Checking brainwallet

[zielar]

Hello,

I am looking for an effective method to scan a large dictionary (about 1GB) in terms of checking the use of its phrases as a brainwallet. Of course, I don't think any of the phrases will contain anything else, but I am asking for statistical purposes on the basis of a private phrase database.
I was able to find https://github.com/j4rj4r/Bitcoin-Brainwallet-Bruteforce, but the checking speed is not entirely satisfactory (I know ... due to API limitations), but it also does not indicate any data on whether the phrase was used as a brainwallet at all times, and in general I have doubts as to whether the above script works.
It doesn't have to be in Python ... it could also be C, C ++

Regards

[pooya87]

Get bitcoin core's source code and modify the database part to create an additional index while saving each block where it stores any output that was used. It could be in form of a hash of the output script so that searching is simpler.
Fully sync by downloading and indexing the blockchain.
Run your code to hash each item in the dictionary to get the key then create the outputs and hash them to compare search within the database you created.

[nc50lc]

Try if BTCRecover is faster than that tool: github.com/3rdIteration/btcrecover

The command should look like this if you already have a list of possible passphrases:

Code:

btcrecover --brainwallet --addresses 18wASW... --passwordlist dictionary.txt

[ABCbits]

Get bitcoin core's source code and modify the database part to create an additional index while saving each block where it stores any output that was used. It could be in form of a hash of the output script so that searching is simpler.
Fully sync by downloading and indexing the blockchain.
Run your code to hash each item in the dictionary to get the key then create the outputs and hash them to compare search within the database you created.

Alternatively run both Bitcoin Core and block explorer (such as mempool.space[1]) or Electrum server (such as Fulcrum[2]). After initial sync/indexing is done, you could write a script which read the dictionary, generate address and check address history on your own block explorer/Electrum server. If you decide to use Electrum server, you'll want to check Electrum protocol[3] to know how to get address history/balance.

[1] https://github.com/mempool/mempool
[2] https://github.com/cculianu/Fulcrum
[3] https://electrumx.readthedocs.io/en/latest/index.html

[zielar]

Try if BTCRecover is faster than that tool: github.com/3rdIteration/btcrecover

The command should look like this if you already have a list of possible passphrases:

Code:

btcrecover --brainwallet --addresses 18wASW... --passwordlist dictionary.txt

Thanks a lot.
Finally, I was able to use this tool and command

Code:

python btcrecover.py --brainwallet --passwordlist myfile.txt --addressdb addresses-BTC-2011-to-2021-03-31.db

[zielar]

Ultimately, btcrecover does not live up to expectations. The search ends when it finds the first address. Not only that - the first address found:

NOTE Brainwallet Found using UNCOMPRESSED address
Password found: 'yellowexcalib'

When I try to check the alleged phrase in the blockchain - both the uncompressed and compressed address NEVER had any transmission.
The --addr-limit option has no effect.
The --autosave option also doesn't work
Good concept, but I need credible results, and here both credibility comes out of nowhere? as well as talking about the results in the plural (and not just about the first result)

[PawGo]

What performance do you expect to have?
Is it a big problem to launch program per gpu or you need something for many gpus at the same time?
How big address database do you expect to have?

[zielar]

What performance do you expect to have?
Is it a big problem to launch program per gpu or you need something for many gpus at the same time?
How big address database do you expect to have?

I don't care that the GPU is necessarily involved. My point is simply to check my dictionary without my participation. I have 3GB of strings. I divided them into 3x 1GB each (I can even divide them into smaller ones) and I want each line to be ported as the brainwallet passphrase and to check if the addresses assigned to it (compressed, uncompressed, p2sh) were already in use. btcrecover is really efficient, but doesn't work as it should (ie points to empty addresses never used [don't know why?], stops when it finds the first valid line for it). This application gives 10 minutes to scan my 1GB file without the use of GPU, which is also not surprising, because the work I want to get is not a complicated calculation. Even if it were to take half a day - let it last ... as long as it works and after running the command -> for those half a day he created a file for me in which it will be
PHASE FROM MY GLOSSARY | WALLET WITH HISTORY | PRIVATEKEY

that's all... :-)

[COBRAS]

What performance do you expect to have?
Is it a big problem to launch program per gpu or you need something for many gpus at the same time?
How big address database do you expect to have?

