Bitcoin Forum
May 07, 2021, 03:05:47 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Recovering a 12 word phrase  (Read 280 times)
dkbit98
Legendary
*
Offline Offline

Activity: 1134
Merit: 1722



View Profile WWW
May 03, 2021, 04:01:16 PM
 #21

Currently not, but I plan to add Electrum dictionary soon. If you really need it, it will be an extra motivation for me Wink

I prefer to use BIP39 even if it's not perfect but it is industry standard, and Electrum only made more confusion with again inventing their own system and calling it more secure.
However I do like and use Electrum wallet almost every day and I think updating your tool will be useful, so I am motivating you now to continue updating.

1620356747
Hero Member
*
Offline Offline

Posts: 1620356747

View Profile Personal Message (Offline)

Ignore
1620356747
Reply with quote  #2

1620356747
Report to moderator
1620356747
Hero Member
*
Offline Offline

Posts: 1620356747

View Profile Personal Message (Offline)

Ignore
1620356747
Reply with quote  #2

1620356747
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1620356747
Hero Member
*
Offline Offline

Posts: 1620356747

View Profile Personal Message (Offline)

Ignore
1620356747
Reply with quote  #2

1620356747
Report to moderator
BrewMaster
Legendary
*
Offline Offline

Activity: 1904
Merit: 1237


There is trouble abrewing


View Profile
May 03, 2021, 04:11:14 PM
 #22

Electrum only made more confusion with again inventing their own system and calling it more secure.

i don't think they call it more secure. they call it more flexible maybe because the way electrum seeds work is that they don't rely on a word list so you can create a seed with any number of words using any word list with any number of words like a list with 10k works. it also has the version in it that lets the wallet know the address type.
but security of it is the same as bip39.

ranochigo
Legendary
*
Offline Offline

Activity: 2338
Merit: 2114

@ me if you need my response


View Profile
May 03, 2021, 04:15:16 PM
 #23

I prefer to use BIP39 even if it's not perfect but it is industry standard, and Electrum only made more confusion with again inventing their own system and calling it more secure.
BIP39, as the BIP says is "Unanimously Discourage for implementation". It is the "industry standard" solely because it is made into a BIP and no one really bothers about it as long as it is secure.

https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki


dkbit98
Legendary
*
Offline Offline

Activity: 1134
Merit: 1722



View Profile WWW
May 03, 2021, 04:22:35 PM
 #24

i don't think they call it more secure.

It sounds to me they clearly say that their system with twelve words has equivalent of 135 bits of entropy, compared to regular BIP39 that has 132 bits of entropy.
https://electrum.readthedocs.io/en/latest/seedphrase.html?highlight=bip39#security-implications

It is the "industry standard" solely because it is made into a BIP and no one really bothers about it as long as it is secure.

It is industry standard because almost every wallet that exist today is using BIP39 by default or optionally supporting BIP39 like Electrum.
I don't know how many other wallets are supporting Electrum seeds except Electrum.

ranochigo
Legendary
*
Offline Offline

Activity: 2338
Merit: 2114

@ me if you need my response


View Profile
May 03, 2021, 04:34:09 PM
 #25

It sounds to me they clearly say that their system with twelve words is 135 bits of entropy, compared to regular BIP39 that has 132 bits of entropy.
https://electrum.readthedocs.io/en/latest/seedphrase.html?highlight=bip39#security-implications
Focus is on the motivation section, not the security. People think that you're decreasing the entropy by implementing a version byte at the start. You can get more entropy with BIP39 if you want, 24 words provides you with more entropy. Electrum only has 12 words with that amount of entropy. Not a deal breaker for anyone at all.

It is industry standard because almost every wallet that exist today is using BIP39 by default or optionally supporting BIP39 like Electrum.
I don't know how many other wallets are supporting Electrum seeds except Electrum.
Point taken. Can't blame Electrum for wanting to address the shortcomings of a system like this. There really isn't any confusion between Electrum seed and BIP39s, especially when their checksum aren't compatible with one another (implemented recently). Importing an Electrum seed is unambiguous, telling you the kind of seed it is. Importing BIP39 seed leaves you questioning what kind of seed, what kind of derivation path it is. If anything, Electrum is doing people a favour by addressing the shortcomings. Perhaps more wallets should stop ignoring the obvious failure of BIP39 and be like Bitcoin Core!

BASE16
Member
**
Offline Offline

Activity: 157
Merit: 25


View Profile
May 03, 2021, 04:42:57 PM
 #26

This bip39 is only a tool to make your life easier.
Easy to remember words in stead of difficult and confusing lengthy, sometimes mixed case character strings as keys.
There is no security advantage in using words as some are claiming.
It can be completely omitted.
A disadvantage is that if you lost your words then you are in trouble but that goes for most lost keys.
BrewMaster
Legendary
*
Offline Offline

Activity: 1904
Merit: 1237


There is trouble abrewing


View Profile
May 03, 2021, 05:00:05 PM
 #27

i don't think they call it more secure.

