Very old blockchain.info wallet

[mconfalonieri]

Hi, I have a very old blockchain wallet.aes.json file, created in May 2012, for which I would like to recover the password. The problem is that, when I run btcrecover, it does not recognize the format with this error message:

btcrecover.py: error: unrecognized wallet format; heuristic parser(s) reported:
    WalletPywallet: Unrecognized pywallet format (can't find mkey)
    WalletMultiBitHD: MultiBit HD wallet files must be named mbhd.wallet.aes
    WalletBlockchain: Doesn't look random enough to be an encrypted Blockchain wallet (only 7.2 bits of entropy per byte)

Is there a way to force the force btcrecover to read it as a Blockchain.info wallet?

Thanks for this software!

[gurnec]

That could be a bug in btcrecover. Could you run this in a command prompt from the same directory where the wallet.aes.json file is?

python -c "d=open('wallet.aes.json').read().decode('base64');print len(d);print repr(d)"

(On windows that needs to start with C:\Python27\python instead of just python.)

The first line output will be the file length, what is it? (It should be above 500 even for a small wallet.)

The rest should be indecipherable... do you see any recognizable words or patterns?

If there are no patterns, it's probably a bug. It's a one-line fix though, you can patch it by doing this:

Windows: open an Explorer window and go to the folder which has the btcrecover.py script, and then open PowerShell (click File in the upper left of the Explorer window, and then click Open Windows PowerShell). Next type this to patch the bug:

(gc btcrecover\btcrpass.py -raw).Replace("7.3","7.2") | sc btcrecover\btcrpass.py

Linux/OS X: open a terminal and cd to the directory which has the btcrecover.py script, and then run this:

sed -i 's/7\.3/7.2/' btcrecover/btcrpass.py

Once done, try running btcrecover again.

Can you let me know how this goes? I'll fix it in btcrecover if it looks like a bug.

[MichaelSchra]

I did this with my old wallet and get 256 as the number. The file is indecipherable. No words/patterns.

[gurnec]

I did this with my old wallet and get 256 as the number. The file is indecipherable.

A length of just 256 might mean that btcrecover wouldn't know how to work on this file correctly... but on the other hand it might work fine. The smallest wallet files I thought were possible are around 500 bytes long (after base64 decoding), so if yours is just 256, it could mean it's from such an old version of blockchain.info it precedes the format that btcrecover is expecting (or that I can find source code for online). Sorry, it's hard to say...

Do you know how old this wallet is (when it was created)?

Do you get the same only 7.2 bits of entropy per byte error message? Is the number 7.2, or less?

[MichaelSchra]

It was created July 9, 2012. I changed it to 7.0 (I think it told me the entropy was 7.1 or something in the error message.)

Now that it seems to run fine, do you know if that mean's it is correctly identifying the wallet, or its not working correctly, even if it tried the correct password, it wouldn't "work" and just keep going.

*I had to add the .txt extension to upload it. wallet_09_07_2012_02_35_30.aes.json.txt

[gurnec]

even if it tried the correct password, it wouldn't "work" and just keep going

This is exactly the concern, also known as a "false negative".

btcrecover works by decrypting the first 16 bytes of the wallet file using each password, and looking for specific text in those 16 bytes that are present in every version of blockchain.info wallets that I've researched (based on their source code which they publish). I'll try to find their source code near that date and let you know (if I can) if btcrecover can be expected to work correctly with a wallet created then.

Thinking back to when I wrote the blockchain.info support, I believe I based that 7.3 number on the smallest likely size of a wallet, and I believe I based the smallest likely size on the then current software, so it could be possible that older wallets started off smaller than I expected, and for that 7.3 number to be too high.

[gurnec]

@MichaelSchra For a wallet created July 9, 2012, btcrecover should work correctly as-is. My only concern is that I've never tested it with a wallet created around that time, however using the blockchain.info source available on GitHub I've verified (to the best of my ability anyways) that it should work with no false negatives.

If you decide to give it a try, best of luck!

[MichaelSchra]

I've probably tried over 10 billion combinations so far.... I have a standard 8 character password system that I ALWAYS use, but blockchain.info required 10 characters or so I have heard. I've tried every way of extending my system to 10 characters, so either I went longer, or had a really bad double typo...

I made a wallet in 2013 where I used my phone for the 10 characters, I still can access that.

Thanks for your research.

On Tue, Sep 12, 2017 at 5:06 PM, Christopher Gurnee < notifications@github.com> wrote:

@MichaelSchra https://github.com/michaelschra For a wallet created July 9, 2012, btcrecover should work correctly as-is. My only concern is that I've never tested it with a wallet created around that time, however using the blockchain.info source available on GitHub I've verified (to the best of my ability anyways) that it should work with no false negatives.

If you decide to give it a try, best of luck!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/gurnec/btcrecover/issues/101#issuecomment-328998028, or mute the thread https://github.com/notifications/unsubscribe-auth/AGFpooZn1DqGSgZdc9nuWdzcQMz--21Jks5shwBWgaJpZM4PBBeF .

-- Michael Schra https://www.linkedin.com/in/michaelschra/ (312) 600-8665

[gurnec]

@MichaelSchra Sorry to hear that.

