Zenp (OP)
Jr. Member
 Offline
Activity: 33
Merit: 37
|
 |
September 07, 2023, 08:09:13 PM |
|
Hi Everyone, A few years ago, I bought some bitcoin (very small amount, don't worry) and wrote down the 12 mnemonic words on small flashcards. I recently found these cards but seem to have forgotten what the order of the words were. Is there a method using python or any other tools to figure out the order of the words? The number of bitcoins in this was less than 0.04, and as such expensive computational resources would be out of the scope. My rough thoughts lead me to believe that there are 12! possible wallets which is 479,001,600 possible combinations. I read this post online where it claimed that BIP39 uses a checksum word. Does anyone know how / if this checksum can be used for valid mnemonic determination? https://bitcoin.stackexchange.com/questions/79249/i-have-my-12-word-bip39-phrase-but-not-in-the-right-orderAny help would be appreciated. |
|
|
|
|
|
|
|
|
|
|
|
|
|
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1526
Merit: 4833
|
|
.
HUGE | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
blue Snow
Legendary
Offline
Activity: 1484
Merit: 1023
#SWGT CERTIK Audited
|
|
September 08, 2023, 02:03:23 AM |
|
A few years ago, I bought some bitcoin (very small amount, don't worry) and wrote down the 12 mnemonic words on small flashcards. I recently found these cards but seem to have forgotten what the order of the words were.
I just ignore what you find (small flashcards). I have a question, What wallet did you use? I've also had this case before where the words cannot be read clearly. But, I try to remember the wallet I used and try to find that wallet file on my ext drive. After I found it, I just imported it to the wallet and worked. |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
September 08, 2023, 05:15:18 AM |
|
Yes, fairly easily done using btcrecover as Charles-Tim has pointed out above.
Do you know the address the coins are on? It will be a much quicker process if you do. If you don't it will still be possible, but you'll need to set up an address database first. It would also be useful if you know that the address you used was the first (or at least one of the first) addresses in that wallet.
|
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4298
Merit: 3211
|
|
September 08, 2023, 07:30:47 AM |
|
...
This script generates permutations and checks each one. With 12 words, there are indeed 479,001,600 possible permutations, so this method could be time-consuming.
The BIP39 checksum is used to detect errors in the mnemonic phrase, but it won't help you recover the correct word order.
...
The checksum might help as an optimization. I think it is faster to validate the checksum than it is to check if the phrase generates a known address. So, for each permutation, first checking the checksum would eliminate 93.75% of them. For the remaining 6.25% you would still have to check against the known addresses. |
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
I think it is faster to validate the checksum than it is to check if the phrase generates a known address.
It's much faster. The checksum is a single SHA256, while to generate an address you need 2048 rounds of HMAC-SHA512, a variable number of further rounds of HMAC-SHA512 alongside elliptic curve multiplication to work down the derivation path, and then three SHA256s, one RIPEMD160, and a Base58 conversion to turn that final public key in to an address. Still, the account you are replying to is an AI spammer, which is why the script they shared is nonsense. |
|
|
|
|
Zenp (OP)
Jr. Member
Offline
Activity: 33
Merit: 37
|
|
September 08, 2023, 01:22:04 PM |
|
Thank you for the btcrecover source. I initially didn't have my public address and tried to figure out how to use the public address database to decode but was unsuccessful. Then I was able to trace back some of my old transactions to public address and was able to use it to crack the order of the wallet. It only took 115 minutes using my hardware, which is pretty solid. Successfully recovered 0.0309 btc. Thank you everyone for your help, Much Appreciated! |
|
|
|
|
NotATether
Legendary
Offline
Activity: 1582
Merit: 6715
bitcoincleanup.com / bitmixlist.org
|
|
September 09, 2023, 04:00:45 AM |
|
Then I was able to trace back some of my old transactions to public address and was able to use it to crack the order of the wallet. It only took 115 minutes using my hardware, which is pretty solid. Successfully recovered 0.0309 btc.
Nice. So it looks like it is possible to brute-force the order of 12 words of a seed phrase. If it was 24 words, I would've been less sure, since that's even more possible combinations and would take in the magnitude of hundreds of thousands or even millions possibly. Fortunately current btcrecover developer already provide such address database, although it was last updated on 2022. Although it shouldn't be problem since OP said "A few years ago...".
Do you know how the btcrecover devs "refresh" the address database? What kind of tools do they use? |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16577
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
September 09, 2023, 06:28:36 AM
Last edit: September 09, 2023, 07:59:45 AM by LoyceV |
|
So it looks like it is possible to brute-force the order of 12 words of a seed phrase. If it was 24 words, I would've been less sure, since that's even more possible combinations and would take in the magnitude of hundreds of thousands or even millions possibly. Make that half a billion more possibilities.12 words gives 12! = 479001600 possibilities. 24 words gives 24! = 620448401733239439360000 possibilities. Half a billion times 115 minutes is a million years.Not sure where you got half a billion from? You're right. I didn't even have to read further, let's say I'm an idiot before my caffeine sometimes. I was indeed surprised I got to "only" a million years, while it's closer to a few billion years. |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
September 09, 2023, 07:27:51 AM |
|
Not sure where you got half a billion from?
If you have a benchmark for calculating 12!, then to calculate 24 you would need to take that benchmark and multiply it by 13*14*15*...*23*24. More easily written as 24!/12!.
24!/12! is over 1 thousand trillion. With 115 minutes for 12 words, then it would be around 283 billion years for 24 words. (In reality it would be a bit quicker than this since with 12 words you can reject 93.75% of combinations as having an invalid checksum and with 24 words you can reject 99.61% of seed phrases, but that is not relevant.)
|
|
|
|
|
Coding Enthusiast
Legendary
Offline
Activity: 1039
Merit: 2783
Bitcoin and C♯ Enthusiast
|
|
September 09, 2023, 09:21:34 AM
Last edit: September 09, 2023, 10:07:45 AM by Coding Enthusiast |
|
Isn't 115 minutes (at best 1.1k permutation/sec) too slow?
Although FinderOuter doesn't have this feature but I get 22k perm/sec for BIP39 and 1.2m perm/sec for Electrum mnemonic on CPU when recovering 12-word mnemonics with missing words.
|
|
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18509
|
|
September 09, 2023, 09:55:53 AM |
|
Isn't 115 minutes (at best 1.1k permutation/sec) too slow?
Although FinderOuter doesn't have this feature but I get 22k perm/sec for BIP39 and 1.2m perm/sec for Electrum mnemonic on CPU when recovering 12-word mnemonics with missing words.
How did you get 1.1k permutations a second? Have you divided by an extra 60 by mistake? 12!/115/60 = 70k permutations a second, but that is assuming he had to search the entire space. Even assuming on average he would search half the space, that's still 35k/sec. I can get around 100k/sec on my hardware for a BIP39 seed phrase, but 35k is not unreasonable by any means. |
|
|
|
|
Coding Enthusiast
Legendary
Offline
Activity: 1039
Merit: 2783
Bitcoin and C♯ Enthusiast
|
|
September 09, 2023, 10:05:31 AM |
|
Nice catch, reference benchmark shows i7-8750 shows it has 33K permutation/sec[3]. So it's possible OP used sub optimal configuration.
Thanks for the link, that's very useful. For the sake of comparison the speed I reported above is using i3-6100 CPU with 4 threads. How did you get 1.1k permutations a second? Have you divided by an extra 60 by mistake?
That's embarrassing I must need some coffee too... |
|
|
|
|
