|
onemorexmr (OP)
|
 |
March 08, 2015, 11:40:15 AM |
|
at least he can remember some parts of it:
PW{bitcoin|bitcoin-wallet|bitcoin-core-wallet|bitcoin-kern-wallet|bitcoin-core|wallet|bitcoin-kern|bank|geld}123!
variants of "bitcoin" i have tested: bitcoin, BitCoin, Bitcoin
i have written a very small (and ugly) nodejs script which tries this permutations:
- first letter as uppercase (and camel e.g. Bitcoin-Core-Wallet and BitcoinCoreWallet)
- with removed '-'s
- leet-replacements
(all recursive) any other ideas or common mistypes i could check?
it only contains about 1btc - but for him thats much.
regards
|
|
|
|
|
|
|
|
|
In order to achieve higher forum ranks, you need both activity points and merit points.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
|
|
onemorexmr (OP)
|
|
March 08, 2015, 11:43:47 AM |
|
thank you. i'll give it a shot. i'll tell my friend if it worked and that he should donate something (he'll like do this) |
|
|
|
|
E.exchanger
|
|
March 08, 2015, 04:38:58 PM |
|
i guess here you can find few wallet recovery services but try the above mentioned script first so in case you have any luck with that you can have the whole recovered money  |
|
|
|
|
specgamer
Sr. Member
 Offline
Activity: 252
Merit: 250
I love bitcoins.
|
|
March 08, 2015, 09:25:30 PM |
|
Did some research this is a great way, I actually tried it out too. WORKS great  https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/ |
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ |
|
|
|
onemorexmr (OP)
|
|
March 08, 2015, 09:31:47 PM |
|
i fail to see how this is related to my question? (ah i see... sig ad ) i know how to secure my bitcoins... for 1btc (the only bitcoin my friend has) a wallet password is secure enough... he should just have written it down somewhere (damn) |
|
|
|
|
KaChingCoinDev
|
|
March 11, 2015, 01:15:32 PM |
|
Definitely want to use this: https://github.com/gurnec/btcrecoverThe developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for. |
|
|
|
|
|
btchris
|
|
March 13, 2015, 12:25:38 AM |
|
thank you. i'll give it a shot. i'll tell my friend if it worked and that he should donate something (he'll like do this) Hi, onemorexmr. By all means, if you have a question or need a hand with something, just let me know (here in this thread or via PM if you'd prefer). Definitely want to use this: https://github.com/gurnec/btcrecoverThe developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for. Uhhmm... wow.. I'm not even sure my wife would describe me so nicely  (Thanks!) |
|
|
|
|
|
onemorexmr (OP)
|
|
March 13, 2015, 12:39:07 AM |
|
thank you. i'll give it a shot. i'll tell my friend if it worked and that he should donate something (he'll like do this) Hi, onemorexmr. By all means, if you have a question or need a hand with something, just let me know (here in this thread or via PM if you'd prefer). Definitely want to use this: https://github.com/gurnec/btcrecoverThe developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for. Uhhmm... wow.. I'm not even sure my wife would describe me so nicely (Thanks!) well i tried... 12cores / 4days but i think its lost...i have given up... but i like this app! very good work from you and i will recommend it (in fact i already did in another thread) just one suggestion: sometimes people use chars between the tokens (eg bitcoin-core vs bitcoincore) would be nice if you could support that. another idea (though i have no idea if this is even possible to implement): i have started with a narrow token definition and with --typos=1. as this did not work i tried to widen that definition which has lead to many duplicate checks. would be nice if somehow this can be reduced. |
|
|
|
|
btchris
|
|
March 13, 2015, 01:23:49 AM |
|
well i tried... 12cores / 4days but i think its lost...i have given up...
Really sorry to hear that...  if it makes you feel any better, the reason I started working on this in the first place was to recover my own password... and despite a sh*tload of effort, I still haven't gotten it back yet.  but i like this app! very good work from you and i will recommend it (in fact i already did in another thread)
Thank you! just one suggestion: sometimes people use chars between the tokens (eg bitcoin-core vs bitcoincore) would be nice if you could support that.
