SOLVED: deprecated wallet: mSIGNA - how to access private keys? TINY BTC BOUNTY!

[Kryptowerk]

This is a question for the sligthly more tech-savy Bitcoiners out here.

I recently accessed an old wallet called mSIGNA. It was recommended about 7 years ago and I used it for a while.
Now I want to access the remaining funds. This would only work if either I can connect to a node with this outddated wallet - Couldn't get it to work so far.
Or by exporting and re-importing the keys to another wallet.

The good news: I can access the public key list that was in use. And found an amount of slightly above 0.01 BTC that I want to transfer.
I still have the password.

The wallet allows to export the following (private) information:
1. Seed word list. It's a 24 word list.
2. BIP32 extended key
3. Private key file (file ending in .priv) -> no idea what that is and if it can be imported in other wallets

Now, I have tried to import 1) and 2) via electrum wallet.
Here are the options I tried without success so far (wallet not showing any transactions in the tx history). Note, I am connected to a node and other wallets update correctly, so it's not a connection problem.
- KEYRESTORE
  a) I already have a seed - here the import is only possible by switching to BIP39 seed
     I tried all 3 available address formats (legacy, p2sh-segwit and native segwit) without success. Also Detect Existing Accounts doesn't find anything. I left the suggested derivation path unchanged - maybe with the right path settings this could be solved?
  b) Use a master key - If I choose this option, Electrum accepts the BIP32 extended key exported from mSIGNA. However again, there are no transactions recognized.
- IMPORT BITCOIN ADDRESSES OR PRIVATE KEY - you can only import regular private keys, and I cannot export/access there from the mSIGNA wallet. - I played a little with this tool: https://bip32.tools/?lang=en But couldn't get it to create a list of private keys for me.

If anyone can either help me to import my mSIGNA keys into another wallet so I can access any remaining funds or get mSIGNA to work again (meaning make it connect to a node so I can just send my funds) it would be much appreciated.
Thanks in advance!

Made this self-moderated to avoid spam and farm comments. Anything off-topic or doing nothing else than suggesting something already explained in my post will be deleted.


Possibly helpful resources (edited)
- mSIGNA github: https://github.com/ciphrex/mSIGNA
- archive of old website: https://web.archive.org/web/20150316215945/https://ciphrex.com/

I'm giving away 0.001 BTC for whoever helps the most to recover these funds. Will add info in OP. I reserve the right to decide at my own discretion who will get the funds - if more people are involved in finding a solution I might split it up.

final edit: a solution
The "easiest" way to access my unspent outputs / a solution was provided here: https://bitcointalk.org/index.php?topic=5460709.msg62604661#msg62604661
Case solved / funds returned.

However we still don't know the correct derivation path of mSIGNA and how to import the seed phrase or master private key into another wallet in way that lets you access your funds. (bonus quest for anyone interested, no bounty for solving it, though)

[Knight Hider]

I played a little with this tool: https://bip32.tools/?lang=en But couldn't get it to create a list of private keys for me.

Try https://iancoleman.io/bip39/ instead. Play with it until you find the right derivation path.

Segwit did not exist 7 years ago.

--Knight Hider

[o_e_l_e_o]

I've found an archived version of their old website here: https://web.archive.org/web/20150316215945/https://ciphrex.com/

It says there, however, that it was a multi-sig wallet.

I've also found their old GitHub here: https://github.com/ciphrex/mSIGNA

Looking through the issues on that GitHub, people are talking about .vault files. Do you have one of these?

You could potentially try to download their software and see if you can import what you have back in to mSIGMA, and then from there extract the raw private keys? I'd be careful downloading and running such long outdated and completely unreviewed code, however. You could also try making a copy of the .priv file and then simply opening it with a text editor and see if there are any private keys inside?

Edit: Also found an archived copy of their "Getting Started" pdf here: https://web.archive.org/web/20190410173347/https://ciphrex.com/docs/mSIGNA-Getting_Started.pdf

[Kryptowerk]

I played a little with this tool: https://bip32.tools/?lang=en But couldn't get it to create a list of private keys for me.

Try https://iancoleman.io/bip39/ instead. Play with it until you find the right derivation path.

Seems like the same or similar tool like the one I linked to in my post.
The problem is, I can play with some of the settings but the "Derived Addresses" list on the bottom of the page doesn't come up with a match to one of the public addresses I can see in the mSIGNA wallet.
My guess is BIP49 (or maybe BIP141) would be the right option, as they are the only ones producing addresses starting with 3. But playing a little with the derivation pathes (I tried 1-5/1-5) doesn't bring up a match.

Something to note: The BIP32 Extended Key does never match the one from mSIGNA no matter which of the BIP options I choose, also altering some of the derivation pathes.

Segwit did not exist 7 years ago.

--Knight Hider

Segwit was implemented 2017 if I recall correctly, so the wallet must be around 6 years old as one set of addresses starts with 3 (first version of segwit addresses).

I've found an archived version of their old website here: https://web.archive.org/web/20150316215945/https://ciphrex.com/

It says there, however, that it was a multi-sig wallet.

I've also found their old GitHub here: https://github.com/ciphrex/mSIGNA

Looking through the issues on that GitHub, people are talking about .vault files. Do you have one of these?

You could potentially try to download their software and see if you can import what you have back in to mSIGMA, and then from there extract the raw private keys? I'd be careful downloading and running such long outdated and completely unreviewed code, however. You could also try making a copy of the .priv file and then simply opening it with a text editor and see if there are any private keys inside?

Edit: Also found an archived copy of their "Getting Started" pdf here: https://web.archive.org/web/20190410173347/https://ciphrex.com/docs/mSIGNA-Getting_Started.pdf

I still do have the mSIGNA wallet. It doesn't offer any option to export single private keys. The only private key export option is said BIP32 extended private key.
The problem with the software is, I wasn't able to get it to connect to a node so far.
I used this list here: https://bitnodes.io/nodes/#network-snapshot and tried some of the addresses. Any better suggestions?

Thanks!

[o_e_l_e_o]

I still do have the mSIGNA wallet. It doesn't offer any option to export single private keys. The only private key export option is said BIP32 extended private key.
The problem with the software is, I wasn't able to get it to connect to a node so far.

The .pdf I linked to above says it should connect to your own node. Are you running a node?

Can you import your seed phrase back in to mSIGNA and regenerate the same wallet with the same addresses? If so, then it is hopefully just a case of finding the right derivation path. But I worry given what is written on that .pdf it is going to be significantly more complicated since it apparently uses an unknown multi-sig arrangement.

[Kryptowerk]

I still do have the mSIGNA wallet. It doesn't offer any option to export single private keys. The only private key export option is said BIP32 extended private key.
The problem with the software is, I wasn't able to get it to connect to a node so far.

The .pdf I linked to above says it should connect to your own node. Are you running a node?

Can you import your seed phrase back in to mSIGNA and regenerate the same wallet with the same addresses? If so, then it is hopefully just a case of finding the right derivation path. But I worry given what is written on that .pdf it is going to be significantly more complicated since it apparently uses an unknown multi-sig arrangement.

I may not have made that clear in OP: But I can still access my wallet in mSIGNA. That's not the issue. This is where I got all the public keys and see a few of change funds still on there.
The issue is using the exportable keys as described in OP via 1), 2) or 3) to import properly via an other wallet.

Also, my wallet is NOT setup as a multisig, just a regular HD wallet. Multisig apparantly was optional.
My guess it's only about finding the right derivation path. Wonder if there is any tool to determine which is used by mSIGNA here.
Thanks for digging up that old pdf - no info on their derivation path used, though.

Seems the derivation path issue was already around in 2017: https://bitcointalk.org/index.php?topic=2144498.msg21524209#msg21524209

Probable solutions to my problem
- get mSIGMA to connect to a node (I don't have a full node)
- find the proper derivation path used by the wallet & import to another wallet

[o_e_l_e_o]

I may not have made that clear in OP: But I can still access my wallet in mSIGNA.

Yeah, I get that. My point of importing the seed phrase again was to ensure your wallet is indeed just a single signature wallet derived from that seed phrase and not some more complex multi-sig set up which we would never be able to recover using just one seed phrase.

My guess it's only about finding the right derivation path.

Having read through the .pdf again, I'm not so sure:

NOTE: mSIGNA™ always uses pay-­‐to-­‐script-­‐hash addresses, which begin with the character 3 in Bitcoin, even for 1 of 1 accounts.

There is no mention that they use nested segwit addresses, which is the type of address every other wallet will try to recover when given a seed phrase and a P2SH address type. The sentence above I've just quoted suggests they may use some strange custom 1-of-1 script, in which case you will never find it by just playing with the derivation path. You will need to find the exact script being used.

Does mSIGMA have the option to import transactions from elsewhere? That would be the easiest way forward - create an unsigned transaction elsewhere, import it to mSIGMA for signing, and then export it for broadcast. If not, then I think the easiest option is going to be to spin up your own node and get mSIGMA to connect to it. Otherwise you will need to comb through the entire source code to figure out exactly the script type and derivation path which is being used.

Alternatively - have you spend from any of these addresses in the past? If so, we can view the script for them on the blockchain.

[Kryptowerk]

I may not have made that clear in OP: But I can still access my wallet in mSIGNA.

Yeah, I get that. My point of importing the seed phrase again was to ensure your wallet is indeed just a single signature wallet derived from that seed phrase and not some more complex multi-sig set up which we would never be able to recover using just one seed phrase.

I see. Yes, good point! I am 99.9% certain it's not a multi-sig. First of I would have remembered and written down some info about it on my seed-paper.
But most importantly, I tried re-importing via the wordlist into mSIGNA and it worked flawlessly - they display a hash for each "keychain" (actually the HD wallet) and it is the same for the imported wallet via SEED compared to my original wallet.

My guess it's only about finding the right derivation path.

Having read through the .pdf again, I'm not so sure:

NOTE: mSIGNA™ always uses pay-­‐to-­‐script-­‐hash addresses, which begin with the character 3 in Bitcoin, even for 1 of 1 accounts.

There is no mention that they use nested segwit addresses, which is the type of address every other wallet will try to recover when given a seed phrase and a P2SH address type. The sentence above I've just quoted suggests they may use some strange custom 1-of-1 script, in which case you will never find it by just playing with the derivation path. You will need to find the exact script being used.

Does mSIGMA have the option to import transactions from elsewhere? That would be the easiest way forward - create an unsigned transaction elsewhere, import it to mSIGMA for signing, and then export it for broadcast. If not, then I think the easiest option is going to be to spin up your own node and get mSIGMA to connect to it. Otherwise you will need to comb through the entire source code to figure out exactly the script type and derivation path which is being used.

No such option available like importing or exporting tx with mSIGNA.

I did check their source code a little bit. Not sure where to look for it and even if I find something how to proceed from there. - Just getting the right derivation path info would probably solve it, right?
About the own node solution: Right now don't even have the disc space for a BTC full node (but could use some older HDD lying around) - my worry is, even after finally having a synced full node running and connected to mSIGNA, the sync process will be stuck somewhere - that's what people seem to report on their github a lot.

Alternatively - have you spend from any of these addresses in the past? If so, we can view the script for them on the blockchain.

That sounds interesting. Would it tell anything about the derivation path or other wallet properties? How does the script used to send help in my case?
Can you guide me through the steps without me exposing my pub keys?

In the end it's around 300 bucks that are unaccessible right now. Would be nice to have, but don't want to spend weeks trying to recover them.
I'm giving away 0.001 BTC for whoever helps the most to recover these funds. Will add info in OP. I reserve the right to decide at my own discretion who will get the funds - if more people are involved in finding a solution I might split it up.

Thanks already for your helpful inpot @o_e_l_e_o .
btw, I edited OP to include link to mSIGNA source code.

[o_e_l_e_o]

That sounds interesting. Would it tell anything about the derivation path or other wallet properties? How does the script used to send help in my case?

It wouldn't tell you anything about the derivation path, but it would tell you if you are indeed looking for a standard nested segwit address. If you are, then we can tackle finding out the derivation path. If the script is something different, then checking derivation paths as you are doing with Electrum or similar will get you nowhere.

Can you guide me through the steps without me exposing my pub keys?

Find one of your addresses from the mSIGMA wallet which has sent coins out from it, and grab the TXID. Head over to https://mempool.space/ and look up that transaction. Click on where it says "Details" on the right hand side. Underneath your address the first field should be titled "ScriptSig (ASM)". Hopefully next to that it says "OP_PUSHBYTES_22", followed by "0014" and then 40 random characters. If it does, then you've got a nested segwit address. If not, then you've got something different.

[Kryptowerk]

That sounds interesting. Would it tell anything about the derivation path or other wallet properties? How does the script used to send help in my case?

It wouldn't tell you anything about the derivation path, but it would tell you if you are indeed looking for a standard nested segwit address. If you are, then we can tackle finding out the derivation path. If the script is something different, then checking derivation paths as you are doing with Electrum or similar will get you nowhere.

Can you guide me through the steps without me exposing my pub keys?

Find one of your addresses from the mSIGMA wallet which has sent coins out from it, and grab the TXID. Head over to https://mempool.space/ and look up that transaction. Click on where it says "Details" on the right hand side. Underneath your address the first field should be titled "ScriptSig (ASM)". Hopefully next to that it says "OP_PUSHBYTES_22", followed by "0014" and then 40 random characters. If it does, then you've got a nested segwit address. If not, then you've got something different.

Okay, wow how do you know this stuff?
Ermm... yes so, there are several interesting things here:
ScriptSig says "OP_0
OP_PUSHBYTES_72" then followed by defintely more than 40 chars (looks like around 100)
and then it says OP_PUSHBYTES_37 followed by maybe 50 characters

Also it says multisig 1/1 - which isn't normal, right? Does a 1/1 multisig even make sense?
Seems like you were right and every mSIGNA wallet is indeed multisig - even when it actually isn't really. 

[o_e_l_e_o]

So yeah, it's not a simple nested segwit address at all. Would you be willing to PM the transaction ID so I can look at the script and see what it does exactly? The next step would be to extract the public key hash from the script and see if we can generate the matching private key from your seed phrase.

[o_e_l_e_o]

Kryptowerk has provided me with a TXID, which I will obviously not share here for his privacy. However, I will explain what we have figured out so far to see if anyone else can chime in.

The P2SH address is indeed set up very oddly as a 1-of-1 multi-sig. It is as follows:

Code:

1 PUBKEY 1 OP_CHECKMULTISIG

I have advised Kryptowerk how to extract the public keys from the redeem script for each address which has previously been used. They are all compressed public keys. With this list of public keys, and I then suggested he use https://iancoleman.io/bip39/ offline to enter his seed phrase, select BIP32, and then experiment with various derivation paths to see if he could find any matching public keys. However, no luck so far.

[Kryptowerk]

e_o_l_e_o has indeed helped a lot so far. Getting close to sloving it, but seems the derivation path of mSIGNA isn't easy to find out.
If anyone has any insight on the correct derivation path for mSIGNA or is tech-savy enough to find it in the code on github, please let us know!
https://github.com/ciphrex/mSIGNA

However, big update! I was able to retrieve around half of the funds.
- mSIGNA allows to export transactions as raw data.
- mSIGNA allows coin control.
- So I just selected the public address I knew still hand coins on it, found an oldschool 1xxxx address in an older electrum wallet to send the funds to and created the signed transaction with mSIGNA and then exported it.
- imported the transaction in electrum wallet via tools -> import transaction -> from text -> broadcast.
- BAMMM it worked!

However, because my mSIGNA wallet is not fully synced I could only retrieve the funds up to the amount the current balance of this unsynced wallet showed. Which is only around half of the total funds. Still a nice recovery.
There are two more addresses with around 0.0015 BTC each that I cannot access this way because their balance in the wallet is too high. - If I want to create a tx inside the wallet it works and I can export it (even using the amount I know is on it because I can check via a current explorer).
HOWEVER after importing to electrum (which also works) the transaction will be denied by the node, because the transactions includes an amount that exceeds the actual accessible funds. Why? Because the transactions also includes a change address that will receive the "remaining" funds - because mSIGNA is synced at a state that has too many funds than actually available on that address.

Still, a nice tiny success. If anyone has more ideas on this, feel free to jump into the discussion.

[o_e_l_e_o]

Does the coin control feature allow you to pick individual UTXOs, or just addresses? So if you had received bitcoin three times to the same address, can you pick exactly which output to spend?

Second question - if you can export transactions, can you import them too?

[NotATether]

About the own node solution: Right now don't even have the disc space for a BTC full node (but could use some older HDD lying around) - my worry is, even after finally having a synced full node running and connected to mSIGNA, the sync process will be stuck somewhere - that's what people seem to report on their github a lot.

Would you like to borrow my full node for a little while?

[Kryptowerk]

Does the coin control feature allow you to pick individual UTXOs, or just addresses? So if you had received bitcoin three times to the same address, can you pick exactly which output to spend?

Second question - if you can export transactions, can you import them too?

UTXO selection is not available - just individual addresses from within the wallet itself.

Yes, importing is available via the following options: from clipboard or from file, optionally in RAW.
Btw sorry, you asked before if tx export was possible, for some reason I missed that option before.

About the own node solution: Right now don't even have the disc space for a BTC full node (but could use some older HDD lying around) - my worry is, even after finally having a synced full node running and connected to mSIGNA, the sync process will be stuck somewhere - that's what people seem to report on their github a lot.

Would you like to borrow my full node for a little while?

That sounds interesting, thanks for the offer.
Not sure if it's worth it for the few sats remaining, how would that actually work - Just try to connect to it via the right address?

[o_e_l_e_o]

Yes, importing is available via the following options: from clipboard or from file, optionally in RAW.
Btw sorry, you asked before if tx export was possible, for some reason I missed that option before.

Ahh well then, that changes everything! This should (hopefully) be the easiest option going forward then. What I would do is the following:

• Get a list of all the addresses which still have funds on them
• Create a new Electrum wallet, select "Import bitcoin addresses or private keys", and insert all your addresses
• In that Electrum wallet, create a transaction sending all those coins to a regular address you control
• At the bottom left of the transaction window, select "Export" (you might have to select "Finalize" first), and export to clipboard
• Import it from the clipboard in to mSIGMA and (hopefully!) sign it
• Export it from mSIGMA, import it back in to Electrum, and broadcast it

[Kryptowerk]

Yes, importing is available via the following options: from clipboard or from file, optionally in RAW.
Btw sorry, you asked before if tx export was possible, for some reason I missed that option before.

Ahh well then, that changes everything! This should (hopefully) be the easiest option going forward then. What I would do is the following:

• Get a list of all the addresses which still have funds on them
• Create a new Electrum wallet, select "Import bitcoin addresses or private keys", and insert all your addresses
• In that Electrum wallet, create a transaction sending all those coins to a regular address you control
• At the bottom left of the transaction window, select "Export" (you might have to select "Finalize" first), and export to clipboard
• Import it from the clipboard in to mSIGMA and (hopefully!) sign it
• Export it from mSIGMA, import it back in to Electrum, and broadcast it

I feel like that was VERY close. Did all the steps on the electrum side - works well.
When trying to import the transaction with mSIGNA I get the following error and immediately aborting "invalid signature" - if I just select "import transactions".
When trying to import using "import transaction (raw)" I get "Push operation exceeds data size".

[o_e_l_e_o]

When trying to import using "import transaction (raw)" I get "Push operation exceeds data size".

This sounds like your transaction is too large for mSIGMA to handle for some reason. Are you trying to consolidate a lot of inputs at once? Perhaps split your transaction in to two and try again with fewer inputs?

[Kryptowerk]

When trying to import using "import transaction (raw)" I get "Push operation exceeds data size".

This sounds like your transaction is too large for mSIGMA to handle for some reason. Are you trying to consolidate a lot of inputs at once? Perhaps split your transaction in to two and try again with fewer inputs?

Unfortunatelly not. I tried first with the 3 inputs I have and then just a solo input. Both didn't work.
I noticed there might be trouble stemming from using a bech32 address as the receiver address and tried with a 1xxx legacy one instead, same results - mSIGNA shows an error upon import.