I don't care that the GPU is necessarily involved. My point is simply to check my dictionary without my participation. I have 3GB of strings. I divided them into 3x 1GB each (I can even divide them into smaller ones) and I want each line to be ported as the brainwallet passphrase and to check if the addresses assigned to it (compressed, uncompressed, p2sh) were already in use. btcrecover is really efficient, but doesn't work as it should (ie points to empty addresses never used [don't know why?], stops when it finds the first valid line for it). This application gives 10 minutes to scan my 1GB file without the use of GPU, which is also not surprising, because the work I want to get is not a complicated calculation. Even if it were to take half a day - let it last ... as long as it works and after running the command -> for those half a day he created a file for me in which it will be
PHASE FROM MY GLOSSARY | WALLET WITH HISTORY | PRIVATEKEY

that's all... :-)

You find something ?

publick password list's reused in brutes  many many times...

[PawGo]

Ah, OK, so you want something really easy.
I did something like that for myself, just a reading lines from file and checking in local database of founded addresses.
If you want to check if it was founded any time in the past, it is just a matter of DB. Take from Loyce, whatever you want
I may share the code or if you want I may modify it for you.
I have used postgresql local DB.

Code:

package wif;

import org.bitcoinj.core.Base58;
import org.bitcoinj.core.ECKey;
import org.bitcoinj.core.LegacyAddress;
import org.bitcoinj.core.NetworkParameters;
import org.bitcoinj.params.MainNetParams;
import java.io.*;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.*;
import java.util.Arrays;
import java.util.Date;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

public class Brain {

    static final NetworkParameters NETWORK_PARAMETERS = MainNetParams.get();
    static final int STATUS_PERIOD = 1000*60*1;
    static MessageDigest messageDigest;
    static Statement statement;

    static boolean RESULT = false;

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IOException, InterruptedException {

        db();

        messageDigest = MessageDigest.getInstance("SHA-256");
        String filename=args[0];
        int skip = 0;
        if (args.length>1){
            skip = Integer.valueOf(args[1]);
        }
        FileReader fileReader = null;
        try {
            fileReader = new FileReader(filename);
        } catch (FileNotFoundException e) {
            System.err.println("not found: " + filename);
            System.exit(-1);
        }
        long count = 0;
        long start = 0;
        System.out.println("Brain start");
        try {
            BufferedReader bufferReader = new BufferedReader(fileReader);
            String line;
            //test
            System.out.println(checkAddressDatabase("16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN"));
            while ((line = bufferReader.readLine()) != null) {
                if (line.trim().isEmpty()){
                    continue;
                }
                count++;
                if (skip>0){
                    if (count<skip) {
                        continue;
                    }
                    skip = 0;
                }
                test(line);
                test(line.toLowerCase());
                test(line.toUpperCase());
                if (line.endsWith(",")){
                    line=line.substring(0, line.length()-1);
                    test(line);
                    test(line.toLowerCase());
                    test(line.toUpperCase());
                }
                if (System.currentTimeMillis()-start > STATUS_PERIOD){
                    System.out.println("UP!"+count+" "+ line + " " + (new Date()));
                    start = System.currentTimeMillis();
                    count = 0;
                }
            }
        }catch (Exception e){
            System.err.println(e.getLocalizedMessage());
            System.exit(-1);
        }
        System.out.println("Brain end");
    }

    private static void db() {

        try{
            Connection connection = DriverManager.getConnection("jdbc:postgresql://localhost:5433/bitcoin", "postgres", "pass1234");
            System.out.println("Connected to PostgreSQL database!");
            statement = connection.createStatement();
        }catch (Exception e){
            System.out.println(e.getMessage());
            System.exit(-1);
        }
    }