I think this is a great idea. It would also help people who use passphrases with space-separated words. It's sort of possible to do today (by being clever with anchored tokens), but it's pretty painful. I'll definitely give this some thought. another idea (though i have no idea if this is even possible to implement): i have started with a narrow token definition and with --typos=1. as this did not work i tried to widen that definition which has lead to many duplicate checks. would be nice if somehow this can be reduced.
I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct? It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it... |
|
|
|
|
|
onemorexmr (OP)
|
|
March 13, 2015, 01:30:35 AM |
|
I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?
It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...
exactly... just one idea: use the old autosave file to calculate the old worldlist again and skip all entries for the new one (this may require to save the token / typos file inside the autosave). then its just the question what is faster: try the password or search it but i dont have any good solution for this problem, just a thought which came to my mind after trying it. |
|
|
|
|
btchris
|
|
March 13, 2015, 02:05:20 AM |
|
I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?
It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...
exactly... just one idea: use the old autosave file to calculate the old worldlist again and skip all entries for the new one (this may require to save the token / typos file inside the autosave). Agreed that could work, but I've intentionally avoided saving any sensitive information inside the autosave file. I save the command-line arguments in plaintext, but I only save an SHA1 of the tokenlist file in the autosave. It's bad enough with all of the insecure handling of password information that I do (see here), so I really wanted to avoid surprisingly saving any sensitive data inside the autosave file. (I only bother saving an SHA1 of the tokenlist file to ensure that someone doesn't try to resume a session with a changed tokenlist file, which would be a pretty bad idea...) |
|
|
|
|
|
onemorexmr (OP)
|
|
March 13, 2015, 02:13:09 AM |
|
Agreed that could work, but I've intentionally avoided saving any sensitive information inside the autosave file. I save the command-line arguments in plaintext, but I only save an SHA1 of the tokenlist file in the autosave. It's bad enough with all of the insecure handling of password information that I do (see here), so I really wanted to avoid surprisingly saving any sensitive data inside the autosave file. (I only bother saving an SHA1 of the tokenlist file to ensure that someone doesn't try to resume a session with a changed tokenlist file, which would be a pretty bad idea...) a password for the autosave file is a little crazy... but you could extend your passwortcracker to crack your autosave file  couldnt resist... but as you said: you already dont handle passwords that well... imho a warning message should do it. is it possible to let the user enter a new password for wallet.dat as soon as you found it (maybe even let the user enter it as soon as you program starts (this seems(!) to be a good way to store it in mem: https://pypi.python.org/pypi/keyring)?edit: stop way to complex... the way to store this is: make a section in the token / typos file which contains the old values. that way you can even store multiple runs. eg token1 token2 [before] token1 [before] token2 this shouldnt change anything in your security/thread model. |
|
|
|
|
btchris
|
|
March 13, 2015, 02:27:32 AM |
|
a password for the autosave file is a little crazy... but you could extend your passwortcracker to crack your autosave file couldnt resist...  is it possible to let the user enter a new password for wallet.dat as soon as you found it (maybe even let the user enter it as soon as you program starts (this seems(!) to be a good way to store it in mem: https://pypi.python.org/pypi/keyring)?That hurts my head to even think about.... btcrecover supports (depending on how you count) between 10 and 15 different wallet formats, and for many of them it only understands the bare minimum required to test passwords (and not nearly enough to read or write an entire wallet file). Cool library though (keyring), I haven't heard of it before. edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.
eg
token1
token2
[before]
token1
[before]
token2
this shouldnt change anything in your security/thread model.
That's an interesting idea. Keep in mind it's not just the token / typos-map files that that I need to keep track of, it's also the command-line options too. Still, that could be doable. (FYI I'm signing off for the night.) |
|
|
|
|
|
btchris
|
|
March 13, 2015, 01:22:46 PM |
|
edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.
eg
token1
token2
[before]
token1
[before]
token2
this shouldnt change anything in your security/thread model.