It sounds to me they clearly say that their system with twelve words has equivalent of 135 bits of entropy, compared to regular BIP39 that has 132 bits of entropy.
https://electrum.readthedocs.io/en/latest/seedphrase.html?highlight=bip39#security-implications

i was mainly talking about the motivation part of the link above: https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation
that points out the benefits of this design compared to bip39 which isn't mentioning more security. the explanation below is more like the mathematical proof that electrum algorithm is not weaker than bip39 algorithm just because it has a version or uses different method.

aquatic_
Newbie
*
Offline Offline

Activity: 13
Merit: 7


View Profile
May 04, 2021, 08:33:12 AM
 #28

Hey
I have already solver for the use case like yours: PERMUTATION on https://github.com/PawelGorny/lostword
I will print (save to file) all the possible seeds, you must import them into program.
There is also another solver (PERMUTATION_CHECK) if you know the address.
Let me know if you need any help with running it.

How is your tolls different from btcrecover tool, and can your tool also work with electrum type seed that is not exactly using BIP39 word list?
It does look more simple to use than btcrecover, but would also be nice to run your tool without java installation.

I'm having some trouble using the tool, but I will update.
Considering I have the words, an address and knowing it's the only one, I should be able to recover it!

If you used btcrecover tool then you should watch two good youtube video tutorials that @BitMaxz posted above, and just follow the steps.


After 7 hours of running this command, it said that no seed has been found:-(
https://i.imgur.com/cwekfpM.png
PawGo
Full Member
***
Offline Offline

Activity: 214
Merit: 166


View Profile WWW
May 04, 2021, 08:43:44 AM
 #29

You may try to run my program, with configuration like that (just an example with 6 words, not to wait too long):
Code:
PERMUTATION_CHECK
bc1qnrumjaex7wvzj3mlpngwnd8s5supq26maps7r7
6
general
usual
hockey
melt
online
width
m/84'/0'/0'/0/0

it works that way:
Code:
Using script P2WPKH
Using derivation path m/84'/0'/0'/0/0
--- Starting worker --- 2021-05-04 10:41:55 ---
Expected address: 'bc1qnrumjaex7wvzj3mlpngwnd8s5supq26maps7r7'
Using 8 threads
Input: general usual hockey melt online width
Found address on the derivation path m/84'/0'/0'/0/0

--- Work finished ---
Found result!
general usual hockey online width melt

Are you sure the address generated was the first one on the derivation path?

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1288
Merit: 6104


Wear a mask, slow the spread


View Profile
May 04, 2021, 08:50:16 AM
Last edit: May 04, 2021, 09:23:28 AM by o_e_l_e_o
 #30

After 7 hours of running this command, it said that no seed has been found:-(
This means one of three things then.

1 - The address is not the first address in the wallet. You could try again but increase the limit to 5 or even 10.
2 - The address is not at the standard derivation path for P2WPKH addresses of m/84'/0'/0'. You can search other paths, but you would need to know what you are searching for otherwise the search space becomes too large.
3 - At least one of your words is incorrect or there is an additional passphrase.

aquatic_
Newbie
*
Offline Offline

Activity: 13
Merit: 7


View Profile
May 04, 2021, 09:07:43 AM
 #31

After 7 hours of running this command, it said that no seed has been found:-(
This means one of three things then.

1 - The address is not the first address in the wallet. You could try again but increase the limit to 5 or even 10.
2 - The address is not at the standard derivation path for P2WPKH addresses of m/84'/0'/0'. You can search other paths, but you would need to know what you are searching for otherwise the search space becomes too large.
3 - At least one of your words is incorrect.
You may try to run my program, with configuration like that (just an example with 6 words, not to wait too long):
Code:
PERMUTATION_CHECK
bc1qnrumjaex7wvzj3mlpngwnd8s5supq26maps7r7
6
general
usual
hockey
melt
online
width
m/84'/0'/0'/0/0

it works that way:
Code:
Using script P2WPKH
Using derivation path m/84'/0'/0'/0/0
--- Starting worker --- 2021-05-04 10:41:55 ---
Expected address: 'bc1qnrumjaex7wvzj3mlpngwnd8s5supq26maps7r7'
Using 8 threads
Input: general usual hockey melt online width
Found address on the derivation path m/84'/0'/0'/0/0

--- Work finished ---
Found result!
general usual hockey online width melt

Are you sure the address generated was the first one on the derivation path?

Considering there are 12 words, the address starts with a bc1, and the wallet was created in November 2020, shouldn't BIP-39 be it?
I'm linking the wallet address here for your guys' reference.
https://www.blockchain.com/btc/address/bc1qdj7qlzrrsz03excwsgfgkez8madf2ng8xghst0
Also, I really appreciate you two helping out. I will reward you both if we manage to recover this btc. Smiley
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1288
Merit: 6104


Wear a mask, slow the spread


View Profile
May 04, 2021, 09:26:27 AM
 #32

Considering there are 12 words, the address starts with a bc1, and the wallet was created in November 2020, shouldn't BIP-39 be it?
Yes, it should be.

