This article is inspired by a customer who doesn’t remember the exact passphrase of his hardware wallet. Fortunately, he still knew his seed and the public address where he sent his coins
With a little research, I found the tool BTCRecover, which allows you to bruteforce wallets. The tool tries all possible combinations of misspellings in the passphrase and sees if the known address can be derived that way. After my initial tests, the program works surprisingly fast.
BTCRecover not only shows how easy it is to find your passphrase, but also how insecure simple passphrases are. If you choose only one word or name, it is a piece of cake for attackers to find it out, if you only have the necessary information
- A Linux computer, preferably Ubuntu (Windows instructions can be found here)
- Minimal experience with the terminal
- Your seed (12 or 24 words)
- An approximate memory of your passphrase (the less you remember, the longer it will take)
- An address of your wallet as old as possible
ATTENTION: We cannot guarantee the security of the software shown here. You act at your own risk. These instructions require you to enter your seed on the computer. You should do this only in case of absolute emergency. During the process, it is safer to keep your computer offline or even use a completely new Ubuntu installation. Once you have found your passphrase, you should immediately send your coins to one of your other wallets and reset the hardware wallet
Download BTCRecover from this link and extract the archive.
Install Python 3
Open the terminal in the Btcrecover folder and install Python 3 with:
sudo apt install python3-tk
First install pip3 with:
sudo apt install pip3
Then install the required dependencies with:
pip3 install -r requirements.txt
Tries out if the installation completed without any problems:
python3 run-all-tests.py -vv
If the test completes, the result should be “OK”. That a few tests fail and are skipped is normal because we have not installed GPU acceleration yet
At this point we need to think about which parts of the seed phrase we remember. For this we create a text file called “tokens.txt” in the directory of BTCRecover. For this example, I’m using a randomly generated wallet, which of course doesn’t have any coins in it
In this file, we now horizontally write all the parts of the word that definitely appear differently in the passphrase. In our example, I think I remember the passphrase “dasisteintest”, which is why I write “dasisteintest” in the text file.
If you remember different passphrases, you can write them into the file vertically, separated by line breaks
If you are sure that the passphrase starts with a certain word, you can write it with a ^. If I remembered that the passphrase starts with “that”, I would write “^that” into the file
More information about the token list can be found here.
There are a lot of functions for this step. To show all these functions you can use
python3 btcrecover.py --help
to see all of them
For our use case, we start the bruteforce process with:
python3 btcrecover.py --no-dupchecks --passwordlist tokens.txt --addr-limit 1 --typos-capslock --typos-swap --typos-repeat --typos-delete --typos-case --typos 3 --bip32-path "m/84'/0'/0" --wallet-type bip39
*Customize the derivation path for your wallet
BTCRecover warns you once again that this is sensitive data. Confirm this by clicking OK.
If you still know your XPub , enter it. If you only have one of your addresses, click Cancel first.
Now enter an address from your wallet that is as old as possible
Next, you need to enter your seed . Make sure that no one is looking over your shoulder and that you are disconnected from the Internet.
The process will start. Depending on how much information you have given the program, the whole process can take quite a long time. For simple typos, however, it should only take a few minutes
When the whole process is finished, you should get a result. Either nothing is found and you have given the program too little / wrong data, or the passphrase is found and displayed at the end of the dialog.
If the process takes a long time because you have little information, you can activate GPU acceleration enable
In our example, BTCRecover shows that I used “dsaisteintest ” as passphrase instead of ” dasisteintest”
Donate to us:
If you enjoyed this or any of our other posts, we would appreciate a small donation: