Need help recovering private key from 2009-2010

[apogio]

Great theories. Here is the exact format I wrote it in, but I changed all the characters. I do remember maybe converting it to hex or binary, or at least considering it.

0486 | 4AE5 | 41BC
A58F | 3FBA | 1AD7

34F6 | 2AEB
37A4 | 4AAF

7?A4 | ?42? | 6F?? | ??D8
71?D | 6?A? | ?FCA | 86B?

32?F
7F?B

Would writing it this way help a bit?

32?F
7F?B

34F6 | 2AEB
37A4 | 4AAF

0486 | 4AE5 | 41BC
A58F | 3FBA | 1AD7

7?A4 | ?42? | 6F?? | ??D8
71?D | 6?A? | ?FCA | 86B?

The fact that you had exactly 3 elements on the first row, 2 on the second row, 4 on the third row and 1 on the last row could potentially be because you wanted to know their order afterwards.

Also keep in mind that removing all question marks it leaves you with 66 chars. You still need to remove 2 

[1715412840]

1715412840

[1715412840]

1715412840

[1715412840]

1715412840

[1715412840]

1715412840

[BoXXoB]

This is extremely difficult to give advice on without figuring your thought flow at the time of creating this backup.

It would be very important if you can figure out if the formatting matters (i.e. is there a reason to have specific amount of HEX numbers on each row).

The only thing we know for certain is that it likely is HEX. Question marks are likely obfuscated HEX characters. We do not know if all of the characters are part of a private key or additional obfuscation.

Is it significant that there are 10 groups of 4 HEX characters WITH question marks and exactly same amount without? Sometimes small things help remember so I would suggest you to give thought to different scenarios and how you may have thought at the time.

[Kryptowerk]

Great theories. Here is the exact format I wrote it in, but I changed all the characters. I do remember maybe converting it to hex or binary, or at least considering it.

0486 | 4AE5 | 41BC
A58F | 3FBA | 1AD7

34F6 | 2AEB
37A4 | 4AAF

7?A4 | ?42? | 6F?? | ??D8
71?D | 6?A? | ?FCA | 86B?

32?F
7F?B

Are the question marks included inside the backup you made, or are they part of the redaction?

I wish you the best of luck to successfully restore your wallet. Given the fact that it's "only" 14 characters missing there is a good chance at some point within the foreseeable future it will be crackable by a strong (cloud)-computing-network within a reasonable timeframe.
https://www.proxynova.com/tools/brute-force-calculator/ currently gives an estimate of ~1000 years, but I think that's based on the time it takes an average home computer to crack this. Meaning a powerful super-computer could quite likely already crack it within a few days or weeks.
With the current rate of Bitcoin this is most likely still not worth it, but if Bitcoin climbs up to $1M/BTC and computational power is getting cheaper and cheaper in the meantime, it will most likely be a profitable thing to crack.

Only 14 hex characters missing? That should not be too hard to brute force since there are only 16 possible hex haracters for each position, and if you know how to program in CUDA it should be simple to write a program that makes all of these permutations and then creates the compressed or uncompressed private key and its address from which you can check for balances against, using publicly available lists.

Ah yes, indeed it's HEX numbers only, so this reduces computational time a ton. WOW! So it's just a question of how to program a nice script that will allow an easy brute-force and checking the derivated public address with the blockchain history to find the correct private key.
Happy news in this regard.
Guess the challenge is to find someone trustworthy to create some good code without a backdoor.

And, on a sidenode, usually the knowledge what you did with these missing ? digits is still somewhere in your head @OP. There is a good chance if you think about this on a regular basis and try to remember what you were up to back then an epiphany moment will occure and you know how to fill these blanks.

[signer]

Thank you all for sharing your ideas and suggestions. It is helping to jog my memory.

I'm wondering how to create a CUDA program. The goal of this program would be to generate all conceivable permutations based on the current understanding of characters. From these permutations, the program should then be able to produce both compressed and uncompressed private keys. Once these keys are generated, it should derive their corresponding addresses. Then, it should check the balances of these addresses against a public directory to find matches.

I stumbled upon a potential hint that I had penned down in a different section of the notebook. However, I'm struggling to decode its exact meaning. Given that the missing characters are expected to be of the HEX variety, I'm leaning towards the idea that creating a CUDA-based solution might be our most efficient route to uncover these characters.

This is the hint: The numbers in my note are separated by single, double, or even multiple vertical lines. For context, I've denoted these vertical lines using the character located directly below the backspace key on a standard keyboard.

5| | | 6| | | 7|9|8|    5| | | 6|7|8|9|10|11|12
     2|3|4|                            2|3|4|
       1|                                   1|


I did a little research. Would a good starting template for the CUDA program look like this? Do you have any feedback?

Code:

// Including required header files
#include <stdio.h>
#include <cuda_runtime.h>
#include <math.h>

// CUDA Kernel function for generating permutations
__global__ void generatePermutations(char *baseString, char *result, unsigned long long num_permutations, unsigned long long offset) {
    // Calculate the global index for this thread across all blocks
    unsigned long long idx = blockIdx.x * blockDim.x + threadIdx.x + offset;

    // Check if the index exceeds the number of permutations we want to generate
    if (idx >= num_permutations) return;

    // Create a local copy of the base string in this thread
    char localString[81];
    memcpy(localString, baseString, 81);

    // Loop to replace '?' with hexadecimal characters based on idx
    // Start from the end of the string and move toward the beginning
    for (int i = 79; i >= 0; i--) {
        if (localString[i] == '?') {
            int hexVal = idx % 16; // Get the remainder when idx is divided by 16
            if (hexVal < 10) {
                localString[i] = '0' + hexVal; // If hexVal is a single-digit number
            } else {
                localString[i] = 'A' + (hexVal - 10); // If hexVal is a letter (A-F)
            }
            idx /= 16; // Divide idx by 16 for the next '?'
        }
    }

    // Store the generated string into the result array on the GPU
    memcpy(&result[(blockIdx.x * blockDim.x + threadIdx.x) * 81], localString, 81);
}

// Main program function
int main() {
    // Initialize your 80-character string with 14 '?' characters, plus a null-terminator
    char baseString[81] = "BASE_STRING_WITH_14_?"; 

    // Declare device pointers for the base string and the result array
    char *d_baseString, *d_result;

    // Number of permutations to generate in this subset (due to memory limitations)
    unsigned long long subset_size = 1e5;
    size_t result_size = 81 * subset_size; // Size of the result array in bytes

    // Allocate memory on the GPU for the base string and result array
    cudaMalloc((void**)&d_baseString, 81);
    cudaMalloc((void**)&d_result, result_size);

    // Copy the base string from the CPU to the GPU
    cudaMemcpy(d_baseString, baseString, 81, cudaMemcpyHostToDevice);

    // Define the number of threads per block and the number of blocks per grid
    int threadsPerBlock = 256;
    int blocksPerGrid = (subset_size + threadsPerBlock - 1) / threadsPerBlock;

    // Launch the CUDA Kernel
    generatePermutations<<<blocksPerGrid, threadsPerBlock>>>(d_baseString, d_result, subset_size, 0);

    // Allocate memory on the CPU to store the result and copy it from the GPU
    char *h_result = (char*) malloc(result_size);
    cudaMemcpy(h_result, d_result, result_size, cudaMemcpyDeviceToHost);

    // You can now process the result further or save it to a file

    // Free the allocated memory on the GPU and CPU
    cudaFree(d_baseString);
    cudaFree(d_result);
    free(h_result);

    return 0;
}

To compile the code:

Code:

nvcc filename.cu -o outputname
./outputname

Retrieve Permutations from GPU: After the CUDA kernel execution, there is a subset of permutations stored in a device array. Copy this array back to the host.

Code:

char *h_result = (char*) malloc(result_size);
cudaMemcpy(h_result, d_result, result_size, cudaMemcpyDeviceToHost);

Initialize OpenSSL: Before using OpenSSL's functions, initialize the library.

Code:

OpenSSL_add_all_algorithms();

Generate Private Key: For each permutation string, generate a SHA-256 hash to serve as a Bitcoin private key

Code:

unsigned char hash[SHA256_DIGEST_LENGTH];
SHA256_CTX sha256;
SHA256_Init(&sha256);
SHA256_Update(&sha256, permutation_string, strlen(permutation_string));
SHA256_Final(hash, &sha256);

Generate Public Key: Use the private key to generate an uncompressed public key using ECDSA with the secp256k1 curve

Code:

EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1);
BIGNUM *bn = BN_bin2bn(hash, 32, NULL);
EC_KEY_set_private_key(eckey, bn);
EC_KEY_generate_key(eckey);

Generate Compressed Public Key: The compressed public key is essentially the X-coordinate of the public key point along with one byte that helps to recover the Y-coordinate.