You are certain it was created using Blue Wallet in the standard way? He didn't import the seed phrase from or to anywhere else? Was the wallet used for anything else prior to receiving this 0.08 BTC? Does your friend remember ever setting an additional passphrase/seed extension/13th word at any point? Does he remember ever changing or interacting with the derivation path at any point?

Also just double check your tokens file doesn't have any typos in it.

aquatic_
Newbie
*
Offline Offline

Activity: 13
Merit: 7


View Profile
May 04, 2021, 10:23:59 AM
 #33

Considering there are 12 words, the address starts with a bc1, and the wallet was created in November 2020, shouldn't BIP-39 be it?
Yes, it should be.

You are certain it was created using Blue Wallet in the standard way? He didn't import the seed phrase from or to anywhere else? Was the wallet used for anything else prior to receiving this 0.08 BTC? Does your friend remember ever setting an additional passphrase/seed extension/13th word at any point? Does he remember ever changing or interacting with the derivation path at any point?

Also just double check your tokens file doesn't have any typos in it.
He says he opened a default, normal wallet. He remembers writing the words in the correct order (he wrote them in a notepad), and says he might have made a mistake, but that is not likely as all the words he provided me with exist in the possible word list, also I tried to run the seedrecover tool with 2 potential mistakes and 2 different seed words and that didn't work out.
I'm kinda lost here, I'm running seedrecover again using your command, but I changed the address thingy to 10. Do you really think that was the problem?
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1288
Merit: 6104


Wear a mask, slow the spread


View Profile
May 04, 2021, 12:00:31 PM
 #34

He says he opened a default, normal wallet. He remembers writing the words in the correct order (he wrote them in a notepad), and says he might have made a mistake, but that is not likely as all the words he provided me with exist in the possible word list
There are a lot of words which differ by only one letter. "boy", for example, could be "box", or "joy", or "toy".

also I tried to run the seedrecover tool with 2 potential mistakes and 2 different seed words and that didn't work out.
Didn't work out as in it didn't run properly, or it didn't find a result? There is no way you could have checked a complete scrambled seed phrase along with adding in two word substitutions since adding in two substitutions increases the number of possibilities by 276,824,064 times.

I'm kinda lost here, I'm running seedrecover again using your command, but I changed the address thingy to 10. Do you really think that was the problem?
Only if he used the wallet for other things prior to receiving those 0.08 BTC.

The next command I would try would be this:

Code:
python seedrecover.py --wallet-type bip39 --addrs bc1qdj7qlzrrsz03excwsgfgkez8madf2ng8xghst0 --mnemonic "word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12" --addr-limit 5

This will try the seed phrase with a bunch of different mistakes, such as typos, substituted words, or swapped words.

If that still gets no result, then things get difficult. A completely scrambled seed phrase with one or more incorrect words would require either years on your device or renting significant computing power to be able to solve, and that is assuming that there is no passphrase and we are on the right derivation path.

PawGo
Full Member
***
Offline Offline

Activity: 214
Merit: 166


View Profile WWW
May 04, 2021, 12:14:43 PM
 #35

He says he opened a default, normal wallet. He remembers writing the words in the correct order (he wrote them in a notepad), and says he might have made a mistake, but that is not likely as all the words he provided me with exist in the possible word list
There are a lot of words which differ by only one letter. "boy", for example, could be "box", or "joy", or "toy".


This is also my bet. Similar issue:
https://github.com/BlueWallet/BlueWallet/issues/1259
https://www.reddit.com/r/Bitcoin/comments/har1io/wallet_recovery_help_please_is_bluewallet_bip39/

HCP
Legendary
*
Offline Offline

Activity: 1694
Merit: 3473

<insert witty quote here>


View Profile
May 04, 2021, 07:58:07 PM
 #36

Not only that... but there are several instances in the BIP39 list where the addition/subtraction of a letter can still result in a "valid" word... like "kit" and "kite"... or "law" and "lawn" etc

To be honest, the BIP39 list isn't that great at achieving some of it's stated goals of "distinct" words Undecided

pooya87
Legendary
*
Online Online

Activity: 2352
Merit: 3799


Remember tonight for it's the beginning of forever


View Profile
May 05, 2021, 02:50:46 AM
 #37

Not only that... but there are several instances in the BIP39 list where the addition/subtraction of a letter can still result in a "valid" word... like "kit" and "kite"... or "law" and "lawn" etc

To be honest, the BIP39 list isn't that great at achieving some of it's stated goals of "distinct" words Undecided
It's just the English word list though. The newer word lists that were added in the following years after the initial release were have been getting more and more strict about what kind of words they include in their list. For example they reject any word that could be turned into another word by only replacing 1 or 2 letters (ie. have small Levenshtein distance).
The problem is that for backward compatibility we can't get rid of the old English word list and also nobody has bothered coming up with a better one so far.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!