Passphrase recovery with Btcrecovery

[despo4helpo]

That's the tricky part; not sure how to find the derivation path. Is the "fresh address path" (shown in the step 3 image from the link above) the same as the derivation path?

Almost. Take the fresh address it path it shows you under your xpub and knock the last two sets of digits off it to get the derivation path for your xpub. So if it shows m/84'/0'/0'/0/5, your xpub's path will be m/84'/0'/0'. Make sure to include the ' symbols, these are very important and will generate entirely different keys if you miss them out.

The last thing to be sure is that this xpub is definitely coming from the account protected by the passphrase, and not from the base account with no passphrase.

It's either one of these lists, or a combination of both. If separate, I'm confident of the order but yet it didn't work so something is off.

If the order is off, then you are really going to struggle. Based on your initial post of 15-20 words, and the fact that I can descramble 12 words in a little under an hour, then 15 words would come out at around 100 days and 20 words will be in the region of hundreds of thousands of years, even assuming you were 100% correct with all your words and symbols.

So, assuming you know the order, then I would try something like this initially:

Code:

^1^Code ^1^code ^1^C0de ^1^c0de
^2^test ^2^te$t
^3^mayor ^3^m@yor ^3^may0r ^3^m@y0r

And so on.

The ^x^ before each word fixes the position of that word. btcrecover will then take one entry from each line and assemble that in to a passphrase in that order to try. So on each line, you put every possible permutation of that word. This is also assuming no spaces between the words.

If that fails, then change your tokens file to all caps.
If that fails, then take your second wordlist (e.g. veg instead of fruit) and follow the same process.
If that fails, then combine your wordlists and follow the same process.

Note that if $ is the last character of a token, you will need to replace it with %S otherwise btcrecover will interpret it as an end anchor.

In terms of the numbers at the end, you can do what you are doing and put every possibility on a single line with $ at the end, or you can use a wildcard if you are unsure about the numbers. For example, %3,4d will try every 3 and 4 digit combination. Note that this will significantly increase your search space, however.

Thank you! For the derivation path, being a native segwit wallet, wouldn't it always be m/84'/0'/0'?

I've tried the combinations but need to narrow it down more I guess. I realize I may have used the wrong address limit now so while that was a waste of time, there is hope I find the right one now.

I have a couple of queries to clarify:
1. If I use relative anchors like ^r3^Word3, ^r4^Word4, does it means those words are going be the 3rd or 4th words in the passphrase?

2. If I have word1 woRd2 w0rd3 all in 1 line, and word2, woRd2 w0rd2 in another line, how much time does each extra word take?
I.e., I'm trying to figure out how many words is "doable". Is it 11, or 12? 20 takes thousands of years. So what's a doable limit to try and does each possible word in 1 line add to the time taken or not?

Thanks!

[despo4helpo]

There is another tool that you can use to brute-force the wallet passphrase it was developed by Coding Enthusiast.

You can check that tool from his thread below

- https://bitcointalk.org/index.php?topic=5214021.0

Once you downloaded it just go to Missing Mnemonic Passphrase and try to brute-force your wallet just make sure that you remember some parts of your passphrase to speed up the process.

FinderOuter is great tool/software and more user-friendly. But with lack of GPU support, btcrecover is better choice on most cases.

I don't have computers with GPU so could give it a try. In FinderOuter where should I enter the words I think they are? Is it in "CustomChars"? If yes, do I put Word1Word2Word3 and it will try all the combinations from that?

[o_e_l_e_o]

Thank you! For the derivation path, being a native segwit wallet, wouldn't it always be m/84'/0'/0'?

Not necessarily. If you've made more than one account under the same passphrase, then it could be m/84'/0'/1' and so on.

I realize I may have used the wrong address limit now so while that was a waste of time, there is hope I find the right one now.

If you are searching using the xpub and --mpk, then you don't need to set an address limit anymore.

If I use relative anchors like ^r3^Word3, ^r4^Word4, does it means those words are going be the 3rd or 4th words in the passphrase?

No, that would be the case if you were using fixed anchors rather than relative anchors.

Fixed anchors (^x^) place that word in a fixed position. Relative anchors (^rx^) place that word in relation to other relative anchors.

If you use ^3^Word3, then Word3 would be the 3rd word.
If you use ^r3^Word3, then Word3 would be placed somewhere between the words you set as ^r2^ and ^r4^, but there could be other words between them as well, and ^r3^ wouldn't necessarily be the third word.

If I have word1 woRd2 w0rd3 all in 1 line, and word2, woRd2 w0rd2 in another line, how much time does each extra word take?

It's all going to depend on the size of entire tokens file. But if you change the number of possibilities in a single line from 1 to 2, then that is going to double your search space. Change another line from 1 to 2, and the will double it again, so 4x in total. So even a few extra possibilities can dramatically increase the search space.

I'm trying to figure out how many words is "doable". Is it 11, or 12? 20 takes thousands of years. So what's a doable limit to try and does each possible word in 1 line add to the time taken or not?

Again, it depends on what exactly you are searching. If you know all 12 words exactly but have them in the wrong order, then that's 12! = 479 million possibilities. If you know the order of 12 words, but each word could be one of four possibilities, then that's only 4¹² = 17 million possibilities. It will all depend on exactly how much you know and how much is unknown.