Code:

const EC_POINT *pub_key = EC_KEY_get0_public_key(eckey);
size_t size = EC_POINT_point2oct(group, pub_key, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL);
unsigned char *compressed_key = malloc(size);
EC_POINT_point2oct(group, pub_key, POINT_CONVERSION_COMPRESSED, compressed_key, size, NULL);

Cleanup: Don't forget to free any dynamically allocated resources.

Code:

free(h_result);
EC_KEY_free(eckey);
BN_free(bn);
free(compressed_key);

Compile and link C code with OpenSSL:

Code:

gcc your_file.c -o your_program -lcrypto

Combined into a unified program

Code:

#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
#include <openssl/ec.h>
#include <openssl/obj_mac.h>
#include <cuda_runtime.h>
#include <math.h>

__global__ void generatePermutations(char *baseString, char *result, unsigned long long num_permutations, unsigned long long offset) {
    unsigned long long idx = blockIdx.x * blockDim.x + threadIdx.x + offset;
    if (idx >= num_permutations) return;

    char localString[81];
    memcpy(localString, baseString, 81);

    for (int i = 79; i >= 0; i--) {
        if (localString[i] == '?') {
            int hexVal = idx % 16;
            localString[i] = hexVal < 10 ? '0' + hexVal : 'A' + (hexVal - 10);
            idx /= 16;
        }
    }
    memcpy(&result[(blockIdx.x * blockDim.x + threadIdx.x) * 81], localString, 81);
}

int main() {
    char baseString[81] = "BASE_STRING_WITH_14_?";
    char *d_baseString, *d_result;
    unsigned long long subset_size = 1e3;
    size_t result_size = 81 * subset_size;

    cudaMalloc((void**)&d_baseString, 81);
    cudaMalloc((void**)&d_result, result_size);
    cudaMemcpy(d_baseString, baseString, 81, cudaMemcpyHostToDevice);

    int threadsPerBlock = 256;
    int blocksPerGrid = (subset_size + threadsPerBlock - 1) / threadsPerBlock;
    generatePermutations<<<blocksPerGrid, threadsPerBlock>>>(d_baseString, d_result, subset_size, 0);

    char *h_result = (char*) malloc(result_size);
    cudaMemcpy(h_result, d_result, result_size, cudaMemcpyDeviceToHost);

    // Initialize OpenSSL
    OpenSSL_add_all_algorithms();

    for (int i = 0; i < subset_size; ++i) {
        char *perm = &h_result[i * 81];

        // Generate SHA-256 Hash
        unsigned char hash[SHA256_DIGEST_LENGTH];
        SHA256_CTX sha256;
        SHA256_Init(&sha256);
        SHA256_Update(&sha256, perm, strlen(perm));
        SHA256_Final(hash, &sha256);

        // Generate Public Key
        EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1);
        BIGNUM *bn = BN_bin2bn(hash, 32, NULL);
        EC_KEY_set_private_key(eckey, bn);
        EC_KEY_generate_key(eckey);

        // Generate Compressed Public Key
        const EC_GROUP *group = EC_KEY_get0_group(eckey);
        const EC_POINT *pub_key = EC_KEY_get0_public_key(eckey);
        size_t size = EC_POINT_point2oct(group, pub_key, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL);
        unsigned char *compressed_key = (unsigned char*) malloc(size);
        EC_POINT_point2oct(group, pub_key, POINT_CONVERSION_COMPRESSED, compressed_key, size, NULL);

        // TODO: Store or process the keys

        // Cleanup
        EC_KEY_free(eckey);
        BN_free(bn);
        free(compressed_key);
    }

    // Final Cleanup
    free(h_result);
    cudaFree(d_baseString);
    cudaFree(d_result);

    return 0;
}

Compile the program using both the CUDA and OpenSSL libraries:

Code:

nvcc -o combined_program combined_program.cu -lssl -lcrypto

Run the program:

Code:

./combined_program

[whanau]

Quote: Also keep in mind that removing all question marks it leaves you with 66 chars. You still need to remove 2 

Could the first 2 characters be 0X ? If so, you can remove these 2 leaving you with 64 chars (32 hex pairs)
often hex output is prefixed with 0X to denote a hex string follows.

