Revalin
|
|
March 07, 2013, 08:37:22 AM |
|
Here's another version customized for a specific request. In this case he knows the start and end of his passphrase, but he forgot the number in between except that it definitely doesn't have any zeroes. Just edit in the parts you know where it says "pass" and "word". This may be useful for anyone in a "missing number" situation. You can set the start or end to "" (empty string) if the mystery number is at the end or beginning, and you can add 0 to the list of digits if yours might have a zero. #!/usr/bin/ruby -w
start = "pass" finish = "word"
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
(0..20).each do |length| [1,2,3,4,5,6,7,8,9].repeated_permutation(length) do |digits| test(start + digits.join + finish) end end
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
Revalin
|
|
March 08, 2013, 08:25:56 AM |
|
Another custom version: in this case he knows the start and end of the passphrase, but there are some words missing in the middle. This will try some of the most common English words in a classic dictionary attack. The words are all lowercase, no punctuation, and run together without spaces. Fill in the "start" and "finish" parts of the passphrase, choose how common of words you want, fill in your special words in dictionary_extra, then run it. I recommend using dictionary_size=5000 and max_words=2 for the first run, then 500 and 3 for the second run. 5000 and 3 will take far too long. #!/usr/bin/ruby -w
start = "pass" # This is the part at the start that you remember with 100% certainty finish = "word" # The end, which you also remember with 100% certainty dictionary_size = 5000 # The number of common English words to load from the online dictionary dictionary_extra = %w{one two three} # Some extra words which aren't in the dictionary max_words = 2 # The maximum number of words to try not including the start and finish parts max_word_length = 8 # Use only short words
require 'open-uri'
def test(phrase) printf "%40s ", phrase system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
dictionary = dictionary_extra dictionary += open('http://www.wordfrequency.info/free.asp?s=y') do |stream| stream .read .split('<tr>') .map{ |i| i.scan(%r{<td>(.*)</td>}).flatten[1] }[7,5000] end dictionary.reject!{|i| i.match(/[^a-z]/)} # Exclude words with punctuation dictionary.select!{|i| i.length <= max_word_length } # Only short words dictionary.map!(&:downcase) # Even proper nouns are lower case dictionary.uniq! # Filter out any duplicates dictionary = dictionary[0,dictionary_size] # only use this many words
(0..max_words).each do |num_words| dictionary.permutation(num_words) do |perm| test(start + perm.join + finish) end end
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
niklas
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 13, 2013, 03:26:29 PM |
|
I mangaged to solve my problems on my own:
The issue with the german umlauts seems to have to do with some encoding problems. It dissappeared when I used linux instead of Windows.
I am now running the script brute.rb on a virtual machine provided my Amazon using Linux. After registering for Amazon Web Services (AWS), you can use one of their smallest virtual machine instances ('micro') for free for one year. After starting the bitcoind, you just start the script like this:
ruby brute.rb > log.txt &
It then sends its output to log.txt and you can just logout. It takes quite some time, since the AWS micro instance is rather low on CPU power. An attempt to crack an 8 character password took about one week. However, it is absolutely free; you don't even have to pay for the electricity ...
