASH160) that you derived from your address (convert Base58check address back to Hex) and put into the example.hex file before you ran hex2blf


Anyway, simply put that "passphrase" into a brainwallet generator like: https://www.bitaddress.org/ (use the "Wallet Details" tab)
or, if your passphrase is too short to be recognised using BitAddress (like my example) try: https://brainwalletx.github.io/#generator (click "Toggle Key" to see private key in WIF format)

NOTE: don't run these tools "online"... you should download them and run them "offline"... both have links to github and/or .zip files at the bottom of the page!

This gives:



(You may need to check both the "uncompressed" and "compressed" options to see the correct address)

[eranglr]

I converted my public key to hex and placed it in example.hex.
Than:
hex2blf example.hex example.blf

Public Key? Or your address converted back into Hash160 form?

Installed and ran brainflayer with my public key & possible word list that I've made.
within an hour it said that it found the key, but it's 40 characters, which looks like hex format (starts with 83).
Do I need to convert it to WIF somehow, or it is just a false-positive?

When you ran brainflayer... and it popped out a result... the "passphrase" should have been on the end of the line of output... like this example where I found that "abc123" was the passphrase used:
https://i.imgur.com/misTdXl.png

The 40 char hex at the start of the line should be the "RIPEMD-160(SHA-256(public key))" (aka HASH160) that you derived from your address (convert Base58check address back to Hex) and put into the example.hex file before you ran hex2blf


Anyway, simply put that "passphrase" into a brainwallet generator like: https://www.bitaddress.org/ (use the "Wallet Details" tab)
or, if your passphrase is too short to be recognised using BitAddress (like my example) try: https://brainwalletx.github.io/#generator (click "Toggle Key" to see private key in WIF format)

NOTE: don't run these tools "online"... you should download them and run them "offline"... both have links to github and/or .zip files at the bottom of the page!

This gives:
https://i.imgur.com/K9yxe5o.png


(You may need to check both the "uncompressed" and "compressed" options to see the correct address)

Thanks for that.
I got 20 different results (I used a custom generator key-word + downloaded the English dictionary txt file), none of them match my address.
How it's even possible to get those results if I only type one (mine) address inside the "example.hex" file (and converted it to example.blf)?

[NotATether]

You used bitaddress to make that brainwallet and chances are you probably did not type random characters as the password there.

Yes brainflayer is an option but the speed will not be great because A) it is not multi-thteaded or GPU-accelerated in any way, and B) you are only searching for the private key of one address, this makes the bloom filter that brainflayer uses very inefficient because bloom filters can check tons of different HASH160s of an address at the same speed. Still, try it anyway, especially if you can guess what kind of password you might have used.

I would not use VanitySearch for this task because while it can use (Nvidia) GPUs, it was not designed with brute-forcing addresses in mind. You need to already know the public key, which cannot be derived from the address, and even if you do have that, it's just a generator program which will terminate as soon as it finds address with a prefix in front of it, while you're looking for the private key, or rather it's WIF specifically.

The alternatives are not much better either and you may have to resort to brute forcing the address with Bitcrack if you cannot remember your password.

[eranglr]

You used bitaddress to make that brainwallet and chances are you probably did not type random characters as the password there.

Yes brainflayer is an option but the speed will not be great because A) it is not multi-thteaded or GPU-accelerated in any way, and B) you are only searching for the private key of one address, this makes the bloom filter that brainflayer uses very inefficient because bloom filters can check tons of different HASH160s of an address at the same speed. Still, try it anyway, especially if you can guess what kind of password you might have used.

I would not use VanitySearch for this task because while it can use (Nvidia) GPUs, it was not designed with brute-forcing addresses in mind. You need to already know the public key, which cannot be derived from the address, and even if you do have that, it's just a generator program which will terminate as soon as it finds address with a prefix in front of it, while you're looking for the private key, or rather it's WIF specifically.

The alternatives are not much better either and you may have to resort to brute forcing the address with Bitcrack if you cannot remember your password.

I am almost certain that I've used a combination of three words, I have a list of words that I might use (around 2000 words). Is there an easy way to create a "mixed" list from them (without those who are less than 15 characters) to test?

[NotATether]

I am almost certain that I've used a combination of three words, I have a list of words that I might use (around 2000 words). Is there an easy way to create a "mixed" list from them (without those who are less than 15 characters) to test?

There's an online tool for that. Put all your words in https://textmechanic.com/text-tools/combination-permutation-tools/combination-generator/ and optionally select the "repeated words" checkbox if you know that you used some words twice. This won't filter the result list by length though but you can try sorting the list by length using https://miniwebtool.com/sort-text-by-length/ and delete the lines they are shorter than 15 characters.

2000 combinations of 3 words gives you at most 8 billion possibilities before removing the ones that are too short, so your odds with using brainflayer is good even though it is single-threaded.

[Kakmakr]

Sheesh... you have an almost impossible task to get "Humpty dumpty" together again. A lesson is to be learnt from this .... always make duplicate copies of your Paper wallets and store them at two separate geographical locations.

I also laminate my Paper wallets to protect them from natural elements and also bugs. (Mites / Silverfish etc.)  I went through something very similar, so I share your frustration.

Tip : DO NOT store loads of coins on a single paper wallet... I distribute small amounts on several wallets. (More convenient if you have to sweep a small amount to use in emergencies and also lower risk when you have to do it)