[despo4helpo]

Thank you! For the derivation path, being a native segwit wallet, wouldn't it always be m/84'/0'/0'?

Not necessarily. If you've made more than one account under the same passphrase, then it could be m/84'/0'/1' and so on.

I realize I may have used the wrong address limit now so while that was a waste of time, there is hope I find the right one now.

If you are searching using the xpub and --mpk, then you don't need to set an address limit anymore.

After entering the command (btcrecover.py --tokenlist tokenfile.txt --no-dupchecks etc. etc.) there are 2 popups: 1 asking for the xpub, the second for the seed phrase. Is this the same as the --mpk command?

If I use relative anchors like ^r3^Word3, ^r4^Word4, does it means those words are going be the 3rd or 4th words in the passphrase?

No, that would be the case if you were using fixed anchors rather than relative anchors.

Fixed anchors (^x^) place that word in a fixed position. Relative anchors (^rx^) place that word in relation to other relative anchors.

If you use ^3^Word3, then Word3 would be the 3rd word.
If you use ^r3^Word3, then Word3 would be placed somewhere between the words you set as ^r2^ and ^r4^, but there could be other words between them as well, and ^r3^ wouldn't necessarily be the third word.

Is 3 words the minimum number of relative anchors needed to be used for this function?

If I have word1 woRd2 w0rd3 all in 1 line, and word2, woRd2 w0rd2 in another line, how much time does each extra word take?

It's all going to depend on the size of entire tokens file. But if you change the number of possibilities in a single line from 1 to 2, then that is going to double your search space. Change another line from 1 to 2, and the will double it again, so 4x in total. So even a few extra possibilities can dramatically increase the search space.

I'm trying to figure out how many words is "doable". Is it 11, or 12? 20 takes thousands of years. So what's a doable limit to try and does each possible word in 1 line add to the time taken or not?

Again, it depends on what exactly you are searching. If you know all 12 words exactly but have them in the wrong order, then that's 12! = 479 million possibilities. If you know the order of 12 words, but each word could be one of four possibilities, then that's only 4¹² = 17 million possibilities. It will all depend on exactly how much you know and how much is unknown.

What's a doable and impossible number (hundreds of years) that can/can't be found?

Thank you! Replies in bold again.
Bonus question: Is there a post or tutorial I can learn where to quote properly? Lol

[o_e_l_e_o]

After entering the command (btcrecover.py --tokenlist tokenfile.txt --no-dupchecks etc. etc.) there are 2 popups: 1 asking for the xpub, the second for the seed phrase. Is this the same as the --mpk command?

Yes. If you don't specify it in the command line, then a pop up will ask for it.

Is 3 words the minimum number of relative anchors needed to be used for this function?

No, two would be the minimum. You can't use one since one can't be compared to zero others, but you could use two with ^r1^ coming somewhere before ^r2^.

Note that with relative anchors (but not fixed anchors), you can use the same relative anchor on multiple lines. So if I had one line with ^r1^, and two different lines both with ^r2^, then both of the ^r2^ lines would come somewhere after ^r1^, but in either order.

What's a doable and impossible number (hundreds of years) that can/can't be found?

As I say, it all depends on the format of your tokensfile, how many lines there are, the possibilities on each line, how much descrambling might be needed, etc. It also depends on how many guesses per second your hardware is capable of. If you share your tokensfile with the actual words redacted (feel free to PM it to me if you would prefer), I can do some rough math to work it out for you.

If you run without --no-eta, then it should calculate it for you, but in my experience this doesn't really work very well for large numbers and tends to just freeze up.

Bonus question: Is there a post or tutorial I can learn where to quote properly?

You just have to copy and paste the quote tags multiple times around each section of text you want to quote.

[despo4helpo]

After entering the command (btcrecover.py --tokenlist tokenfile.txt --no-dupchecks etc. etc.) there are 2 popups: 1 asking for the xpub, the second for the seed phrase. Is this the same as the --mpk command?

Yes. If you don't specify it in the command line, then a pop up will ask for it.

Is 3 words the minimum number of relative anchors needed to be used for this function?

No, two would be the minimum. You can't use one since one can't be compared to zero others, but you could use two with ^r1^ coming somewhere before ^r2^.

Note that with relative anchors (but not fixed anchors), you can use the same relative anchor on multiple lines. So if I had one line with ^r1^, and two different lines both with ^r2^, then both of the ^r2^ lines would come somewhere after ^r1^, but in either order.

What's a doable and impossible number (hundreds of years) that can/can't be found?

As I say, it all depends on the format of your tokensfile, how many lines there are, the possibilities on each line, how much descrambling might be needed, etc. It also depends on how many guesses per second your hardware is capable of. If you share your tokensfile with the actual words redacted (feel free to PM it to me if you would prefer), I can do some rough math to work it out for you.

If you run without --no-eta, then it should calculate it for you, but in my experience this doesn't really work very well for large numbers and tends to just freeze up.

Bonus question: Is there a post or tutorial I can learn where to quote properly?

You just have to copy and paste the quote tags multiple times around each section of text you want to quote.

Thank you. You may hear from me soon. Just wanted to thank you publicly because I'm so grateful for your (and everyone else who has commented) inputs and advice! I really wish I had merit points to give to you!