    private static void test(String text) throws IOException, SQLException {
        messageDigest.update(text.getBytes("UTF-8"));
        ECKey ecKey = new ECKey(messageDigest.digest(), (byte[])null);
        String address = LegacyAddress.fromKey(NETWORK_PARAMETERS, ecKey).toString();
        System.out.println(address+":"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS));
        if (1==1){
            return;
        }
        if (checkAddressDatabase(address)){
            System.out.println(address);
            System.out.println(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            FileWriter myWriter = new FileWriter("brainResult.txt", true);
            myWriter.write(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            myWriter.close();
        }
        ecKey = PrivateKey.fromBase58(NETWORK_PARAMETERS, getCompressedWif(ecKey.getPrivateKeyAsHex())).getKey();
        address = LegacyAddress.fromKey(NETWORK_PARAMETERS, ecKey).toString();
        if (checkAddressDatabase(address)){
            System.out.println(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            FileWriter myWriter = new FileWriter("brainResult.txt", true);
            myWriter.write(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            myWriter.write("\r\n");
            myWriter.close();
        }
    }

    private static String getCompressedWif(String hex){
        String string = "80"+hex+"01";
        byte[] digest = messageDigest.digest(hexStringToByteArray(string));
        String checksum  = bytesToHex(messageDigest.digest(digest)).substring(0,8);
        byte[] data = hexStringToByteArray(string + checksum);
        return Base58.encode(data);
    }

    private static boolean checkAddressDatabase(String address) throws SQLException {
        ResultSet resultSet = statement.executeQuery("SELECT balance FROM public.adress WHERE address='"+address+"'");
        while (resultSet.next()) {
            return true;
        }
        return false;
    }

    private static String bytesToHex(byte[] bytes) {
        StringBuffer result = new StringBuffer();
        for (byte b : bytes) result.append(Integer.toString((b & 0xff) + 0x100, 16).substring(1));
        return result.toString();
    }

    private static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                    + Character.digit(s.charAt(i+1), 16));
        }
        return data;
    }
}

[MrFreeDragon]

-snip-

I was able to find https://github.com/j4rj4r/Bitcoin-Brainwallet-Bruteforce, but the checking speed is not entirely satisfactory (I know ... due to API limitations)

-snip-
Regards

You should not use API and check the wallets online. The only way to check your passphrases database is to compare the generated brain wallets with your local database (take it from daily blockchair dumps - https://gz.blockchair.com/bitcoin/addresses) or take from Loyce.

[PrimeNumber7]

If all you need to do is check if a particular address has ever been used, you need to follow the following procedure:
*generate a set of all addresses that have ever received a transaction
*convert each brainwallet passphrase into a private key (which you will subsequently convert into an address)
*compare each tested address from the above step to the items in your set in step 1

The list of addresses that have ever received a transaction is very large, so you will need to use a hashing algorithm that can handle a sufficiently large number of items, or else your runtime will suffer.

Assuming there are no collisions in your above set, you should be able to compare each tested passphrase in O(1) time.

[LoyceV]

The only way to check your passphrases database is to compare the generated brain wallets with your local database (take it from daily blockchair dumps - https://gz.blockchair.com/bitcoin/addresses) or take from Loyce.

That assumes you'll find a funded Bitcoin address, which is unlikely. By checking against the full list of all Bitcoin addresses ever used, you may find brainwallets that have been used in the past.
I'm not sure if brainwallets were ever used for Segwit addresses.

Has anyone figured this out using bitcoin-tool? I've used it in the past, performance isn't bad, but the command line is quite complicated to get correct.

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

[vjudeu]

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

SHA256 is slow for you only because you probably used some unoptimized version. If you optimize it, you could reach 40-bit blocks on CPU. It is possible that even Satoshi had that power in 2009, because he started from 40 bits in pre-release version.

