btcrecover
btcrecover copied to clipboard
gurnec
Problem decrypting Wallet (Multibit Classic)
Hi guys,
I have an old account using multibit classic (v 0.5.15). I was having troubles remembering the password for that particular account but, I remember that the password was the result of a combination of several words. So I used btcrecover to help me find the password. After some days of having the CPU at 100% btcrecover proved that was up to the job finding the missing pass.
But, for my surprise when I tried to remove the wallet password using Multibit UI the program shows:
The removal of the password failed. The error was "Could not decrypt bytes"
After that I tried to decrypt the .key file using openssl bash command:
openssl enc -d -p -aes-256-cbc -a -in <encrypted.key> -out <recovered.key> -pass pass:<pass>
but I get this output :
salt= ..... key= .... iv = .... bad decrypt 74375:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.30.2/src/crypto/evp/evp_enc.c:337
But, if I open the <recovered.key> the first 16 characters seems to be part of a BTC private key (alphanumeric + starts with capital L)
I'm stuck, I need some help here.
Thanks Guys!
I've a bunch of questions if you don't mind:
Which OS?
Which version of btcrecover (run btcrecover.py -v)?
Are you using an extract script and --data-extract?
Did you use an --autosave file?
Do you have a copy of the progress bar that was being displayed when the password was "found" (it shows how many passwords have been tried thus far)?
Thanks.
Of course I don't mind, any help is much appreciated.
Which OS?
where btcrecover runs:
- Ubuntu 16.04 LTS
- 4.4.0-38-generic x86_64
where I run openssl
- MacOS
- Darwin 16.6.0 Darwin Kernel Version 16.6.0 x86_64
Which version of btcrecover (run
btcrecover.py -v)?
btcrecover.py 0.8.7
Are you using an extract script and --data-extract?
I tried both (separately), --data-extract and --wallet
Did you use an --autosave file?
yes
Do you have a copy of the progress bar that was being displayed when the password was "found" (it shows how many passwords have been tried thus far)?
$ python btcrecover.py --wallet <encrypted.key> --tokenlist nombres8.txt --no-dupchecks --autosave progress.txt --max-eta 5000
Using autosave file 'progress.txt'
Counting passwords ...
Done
Using 8 worker threads
247325212673 of 4514822797793 [#####-------------------------------------------------------------------------------------------------------] 5 days, 5:51:53, ETA: 90 days, 11:44:52
Password found: 'XXXXXXXXX'
Thanks!
I have to run, but before I do, unless there's some feature you need that's completely unique to btcrecover, I'd suggest you look into the "bleeding-jumbo" version of John the Ripper. It's much better suited for brute-forcing large search spaces, and much faster with formats that have little or no key stretching such as MultiBit.
I'll check back in later...
btcrecover.py 0.8.7
That version is nearly 3 years old... old versions of btcrecover had a problem with false positives when used with MultiBit Classic wallets. The same goes for John the Ripper--if you do try to use JtR, be sure to download the latest version and compile it yourself, otherwise you will run into the same problems.
(Also that btcrecover version had a bug which slowed down MultiBit searches.)
Specifically, both worked by trying to decrypt the first 16 bytes of a .key file, and if they looked like a private key in WIF format, they assumed the password was correct. Unfortunately, about 1 in 300 billion passwords will pass this test just by pure chance, even if the password is incorrect and doesn't actually decrypt the .key file correctly.
If you continue to use btcrecover, please grab the latest version and use it with a full wallet file (MultiBit extracts still have this issue, intentionally favoring privacy over accuracy), or like I said grab and compile the latest version of JtR.
If you still have the autosave file from using btcrecover with the full wallet file, it should work with the current version. It will skip the "counting" phase, but you'd still need to wait for it to skip over/catch up to the point were it found the false positive before it continued.
Finally, compiling btcrecover with Cython should give it a small speed boost for MultiBit wallets, so you may want to consider this. This should compile it on Ubuntu:
sudo apt-get install python-pip
sudo pip install Cython
cython -o btcrecover/btcrpass.c btcrecover/btcrpass.py
gcc -O3 -fwrapv -fno-strict-aliasing -fPIC -I /usr/include/python2.7 -shared -lpython2.7 -o btcrecover/btcrpass.so btcrecover/btcrpass.c
./run-all-tests.py
Hope this helps!
I have a big issue. I am not sure where to post it. I just caught onto the fact that MUtibit HD is really outdated and doesnt have support anymore. Iran into a nice tutorial they made 5 days ago about transitioning to an Electrum wallet, Now, I am wondering how to transition safely to make sure I dont lose my Bitcoin cash (BCC). I just bought more before the fork. I have my seed words.
Here is what I was thinking trying:
Upload my seeds to my new electrum wallet.
Transfer the Bitcoins (BTC) to a different Electrum wallet ( on another computer)
Then use my MULtibit HD seeds ( same as my new electrum right?) to upload my BCC on the Bitcoin cash wallet.
Thanks a million for any help, tips or inputs.
QUESTION: Should I even bother uploading my seeds from Multibit to Electrum or I could just transfer directly my BTC to a different Electrum wallet ?
@BabaJon108 Your questions are completely off-topic for here... I'd recommend you visit https://reddit.com/r/btc and ask over there. The good news is that there's no rush - your BTC is "automatically" split into both BTC and BCC, and both are only spendable by you. You only need to worry about how to spend it when you actually have a need to spend it.
