Encrypted wallet.dat, lost password, any solutions?

[fran2k]

Btcrecover seems the very best password recovery tool, the tool set is impressive. Did anyone go through the code to check that it doesn't do anything malicious?

I'll take that as a compliment

But as far as I know, nobody has done so. The Python code is long (approaching 4k lines mostly in a single file) and complicated, and "evolved" into its current somewhat messy state (as opposed to being well planned out, sorry...).

However I did write some "extract" scripts that are short and fairly easy to understand documented here: https://github.com/gurnec/btcrecover/blob/master/extract-scripts/README.md. The idea was that you could run one of the extract scripts directly on your wallet file, copy/paste the base64-encoded results into a VM w/o network access, and then not worry about what btcrecover might do with it (assuming you read and understood the short extract script). At worst, it could waste a bunch of CPU/GPU time, but at least it couldn't steal you wallet.

Of course, all that only really helps if you're already somewhat of a "techie" who knows how to set up a VM. I suspect that many people who choose to run btcrecover are not techies, and are putting themselves at risk (speaking as objectively as I can, of course as the code monkey who wrote it, I claim it's perfectly safe ).

I recommend you to to write a dedicated post for your tool, I think it deserves it!

Yes, I was going to suggest this same to you. I found your soft quite useful for some recovery works I'd done, including the recovery scripts. Sometime later I missed the link and I went quite mad looking back to the old posts, so it will be quite useful if there is a thread for your great app. And Thanks!

[btchris]

Btcrecover seems the very best password recovery tool, the tool set is impressive. Did anyone go through the code to check that it doesn't do anything malicious?

I'll take that as a compliment

But as far as I know, nobody has done so. The Python code is long (approaching 4k lines mostly in a single file) and complicated, and "evolved" into its current somewhat messy state (as opposed to being well planned out, sorry...).

However I did write some "extract" scripts that are short and fairly easy to understand documented here: https://github.com/gurnec/btcrecover/blob/master/extract-scripts/README.md. The idea was that you could run one of the extract scripts directly on your wallet file, copy/paste the base64-encoded results into a VM w/o network access, and then not worry about what btcrecover might do with it (assuming you read and understood the short extract script). At worst, it could waste a bunch of CPU/GPU time, but at least it couldn't steal you wallet.

Of course, all that only really helps if you're already somewhat of a "techie" who knows how to set up a VM. I suspect that many people who choose to run btcrecover are not techies, and are putting themselves at risk (speaking as objectively as I can, of course as the code monkey who wrote it, I claim it's perfectly safe ).

I recommend you to to write a dedicated post for your tool, I think it deserves it!

Yes, I was going to suggest this same to you. I found your soft quite useful for some recovery works I'd done, including the recovery scripts. Sometime later I missed the link and I went quite mad looking back to the old posts, so it will be quite useful if there is a thread for your great app. And Thanks!

You're welcome, and thank you for the kind words.

I'll definitely be starting a new thread (in the Tech Support section). I'm waiting until I have a bit of time to finish up some documentation on Unicode support, and then I'll start one. Thanks for the advice!

[mricha]

Hi all, n00b and oafy moron here,

I lost the password for my Bitcoin wallet because I wrote it down on a notebook that had very weak binding. The wallet only has .3164557 BT, but I'm poor and only make $2500 a year so that's a lot for me. Like, enough to feed me for a month.

I run Bitcore 64-bit on Windows 8. The password was really random but I have some general ideas about it. It was definitely between 9 and 13 characters, but probably only 10 or 11. It had uppercase letters, lowercase letters, numbers, punctuation (maybe), and symbols, but only symbols that come standard on a Us keyboard. I'm almost certain it didn't have any vowels. I don't think it had an exclamation point or an @ sign. I generally like to use percentages signs, ^s, ampersands, and asterisks a lot. When I think of the letters things like q, r, w, c, v, k, and p come to mind. I'm almost absolutely positive it had a y, either uppercase or lowercase. The y was probably next to a couple of 2s? And the 2s I think were near some parentheses, either (, ), ((, or )). I don't think I've ever used a 5 in a password.  How screwed am I, on a scale of 1 to 10?

Also, I backed up my wallet on a flashdrive. I'm not sure if the most recent backup file was before or after I encrypted the wallet. If it was before I encrypted the wallet, it was also certainly before I received the .3164557 BT in funds. If I attempt to restore from the backup will it wipe out all the funds I've gotten since?

Help is greatly appreciated, even though I'm poor and really don't have much to give!

[btchris]

How screwed am I, on a scale of 1 to 10?

With 1 being least and 10 being most screwed... around 8ish I'd guess, maybe higher...

Also, I backed up my wallet on a flashdrive. I'm not sure if the most recent backup file was before or after I encrypted the wallet. If it was before I encrypted the wallet, it was also certainly before I received the .3164557 BT in funds. If I attempt to restore from the backup will it wipe out all the funds I've gotten since?

As long as you didn't create a bunch (100ish) of new addresses or outgoing transactions, restoring from your backup has a much better chance of restoring your funds if the backup isn't encrypted.