Hi again, I keep having problems with Revalins script and the german umlaute (Ä Ö Ü). I have added them to brute.rb and then let the script try to find the correct password - no luck so far. Looking at the stream of passwords brute.rb tried I recognized that it always displayed question marks instead of the umlauts. Changing the character encoding of the terminal to 'Western" changed that. However, I remained suspicious. I let bitcoin create a new wallet (whilst renaming the one I do not know the password of) and encrypted this wallet with a password containing umlauts. If I now let this script run it does not find the correct password, no matter what character encoding I am using on the terminal. Does anyone have a solution for this problem? It could quite possibly be the case that my password contains umlauts since these are close on my keyboard to some of the characters i assume are contained in the password. Thanks
|
|
|
|
veryveryinteresting
Member
Offline
Activity: 60
Merit: 10
|
|
March 20, 2013, 10:21:06 PM |
|
Here's another version customized for a specific request. In this case he knows the start and end of his passphrase, but he forgot the number in between except that it definitely doesn't have any zeroes. Just edit in the parts you know where it says "pass" and "word". This may be useful for anyone in a "missing number" situation. You can set the start or end to "" (empty string) if the mystery number is at the end or beginning, and you can add 0 to the list of digits if yours might have a zero. #!/usr/bin/ruby -w
start = "pass" finish = "word"
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
(0..20).each do |length| [1,2,3,4,5,6,7,8,9].repeated_permutation(length) do |digits| test(start + digits.join + finish) end end My issue is I know the middle of the password, and I have digits on either end. I have no Ruby experience (or Linux) but I got your script working, however, I cannot figure out how to get it to input digits onto either side of my known password. Please help!
|
|
|
|
Amitabh S
Legendary
Offline
Activity: 1001
Merit: 1005
|
|
March 20, 2013, 10:29:52 PM |
|
Just a thought. If you send me the wallet.dat and password fragments, I can try some stuff here. Will you trust me? Depends on how many coins are there If reward is generous, I will try sending you code snippets.. Give more details. What type of wallet. Whats the length of passwd, what tool did you use to generate the password? Im guessing its a low entropy password if you remember part of it.. Tldr the prev posts in this thread yet..
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
March 20, 2013, 10:40:12 PM |
|
Does anyone have a solution for this problem? It could quite possibly be the case that my password contains umlauts since these are close on my keyboard to some of the characters i assume are contained in the password.
You need to identify the character set used to encode the password. It may be different than the character set used to encode the font displayed by the terminal program and different from the character sett used to store the text of your program in a file. http://en.wikipedia.org/wiki/Western_Latin_character_sets_(computing) Those are your basic choices. Note that the Unicode column can have several different encodings: UTF-7, UTF-8, UTF-16LE, UTF-16BE or UTF-32 (unlikely, but possible; and it still has big-endian and little-endian variants). Good luck.
|
|
|
|
viper1092
Newbie
Offline
Activity: 13
Merit: 0
|
|
March 21, 2013, 12:44:05 AM Last edit: March 22, 2013, 12:57:08 AM by viper1092 |
|
Hey! I have a very similar issue which I posted about here https://bitcointalk.org/index.php?topic=153452. I set up a BlockChain.info Wallet online. I gave it a 'main' password. I know this main password. The problem is I set the 'second password' which in effect performs double encryption, and I thought I knew that password! But it doesn't work Now, I've got 15 BTC in that wallet so it's definitely worth it for me to get back. To recap, I know the initial password that encrypted, and I'm confident I know most of the second password. My question is how do I go about brute forcing that? I have a .aes.json file with the priv keys that are backed up, but I have no idea on how to go about brute forcing it. I read the whole post and there are some awesome Ruby scripts, but they all target bitcoind, and I don't have the funds in a local wallet. Any help?
|
|
|
|
niklas
Newbie
Offline
Activity: 11
Merit: 0
|
|
March 21, 2013, 09:44:31 PM |
|
You need to identify the character set used to encode the password. It may be different than the character set used to encode the font displayed by the terminal program and different from the character sett used to store the text of your program in a file.
Thank you for your help, 2112. However, if I am honest I do only have a faint idea of how to accomplish what you describe. Does the bitcoin client use different encodings on different platforms? The wallet was encriptded on a German Windows 7 installation; for running Revalins script I now use a German Ubuntu 12.04. Do you have a concrete strategy how I could get Revalins script running using all characters on my keyboard? Thank you
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
March 21, 2013, 10:33:23 PM |
|
Thank you for your help, 2112.
However, if I am honest I do only have a faint idea of how to accomplish what you describe. Does the bitcoin client use different encodings on different platforms? The wallet was encriptded on a German Windows 7 installation; for running Revalins script I now use a German Ubuntu 12.04.
