You need to recover your crypto wallet password? Welcome to the mnemonic hell.
On 19 December 2020 Miguel Cuneta tweeted:
“Helping a friend recover his old blockchain wallet from 2013. Crossing my fingers for him because the $50 won from our UFC bets is now $3000+.”
Summary
Keychainx, the solution to recover your wallet password in twenty words
Miguel sent Keychainx 17 words, a wallet.aes.json and a bunch of hints, such as the name of his friends, the year and month he created the wallet and some variants of the password.
Immediately we started brute-forcing the password using custom algorithms and our own custom password cracking servers. Oh, how little we knew how things would evolve over the next few weeks!
Even with the simplest of suggestions, our algorithm can find a Bitcoin wallet password even with several errors, adding random characters in between, removing characters and putting them before or adding random characters and words. In most cases, this will work if the hints are similar to the final password. We had good hopes with the wallet itself, which was a blockchain.info V1 wallet where it was possible to try almost 300 million different seed words per second. On a big GPU server. And we have many…
Let the battle begin!
The battle of the algorithms
Like the old siege of Jerusalem, we tried with full force! Our algorithm tried all possible combinations of up to 13 characters with no luck.
A week went by. We thought there was another way.
Luckily Miguel sent us a sequence of 17 words called a mnemonic seed. Unfortunately, it is no longer supported by blockchain.com. Now a 12th-word mnemonic is used from a list of 2048 words which is your private encrypted key.
The old mnemonic was your ID and password encrypted using a variety of words. The word lists, however, are nowhere to be found. They could be something like 15 to 21 words or more. They had three different encryption variants and used a different interaction (sometimes the password was encrypted using the specific algorithm).
The traditional mnemonic seeds used with Ledger, Trezor, Electrum or Bitcoin Core wallets were 12 or 24 words (with a 13th or 25th word called a passphrase).
Using old-fashioned reverse engineering, we searched old blockchain.info snapshots on archive.org and found a 2014 snapshot that accepted those words.
Unfortunately, it gave us the wrong control code and didn’t have a copy of all the libraries.
Word lists and passwords by control code
Archive.org is a great resource for checking old variations or defunct websites. Unfortunately, it is not a 100% complete backup.
Using Google Chrome web developer tools, we looked at what the java script did, then discovered that it was using a list of about 50000 words! The mnemonic used today, with blockchain.com seed recovery wallet, uses only 2048 different words.
We also discovered that they used two different word lists to decrypt their wallets in 2014. One to calculate the control code, the other to calculate the wallet ID and password. So what different use did the length of the mnemonic have? The seeds with the most words were for longer passwords.
But back to Miguel and his friend. The 17 words gave us the wrong control code, so we decided to take a look at blockchain.com-s GITHUB page where they store all their source code.
Unfortunately, the code for V1 wallets was no longer available, we had to search somewhere else, knowing only the name of the largest word list from the archive.org snapshot from 2014.
Google could be very useful sometimes. We found a hidden Github with the old wallet source code using that larger word list, only the 17 words still gave us the wrong control code.
So we decided to write a brute forcer mnemonic using the GPU. A brute forcer for the Trezor mnemonic using 2048 words was a real pain to crack. Here we needed to create a brute forcer with 50000 variations of each word.
So we had 17 words where each word could have 50000 combinations.
Then 3 of the words were a control code from a completely different list of words.
Instead of worrying about the number of combinations, we decided to look at what each group of words would give us, and managed to get the word Jesp and 1980, which was part of the suggestions. We knew we were on the right track.
Another batch of words gave us 0301 which was the birthday date and month in the suggestions list.
So we decided to randomly add words from the 50000 word list where the batch of words gave us strange non-English characters (the suggestions were all numbers or English word names)
300 lines of code later…
Deleted!
We managed to find the right combination of words, and it turned out that Miguels’ friend had a missing word.
We now have the correct control code, using the 18-word combination, and we were able to decrypt wallet.aes.json with the password that our custom tool found.
UFC bet won, Bitcoin from 2014 recovered!
Thanks to Keychainx PRO, our corporate division spotted the Tweet and contacted Miguel on our end.
LESSON LEARNED.
Even though many people claim that there are no 15 or 17 or 19 or 21 mnemonic words, and they are no longer possible to use or decipher, we have proven them wrong. There are several odd mnemonic numbers used in early blockchain.info wallets and it is possible to retrieve them.
