search

gurnec / btcrecover

An open source Bitcoin wallet password and seed recovery tool designed for the case where you already know most of your password/seed, but need assistance in trying different possible combinations.
GNU General Public License v2.0
1.23k stars 656 forks source link

Difficulties with --android-pin option #33

Closed aerobinsonIV closed 7 years ago

aerobinsonIV commented 7 years ago

I am using the Bitcoin Wallet app on my Android phone, and I forgot the spending pin. I tried btcrecover a few times on my main wallet and got nothing. I decided to create a new wallet on my tablet to make sure that btcrecover was working properly, and that I knew how to use it.

The new wallet has no Bitcoin in it, and the spending pin is 1234. The password for the backup file is 'password'. I put the wallet backup file in the btcrecover directory, and I put '%1,4d' in my tokenlist. Then I ran the following command:

python btcrecover.py --wallet Bitcoin-Wallet-backup --tokenlist tokens.txt --android-pin

It asks me for the password for the wallet, and I type in 'password'. After about a minute, it says "Password search exhausted". I ran

python btcrecover.py --tokenlist tokens.txt --listpass | more

and I see '1234' on the list. I also tried using a password list instead of a token list, and I tried both options with and without sudo.

I am on Elementary OS 0.4 Loki 64 Bit, which is based on Ubuntu 16.04 Xenial. I have 8GB RAM and an i7-4510U processor.

Any ideas why btcrecover is not finding my pin or suggestions on where to go next would be very much appreciated!

gurnec commented 7 years ago

This definitely sounds like a bug to me. Perhaps the Bitcoin Wallet for Android wallet format has changed, and I neglected to notice it (it's happened before with other wallets)....

Thanks for taking the time to troubleshoot this as far as you already have, it's definitely a big help! I'll try to figure out what's going on.

aerobinsonIV commented 7 years ago

Thank you for the quick response! I am not a very experienced coder, but if there's anything I can do to help please let me know. If your program can solve my problem it would save me soooo much time and money.

gurnec commented 7 years ago

There is something you can do to help. I can't seem to reproduce what you're seeing.

You said that you made an empty test wallet, could you please attach it to this issue (just drag & drop it to a new comment)? You said the passwords are 'password' and 1234, correct?

Which version of btcrecover are you using (btcrecover --version)? How about Android Wallet (Settings -> About)?

Finally, could you post the output of this command?

python -c 'import sys,pylibscrypt; print "\n".join(sorted(filter(lambda m: m.startswith("pylibscrypt"), sys.modules.keys())))'

Thanks!

aerobinsonIV commented 7 years ago

Here's the wallet file. Bitcoin-Wallet-backup.txt I added the txt extension because github didn't like the no-extension file (?).

The password is 'password', and the spending pin is '1234'.

python btcrecover.py --version btcrecover.py 0.15.5

Bitcoin Wallet app is version 5.04.

python -c 'import sys,pylibscrypt; print "\n".join(sorted(filter(lambda m: m.startswith("pylibscrypt"), sys.modules.keys())))' pylibscrypt pylibscrypt.base64 pylibscrypt.binascii pylibscrypt.common pylibscrypt.ctypes pylibscrypt.hashlib pylibscrypt.hmac pylibscrypt.libsodium_load pylibscrypt.mcf pylibscrypt.numbers pylibscrypt.os pylibscrypt.platform pylibscrypt.pylibsodium pylibscrypt.pylibsodium_salsa pylibscrypt.struct pylibscrypt.sys

Good luck!

gurnec commented 7 years ago

Thanks for the additional details.

Are you certain about that PIN? When I try to restore the wallet you uploaded into 5.04, the backup password is accepted, but I can't change the PIN when telling it the old PIN is 1234. Can you change the PIN on this wallet from 1234 to something else? (I meant just are you able to change it, not could you please change it and upload it; when I try to change it Bitcoin Wallet tells me that 1234 is a bad PIN!)

gurnec commented 7 years ago

Also, I have to ask this to make sure we're on the same page, though I hope you don't find it condescending in any way....

Are you completely certain that you're using version 5.04 of this wallet from the Google Play store?

I can't see any way that recent versions of this software can create a wallet with other than 65536 scrypt iterations, and yet the wallet file you sent to me has only 4096 for some reason which may imply that it was created by some derivative or earlier version of this software... I'm not sure yet.