Do you have a concrete strategy how I could get Revalins script running using all characters on my keyboard?
Thank you
Well, you had a good idea to see if you can crack the known short password with umlauts. 1) I currently don't have access to any other machine except my single laptop, I really can't help you with details. In particular I'm almost illiterate in German. 2) verify if the "Language for non-Unicode programs" in Control Panel is still "German (Germany)". 3) using regedit.exe verify the settings in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage\ACP. It should probably be 1252 which means the Windows-1252 encoding was used for non-internationalized programs like Satoshi's client. Also note the OEMCP value from the same page. Ostensibly OEMCP is used only for DOS compatibility mode, but some programs use it because of bugs. 4) If you encrypted your wallet using bitcoin-Qt then verify that you can decrypt it from the command line by using bitcoind. 5) Make sure that the step 4) works for all umlauts you may have used, both lower-case and upper-case. 6) configure Ubuntu's terminal program to use Windows-1252 or if you access it from Windows via ssh configure your ssh client to use that encoding 7) rerun the test decryption of the known-password wallet on Ubuntu's command line. 8) verify that your Ruby program is using the correct encodings for umlauts 9) run the Ruby crack program While I'm almost illiterate in German I'm very familiar with the computer-specific problems encountered by German-speaking people, especially in multi-language places like Switzerland. Because of the QWERTY vs. QWERTZ vs. AZERTY keyboard layout issue, when you were entering your password sight-unseen you may have entered some other characters because of accidental switching of the keyboard layouts. Have you actually verified in the Language Bar that you were using the correct layout while typing your password?
|
|
|
|
veryveryinteresting
Member
Offline
Activity: 60
Merit: 10
|
|
March 22, 2013, 01:41:24 AM |
|
Just a thought. If you send me the wallet.dat and password fragments, I can try some stuff here. Will you trust me? Depends on how many coins are there If reward is generous, I will try sending you code snippets.. Give more details. What type of wallet. Whats the length of passwd, what tool did you use to generate the password? Im guessing its a low entropy password if you remember part of it.. Tldr the prev posts in this thread yet.. Why in the world would I trust you? You didn't even read the thread..... If you read the previous posts, it's possible for you to crack it without having the actual wallet.dat file itself. I am willing to pay a 1BTC reward to anyone who can help me out.
|
|
|
|
veryveryinteresting
Member
Offline
Activity: 60
Merit: 10
|
|
March 22, 2013, 01:51:00 AM |
|
I just used Revalin's code, but it doesn' work in Windows. I used its on a known password and it still said "error: canot connect to host". Can someone help me out please?
|
|
|
|
AdriKGB
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 23, 2013, 06:44:56 PM |
|
Thank you for your help, 2112.
However, if I am honest I do only have a faint idea of how to accomplish what you describe. Does the bitcoin client use different encodings on different platforms? The wallet was encriptded on a German Windows 7 installation; for running Revalins script I now use a German Ubuntu 12.04.
Do you have a concrete strategy how I could get Revalins script running using all characters on my keyboard?
