Bitcoin Forum
November 17, 2024, 07:07:54 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: my best friend lost his wallet password..  (Read 2981 times)
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 08, 2015, 11:40:15 AM
 #1

at least he can remember some parts of it:

PW{bitcoin|bitcoin-wallet|bitcoin-core-wallet|bitcoin-kern-wallet|bitcoin-core|wallet|bitcoin-kern|bank|geld}123!

variants of "bitcoin" i have tested: bitcoin, BitCoin, Bitcoin

i have written a very small (and ugly) nodejs script which tries this permutations:
 - first letter as uppercase (and camel e.g. Bitcoin-Core-Wallet and BitcoinCoreWallet)
 - with removed '-'s
 - leet-replacements

(all recursive) any other ideas or common mistypes i could check?

it only contains about 1btc - but for him thats much.

regards

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
elasticband
Legendary
*
Offline Offline

Activity: 1036
Merit: 1000


Nighty Night Don't Let The Trolls Bite Nom Nom Nom


View Profile
March 08, 2015, 11:41:54 AM
 #2

https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalk.org/index.php?action=profile;u=1171
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 08, 2015, 11:43:47 AM
 #3

https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalk.org/index.php?action=profile;u=1171

thank you. i'll give it a shot.
i'll tell my friend if it worked and that he should donate something (he'll like do this)

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
E.exchanger
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


NEED CRYPTO CODER? COIN DEVELOPER? PM US FOR HELP!


View Profile
March 08, 2015, 04:38:58 PM
 #4

i guess here you can find few wallet recovery services but try the above mentioned script first so in case you have any luck with that you can have the whole recovered money Smiley
specgamer
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250

I love bitcoins.


View Profile
March 08, 2015, 09:25:30 PM
 #5

Did some research this is a great way, I actually tried it out too. WORKS great Wink
https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
▓▓▓▓▓  BIT-X.comvvvvvvvvvvvvvvi
→ CREATE ACCOUNT 
▓▓▓▓▓
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 08, 2015, 09:31:47 PM
 #6

Did some research this is a great way, I actually tried it out too. WORKS great Wink
https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/

i fail to see how this is related to my question? (ah i see... sig ad Wink )
i know how to secure my bitcoins...

for 1btc (the only bitcoin my friend has) a wallet password is secure enough... he should just have written it down somewhere (damn)

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
March 11, 2015, 01:15:32 PM
 #7

Definitely want to use this: https://github.com/gurnec/btcrecover

The developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for.
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
March 13, 2015, 12:25:38 AM
 #8


thank you. i'll give it a shot.
i'll tell my friend if it worked and that he should donate something (he'll like do this)

Hi, onemorexmr. By all means, if you have a question or need a hand with something, just let me know (here in this thread or via PM if you'd prefer).


https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalk.org/index.php?action=profile;u=1171

Definitely want to use this: https://github.com/gurnec/btcrecover

The developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for.

Uhhmm... wow.. I'm not even sure my wife would describe me so nicely Tongue (Thanks!)
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 13, 2015, 12:39:07 AM
 #9


thank you. i'll give it a shot.
i'll tell my friend if it worked and that he should donate something (he'll like do this)

Hi, onemorexmr. By all means, if you have a question or need a hand with something, just let me know (here in this thread or via PM if you'd prefer).


https://github.com/gurnec/btcrecover

This happened to me a few weeks back, this solved it all, amazing tool!

If it works please make a donation to the developer. You can PM himm on this forum for help, really nice friendly patient guy!

https://bitcointalk.org/index.php?action=profile;u=1171

Definitely want to use this: https://github.com/gurnec/btcrecover

The developer is here on the forums, and is super nice. It is easy to use too. I forgot my password a few weeks ago, and it would of recovered it, except I remembered it as I was entering phrases to search for.

Uhhmm... wow.. I'm not even sure my wife would describe me so nicely Tongue (Thanks!)

well i tried... 12cores / 4days but i think its lost...i have given up...
but i like this app! very good work from you and i will recommend it (in fact i already did in another thread)

just one suggestion: sometimes people use chars between the tokens (eg bitcoin-core vs bitcoincore) would be nice if you could support that.

another idea (though i have no idea if this is even possible to implement): i have started with a narrow token definition and with --typos=1. as this did not work i tried to widen that definition which has lead to many duplicate checks. would be nice if somehow this can be reduced.

