BTCRecover
this is one of the vast and well written multi option wallet password and seed recovery tool.it supports Windows/Linux/OS X.this tool works with python 3 only
Multi wallet Seed/Mnemonics recovery-lost/forgotten part of the seed/mnemonic phrase or made an error transcribing it
Bitcoin/Altcoins Wallet password/passphrase-when you have idea about part of the password
GPU acceleration is available for for Bitcoin Core Passwords, Blockchain.com (Main and Second Password), Electrum Passwords + BIP39 and Electrum Seeds and for rest of the things CPU works
git clone https://github.com/CryptoXploit/BTCRecover.git
https://github.com/CryptoXploit/BTCRecover/archive/refs/heads/main.zip
there are several hash extractions scripts available in the repositories. Currently it can extract scripts from
1.Bitcoin
2.Bither
3.Blockchain main and second password
4.Electrum 1.x
5.Electrum 2.x
6.mSIGNA
7.MultiBit Classic
8.MultiBit HD
before you use the tool on your wallet files always make sure to make a backup of the original wallet.you never know what may happen wrong like corruption of wallet etc.
go to bitcoin folder in windows go to run and type %appdata%\Bitcoin and press enter
make sure to backup wallet.dat to a new folder
either download the entire package above or for just extraction work you can directly use the below script
https://github.com/CryptoXploit/BTCRecover/raw/master/extract-scripts/extract-bitcoincore-mkey.py
For testing purpose we will use our sample wallet.dat files.find the sample wallet.dat file in same folder & pywallet dump wallet file names as walletdump.txt
C:\Tools\BTCRecover\extract-scripts>python3 extract-bitcoincore-mkey.py wallet.dat
The extract-bitcoincore-mkey.py script is intentionally short and should be easy to read for any Python programmer. It opens a wallet.dat file using the Python bsddb.db (Or a Pure Python implementation if this module isn’t available) or SQLite, and then extracts a single key/value pair with the key string of \x04mkey\x01\x00\x00\x00. This key/value pair contains an encrypted version of the Bitcoin Core “master key”, or mkey for short, along with some other information required to try decrypting the mkey, specifically the mkey salt and iteration count. This information is then converted to base64 format for easy copy/paste, and printed to the screen.
The encrypted mkey is useful to btcrecover, but it does not contain any of your Bitcoin address or private key information. btcrecover can attempt to decrypt the mkey by trying different password combinations. Should it succeed, it and whoever runs it will then know the password to your wallet file, but without the rest of your wallet file, the password and the decrypted mkey are of no use.
now for the extracted hash for passphrase recovery we have put test password as “secret” in /docs/Usage_Examples/walletpass/walletpass1.txt and we dont know which of the alphabet is lower case or upper case or special word so for that purpose we will fire up the command-
root@localhost:~/BTCRecover# python3 btcrecover.py –data-extract –threads 8 –passwordlist ./docs/Usage_Examples/walletpass/walletpass1.txt –typos 5 –typos-case –typos-capslock –typos-map typos/leet-map.txt
Starting btcrecover 1.11.0-Cryptoguide on Python 3.8.10 64-bit, 21-bit unicodes, 64-bit ints
Please enter the data from the extract script
> YmM6TILbj4F2WTQq2y137Xtlepx4Um1HlfmTf+SwVdUcRyz134ZDJqQgBLMsAQB20VCx
in the command parameters we have used data extract to use extracted hash from previous steps and threads is used for CPU core threads,password list contains our forgotten password as “secret” and typos 5 means we dont know out of 5 alphabets which one is incorrect so check each one.typos case is for uppercase/lowercase,typos capslock for Capslock for each alpha.and we have used Maplist called L33T for L33T lingo for example h4x0r.
and it asked for the extracted hash which we entered after running the command and the results are-
it has successfully found the passphrase as “$ecret”
GPU based bitcoin wallet.dat cracking is based on PyOpenCL for OpenCL 1.2.your GPU (AMD/Nvidia)must have latest drivers installed
we have to install PyOpenCL(numpy, appdirs, platformdirs, typing-extensions, pytools, pyopencl)on windows or linux.