Thank you
Well, you had a good idea to see if you can crack the known short password with umlauts. 1) I currently don't have access to any other machine except my single laptop, I really can't help you with details. In particular I'm almost illiterate in German. 2) verify if the "Language for non-Unicode programs" in Control Panel is still "German (Germany)". 3) using regedit.exe verify the settings in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage\ACP. It should probably be 1252 which means the Windows-1252 encoding was used for non-internationalized programs like Satoshi's client. Also note the OEMCP value from the same page. Ostensibly OEMCP is used only for DOS compatibility mode, but some programs use it because of bugs. 4) If you encrypted your wallet using bitcoin-Qt then verify that you can decrypt it from the command line by using bitcoind. 5) Make sure that the step 4) works for all umlauts you may have used, both lower-case and upper-case. 6) configure Ubuntu's terminal program to use Windows-1252 or if you access it from Windows via ssh configure your ssh client to use that encoding 7) rerun the test decryption of the known-password wallet on Ubuntu's command line. verify that your Ruby program is using the correct encodings for umlauts 9) run the Ruby crack program While I'm almost illiterate in German I'm very familiar with the computer-specific problems encountered by German-speaking people, especially in multi-language places like Switzerland. Because of the QWERTY vs. QWERTZ vs. AZERTY keyboard layout issue, when you were entering your password sight-unseen you may have entered some other characters because of accidental switching of the keyboard layouts. Have you actually verified in the Language Bar that you were using the correct layout while typing your password? Hi 2112, Does it mean that it is possible that if I created a wallet password in a PC which crashed, now in a new PC maybe Bitcoin-qt does not accept the password? If this is the case, and I don't know the encoding of regedit.exe, what can I do to be sure that I test all the encoding possibilities in the ubuntu's terminal? Thanks in advanced
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1073
|
|
March 23, 2013, 07:14:30 PM Last edit: March 23, 2013, 08:15:58 PM by 2112 |
|
Hi 2112,
Does it mean that it is possible that if I created a wallet password in a PC which crashed, now in a new PC maybe Bitcoin-qt does not accept the password?
If this is the case, and I don't know the encoding of regedit.exe, what can I do to be sure that I test all the encoding possibilities in the ubuntu's terminal?
Thanks in advanced
Anything is possible, especially in the presence of bugs or various typing-utilities/spelling-checkers/etc. Blind typing into the bitcoin-qt window is a classic failure mode for that, e.g. for Germans: Kongressstraße vs. Kongreßstraße. For KGB agents the example would be: Microsoft vs. Microsoft. (For non-KGB-agents: the second "c" is actually a cyrillic "s".) Edit: Oh, and guys, please don't race into registering the homo-glyph accounts for the Bitcoin luminaries. Registering as "Gavin-non-break-space-Andresen" is not that funny. Edit2: Fixed the external link.
|
|
|
|
wingsuit
Member
Offline
Activity: 64
Merit: 10
2100 trillion sats baby
|
|
March 25, 2013, 06:04:39 AM |
|
Hey! I have a very similar issue which I posted about here https://bitcointalk.org/index.php?topic=153452. I set up a BlockChain.info Wallet online. I gave it a 'main' password. I know this main password. The problem is I set the 'second password' which in effect performs double encryption, and I thought I knew that password! But it doesn't work Now, I've got 15 BTC in that wallet so it's definitely worth it for me to get back. To recap, I know the initial password that encrypted, and I'm confident I know most of the second password. My question is how do I go about brute forcing that? I have a .aes.json file with the priv keys that are backed up, but I have no idea on how to go about brute forcing it. I read the whole post and there are some awesome Ruby scripts, but they all target bitcoind, and I don't have the funds in a local wallet. Any help? I had a slightly similar thing happen to me just the other day with blockchainwallet. I set a second pass and then went to test it but it failed over and over again. I had written the second pass to a text file which i was copy-pasting, but also typing and using the virtual keyboard neither of which worked. Then randomly on my 'enth paste attempt it worked. Hope you get yours back soon.
|
FLY
|
|
|
Revalin
|
|
March 29, 2013, 08:26:19 AM Last edit: March 29, 2013, 10:02:58 AM by Revalin |
|
And another: This person knows the middle of the password but forgot the digits on either side. #!/usr/bin/ruby
middle = "password" # The known part in the middle min_per_side = 1 # The minimum number of digits per side max_per_side = 4 # The maximum number of digits per side
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
((2 * min_per_side)..(2 * max_per_side)).each do |length| if length - max_per_side > min_per_side min_per_side = length - max_per_side end (0..(10**length-1)).each do |number| digits = ("%0#{length.to_s}d" % [number]).chars.to_a (min_per_side..(length - min_per_side)).each do |offset| left = digits[0,offset].join right = digits[offset,99].join test(left + middle + right) end end end
Edit: Improved to limit the max digits per side which will help with longer passphrases.