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
March 13, 2015, 01:23:49 AM
 #10

well i tried... 12cores / 4days but i think its lost...i have given up...

Really sorry to hear that... Sad if it makes you feel any better, the reason I started working on this in the first place was to recover my own password... and despite a sh*tload of effort, I still haven't gotten it back yet. Roll Eyes

but i like this app! very good work from you and i will recommend it (in fact i already did in another thread)

Thank you!

just one suggestion: sometimes people use chars between the tokens (eg bitcoin-core vs bitcoincore) would be nice if you could support that.

I think this is a great idea. It would also help people who use passphrases with space-separated words. It's sort of possible to do today (by being clever with anchored tokens), but it's pretty painful. I'll definitely give this some thought.

another idea (though i have no idea if this is even possible to implement): i have started with a narrow token definition and with --typos=1. as this did not work i tried to widen that definition which has lead to many duplicate checks. would be nice if somehow this can be reduced.

I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?

It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 13, 2015, 01:30:35 AM
 #11


I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?

It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...

exactly...

just one idea: use the old autosave file to calculate the old worldlist again and skip all entries for the new one (this may require to save the token / typos file inside the autosave).
then its just the question what is faster: try the password or search it

but i dont have any good solution for this problem, just a thought which came to my mind after trying it.

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
March 13, 2015, 02:05:20 AM
 #12


I think I understand what you're saying. If you run btcrecover with expanded parameters, it would be nice if it didn't check passwords that it checked during the last run, is that correct?

It does have some limited ability to do that with --min-typos and --min-tokens, but it's not ideal. TBH, I'm not sure how to improve it...

exactly...

just one idea: use the old autosave file to calculate the old worldlist again and skip all entries for the new one (this may require to save the token / typos file inside the autosave).

Agreed that could work, but I've intentionally avoided saving any sensitive information inside the autosave file. I save the command-line arguments in plaintext, but I only save an SHA1 of the tokenlist file in the autosave. It's bad enough with all of the insecure handling of password information that I do (see here), so I really wanted to avoid surprisingly saving any sensitive data inside the autosave file. (I only bother saving an SHA1 of the tokenlist file to ensure that someone doesn't try to resume a session with a changed tokenlist file, which would be a pretty bad idea...)
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 13, 2015, 02:13:09 AM
 #13


Agreed that could work, but I've intentionally avoided saving any sensitive information inside the autosave file. I save the command-line arguments in plaintext, but I only save an SHA1 of the tokenlist file in the autosave. It's bad enough with all of the insecure handling of password information that I do (see here), so I really wanted to avoid surprisingly saving any sensitive data inside the autosave file. (I only bother saving an SHA1 of the tokenlist file to ensure that someone doesn't try to resume a session with a changed tokenlist file, which would be a pretty bad idea...)

a password for the autosave file is a little crazy... but you could extend your passwortcracker to crack your autosave file Cheesy couldnt resist...

but as you said: you already dont handle passwords that well...
imho a warning message should do it.

is it possible to let the user enter a new password for wallet.dat as soon as you found it (maybe even let the user enter it as soon as you program starts (this seems(!) to be a good way to store it in mem: https://pypi.python.org/pypi/keyring)?

edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.

eg
token1
token2

[before]
token1

[before]
token2

this shouldnt change anything in your security/thread model.

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
March 13, 2015, 02:27:32 AM
 #14

a password for the autosave file is a little crazy... but you could extend your passwortcracker to crack your autosave file Cheesy couldnt resist...

Grin

is it possible to let the user enter a new password for wallet.dat as soon as you found it (maybe even let the user enter it as soon as you program starts (this seems(!) to be a good way to store it in mem: https://pypi.python.org/pypi/keyring)?

That hurts my head to even think about.... btcrecover supports (depending on how you count) between 10 and 15 different wallet formats, and for many of them it only understands the bare minimum required to test passwords (and not nearly enough to read or write an entire wallet file).

Cool library though (keyring), I haven't heard of it before.

edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.

eg
token1
token2

[before]
token1

[before]
token2

this shouldnt change anything in your security/thread model.

That's an interesting idea. Keep in mind it's not just the token / typos-map files that that I need to keep track of, it's also the command-line options too. Still, that could be doable.

(FYI I'm signing off for the night.)
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
March 13, 2015, 01:22:46 PM
 #15

edit: stop way to complex... the way to store this is:
make a section in the token / typos file which contains the old values. that way you can even store multiple runs.

eg
token1
token2

[before]
token1

[before]
token2

this shouldnt change anything in your security/thread model.

