Bitcoin Forum
June 16, 2024, 02:13:18 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Bruteforce partial electrum seed words  (Read 354 times)
eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 08, 2021, 08:24:18 PM
Last edit: February 08, 2021, 09:51:07 PM by eranglr
 #1

Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.



I know it's possible bruteforce 4 missing words, but how about the following scenario:

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.

Is there a known tool that I can play with to solve such puzzle?
BASE16
Member
**
Offline Offline

Activity: 180
Merit: 38


View Profile
February 08, 2021, 08:47:09 PM
 #2

Of course you can do if word
  • =='a' then you will get all words in the list with that letter at that position.
Very easy just take a few lines of code.
eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 08, 2021, 08:49:42 PM
 #3

Thanks.

So let's say that now I have 13 lists of possible words, is there a available tool that I can use with those words as input?
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1554
Merit: 7548


Protocols over bureaucrats


View Profile
February 08, 2021, 09:04:34 PM
Merited by ABCbits (1)
 #4

I know it's possible bruteforce 4 missing words
Are you sure that this is possible? I know that for two electrum missing words, it can take around 20 seconds on an average pc. For three words it'll take 20*2048 = 40960 seconds which is equal with ~11.3 hours. But for 4 words... Oh boy. It'll take around 23,142 hours which is 964 days.

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.
You can surely reduce it, by a lot. But still, brute forcing by not knowing 4 out of 12 words isn't meant to be found.

So let's say that now I have 13 lists of possible words, is there a available tool that I can use with those words as input?
Are we talking 13 lists of mnemonics that don't have 4 words out of 12? It seems impossible to me the way you describe it.

Anyway, there is no program that can do your job, but if you have 13 lists of possible words then you can try FinderOuter. Instead of opening one window, open as many as you want and use a mouse scheduler for each window.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
BASE16
Member
**
Offline Offline

Activity: 180
Merit: 38


View Profile
February 08, 2021, 09:14:09 PM
Last edit: February 08, 2021, 09:29:12 PM by BASE16
 #5

Of course there is a program that can do it.
It's just all custom made to suit particular implementations.
That is why you have to tweak it by coding the word lengths and letters into the code one by one.
If you are talking about the black lives matters puzzle those runes are already decoded that way.

Here you have an example:

Code:
<script type="text/javascript">

for (w1=0;w1<WORDLISTS['english'].length;w1++) {
       var word1 = WORDLISTS["english"][w1]
              if(word1.length == 5&&word1[2]==word1[3] )
              {
                for (w2=0;w2<WORDLISTS['english'].length;w2++) {
                       var word2 = WORDLISTS["english"][w2]
                              if(word2.length == 4&&word2[2]==word1[1] )
                              {
                                for (w3=0;w3<WORDLISTS['english'].length;w3++) {
                                       var word3 = WORDLISTS["english"][w3]
                                              if(word3.length == 5&&word3[2]==word1[1] )
                                              {
                                                for (w4=0;w4<WORDLISTS['english'].length;w4++) {
                                                       var word4 = WORDLISTS["english"][w4]
                                                              if(word4.length == 5&&word4[1]==word4[3] && word4[2]==word2[0])
                                                              {
                                                                for (w5=0;w5<WORDLISTS['english'].length;w5++) {
                                                                       var word5 = WORDLISTS["english"][w5]
                                                                              if(word5.length == 5&&word5[2]==word5[4])
                                                                              {
                                                                                for (w6=0;w6<WORDLISTS['english'].length;w6++) {
                                                                                       var word6 = WORDLISTS["english"][w6]
                                                                                              if(word6.length == 3&&word6[0]==word3[0]&&word6[1]==word4[4]&&word6[2]==word5[2])
                                                                                              {
                                                                                                for (w7=0;w7<WORDLISTS['english'].length;w7++) {
                                                                                                       var word7= WORDLISTS["english"][w7]
                                                                                                              if(word7.length == 4&&word7[0]==word1[0]&&word7[2]==word4[1]&&word7[3]==word1[4])
                                                                                                              {
                                                                                                              
// and etc...
// yes i know... Horrible code... just horrible.
// but it get's the job done boiii

</script>
eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 08, 2021, 09:24:51 PM
 #6

I know it's possible bruteforce 4 missing words
Are you sure that this is possible? I know that for two electrum missing words, it can take around 20 seconds on an average pc. For three words it'll take 20*2048 = 40960 seconds which is equal with ~11.3 hours. But for 4 words... Oh boy. It'll take around 23,142 hours which is 964 days.