That's an interesting idea. Keep in mind it's not just the token / typos-map files that that I need to keep track of, it's also the command-line options too. Still, that could be doable. So here's what I'm thinking. New feature 1: add an "--exclude-passwordlist [FILE]" command line option. Passwords read from the FILE will be skipped. FILE defaults to stdin. This allows you to run btcrecover along these lines: btcrecover --tokenlist old-tokens.txt --listpass | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat You could even combine multiple old runs, e.g. (Linux / OS X only): ( btcrecover --tokenlist old-tokens-1.txt --listpass ; btcrecover --tokenlist old-tokens-2.txt --listpass ) | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat (maybe) new feature 2: add an "--exclude-tokenlist FILE" command line option (FILE is required). btcrecover --exclude-tokenlist old-tokens.txt --tokenlist new-tokens.txt --wallet wallet.dat It's a little more convenient than the first feature for common cases, but it's less flexible and more difficult to implement. (BTW I definitely liked your idea of multiple sections in a single tokenlist file, but keeping the files separate would be easier to code.) What do you think? |
|
|
|
|
|
onemorexmr (OP)
|
|
March 13, 2015, 02:04:45 PM |
|
So here's what I'm thinking. New feature 1: add an "--exclude-passwordlist [FILE]" command line option. Passwords read from the FILE will be skipped. FILE defaults to stdin. This allows you to run btcrecover along these lines: btcrecover --tokenlist old-tokens.txt --listpass | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat You could even combine multiple old runs, e.g. (Linux / OS X only): ( btcrecover --tokenlist old-tokens-1.txt --listpass ; btcrecover --tokenlist old-tokens-2.txt --listpass ) | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat (maybe) new feature 2: add an "--exclude-tokenlist FILE" command line option (FILE is required). btcrecover --exclude-tokenlist old-tokens.txt --tokenlist new-tokens.txt --wallet wallet.dat It's a little more convenient than the first feature for common cases, but it's less flexible and more difficult to implement. (BTW I definitely liked your idea of multiple sections in a single tokenlist file, but keeping the files separate would be easier to code.) What do you think? i really like it - esp with pipes that way even other typos-file and options will work easily... and it follows the unix-philosphy... i'd really like to help you (and increase my py skills) but i am busy developing monero-tools atm...maybe in a few month |
|
|
|
|
btchris
|
|
March 19, 2015, 10:47:22 PM |
|
i really like it - esp with pipes that way even other typos-file and options will work easily... and it follows the unix-philosphy... i'd really like to help you (and increase my py skills) but i am busy developing monero-tools atm...maybe in a few month FYI a just committed a version with an --exclude-passwordlist option. |
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
March 20, 2015, 04:51:03 AM |
|
Out of curiosity did you happen to be able to get password? Know it 's a long shot but I like when a story ends happy |
|
|
|
|
|
yeponlyone
|
|
March 20, 2015, 05:43:42 AM |
|
Its very hard to get the password since the encryption of wallet.dat is designed such that the rate of tries would be slow. Unless your friend has a weak password or some idea what the password is, it would nearly be impossible to recover the password.
|
|
|
|
|
ebliever
Legendary
Offline
Activity: 1708
Merit: 1035
|
|
March 20, 2015, 04:32:18 PM |
|
i fail to see how this is related to my question? (ah i see... sig ad ) i know how to secure my bitcoins... for 1btc (the only bitcoin my friend has) a wallet password is secure enough... he should just have written it down somewhere (damn) Yes, for non-trivial accounts, passwords should be stored somewhere besides a person's mind. The risk over a lifetime of a head injury, or just going 10 years without using it and forgetting it, is too great. Unless it's a very simple password in which case the account is not secure anyway. The recording of the password, of course, should be done with care. It should be in a secured location, and not plainly spell out what software/system the password is for, if practical. (A spouse, child, parent etc., or instructions in a will or similar setup should have the knowledge required to retrieve the password and access to the wallet as well. Many people are not thinking long term on this.) |
Luke 12:15-21
Ephesians 2:8-9
|
|
|
|
