Electrum - Bitcoin client for the common users (friendly and instant)

[Tachikoma]

I am not sure I undertand the problem.

[cedivad]

I am not sure I undertand the problem.

Downloaded Electrum, never inserted a password on it, it never showed me my seed, sent the money to his addresses, unable to recover them, i don't have the password.

Ok, just discovered that i already downloaded electrum on december, i must have set the password at the time. Just, i've tried all of my passwords...

[Tachikoma]

If it did not show the seed nor ask to restore a wallet or create a new one you already had an electrum wallet.

It lives in ~/.electrum so if you never touched that folder it's quite possible your wallet was still there. You will need your password to unlock your private keys, no other way around it. (unless you had your seed somewhere)

[cedivad]

Ok, i took a photo of the seed at the time.

Unfortunatelly there was a bug on the osx build that cutted of the last 2 "pixels" of the qr code. So, i have:
the qr code, without the last 2 pixels
the first 13 characters of the seed
the first 3 and last 3 words of the "word" seed.

i think that i should find a way out of this.

[cedivad]

the word seed: useless, completely. (the seed generation does a sort of hash of the word seed, so i cannot retrive the last parts of the seed with the last 4 words.
the qr code: the last 2 pixels on the line are missing, that means that there are around 2^50 combinations to try.
the seed: i have the first 13 characters, so not even half of the required.

[Tachikoma]

I thought qr codes came with redundancy build in. Perhaps Thomas might have something useful to contribute.

[cedivad]

I thought qr codes came with redundancy build in. Perhaps Thomas might have something useful to contribute.

Not so much redundancy as i can see it.

I will post here the pic i have, obscured:

[ThomasV]

hum, the picture does not look as bad as your private message suggests.
I can see that you have the 18 first chars of the seed (17 obscured, 1 visible) and the 4 final words.

With the last 3 words, you can get the last 8 hexadecimal characters easily (use the program mnemonic.py)

That means you have 104 bits of your seed.

In addition, you can use the 9th word to reduce the search a little bit, but you will need to reverse engineer the mnemonic encoding.
That would remove 10 bits of entropy.

So, the search space size is "only" 2^14. this sounds  feasible.

[cedivad]

With the last 3 words, you can get the last 8 hexadecimal characters easily (use the program mnemonic.py)

Looking at the source of mnemonic.py, i readed this:

# Note about US patent no 5892470: Here each word does not represent a given digit.
# Instead, the digit represented by a word is variable, it depends on the previous word.

I simply tough that the last 4 words where useless.

r:lib davide$ python mnemonic.py relax behind thought roar reality began song example clearly linger spill silence
f21e7bc6f29feb76aa7b20c6c77d6740
r:lib davide$ python mnemonic.py clearly linger spill silence
e6d7f877
r:lib davide$ python mnemonic.py linger spill silence
c77d6740
r:lib davide$

[cedivad]

Ok, i got it, the keys are generated at groups of 3. So with the last 3 words i have 8 hex chars.
I only miss 7 hex chars now, 16^7 = 200 million, it's cool, it shouldn't take long.

What i don't understand now is, can i do the process offline? Do i have to setup a your server application on my local pc/server? Do you keep an encrypted database or stuff like that?
In other words, what's the fastest way to check every single seed?

Thank you.

[marcus_of_augustus]

 

[ThomasV]

Ok, i got it, the keys are generated at groups of 3. So with the last 3 words i have 8 hex chars.
I only miss 7 hex chars now, 16^7 = 200 million, it's cool, it shouldn't take long.

What i don't understand now is, can i do the process offline? Do i have to setup a your server application on my local pc/server? Do you keep an encrypted database or stuff like that?
In other words, what's the fastest way to check every single seed?

Thank you.

you can do it offline: search until you get the same master public as in your encrypted wallet
note that you will need to follow the 10^5 iterations of key stretching (see stretch_key in the code)

you can gain 10 bits of entropy (a factor 1024 of speed) if you pre-generate all the possible combinations
of 32 bits that are compatible with your 9th word, for the bits 65 to 96 of the key.

[cedivad]

Ok, i just need to convert this

Code:

def init_mpk(self,seed):
        # public key
        curve = SECP256k1
        secexp = self.stretch_key(seed)
        master_private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
        self.master_public_key = master_private_key.get_verifying_key().to_string().encode('hex')

 def stretch_key(self,seed):
        oldseed = seed
        for i in range(100000):
            seed = hashlib.sha256(seed + oldseed).digest()
        return string_to_number( seed )

to something that can run on a GPU than.

[BkkCoins]

Have you tried rebuilding the QR code with an image editor. Once you fix the target in bottom left it should stand a better chance of scanning. Add some variations on the last 2 lines until you get one that scans. The error correcting built in may be good enough to work but it won't work without the targets for framing properly.

[cedivad]

Have you tied rebuilding the QR code with an image editor. Once you fix the target in bottom left it should stand a better chance of scanning. Add some variations on the last 2 lines until you get one that scans. The error correcting built in may be good enough to work but it won't work without the targets for framing properly.