JRHelgeson commented 7 years ago

I'm having the same problem. I cannot decode the spending pin on a Bitcoin Wallet on Android. I have a second wallet that had a known PIN. When I run the command: python btcrecover.py --wallet bitcoin-wallet-80 --tokenlist tokens.txt --android-pin Against the wallet that has BTC locked inside it, btcrecover.py runs very fast, processing all 11110 keys in around 1 minute, not finding a single key. Against the newer wallet with a known PIN, it goes much slower, estimates it'll take 18 minutes to run through 1-4 digit pins, and succeeds at '1234'.

When I run the same tests against the wallet provided above - the one with password of 'password' and pin # of 1234. The software cycles through the 11110 keys in 1 minute, much like the wallet I have with BTC that I'm trying to decrypt.

The broken wallet was created in April 2015. A spending PIN was added to it and the funds sit there to this very day because they've never been able to be spent.

gurnec commented 7 years ago

The broken wallet was created in April 2015. ... Against the newer wallet with a known PIN, it goes much slower, ... and succeeds at '1234'.

That's what I'd expect. Newer versions of Bitcoin Wallet use more key stretching, and so their wallets take longer to test.

When I run the same tests against the wallet provided above - the one with password of 'password' and pin # of 1234

OP claimed that he created this wallet with Bitcoin Wallet 5.04, but I don't believe him. Version 5.04 definitely uses higher key stretching, and yet the wallet he posted uses the same weaker key stretching as your April 2015 wallet does. Since OP was mistaken (or lying) about this, it's entirely possible he was likewise mistaken about the PIN being '1234'. In short, I wouldn't trust that this test wallet is what OP claims it to be.

Against the wallet that has BTC locked inside it, btcrecover.py runs very fast, processing all 11110 keys in around 1 minute, not finding a single key.

Are you sure your wallet's PIN is only 4 digits long? Have you tried to look for a longer PIN (e.g. %1,6d)?

When I create a test wallet using version 4.22 (released April 1 2015) with a PIN of 1234, btcrecover is able to find it. Without a way to reproduce any problems, there's not much I can do to troubleshoot this....

JRHelgeson commented 7 years ago

The wallet provided by OP was apparently created ~11 months ago. When I import OP's wallet to my test phone, I get "Synchronizing with network, 11 months behind"... When I try to reset the pin of 1234 on that wallet, I get "Bad Pin".

I do not think OP is either stupid or liar simply based upon my own personal experience. I have a wallet with a rather large sum of money in it. Once the BTC was received, a 4 digit spending PIN was put on it. Then when money was attempted to be sent, it said bad pin. I know for a fact that I put the PIN in correctly the first time, and of course I did go through a period of questioning my own sanity on what PIN I had entered originally. In fact, I didn't even know you could put in a PIN longer than 4 digits, and I did reveal the digits so I could see what I had typed.

Now, both OP's wallet and my $$$ wallet share the same symptoms: The inability to retrieve the PIN and when I run btcrecover.py, it runs through the entire keyspace of 11110 keys in ~1 minute. Again, that is for both OP and my $$$Wallet. When I run that same brute force against a wallet created ~7 months ago, where I do know the pin, and the wallet works just fine, that same brute force takes 18 minutes for the entire key space, but finishes when it gets to #1234 after ~2 minutes.

So, btcrecover.py goes really fast on broken wallets, but much slower on valid ones. I'm willing to bet that it is the greater amount of key stretching, but I have no idea on the inner workings.

Incidentally, OP's wallet has 2.00 BTC in it that they received on 11/26, mine has considerably more.

On Mon, Dec 19, 2016 at 11:08 AM, Christopher Gurnee < notifications@github.com> wrote:

The broken wallet was created in April 2015. ... Against the newer wallet with a known PIN, it goes much slower, ... and succeeds at '1234'.

That's what I'd expect. Newer versions of Bitcoin Wallet use more key stretching https://en.wikipedia.org/wiki/Key_stretching, and so their wallets take longer to test.

When I run the same tests against the wallet provided above - the one with password of 'password' and pin # of 1234

OP claimed that he created this wallet with Bitcoin Wallet 5.04, but I don't believe him. Version 5.04 definitely uses higher key stretching, and yet the wallet he posted uses the same weaker key stretching as your April 2015 wallet does. Since OP was mistaken (or lying) about this, it's entirely possible he was likewise mistaken about the PIN being '1234'. In short, I wouldn't trust that this test wallet is what OP claims it to be.

Against the wallet that has BTC locked inside it, btcrecover.py runs very fast, processing all 11110 keys in around 1 minute, not finding a single key.

Are you sure your wallet's PIN is only 4 digits long? Have you tried to look for a longer PIN (e.g. %1,6d)?

When I create a test wallet using version 4.22 (released April 1 2015) with a PIN of 1234, btcrecover is able to find it. Without a way to reproduce any problems, there's not much I can do to troubleshoot this....