That's an interesting idea. Keep in mind it's not just the token / typos-map files that that I need to keep track of, it's also the command-line options too. Still, that could be doable.

So here's what I'm thinking.

New feature 1: add an "--exclude-passwordlist [FILE]" command line option. Passwords read from the FILE will be skipped. FILE defaults to stdin.

This allows you to run btcrecover along these lines:
Code:
btcrecover --tokenlist old-tokens.txt --listpass | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

You could even combine multiple old runs, e.g. (Linux / OS X only):
Code:
( btcrecover --tokenlist old-tokens-1.txt --listpass ; btcrecover --tokenlist old-tokens-2.txt --listpass ) | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

(maybe) new feature 2: add an "--exclude-tokenlist FILE" command line option (FILE is required).

Code:
btcrecover --exclude-tokenlist old-tokens.txt --tokenlist new-tokens.txt --wallet wallet.dat

It's a little more convenient than the first feature for common cases, but it's less flexible and more difficult to implement.

(BTW I definitely liked your idea of multiple sections in a single tokenlist file, but keeping the files separate would be easier to code.)

What do you think?
onemorexmr (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
March 13, 2015, 02:04:45 PM
 #16


So here's what I'm thinking.

New feature 1: add an "--exclude-passwordlist [FILE]" command line option. Passwords read from the FILE will be skipped. FILE defaults to stdin.

This allows you to run btcrecover along these lines:
Code:
btcrecover --tokenlist old-tokens.txt --listpass | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

You could even combine multiple old runs, e.g. (Linux / OS X only):
Code:
( btcrecover --tokenlist old-tokens-1.txt --listpass ; btcrecover --tokenlist old-tokens-2.txt --listpass ) | btcrecover --exclude-passwordlist --tokenlist new-tokens.txt --wallet wallet.dat

(maybe) new feature 2: add an "--exclude-tokenlist FILE" command line option (FILE is required).

Code:
btcrecover --exclude-tokenlist old-tokens.txt --tokenlist new-tokens.txt --wallet wallet.dat

It's a little more convenient than the first feature for common cases, but it's less flexible and more difficult to implement.

(BTW I definitely liked your idea of multiple sections in a single tokenlist file, but keeping the files separate would be easier to code.)

What do you think?

i really like it - esp with pipes Wink
that way even other typos-file and options will work easily... and it follows the unix-philosphy...

i'd really like to help you (and increase my py skills) but i am busy developing monero-tools atm...maybe in a few month Wink

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
March 19, 2015, 10:47:22 PM
 #17

i really like it - esp with pipes Wink
that way even other typos-file and options will work easily... and it follows the unix-philosphy...

i'd really like to help you (and increase my py skills) but i am busy developing monero-tools atm...maybe in a few month Wink

FYI a just committed a version with an --exclude-passwordlist option.
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
March 20, 2015, 04:51:03 AM
 #18

Out of curiosity did you happen to be able to get password?

Know it 's a long shot but I like when a story ends happy Smiley
yeponlyone
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
March 20, 2015, 05:43:42 AM
 #19

Its very hard to get the password since the encryption of wallet.dat is designed such that the rate of tries would be slow. Unless your friend has a weak password or some idea what the password is, it would nearly be impossible to recover the password.
ebliever
Legendary
*
Offline Offline

Activity: 1708
Merit: 1036


View Profile
March 20, 2015, 04:32:18 PM
 #20

Did some research this is a great way, I actually tried it out too. WORKS great Wink
https://coinreport.net/coin-101/how-to-secure-your-bitcoin-wallet/

i fail to see how this is related to my question? (ah i see... sig ad Wink )
i know how to secure my bitcoins...

for 1btc (the only bitcoin my friend has) a wallet password is secure enough... he should just have written it down somewhere (damn)

Yes, for non-trivial accounts, passwords should be stored somewhere besides a person's mind. The risk over a lifetime of a head injury, or just going 10 years without using it and forgetting it, is too great. Unless it's a very simple password in which case the account is not secure anyway. The recording of the password, of course, should be done with care. It should be in a secured location, and not plainly spell out what software/system the password is for, if practical. (A spouse, child, parent etc., or instructions in a will or similar setup should have the knowledge required to retrieve the password and access to the wallet as well. Many people are not thinking long term on this.)

Luke 12:15-21

Ephesians 2:8-9
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!