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
Hfleer
Sr. Member
Offline
Activity: 448
Merit: 250
Changing avatars is currently not possible.
|
|
March 29, 2013, 09:24:24 PM |
|
What if i know most of the characters, which are either in the very beginning or in the middle, but missing 3-5 characters(certain letters, numbers, and symbols), that are mostly at the end but might have one or two at beginning?
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
veryveryinteresting
Member
Offline
Activity: 60
Merit: 10
|
|
March 30, 2013, 05:33:05 AM |
|
And another: This person knows the middle of the password but forgot the digits on either side. #!/usr/bin/ruby
middle = "password" # The known part in the middle min_per_side = 1 # The minimum number of digits per side max_per_side = 4 # The maximum number of digits per side
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
((2 * min_per_side)..(2 * max_per_side)).each do |length| if length - max_per_side > min_per_side min_per_side = length - max_per_side end (0..(10**length-1)).each do |number| digits = ("%0#{length.to_s}d" % [number]).chars.to_a (min_per_side..(length - min_per_side)).each do |offset| left = digits[0,offset].join right = digits[offset,99].join test(left + middle + right) end end end
Edit: Improved to limit the max digits per side which will help with longer passphrases. Thanks Revalin! I am running it now...
|
|
|
|
Revalin
|
|
March 30, 2013, 06:08:06 AM Last edit: March 30, 2013, 06:20:39 AM by Revalin |
|
What if i know most of the characters, which are either in the very beginning or in the middle, but missing 3-5 characters(certain letters, numbers, and symbols), that are mostly at the end but might have one or two at beginning?
Then you need something like this: #!/usr/bin/ruby
middle = "password" # The known part in the middle min_left = 0 # The minimum number of chars on the left max_left = 2 # The maximum number of chars on the left max_total = 5 # The max total unknowns chars = 'abcd1234'.chars.to_a # Possible chars to choose from #chars << '\\' # ... plus backslash #chars << "'" # ... plus single quote
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
(1..max_total).each do |length| chars.repeated_permutation(length) do |str| max_offset = [max_left, length].min (min_left..max_offset).each do |offset| left = str.join[0,offset] right = str.join[offset,99] || "" test(left + middle + right) end end end
Fill in the part you know for middle= and put in the characters you want to try in chars= . If you want a backslash or single-quote then remove the # at the start of those lines. Try to keep the chars list small. The time required increases very rapidly as you add more: 10 characters = 8 hours; 20 characters = 11 days; 30 characters = 3 months.
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
Hfleer
Sr. Member
Offline
Activity: 448
Merit: 250
Changing avatars is currently not possible.
|
|
March 31, 2013, 12:46:07 AM |
|
What if i know most of the characters, which are either in the very beginning or in the middle, but missing 3-5 characters(certain letters, numbers, and symbols), that are mostly at the end but might have one or two at beginning?
Then you need something like this: #!/usr/bin/ruby
middle = "password" # The known part in the middle min_left = 0 # The minimum number of chars on the left max_left = 2 # The maximum number of chars on the left max_total = 5 # The max total unknowns chars = 'abcd1234'.chars.to_a # Possible chars to choose from #chars << '\\' # ... plus backslash #chars << "'" # ... plus single quote
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 when nil puts "Aborting" exit 1 end end
(1..max_total).each do |length| chars.repeated_permutation(length) do |str| max_offset = [max_left, length].min (min_left..max_offset).each do |offset| left = str.join[0,offset] right = str.join[offset,99] || "" test(left + middle + right) end end end
Fill in the part you know for middle= and put in the characters you want to try in chars= . If you want a backslash or single-quote then remove the # at the start of those lines. Try to keep the chars list small. The time required increases very rapidly as you add more: 10 characters = 8 hours; 20 characters = 11 days; 30 characters = 3 months. Thank you.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
legitnick
|
|
April 01, 2013, 10:30:58 AM |
|
What if you know the start of the password and some of the letters in the end?
|
|
|
|
|