Do you have a dedicated/discrete video card? Which OS do you have? There are faster (maybe much faster) alternatives to btcrecover if you're willing to take the time to learn how to use them (arguably they're more difficult to learn).

[mconfalonieri]

Hi I am the OP, thank you for your answers and sorry for my late reply... I missed the notifications :-/ I ran the command and got the same size: 256 bytes.

I read some documentation around, I don't remember where exactly, I read that the first 16 bytes should be the initialization vector to be used for AES decoding. Isn't it like that?

Thank you for your answers. BTW, btcrecover is now running well after the patch you proposed. :-) It says: Wallet difficulty: 10 PBKDF2-SHA1 iterations We'll see how it will end, thank you! :-) (I am using Linux)

[jonbeddoes]

Hi, I am helping a friend recover their blockchain.info wallet. If it's of interest, their 'wallet.aes.json' file is 300 bytes and the command quoted above gives a value of 224! I am able to run tool with 7.0 bits of entropy, but still no luck getting in yet.

[jongyrocka]

What are the much faster alternatives to getting into a wallet created in 2012? I have run the above commands, but still getting the same above error

[kujina]

I also have the same problem on a wallet that was created at blockchain.info in December 2012 (I downloaded the wallet file with the 'download-blockchain-wallet.py' python script today).

I've got 256 as the file length.

[jongyrocka]

I got it to work. I did the above but changed it to 7.1 instead of 7.2 and it worked. Got my password in seconds

[kujina]

I got it to work. I did the above but changed it to 7.1 instead of 7.2 and it worked. Got my password in seconds

That's great to read, when in 2012 did you sign up for the wallet?

[jongyrocka]

December 2012 as well.

On 9/01/2021 11:11:27 AM, kujina notifications@github.com wrote: I got it to work. I did the above but changed it to 7.1 instead of 7.2 and it worked. Got my password in seconds That's great to read, when in 2012 did you sign up for the wallet? — You are receiving this because you commented. Reply to this email directly, view it on GitHub [https://github.com/gurnec/btcrecover/issues/101#issuecomment-757057046], or unsubscribe [https://github.com/notifications/unsubscribe-auth/AQL6LGV2DXISYDDNZDJXFQLSY6NK7ANCNFSM4DYEC6CQ].

[kujina]

December 2012 as well.

Jongyrocka, that gives me more hope, I'm still trying to crack my password but my fear has been that perhaps my wallet download has been the issue. In the second post above gurnec states that after running python -c "d=open('wallet.aes.json').read().decode('base64');print len(d);print repr(d)" "no patterns in the output should be seen" but I see patterns in my output.

I would be really grateful if you could provide me with your (Dec 2012) wallet ID assuming you have already moved your funds to another wallet, so that I can make comparisons with my wallet.aes.json? My contact is in my profile.

...Thanks...

[don024]

I also have the same problem on a wallet that was created at blockchain.info in Januari 2012 I've got 247 as the file length.

I replaced 7.3 to 7.2 and 7.1 but still getting the same error.

[kujina]

I also have the same problem on a wallet that was created at blockchain.info in Januari 2012 I've got 247 as the file length.

I replaced 7.3 to 7.2 and 7.1 but still getting the same error.

Are you sure you edited your file correctly? Open the btcrpass.py file with something like notepad++ and edit line 1980, try 7.1 or 7.0

Update me.

[posquest]

Hi, I downloaded the json file of a Blockchain wallet created in the end of 2014. I was only able to make btcrecover run after changing the "if entropy_bits < 7.3" parameter of btcrpass.py to "if entropy_bits < 7.0". Changing to 7.2 or 7.1 does not seem to work. Do you think it is normal? Thank you. Regards.

[3rdIteration]

@jongyrocka hey I'm maintaining an updated fork of BTCRecover here: https://github.com/3rdIteration/btcrecover/ and have someone who has opened an issue about some of these older wallets.

If you have successfully recovered your wallet and moved all the funds out, would you be able to that with me as a sample wallet to test against? (Or at least check and see if my updated fork of BTCRecover handles it properly)

Basically someone has opened an issue over on my repo and is having issue with some wallets that even earlier than the official "version zero" and I'm looking for samples to test against that might help get it going for them.

[MichaelSchra]

No, I never have

On Thu, Jul 29, 2021, 1:04 PM 3rd Iteration @.***> wrote:

@jongyrocka https://github.com/jongyrocka hey I'm maintaining an updated fork of BTCRecover here: https://github.com/3rdIteration/btcrecover/ and have someone who has opened an issue about some of these older wallets.

If you have successfully recovered your wallet and moved all the funds out, would you be able to that with me as a sample wallet to test against? (Or at least check and see if my updated fork of BTCRecover handles it properly)

Basically someone has opened an issue over on my repo and is having issue with some wallets that even earlier than the official "version zero" and I'm looking for samples to test against that might help get it going for them.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/gurnec/btcrecover/issues/101#issuecomment-889350511, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQWTIVBPZWLRYWRL6MVRPDT2GJ2PANCNFSM4DYEC6CQ .