iancoleman / bip39

A web tool for converting BIP39 mnemonic codes
https://iancoleman.io/bip39/
MIT License
3.57k stars 1.45k forks source link

Ian Coleman can you help? Reward offered #655

Open monkeyface1976 opened 11 months ago

monkeyface1976 commented 11 months ago

Hey team I'm pretty certain I'm about as stupid as it gets right now. So I have my seed phrase for my ledger, no issues at all there, all written down safely. Unfortunately, thinking I was being super clever I set up a hidden passphrase, one that I made up myself. This is an advanced feature. Now I have these passphrases written down and only use the same ones so unless I somehow added a typo when I set it up in ledger under the advanced feature they should work. Unfortunately, they don't. I can literally see my Findora on chain in the explorer. I have reset my ledger probably one hundred times and restored it with the seed phrase and I have them used the passphrases I normally use but none of them give me access to the wallets with the Findora on. I'm not new to crypto so am even more annoyed with myself.

So this is what happened:

So I logged into my metamask and just entered my pins on my ledger to each wallet. No issues at all. I then copied the ledger address and sent the crypto (Findora) to the ledger address on my meta mask from kucoin. I sent a test transaction and no issues. I then sent the rest. I then even sent some back from my ledger to kucoin to double check it was all ok. I then detached my ledger. So a few days later I attached my ledger as normal with the appropriate pins and none of the addresses are there. There is a small thing to add. I also had to access another wallet which involved me adding/restoring an old pass phrase to access a small amount of Vechain on a different wallet. So what I think I may have done and I have no idea how, is that I haven't written down the passphrases for the Findora wallets properly so when logged into access my Vechain I wiped the old passphrase for the Findora and as none of my current passphrases work I just mustn't have written them down right so I've lost access. If I had just gone into the wallets as normal with my pin (before going into the Vechain wallet) I'd probably have access. I just simply don't understand it as I've never ever done this before. I can see the Findora in the wallets on chain. The only other thing is someone accessed my ledger and somehow maliciously faked my ledger address but I genuinely don't think this happened and think it's more user error.

I am offering $50 usdt reward for anyone who can get it back.

Someone I. Reddit mentioned your tool but I'm guessing it won't work for me. I have the 24 seed phrase no issues and I can see the address for the Findora also no issue. Just can't get at it. Very upsetting.

sebres commented 9 months ago

Related to bip-0039: To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence used as the password and the string "mnemonic" + passphrase used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

What results to two main conclusions:

  1. every passphrase generates a valid seed (and thus a deterministic wallet)
  2. it's impossible to determine whether passphrase (salt) is correct or incorrect until the whole operation (up to obtaining the address) is complete.

Thus it is impossible to restore passphrase, even if the wallet (address or whatever) is known, without to make a full brute force attack on that. Even if part of passphrase is "known" (e. g. you meant a typo within).

Additionally to math of bip-0039, you'd need all the calculations of bip-0032 (to go from the seed to the extended keys with chain codes, derived child keys and finally to some address), which expects ECC (secp256k1), CKD for some derivation path (m/.../i/0/k), etc.

Since all that math is very expensive, one has to understand how much passphrases the typo "modifier" may produce and what exactly one'd try to find as result of the brute force (probably the address?). Even by 10M variants of passphrases, the resulting estimated time to find particular address may be enormous (years), even with OpenCL/CUDA on GPU or on FPGA. I don't think it has a chance of succeeding under these circumstances.

d-sfounis commented 9 months ago

Sebres'es comment before pretty much clarifies that it's nigh-impossible to reversely calculate a passphrase from a given seed.

I'd recommend spending a full evening and trying all variations of your passphrase, including common typos and mistakes you might've made while writing down the passphrase, to try and unlock it. The variations are far, far lesser than the effort it'd require to reverse engineer your seed.