I'm helping a friend with a Bitcoin mystery he's been trying to figure out for a year or so.
He discovered a list of 85 words on a sheet of paper, and he remembers little about it, except that:
* Some of the 85 words lead to Bitcoin (and the others are camouflage)
* The words are in order (order was preserved when jumbling)
* The words might not be consecutive (words might have been inserted between the words of the original sentence)
* He set up and provisioned the wallet end of July of 2012
We first suspected that he might have used
https://www.bitaddress.org to convert a series of words into a private key (and address), and then "hid" his series of words in the larger list.
So I coded a tool to bruteforce this. All HTML/Js so he could run it easily on an air-gapped computer:
https://i.imgur.com/q67Oxrx.pngIt generates sentences of increasing lengths from samples of the 85 words of increasing size, testing all combinations.
It tests the generated public keys against all public addresses of July and August 2012 (as well as all addresses with around the same amount as his wallet is supposed to have), and displays a match if it's found (this was tested with a dummy 07-2022 wallet with some sats in it, with the seed/sentence jumbled in the same way, and it found it).
But running this against his 85 words, nothing is found.
And recently, we discovered (from archive.org) that BitAddress only added the ability to generate keys based on specified strings of characters in August 2012 (so at least a week after his wallet was created). Before that it only did random keys, so there wouldn't have been a list of words.
Both the bruteforce's failure and this discovery should disqualify BitAddress, we **think**.
So if not BitAddress, then what?
Some people on Reddit suggested Blockchain.info (now blockchain.com)
He contacted blockchain.info, and they don't have any of his email addresses (some of which the host of died anyway) on record, so no go there.
Back in July 2012, they had an option to create "brain wallets", and when you created such a wallet, they would give you a "seed" (a phrase) like we have.
That phrase was a "password recovery" phrase: You could use it to get your password back (not from them, with math). Later in 2013 they made it so this recovered the username also, but our phrase is from earlier than that.
So even if we find the password by bruteforcing, aren't we just stuck if we don't have the username?
That's where something special about the 85 words comes in:
All 85 words are english words (and part of the "v3" list in blockchain.com's source code we found on archive.org for July 2012), **
except for two of them**.
Two words are different, special, they are the same length, and they have random characters, including special characters. They look like passwords, or maybe usernames.
So, our guess (and only hope really) is that one of these two words are the username (and some of the rest of the 85 words can be used to recover the associated password.
So I wrote another bruteforce tool:
https://i.imgur.com/xpIj9Fw.pngIt's pretty straightforward, it does the same kind of combination brute forcing to find sequences of words in order but not necessarily adjacent (though it also tests that possibility).
It tests them against the code from blockchain.info, checking if the checksum matches, and if it does, it shows the password. I created a "dummy" seed to test it against, and it does find the password (and a few false positives, the checksum isn't very strict).
My friend hasn't been able to run this one tool yet due to technical issues on their end, but it should happen soon.
Question.
I'm coming to this community for help: I found two possibilities for where these words could come from: bitaddress and blockchain.info.
Are there other possibilities you know of for that time?Do you have any comments on what I have done so far? Anything I could have missed? Any idea of where to look and what to do?
Maybe a tutorial popular on the net or this forum they might have followed at that time? Anything.
Any help would be extremely appreciated (and if we do find coins, though the wallet isn't supposed to contain much, we'd still reward anyone who would have helped along the way).
Thanks to you all for your time!