for our guide we will use windows version
Download PyOpenCL from http://www.lfd.uci.edu/~gohlke/pythonlibs/#pyopencl
you have to check 32 bit or 64 bit according to your python 3 version.we will download for python 3.7
pyopencl-2022.1.5-cp37-cp37m-win_amd64.whl
open CMD
C:\Tools\BTCRecover>python3 -m pip install pyopencl-2022.1.5-cp37-cp37m-win_amd64.whl
now lets test GPU performance
C:\Tools\BTCRecover>python3 btcrecover.py –wallet wallet.dat –performance –enable-gpu –global-ws 4096 –local-ws 256
The –performance option tells btcrecover to simply measure the performance same as benchmark until Ctrl-C is pressed, its not testing any passwords. You will still need a wallet.dat file (or use –extract-data option and supply a hash) for performance testing.for performance tuning you can try different values for –global-ws and –local-ws to see if they improve or worsen performance.
Finding the right values for –global-ws and –local-ws can make a 10x improvement, so it’s usually worth the effort.
when testing,increase or decrease these two values by powers of 2, for example you should increase or decrease them by 128 or 256 at a time. It’s important to note that –global-ws must always be evenly divisible by –local-ws,also both –global-ws and –local-ws must be divisible by 32 as well. Otherwise btcrecover will exit with an error message.
lets test the real wallet with a password dictionary first
there is a wallets folder and we will test GPU on wallet5.dat whose password is sidekick12
C:\Tools\BTCRecover>python3 btcrecover.py –wallet wallet5.dat –enable-gpu –global-ws 4096 –local-ws 256 –passwordlist docs\Usage_Examples\walletpass\rockyou.txt
now lets try the GPU power for checking password with variation where we don’t know how exact the password is & there are different type of typos(upper/lower case,caps etc.)
we will use wallet2.dat for that purpose and its password variation we have put in docs/Usage_Examples/walletpass/walletpass2.txt
btcrecover.py –wallet wallet2.dat –enable-gpu –global-ws 4096 –local-ws 256 –passwordlist docs\usage_examples\walletpass\walletpass2.txt –typos 4 typost-case –typos-capslock –typos-map typos/leet-map.txt
we can see that it has found the variation of password “pass” in few seconds.
we can use the tool to find the correct order of a seedphrase.it can be used for 12 words seedphrase but we must know all the 12 seedphrase in order to correctly arrange them.
C:\Tools\BTCRecover>python3 seedrecover.py –no-dupchecks –mnemonic-length 12 –language EN –dsw –wallet-type BIP39 –addr-limit 1 –addrs 17GR7xWtWrfYm6y3xoZy8cXioVqBbSYcpU –token
here the seedphrase length is 12 words English words BIP39 and in token list we can specify proper order with ^1^ and so on and rest will be in improper order.
This tool can recover password protected private keys E.G BIP38 Paper wallet.we will create an encrypted key on bitaddress live tool
the encrypted key for puzzle #64 KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qZ6FxoaD5r1kYegmtbaT with password “P@sws0rd1” is 6PYK7U6h8ZLHV5RXrGPFtcq7d7fMw7GhXcENZieo4bfTCBVpzBKezbZTE4.
lets test it
C:\Tools\BTCRecover>python3 btcrecover.py –bip38-enc-privkey 6PYK7U6h8ZLHV5RXrGPFtcq7d7fMw7GhXcENZieo4bfTCBVpzBKezbZTE4 –threads 10 –passwordlist docs\Usage_Examples\pass.txt –typos 4 –typos-case –typos-capslock –typos-swap –typos-map typos/leet-map.txt
here we chosen switch bip38 encrypted private key and CPU threads 10 and in the pass.txt we supplied password in improper order as “password1” and the typos check is 4 means first 4 alphabets needs to be checked against typos.we have provided typos as case,as capslock,as swapping adjacent alphabets and typos of LEET language and within sometime it found the proper order of password in correct form.remember BIP38 encryption is very slow to crack so its better to have fair idea of password.