Take a backup of your existing wallet.dat file first, and then restore the older backup. If there is zero balance, close Bitcoin and try running it with the -rescan option, e.g. go to Start -> Run, and type "C:\Program Files\Bitcoin\bitcoin-qt.exe -rescan". Hopefully this helps...

[mricha]

My backup file is from before I encrypted the wallet. I replaced the wallet .dat file in my roaming data with the backup file, ran the wallet with the rescan tag, and now I have 0 BTC in my wallet. It says it couldn't find the blockchain. It actually says "No Block Source Available." Any idea how to fix this?

[mricha]

Okay, the problem was that I needed to rename the backup file wallet.dat when I put it in the roaming data. I rescanned after that. However, it only lists 3 transactions from June before I encrypted my wallet, and I have 0 BTC in my account. It's as if the receiving addresses from after my wallet encryption didn't load. What do I do?

[dooglus]

Okay, the problem was that I needed to rename the backup file wallet.dat when I put it in the roaming data. I rescanned after that. However, it only lists 3 transactions from June before I encrypted my wallet, and I have 0 BTC in my account. It's as if the receiving addresses from after my wallet encryption didn't load. What do I do?

Wallets backups include a pool of 100 (by default) addresses that it didn't show you yet, so you're good for the next 100 addresses you use (as new receiving addresses or change addresses).

When you encrypt a wallet, it deletes the old 100 unshown addresses and makes up a new 100 addresses, because the old ones have been written to disk unencrypted and so must be considered compromised. Your old unencrypted wallet backup won't include any private keys for addresses which you hadn't seen until after you encrypted.

Edit: if you encrypt using the RPC call, it tells you:

"wallet encrypted; Bitcoin server stopping, restart to run with encrypted wallet. The keypool has been flushed, you need to make a new backup."

I expect the GUI gives a similar warning.

Edit2: yeah:

Code:

                    QMessageBox::warning(this, tr("Wallet encrypted"),
                                         "<qt>" +
                                         tr("Bitcoin will close now to finish the encryption process. "
                                         "Remember that encrypting your wallet cannot fully protect "
                                         "your bitcoins from being stolen by malware infecting your computer.") +
                                         "<br><br><b>" +
                                         tr("IMPORTANT: Any previous backups you have made of your wallet file "
                                         "should be replaced with the newly generated, encrypted wallet file. "
                                         "For security reasons, previous backups of the unencrypted wallet file "
                                         "will become useless as soon as you start using the new, encrypted wallet.") +
                                         "</b></qt>");

As long as you didn't create a bunch (100ish) of new addresses or outgoing transactions, restoring from your backup has a much better chance of restoring your funds if the backup isn't encrypted.

Unfortunately that isn't true.

[btchris]

As long as you didn't create a bunch (100ish) of new addresses or outgoing transactions, restoring from your backup has a much better chance of restoring your funds if the backup isn't encrypted.

Unfortunately that isn't true.

Dooglus is right, and I was wrong. Thanks for the correction, dooglus. (I should have known better, I've read that code before....)

mricha, my sincere apologies for the false sense of hope. I'd suggest you start by reading one of DannyHamilton's excellent posts in this thread, perhaps this one: https://bitcointalk.org/index.php?topic=85495.msg6591146#msg6591146. If you can remember enough details of your password, it may be possible to find it, but what you've remembered so far probably isn't specific enough.

I'd be happy to help you try a brute forcing tool (such as those mentioned above) if you can remember enough details.

Code:

bool CWallet::EncryptWallet(const SecureString& strWalletPassphrase)
...
    Unlock(strWalletPassphrase);
    NewKeyPool();
    Lock();
...
bool CWallet::NewKeyPool()
...
    BOOST_FOREACH(int64_t nIndex, setKeyPool)
        walletdb.ErasePool(nIndex);
    setKeyPool.clear();
...

[tkachev]

I forgot my new password in bitcoin core, but i remember old password and i have old version of wallet.dat (with old password).
If i just replace it will it help me to take control and not loose today balance?
I am not sure and afraid of this step. Need advise!

[xxxgoodgirls]

I forgot my new password in bitcoin core, but i remember old password and i have old version of wallet.dat (with old password).
If i just replace it will it help me to take control and not loose today balance?
I am not sure and afraid of this step. Need advise!

Yes sure, just replace your wallet.dat while your bitcoincore-qt is NOT running.
Backup you newest wallet.dat as well.

[tkachev]

Thanks a lot! I'l try.

[fran2k]

I forgot my new password in bitcoin core, but i remember old password and i have old version of wallet.dat (with old password).
If i just replace it will it help me to take control and not loose today balance?
I am not sure and afraid of this step. Need advise!

Yes sure, just replace your wallet.dat while your bitcoincore-qt is NOT running.
Backup you newest wallet.dat as well.

You will get access to the address you had in your old wallet, if you imported new addresses in the meantime that will not be recovered using your backup.