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.
You can surely reduce it, by a lot. But still, brute forcing by not knowing 4 out of 12 words isn't meant to be found.

So let's say that now I have 13 lists of possible words, is there a available tool that I can use with those words as input?
Are we talking 13 lists of mnemonics that don't have 4 words out of 12? It seems impossible to me the way you describe it.

Anyway, there is no program that can do your job, but if you have 13 lists of possible words then you can try FinderOuter. Instead of opening one window, open as many as you want and use a mouse scheduler for each window.

Thanks, I have 13 text files with possible words.
I don't see an option to use them in FinderOuter, any idea?
BASE16
Member
**
Offline Offline

Activity: 180
Merit: 38


View Profile
February 08, 2021, 09:34:43 PM
 #7

You can also modify the autocomplete function.
This will normally 'predict' words when you start typing.
You could modify it in a way that you can type a * wildcard for the unknown letters and have it show a list with possible words from the known letter input.

eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 08, 2021, 09:49:57 PM
 #8

You can also modify the autocomplete function.
This will normally 'predict' words when you start typing.
You could modify it in a way that you can type a * wildcard for the unknown letters and have it show a list with possible words from the known letter input.

https://i.ibb.co/YTtJWkc/autocomplete.png

Thanks, I already have a possible word list for every word of the seed (1.txt, 2.txt...13.txt).
I now trying to find a way to use those words to bruteforce the seed.
BASE16
Member
**
Offline Offline

Activity: 180
Merit: 38


View Profile
February 08, 2021, 10:05:54 PM
 #9

Here is how i do.
Put all words in a text file and load it into the filereader.
Split() strip() and trim() into array.
Then you rotate the words randomly and validate the resulting mnemonic.
If true verify it to the target address.
It's even easier because it will not load words that are not in the BIP39 word list so you can read in entire books, but will always end up with only the valid words.

eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 08, 2021, 10:09:07 PM
 #10

Here is how i do.
Put all words in a text file and load it into the filereader.
Split() strip() and trim() into array.
Then you rotate the words randomly and validate the resulting mnemonic.
If true verify it to the target address.

https://i.ibb.co/16k8tBb/mnemonics.png

I thought about doing that, but I don't know how to do it (newbie in Linux..).
1. How to make a combined text to be checked? note that I have 13 text files, each text file has a different word list.
2. How to check the text with all the possible seeds?
BASE16
Member
**
Offline Offline

Activity: 180
Merit: 38


View Profile
February 08, 2021, 10:20:40 PM
 #11

Well you could do it in Linux but i'm using JavaScript mostly.
You can also use NodeJS or Python.
Node is build on Chrome's V8 JavaScript engine. 

You can also just type the words into a hardcoded array that would be the easiest way so you can omit the filereader.
Then you can use a library like bitcoinjs or jsbtc either one will work.
All the functions are readily available.

Here are some examples for bitcoinjs-lib: https://github.com/bitcoinjs/bip39 <--- i prefer this one
You can see here some examples for jsbtc: https://github.com/bitaps-com/jsbtc/blob/master/test/jsbtc.test.js
PawGo
Legendary
*
Offline Offline

Activity: 952
Merit: 1367


View Profile
February 08, 2021, 10:22:58 PM
 #12

Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.

I know it's possible bruteforce 4 missing words, but how about the following scenario:

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.

Is there a known tool that I can play with to solve such puzzle?

Do you know the addresses you are looking for?
I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for.
eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 08, 2021, 10:31:12 PM
 #13

Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.

I know it's possible bruteforce 4 missing words, but how about the following scenario:

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.

Is there a known tool that I can play with to solve such puzzle?

Do you know the addresses you are looking for?
I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for.

Yes, I know the public address.
PawGo
Legendary
*
Offline Offline

Activity: 952
Merit: 1367


View Profile
February 08, 2021, 10:31:59 PM
 #14

Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.

I know it's possible bruteforce 4 missing words, but how about the following scenario:

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.

Is there a known tool that I can play with to solve such puzzle?

Do you know the addresses you are looking for?
I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for.

Yes, I know the public address.