[ABCbits]

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

As @vjudeu said, you used un-optimized tool. You should use optimized tool such as hashcat. Even on single core VPS, i managed to get ~5000 kH/s.

[PawGo]

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

As @vjudeu said, you used un-optimized tool. You should use optimized tool such as hashcat. Even on single core VPS, i managed to get ~5000 kH/s.

Currently I work on piece of software for someone who has lost access to his brainwallet. He knows the way how to produce the phrase, but as it contains some (unknown) number, we must check many possible phrases. The list of potential addresses is very small (just a few), so it is not a factor which slows us down - it is rather priv->pub generation. Initial sha256 and later Hash160 are very fast. The main problem would be to compare generated hash160 against huge database of addresses (& of course generation for both compressed and uncompressed keys). At this stage of project we have speed 47Mkey on RTX 3060 and a little more than 100Mkeys on 3090 - but we are progressing every day

[garlonicon]

Currently I work on piece of software for someone who has lost access to his brainwallet.

I wonder if it could handle nullius brainwallet. I mean transaction 000000000fdf0c619cd8e0d512c7e2c0da5a5808e60f12f1e0d01522d2986a51. Because it is a brainwallet, I guess it could be just SHA-256("something"), then tweaked to get this low transaction hash. But I still don't know the answer.

The main problem would be to compare generated hash160 against huge database of addresses

In this challenge, we all know that the brainwallet is on bc1qt2mdkehmphggajer3ur3g8l754scj4fdrmw3rn. I guess your software should also have an option to set destination address directly, without checking all funded wallets.

[PawGo]

The main problem would be to compare generated hash160 against huge database of addresses

In this challenge, we all know that the brainwallet is on bc1qt2mdkehmphggajer3ur3g8l754scj4fdrmw3rn. I guess your software should also have an option to set destination address directly, without checking all funded wallets.

This is how it works now, just a check against around 15 addresses, it is not intended to hack the whole blockchain. Maybe in the future ;-)
As you said, testing against few thousands of possible addresses (or in fact against list of hash160), slows the process down a lot. Maybe some kind of trustful bloom filter could help, but for now it is not a real need for me.

[CrunchyF]

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

As @vjudeu said, you used un-optimized tool. You should use optimized tool such as hashcat. Even on single core VPS, i managed to get ~5000 kH/s.

Currently I work on piece of software for someone who has lost access to his brainwallet. He knows the way how to produce the phrase, but as it contains some (unknown) number, we must check many possible phrases. The list of potential addresses is very small (just a few), so it is not a factor which slows us down - it is rather priv->pub generation. Initial sha256 and later Hash160 are very fast. The main problem would be to compare generated hash160 against huge database of addresses (& of course generation for both compressed and uncompressed keys). At this stage of project we have speed 47Mkey on RTX 3060 and a little more than 100Mkeys on 3090 - but we are progressing every day

I have developped a tool like this with about the same performance than PawGo one (80 MKeys on a RTX 3070) .
The solution to check on a big list of hash160 is to create a bloomfilter.
For my experiment i build a bloomfilter of about 80Mega hash160 (typically the size of the utxos db).
the binary size is about 1.2 GB with an error rate of 1e-16. (that means that u will have a false positiv every 10e16 lookup in the bloomfilter).
You just have to load this bloomfilter in the GPU RAM to speed up the process.
The lookup in the filter is very fast compared to the SHA256("....)->EC multiplication->hash160 of the publickey process.
So with my tool u can check about 100M hash160 at the speed of 80M sha256(password candidate) on a RTX3070.

If tou well define the pattern of the brainwallet you want to find. I can help u

 

[PrimeNumber7]

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

When creating a set, you generally do not want to use a hashing algorithm that will result in zero collisions for any number of inputs.

A general solution is to use a linked-list when there are collisions. This will result in a worse big O notation, however, it should improve actual runtime.