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/gurnec/btcrecover/issues/33#issuecomment-268020300, or mute the thread https://github.com/notifications/unsubscribe-auth/AXf2H5H9wswSUR0R7-5oufap2YaX5LYPks5rJrojgaJpZM4K9LGd .

-- Regards, Joel R. Helgeson

aerobinsonIV commented 7 years ago

Hello, I am going to tell the truth to the best of my capability in the following post. I made a rather large mistake and posted the wrong wallet. Since both of you presumably have my 2BTC Wallet on your computer, I have nothing to lose and a lot to potentially gain from being honest. So here goes:

Quite a while ago, I put the Bitcoin Wallet app on my phone and set a spending pin (Why???). I believe it was February 2016 but that might be a few months off... I don't remember exactly. I wanted to see if I could use a Bitcoin faucet and get a few Satoshis.

Awhile later, I bought 2 Bitcoins on Coinbase. They sat in my Coinbase wallet for a few months until November 26, when I decided to put them on my phone. I then tried to put them on a paper wallet when I realized there was a problem. I didn't even remember that I had a spending pin, much less what is was. I tried about 300 likely combinations by hand before finding btcrecover through Google.

I created a backup of the wallet using version 5.04, and I ran btcrecover to try all spending pins 6 digits or shorter. It ran overnight and didn't find anything. I am 99% sure the pin to the real wallet is not longer than 6 digits.

I then went on my tablet and created a test wallet. I installed the app on the tablet on 11/28 I believe.

Until today I didn't know that the app version used to create the wallet was important, I thought it was the version used to make the backup that mattered.

I moved the test wallet onto my computer, but I somehow got the test wallet confused with the real wallet. I ran btcrecover on the real wallet, believing it to be the test wallet. When it didn't find '1234', I concluded the script was buggy and sent my first message in this thread. I then sent the real wallet, again believing it to be the test wallet. (It probably wasn't a good idea to use 'password' on both wallets)

I realized my mistake too late. (Needless to say, I facepalmed pretty hard). I stopped responding to messages hoping that I could debug it myself without raising any more suspicion than my absence did, but clearly I have been unsuccessful.

I hope that you guys will be nice and not steal my Bitcoin if you discover the pin before I do. It would make me very sad if you did. If I find a solution, I will share it with you.

Finally, whoever removed the link to my wallet, thank you!

TL;DR I really @#$%ed up and mistakenly sent the wrong wallet.

aerobinsonIV commented 7 years ago

To sum things up: I am having the same problem as JRHelgeson. My old wallet with BTC runs very fast and finds nothing, the newer wallet I created on my tablet runs much slower but finds the pin.

aerobinsonIV commented 7 years ago

Thanks to both of you, I have successfully found my spending pin and emptied my wallet to cold storage. When Joel suggested that my pin was 8 digits, I decided to try the pin to my old iPod as the first 4 digits, brute forcing the last 4. Btcrecover found the pin in 17 seconds! I really appreciate the effort and honesty from both of you. You are wonderful people! :D

aerobinsonIV commented 7 years ago

This issue is not actually a bug. It just appeared that way due to my error.

gurnec commented 7 years ago

Wow.... I've been away from GitHub for a bit, and I came back to all this!

@Jousboxx I'm sorry if I implied that you may have done anything besides making an honest mistake, I certainly didn't intend to. I'm extremely happy you found your PIN, what a great holiday gift! (Also, to answer your question I removed your wallet link as soon as JRHelgeson discovered it had a balance; it didn't occur to me to check that at the time, but thankfully he's more thorough than I).

@JRHelgeson Thanks so much for the help you gave Jousboxx!! Please feel free open a new issue (or I can reopen this one if you'd prefer) for your own issue--it's still unfortunately unsolved; there may yet be a problem with btcrecover and/or Bitcoin Wallet, it's hard to tell....

JRHelgeson commented 2 years ago

I recovered that wallet years ago. But as it so happens I do know someone that has an edge app wallet that he cannot remember the password to. He remembers 99% of the password. Because it is an app, I cannot script brute force through a chrome browser. I’d need to setup a Linux android emulation environ, download the app then throw passwords at it through that method, and that is where I’d be interested in getting some help.

Let me know your thoughts, Joel Helgeson

Sent from my iPhone

On Nov 10, 2021, at 4:50 AM, password cracker @.***> wrote:

 hi, if you still have wallet problem. I can recover your lost wallet. I have powerful servers and excellent software that can find any password. and my fee is only 15-25% of the recovered fund here is my telegram id: @viladmir2022 and Gmail: @.***

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.