OK, I will try to do this tomorrow.
Coding Enthusiast
Legendary
*
Offline Offline

Activity: 1039
Merit: 2783


Bitcoin and C♯ Enthusiast


View Profile WWW
February 09, 2021, 04:32:27 AM
Merited by ABCbits (1)
 #15

I don't see an option to use them in FinderOuter, any idea?
The option is found under "Missing mnemonic" and you have to select the "Electrum" type from the second drop  down on the right, then select the wallet type that Electrum was using from the drop down that appears after that. Make sure to enter the correct BIP32 path. Example 6 and 7 are Electrum mnemonics missing 1 and 2 words respectively.


A couple of points:
* Electrum mnemonics are 12 words by default
* You have to know the position of the missing word. But if it is only 1 word you can manually change the position from start to end and click Find 12 times, it should all take 12 seconds.
* You have to know a derived child from that wallet (it can be a child private key, public key or an address)
* Setting the path correctly is very important. When setting the wallet type (Electrum mnemonic type) FinderOuter automatically sets the correct path for that type but you have to enter the index of the child key you entered (eg. if you entered the 10th address you have to add 9 to the end of the path)

Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.19.1)Ann-git
Denovo(0.7.0)Ann-git
Bitcoin.Net(0.26.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.12.0)Ann-git
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4316

<insert witty quote here>


View Profile
February 10, 2021, 12:35:48 AM
 #16

If I'm understanding what you're writing... you have something like:

- possible_word1(list of ~4-10 words)
- possible_word2(list of ~4-10 words)
- possible_word3(list of ~4-10 words)
...
- possible_word12(list of ~4-10 words)

and from the sounds of it, you actually 13 words? so, this is the "old" electrum seed format? Huh

Anyway, assuming just 12 words for now, your possible seed combinations are: #word1_words * #word2_words * #word3_words * ... * #word12_words. Doesn't sound like much, until you do the math... even with "best case" of just 4 possible words in each position... that's 4^12 or 16,777,216 permutations.

Rough experience tells me that around ~6% of those will be "valid" (ie. the checksum matches)... so you're looking at something like ~1,006,632 "valid" seeds that you'd need to check for a match against your public address.


Anyway, I wrote a quick python script that takes in 12 files named 1.txt, 2.txt, 3.txt, ..., 12.txt (for my demo, each file has only 4 words) and then just iterates through the words in each position... it generates over 10,000 seeds/minute... and is finding (as expected) slightly more than 6% of those to be "valid".
Quote
Start: 2021-02-10 13:19:45.293000
10000 Seeds 2021-02-10 13:20:29.445000
621 Valid Seeds 2021-02-10 13:20:29.445000
20000 Seeds 2021-02-10 13:21:11.167000
1204 Valid Seeds 2021-02-10 13:21:11.167000
30000 Seeds 2021-02-10 13:21:55.523000
1832 Valid Seeds 2021-02-10 13:21:55.523000
40000 Seeds 2021-02-10 13:22:38.955000
2442 Valid Seeds 2021-02-10 13:22:38.955000
50000 Seeds 2021-02-10 13:23:23.073000
3041 Valid Seeds 2021-02-10 13:23:23.073000
60000 Seeds 2021-02-10 13:24:08.397000
3670 Valid Seeds 2021-02-10 13:24:08.397000
70000 Seeds 2021-02-10 13:24:53.846000
4308 Valid Seeds 2021-02-10 13:24:53.846000
80000 Seeds 2021-02-10 13:25:37.352000
4911 Valid Seeds 2021-02-10 13:25:37.352000
90000 Seeds 2021-02-10 13:26:23.622000
5543 Valid Seeds 2021-02-10 13:26:23.622000
100000 Seeds 2021-02-10 13:27:09.700000
6180 Valid Seeds 2021-02-10 13:27:09.700000
...

So, at ~10k seeds/minute... maybe ~1677 minutes to go through the full search space (only 4 words per slot, 12 slots)... which is around 28hours. Undecided

The main slow downs will be:
- More words in a given position... that's going to ramp up the total search space
- Actually generating private keys/addresses to check, as these are computationally a lot slower than just checking if a seed is valid.

With some optimisation, and maybe porting to C or something faster than Python, you'd probably gain some performance benefits... I'm sure it's in the realms of reality to be able to do it within a matter of days? Huh It really depends on how big your search space is... what are the exact number of words you have in each position? Huh

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3486
Merit: 10653



View Profile
February 10, 2021, 04:38:32 AM
 #17

So, at ~10k seeds/minute... maybe ~1677 minutes to go through the full search space (only 4 words per slot, 12 slots)... which is around 28hours. Undecided

The main slow downs will be:
- More words in a given position... that's going to ramp up the total search space
- Actually generating private keys/addresses to check, as these are computationally a lot slower than just checking if a seed is valid.