[lapada]

Hello there. I am trying to recover a password of which I think I know the first letters, but where I can't remember the last ones, which were digits if I remember well. So I did something like that:

Code:

#!/usr/bin/ruby
require 'base64'
require 'digest/sha2'
require 'open3'
require 'openssl'

# Put your best guess at your passphrase here
passphrase = 'guili'

# The full path to your electrum.dat or default_wallet
wallet_file = '/home/lapa/.electrum/wallets/default_wallet'

# Where to find Electrum.  Am using Ubuntu
$electrum = '/usr/bin/electrum'


def test(phrase)
  $cipher.reset
  $cipher.key = Digest::SHA256.digest(Digest::SHA256.digest(phrase))
  $cipher.update $seed
  $cipher.final
  puts phrase
  i,o,t = Open3.popen2e($electrum, "-o", "getseed")
  i.puts(phrase)
  i.close
  if t.value.success?
    puts "Found it! #{phrase}"
    exit
  end
rescue OpenSSL::Cipher::CipherError
end

def scramble(passphrase)
  characters = " !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
  list = []
  
  #add numbers at the end
  for i in 1..100000
    testphrase = passphrase.dup
    testphrase.concat(i.to_s)
    list << testphrase
  return list
end

wallet = File.read(wallet_file)
seed_base64 = wallet.match(/'seed': '([^']+)'/).captures.first
$seed = Base64.decode64(seed_base64)
$cipher = OpenSSL::Cipher.new('aes-256-cbc')
$cipher.iv = $seed.slice!(0,16)
Dir.chdir File.dirname $electrum
list1 = scramble(passphrase)
for i in list1 
  test i
end
puts "No luck."
exit 1

Problem is, the test does not test all possibilities as expected. Typically i get results like :

guili195
guili466
guili1051
guili1231
guili1370
guili2026
guili2476

As if, I don't why, some steps were jumped. I can write a bit python but this is the first time I am touching ruby. Please someone help ?

[btchris]

Hello there. I am trying to recover a password of which I think I know the first letters, but where I can't remember the last ones, which were digits if I remember well.

I know I'm not exactly answering your question (sorry, I don't really know ruby either), but if you'd like to try btcrecover (if someone with ruby experience doesn't respond), I can help you with that.

You'd basically need to download it (from the "download zip" button at the page linked above), and then take what's below and save it to a text file named "btcrecover-tokens-auto.txt" in the same directory as the Python script, and then follow the instructions under Quick Start in the Tutorial.

Code:

#--pause --wallet /home/lapa/.electrum/wallets/default_wallet
guili%1,6d

Let me know if you have any questions...

[lapada]

Oh, i did not know it existed. I'll try that and keep you posted ! Thanks a lot ! 

[Revalin]

Problem is, the test does not test all possibilities as expected. Typically i get results like :

guili195
guili466
guili1051
guili1231
guili1370
guili2026
guili2476

As if, I don't why, some steps were jumped. I can write a bit python but this is the first time I am touching ruby. Please someone help ?

My script takes a shortcut.  Electrum doesn't stretch the wallet seed (more here: https://bitcointalk.org/index.php?topic=330672.0) and most passphrases can be rejected before stretching.

The script is written to be compact instead of readable so it's hard to spot it.  The shortcut is: given an invalid key, "$cipher.final" raises a CipherError exception; the program then jumps to "rescue OpenSSL::Cipher::CipherError", skipping the lines where it prints and tests the passphrase.

[Cheebub]

Hello,

I'd just like to add a recommendation for http://www.walletrecoveryservices.com/ as a way of possibly recovering a lost password.

I'm brand new to Bitcoin and with my very first transaction had incorrectly written down my password!!!

Dave at walletrecoveryservices.com managed to recover my password with only the information of what I originally thought my password was.

He charges 20% of the wallet amount (not much in my case) and was totally trustworthy. With all the stories around hacking and dodgy activities flying around, it was nice to have this experience when just getting started.

So thanks Dave 

[Furio]

Hello,

I'd just like to add a recommendation for http://www.walletrecoveryservices.com/ as a way of possibly recovering a lost password.

I'm brand new to Bitcoin and with my very first transaction had incorrectly written down my password!!!

Dave at walletrecoveryservices.com managed to recover my password with only the information of what I originally thought my password was.

He charges 20% of the wallet amount (not much in my case) and was totally trustworthy. With all the stories around hacking and dodgy activities flying around, it was nice to have this experience when just getting started.

So thanks Dave 

I think I need his services too, can't recover my 5 btc

[btchris]

Dave at walletrecoveryservices.com managed to recover my password with only the information of what I originally thought my password was.

He charges 20% of the wallet amount (not much in my case) and was totally trustworthy. With all the stories around hacking and dodgy activities flying around, it was nice to have this experience when just getting started.

So thanks Dave 

I think I need his services too, can't recover my 5 btc

If you'd like to try to recover it yourself, here's the Quick Start for an open source (free) tool called btcrecover: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial. It does take a bit of work to get it set up and running, though. (Full disclosure: I'm the author of that tool.)

If you have any questions about it, just let me know.

Although I've never dealt with Dave personally, he's gotten nothing but good reviews from what I can tell, so that seems like a good option too.

[Narydu]

Christopher, I´m planing to try out your software, I´ve seen your updates upto today inclusive. Any suggestions running on Windows. Can i´t be run offline :-)