I'm brute forcing my seed as Thomas suggested, 15 aws servers working on it right now...

Unfortunately Thomas used the low (level L) ECC, so only the 7% of the code can be corrupted. I did some tests, even erasing 7 bits of information from the picture it didn't work anymore.

I hope the brute force way to work.

Maybe I will leave some bitcoin on the wallet and share the uncensored picture, so that the craziest of you can enjoy the challenge.

I learned a lot today!

[phelix]

Have you tied rebuilding the QR code with an image editor. Once you fix the target in bottom left it should stand a better chance of scanning. Add some variations on the last 2 lines until you get one that scans. The error correcting built in may be good enough to work but it won't work without the targets for framing properly.

I'm brute forcing my seed as Thomas suggested, 15 aws servers working on it right now...

Unfortunately Thomas used the low (level L) ECC, so only the 7% of the code can be corrupted. I did some tests, even erasing 7 bits of information from the picture it didn't work anymore.

I hope the brute force way to work.

Maybe I will leave some bitcoin on the wallet and share the uncensored picture, so that the craziest of you can enjoy the challenge.

I learned a lot today!

It should be possible to manually read most of the data from the code. I have quite some experience with qr codes: https://asktom.cf/index.php?topic=30981     If you can trust me I will be glad to help for a reasonable bounty.

[cedivad]

Have you tied rebuilding the QR code with an image editor. Once you fix the target in bottom left it should stand a better chance of scanning. Add some variations on the last 2 lines until you get one that scans. The error correcting built in may be good enough to work but it won't work without the targets for framing properly.

I'm brute forcing my seed as Thomas suggested, 15 aws servers working on it right now...

Unfortunately Thomas used the low (level L) ECC, so only the 7% of the code can be corrupted. I did some tests, even erasing 7 bits of information from the picture it didn't work anymore.

I hope the brute force way to work.

Maybe I will leave some bitcoin on the wallet and share the uncensored picture, so that the craziest of you can enjoy the challenge.

I learned a lot today!

It should be possible to manually read most of the data from the code. I have quite some experience with qr codes: https://asktom.cf/index.php?topic=30981     If you can trust me I will be glad to help for a reasonable bounty.

The image I posted that I tough was from the electrum bitcoin wallet was instead of the litecoin electrum wallet.
So, the only chance now is to brute force the password. (Almost impossible)

[phelix]

Have you tied rebuilding the QR code with an image editor. Once you fix the target in bottom left it should stand a better chance of scanning. Add some variations on the last 2 lines until you get one that scans. The error correcting built in may be good enough to work but it won't work without the targets for framing properly.

I'm brute forcing my seed as Thomas suggested, 15 aws servers working on it right now...

Unfortunately Thomas used the low (level L) ECC, so only the 7% of the code can be corrupted. I did some tests, even erasing 7 bits of information from the picture it didn't work anymore.

I hope the brute force way to work.

Maybe I will leave some bitcoin on the wallet and share the uncensored picture, so that the craziest of you can enjoy the challenge.

I learned a lot today!

It should be possible to manually read most of the data from the code. I have quite some experience with qr codes: https://asktom.cf/index.php?topic=30981     If you can trust me I will be glad to help for a reasonable bounty.

The image I posted that I tough was from the electrum bitcoin wallet was instead of the litecoin electrum wallet.
So, the only chance now is to brute force the password. (Almost impossible)

remember the password or dig deep to find a piece of paper with the seed?

[phelix]

just ran into this https://asktom.cf/index.php?action=;topic=139043.0 [Electrum] Export private keys (Windows)

would be very nice to be able to do on windows, too.

[cedivad]

Have you tied rebuilding the QR code with an image editor. Once you fix the target in bottom left it should stand a better chance of scanning. Add some variations on the last 2 lines until you get one that scans. The error correcting built in may be good enough to work but it won't work without the targets for framing properly.

I'm brute forcing my seed as Thomas suggested, 15 aws servers working on it right now...

Unfortunately Thomas used the low (level L) ECC, so only the 7% of the code can be corrupted. I did some tests, even erasing 7 bits of information from the picture it didn't work anymore.

I hope the brute force way to work.

Maybe I will leave some bitcoin on the wallet and share the uncensored picture, so that the craziest of you can enjoy the challenge.

I learned a lot today!

It should be possible to manually read most of the data from the code. I have quite some experience with qr codes: https://asktom.cf/index.php?topic=30981     If you can trust me I will be glad to help for a reasonable bounty.

The image I posted that I tough was from the electrum bitcoin wallet was instead of the litecoin electrum wallet.
So, the only chance now is to brute force the password. (Almost impossible)

remember the password or dig deep to find a piece of paper with the seed?

I don't remember the password nor i took a copy of the seed, i installed Electrum only to try it, i didn't want to send any money to it.
I remember to have invented a password that very night thinking hey, who cares if i lose it? Let's just try.

My only hope is that it was something composite with another password i usually use, so brute forcing it might be feasible.

I think at the money as lost, it might be the smarter move.