With some optimisation, and maybe porting to C or something faster than Python, you'd probably gain some performance benefits...
If you are ONLY validating the checksum of each permutation then your speed must be in the millions per second rate. 10k is way too low for that because essentially you are just computing SHA256 (for BIP39) or SHA512 (for Electrum) and your CPU is capable of computing millions per second of these hashes. Translating your code to C shouldn't change much about its speed because the slowness is most probably in the algorithm you are using not the language.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
NotATether
Legendary
*
Offline Offline

Activity: 1638
Merit: 6897


bitcoincleanup.com / bitmixlist.org


View Profile WWW
February 10, 2021, 05:25:23 AM
 #18

If I'm understanding what you're writing... you have something like:

- possible_word1(list of ~4-10 words)
- possible_word2(list of ~4-10 words)
- possible_word3(list of ~4-10 words)
...
- possible_word12(list of ~4-10 words)

and from the sounds of it, you actually 13 words? so, this is the "old" electrum seed format? Huh

It could also be a BIP39 seed with a one-word BIP38 password.  OP did not clarify if each file corresponds to a word in the seed so it's possible that the order is also unknown and this is no different from having one file full of words.

Actually, we don't even know which wordlist is used which makes a big difference if the seed phrase is for a custom wordlist (otherwise I would not see the point of having a file full of BIP39 or Electrum words  Huh)
 
With some optimisation, and maybe porting to C or something faster than Python, you'd probably gain some performance benefits... I'm sure it's in the realms of reality to be able to do it within a matter of days? Huh It really depends on how big your search space is... what are the exact number of words you have in each position? Huh

Ultra modern processors (AMD Ryzen/ anything using Zen microarchitecture and Intel ice lake 10xxx and later) have hardware accelerated SHA256 instructions which you can call from C using the __asm__ keyword: SHA256RNDS2, SHA256MSG1 and SHA256MSG2.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 10, 2021, 07:08:13 PM
 #19

If I'm understanding what you're writing... you have something like:

- possible_word1(list of ~4-10 words)
- possible_word2(list of ~4-10 words)
- possible_word3(list of ~4-10 words)
...
- possible_word12(list of ~4-10 words)

and from the sounds of it, you actually 13 words? so, this is the "old" electrum seed format? Huh

It could also be a BIP39 seed with a one-word BIP38 password.  OP did not clarify if each file corresponds to a word in the seed so it's possible that the order is also unknown and this is no different from having one file full of words.

Actually, we don't even know which wordlist is used which makes a big difference if the seed phrase is for a custom wordlist (otherwise I would not see the point of having a file full of BIP39 or Electrum words  Huh)
 
With some optimisation, and maybe porting to C or something faster than Python, you'd probably gain some performance benefits... I'm sure it's in the realms of reality to be able to do it within a matter of days? Huh It really depends on how big your search space is... what are the exact number of words you have in each position? Huh

Ultra modern processors (AMD Ryzen/ anything using Zen microarchitecture and Intel ice lake 10xxx and later) have hardware accelerated SHA256 instructions which you can call from C using the __asm__ keyword: SHA256RNDS2, SHA256MSG1 and SHA256MSG2.

The seed is 13 words from the English dictionary of electrum 2.0.3 version.
eranglr (OP)
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
February 10, 2021, 07:17:22 PM
 #20

Edit:
I have 13 text files with possible seed words (1.txt, 2.txt...13.txt). most of the files contain 4-10 words.
I'm looking for a way to brute-force the seed based on those text files.

I know it's possible bruteforce 4 missing words, but how about the following scenario:

Let's say that I don't know any of the words, but for 12 words (out of 13) I know the last one or two letters, and for two words I know the first letter.
I also know their order and even some of their length.

Is there a known tool that I can play with to solve such puzzle?

Do you know the addresses you are looking for?
I think I could change my https://github.com/PawelGorny/lostword to implement solver of your problem, but it all makes no sense if you do not know what you are looking for.

Yes, I know the public address.

OK, I will try to do this tomorrow.

Did you have time to do that?
Thanks!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!