Options for Armory lost passphrase

[vect0rz]

Hi everyone,

I'm reaching out on this forum since I know some of the software developpers are here and lot of crypto experts. I'm wondering what are my potential options to gain access back to my Armory wallet based on the following :

• I have the encrypted .wallet file
  
• I have the chain code but not the root key
  
• The wallet is from Armory version 0.88.1
  
• I have a list of possible passwords but its been so long, I'm not sure anymore if its really within the list I could think of
  

Here is what I tried so far with no luck :

• Using btcrecover with my RTX GPU to bruteforce any possible typos, typos-maps, word combinations, tokens etc.
  
• Gave a try to the Finder Outer nice tool to recover root key but since I don't have any characters from it, it would take billion of years to crack
  
• Look for vulnerabilities with Armory, I could find a fragmented backup vulnerability that indeed impact the version of the wallet (0.88.1). Not sure if it can be exploited or not. If someone could help exploiting this vulnerability or giving pointers, that would be really appreciated.
  

I'm curious to see if you guys see alternatives or suggestion about what I should try next? There is a few bitcoins left in the wallet and would appreciate any help : great tip for sure included if advise leads to success

Thank you,

[goatpig]

I have the encrypted .wallet file

And I'm guessing no paper backup?

Using btcrecover with my RTX GPU to bruteforce any possible typos, typos-maps, word combinations, tokens etc.

This stuff supports Armory? Have you tested it? (i.e. create a wallet, give it to btcrecover with 1-2 characters off of the password and see if it can figure it out)

Gave a try to the Finder Outer nice tool to recover root key but since I don't have any characters from it, it would take billion of years to crack

Same test applies.

Look for vulnerabilities with Armory, I could find a fragmented backup vulnerability that indeed impact the version of the wallet (0.88.1). Not sure if it can be exploited or not. If someone could help exploiting this vulnerability or giving pointers, that would be really appreciated.

The fragmented backup vulnerability doesn't erode the security that much. It messes up the SSS setup but there is no real world attack against that. This is all theoretical. The recommendation I stickied here was for people using SSS to proactively redo their backups with the fixed implementation.

At any rate, to even begin exploring this angle, it would mean you have a set of fragmented paper backups. If that's the case, you don't have to crack anything in the first place.

I have a list of possible passwords but its been so long, I'm not sure anymore if its really within the list I could think of

Once you've established that the bruteforce software you're using actually works on these specific Armory wallets, you can start building a strategy to brute force whatever you remember. If you use a typical pattern across all your passwords or use a password manager, that can be useful too. First ensure you aren't wasting energy getting false negatives.

[vect0rz]

Hi Goatpig, thanks for taking the time to reply and all your work within the community!

Please see my answers bellow :

And I'm guessing no paper backup?

That's correct, unfortunately.

This stuff supports Armory? Have you tested it? (i.e. create a wallet, give it to btcrecover with 1-2 characters off of the password and see if it can figure it out)

Yes it does support it, I gave it a try with a wallet created on version 93.3 and 0.85, both worked and were able to find the test password I created. Also, I figured out that some Armory versions have different unlock times and results in much faster attempt at bruteforcing.

Please see test results here :
C:\btcrecover-master>btcrecover.py --wallet armory_2ZeUsv9ZR_.wallet --tokenlist tokens4.txt --enable-gpu --global-ws 600 --typos-case
Starting btcrecover 0.17.10 on Python 2.7.7 64-bit, 16-bit unicodes, 32-bit ints
btcrecover.py: warning: --typos COUNT not specified; assuming 1
Usage: btcrecover.py [options]


btcrecover.py: error: no such option: --language
btcrecover.py: warning: each --global-ws should probably be divisible by 32 for good performance
Wallet difficulty: 8 MiB, 3 iterations + ECC
Using OpenCL GPU GeForce RTX 2060
2376 of 2830 [##################################-------] 0:00:19, ETA:  0:00:03
Password found: 'Test1234$'

The tokens4.txt file only contains the following :
+ test : means the word test is anywhere in the password. Combined with typos-case, it tests uppercase for all letters in possible combinations
+ 1234 : means 1234 is anywhere in the password
%p : means any possible ASCII characters

Same test applies.

Will do!

The fragmented backup vulnerability doesn't erode the security that much. It messes up the SSS setup but there is no real world attack against that. This is all theoretical. The recommendation I stickied here was for people using SSS to proactively redo their backups with the fixed implementation.

At any rate, to even begin exploring this angle, it would mean you have a set of fragmented paper backups. If that's the case, you don't have to crack anything in the first place.

Thank you for the detailed answer, didn't know the fragmented paper backup was a prerequisite. Can't go this path indeed.

Once you've established that the bruteforce software you're using actually works on these specific Armory wallets, you can start building a strategy to brute force whatever you remember. If you use a typical pattern across all your passwords or use a password manager, that can be useful too. First ensure you aren't wasting energy getting false negatives.

Right, since I know the btcrecover is working fine, I guess my best bet is to put more energy in bruteforcing the list of passwords. Yes I have a pattern accross my passwords and I was using a password manager, what can be useful about it?

Do you know perhaps, where I could find version 0.88.1?

Thank you,

[goatpig]

Also, I figured out that some Armory versions have different unlock times and results in much faster attempt at bruteforcing.

KDF difficulty is targeted for the machine the wallet is creating, aiming for a 0.5sec unlock time. You can manually set it too. This isn't a version thing, it has operated like this across all Armory versions.

I guess my best bet is to put more energy in bruteforcing the list of passwords.

As long as it won't cost you more than what's on the wallet. Ignoring this for a few years and trying again in a few years is a viable strategy too.

Yes I have a pattern accross my passwords and I was using a password manager, what can be useful about it?

You may still have access to the drive the password manager was running on or you can be a little more liberal about your search space if you know that pattern the password was using. The more degrees of freedom you know you can restrict in the search, the more you can broaden the other areas. It's a more efficient way to use your energy.

Do you know perhaps, where I could find version 0.88.1?

https://github.com/goatpig/BitcoinArmory/releases/tag/v0.88-beta

[vect0rz]

Great, thanks a lot for the detailed answers. At least, I know I'm on the right path and don't have much alternatives. Might try cloud GPU services on vast.ai ! I'll also try to build 0.88.1 even tho I don't have much experience building programs.

There is over 50 BTC left so its definately worth it

Cheers,