[signer]

Quote: Also keep in mind that removing all question marks it leaves you with 66 chars. You still need to remove 2 

Could the first 2 characters be 0X ? If so, you can remove these 2 leaving you with 64 chars (32 hex pairs)
often hex output is prefixed with 0X to denote a hex string follows.

Thanks. Then how would I use the result? Just convert the hex to another format?

[nc50lc]

-snip-

Thanks. Then how would I use the result? Just convert the hex to another format?

But that's if you can get something like that from your backup, only if it starts exactly with "0x", otherwise it's a 66character hex or not.
64 characters is exactly the max length of a Bitcoin Private key in hex. (excluding 0x)

To use it: You just have to encode it into WIF private key to be compatible with almost all wallets.
There are a couple of tools that can do that, the working fork of brainwallet tool has one but do not attempt it using the web version or on an online machine.
If you wan't to use the tool, get its source code (GitHub link), audit it if possible, extract and launch its index.html file using your offline machine's browser.
Go to 'Convert' tab, toggle "HEX" as 'Source Encoding' and 'Convert to' "B58Check"; type/paste to convert it into WIF.

[Cricktor]

OP, if you're working with private keys, converting HEX to WIF, you should do this only in a safe and offline environment. Definitely not on your daily machine on which you do all your online stuff! Idealy you start a Live Linux box that runs only in RAM so that it doesn't leave traces of your private key(s) once it is shutdown.

If you're not tech savvy, better learn some basics before you continue to avoid your private keys getting compromised by some unsafe computer environment. Who knows if and how much coins your potential private keys control, don't risk foolish losses.

Another tool to convert HEX to WIF has already been mentioned in post #2 and #3, the offline version of https://www.bitaddress.org (get it from its Github repo and verify its authenticity before you use it!).

[whanau]

Thanks. Then how would I use the result? Just convert the hex to another format?

If you are familiar with python, you could use this script (offline) or any of the other software suggested.
Check the addresses for a balance, if you find one sweep into a new secure wallet using the corresponding WIF

Code:

from bitcoinaddress import Wallet


# Convert a string with hex digits, colons, and whitespace to a long integer
def hex2int(hexString):
    return int("".join(hexString.replace(":", "").split()), 16)


dA  = hex2int('54040CDA88EE1CA322FEB4BD61C1098224222444F9453637802FE66526674199')
# put your test key between the ' ' the key above is to demonstrate

dx = str(f'{dA:064x}')
wallet = Wallet(dx)
priv_key = wallet.key.hex
wif = wallet.key.mainnet.wif
publ_key = wallet.address.pubkey
publ_keyc = wallet.address.pubkeyc
address = wallet.address.mainnet.pubaddr1
addressc = wallet.address.mainnet.pubaddr1c
address3 =wallet.address.mainnet.pubaddr3
wifc = wallet.key.mainnet.wifc

addressd = wallet.address.mainnet.pubaddrbc1_P2WSH
addresse = wallet.address.mainnet.pubaddrbc1_P2WPKH

print('Private key : ' + str(priv_key) + '\n' +
      'Public key  : ' + str(publ_key) + '\n' +
      'Address     : ' + str(address) + '\n' +
      'WIF         : ' + str(wif) + "\n\n" +
      'Public key C: ' + str(publ_keyc) + '\n' +
      'Address    C: ' + str(addressc) + '\n' +
      'WIF        C: ' + str(wifc) + "\n\n" +
      'BC1 P2WSH   : ' + str(addressd) + '\n' +
      'BC1 P2WPKH  : ' + str(addresse) + '\n' +
      'P2SH        : ' + str(address3) + '\n')

[tread93]

Oh man, this is brutal I hope you find a way to get your bitcoin back OP. Its hard to trust people to help you accomplish something like this I feel but definitely not impossible. Just don't give up looking for it whatever you do and surely you will find it! Even if it gets hard just don't give up 3 feet short of gold!!!

[catiscurious]

I would try to cipher the first 40 hex characters from scratch as if I'm writing them down today. What would you do if you were to cipher it today? Try that on paper. Maybe your brain may try the same way. Other than that:

1) Can all the question marks be the same hex character? I would look for a hex that is missing. For example there is no "B" and all others are present, i would put B in the '?' marks. There is no "4" i would put 4 in the '?' marks.

2) Is the hint in exact format? Can we see the hint in exact format, and also with exact numbers? (just the hint that you penned down on that notebook. not the actual keys) Maybe we should focus on the hint.