search

gurnec / btcrecover

An open source Bitcoin wallet password and seed recovery tool designed for the case where you already know most of your password/seed, but need assistance in trying different possible combinations.
GNU General Public License v2.0
1.28k stars 685 forks source link

Recovering access to ethereum wallet in Exodus #277

Open KanedNUnable opened 6 years ago

KanedNUnable commented 6 years ago

Hey gurnec,

Sweet tool thanks for creating! Using on behalf of a friend who has:

  1. forgotten their password for ethereum wallet in exodus - it's one of three phrases but with some special characters in place of letters, they've forgotten which they changed though. AND
  2. only has the first 8 words of their 12 word mnemonic recovery phrase.

Questions.

  1. I've read the tutorial, and understand that since Exodus is closed source I can't use the wallet file. However I am unclear about whether I can try to recover the password using btcrecover, given I have the receiving ethereum address and a good idea of the password as mentioned above. Is it possible to do this please?

  2. I created a test setup for myself and ran seedrecover, using the receiving ethereum address. When I provide 11 words of the mnemonic it returns the 12th very quickly. However, when I only provide 8 words of the mnemonic (or anything less than 11 words) it fails giving the following output:

Starting seedrecover 0.7.3, btcrecover 0.17.10 on Python 2.7.15 64-bit, 16-bit unicodes, 32-bit ints
Using the 'en' wordlist.
Seed sentence was too short, inserting 4 words into each guess.
Phase 1/4: up to 2 mistakes, excluding entirely different seed words.
Not enough mistakes permitted to produce a valid seed; skipping this phase.
Seed not found
Phase 2/4: 1 mistake which can be an entirely different seed word.
Not enough mistakes permitted to produce a valid seed; skipping this phase.
Seed not found
Phase 3/4: up to 2 mistakes, 1 of which can be an entirely different seed word.
Not enough mistakes permitted to produce a valid seed; skipping this phase.
Seed not found
Phase 4/4: up to 3 mistakes, 1 of which can be an entirely different seed word.
Not enough mistakes permitted to produce a valid seed; skipping this phase.
Seed not found, sorry...
Press Enter to exit ...

Is it possible to configure seedrecover to find the last 4 words when I have the first 8, or does it only work with 11 of the 12 words?

Thanks for your help!

vly3 commented 6 years ago

I don't know about this software, but considering that there are 2048 words in the Bip39 spec, the number of possible combinations for 4 words is 2048^4 = 17,592,186,044,416. You would have to put some GPUs crunching on that for a long time to crack it. Unless the wallet had a lot of money it would not be worth it. However, your friend should put the 8 words somewhere safe for long term storage. Maybe in 10 or 20 years from now when computers are a lot faster and if ETH is worth a lot more, then the cost/benefit ratio could become well worth it.

KanedNUnable commented 6 years ago

Ohhhh... Shit.

I figured it would take some time to recover the full phrase, maybe hours or a day or two, but sounds like you're suggesting it'd take much longer than that. Oh dear.

Thanks for the explanation though.

On Thu, 24 May 2018, 7:46 pm vly3, notifications@github.com wrote:

I don't know about this software, but considering that there are 2048 words in the Bip39 spec, the number of possible combinations for 4 words is 2048^4 = 17,592,186,044,416. You would have to put some GPUs crunching on that for a long time to crack it. Unless the wallet had a lot of money it would not be worth it. However, your friend should put the 8 words somewhere safe for long term storage. Maybe in 10 or 20 years from now when computers are a lot faster and if ETH is worth a lot more, then the cost/benefit ratio could become well worth it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gurnec/btcrecover/issues/277#issuecomment-391621468, or mute the thread https://github.com/notifications/unsubscribe-auth/ARetTA3PC9nEzgzMY_-0l8bWoOOGwHvKks5t1mVqgaJpZM4UF5-j .

vly3 commented 6 years ago

Each iteration to calculate the first ethereum address from a seed phrase takes some time. Supposing your computer could do 100,000 iterations per second, it would take 5 years. I don’t know how many iterations per second GPUs can do, but a CPU will not be that fast.

You might have a chance of recovering the wallet by trying different passwords. You can look for a way to programmatically try all combinations of phrases and special characters that your friend might have used in his password. You might be able to hack something together with a GUI scripting tool to programmatically try different passwords in the Exodus wallet recovery interface.

isieditors commented 1 year ago

@KanedNUnable does the wallet has about 12 ETH balance? if that's it I have proof that its fake and publicly available don't waste your time