Isferos -
WOW thanks! I guess that is python? I’m running Windows 10 64 bit.
I hate to ask for anything from you, since you have already given so much.
The thing is, I have no idea (a) what this script does; and
(b) how to run it.
Does it automate moving focus to the Daedalus app, plug in a phrase, check balance >0, then try another phrase until it works out what that missing word is? Because that is the process I’m going through manually.
Thanks!
Hi,
isferos please correct me if I’m wrong.
- Download python for Windows here : https://www.python.org/downloads/release/python-2714/
(Take the msi installer) - Create a file
BIP0039-128bit-bruteforce.py
with the code and replaceseed_str
content by the words you remembers - run
python BIP0039-128bit-bruteforce.py
from the terminal (you’ll need to first create the file) - The script will print in the console all possible words. i.e
Word was possibly: "resemble"
- You now need to check the balance in Daedalus for each mnemonic with each possible word you got until you find your account
That’s pretty much it
First you plug in what you have in seed_str.
Then you change the 0
in getPossibleWord(word_list, seed_str, 0)
to the position of the word you are not sure about, from 0 - 11. So in @ScotterMonkey’s case, 3rd word, so that would be 2
When you run the script you will get all the words that could fit in that gap and still pass the checksum.
Oh wow. Thanks for laying it out easy for me, guys!
I’ll get on it!
If I recover my wallet, I’ll be askin for your ADA addresses to send you some gratitude
If this works, it will take awhile (unless one of the first word guesses works), as it’s taking about 15 minutes once the checksum passes in the wallet and I click the button that causes it to check the network to dig up my wallet. I can spend that time setting up your script…
OK I was changing parameters on isferos’ script while Daedalus spun away at my latest word guess. And… voila! Before I could run the script, Daedalus brought up the correct wallet!!! Joy! Boobs! This muilti-day nightmare is finally over.
Will the following people please send me their ADA receive addresses (or confirm the address I have below is correct) so I can send you some ADA as gratitude for your help?
isferos
DdzFFzCqrht6sTwuD29rxiad1mLGszk7gqKh3ZiapAUh81Y7jH9rKHP3JJhKVKXHcojcQzUmQ9KJCLdNW8rwtLDjwY9R95ckydcDvRdt
louptheron
???
XZact
DdzFFzCqrhszpUNrpiNojUJKshHidjAZ3XgHPxFVbdHtxCv5z8Xm6V8QmHoZgACZTTJ84rSdtt7TqtYtMBcLgdoms3GsdnvcEo1AeCGT
Well done!
Thanks. Is that address correct for sending you some ADA?
And… are any of you affiliated with Cardano/Daedalus?
That is my address.
No affiliation with Cardano at all.
Thank you for the !
Great you found it!
Thank you for the proposal, but that’s ok, isferos did most of the job!
it is kinda scary that with a little script you come close to knowing a 12 word sentence. I think the development team need to look at this with some priority.
How many times did you try the recovery phrase @ScotterMonkey?
There should be a lockout after that many retries i believe.
Actually, Cardano is secure.
All the script does, is if you already knew for sure 11 of your 12 words recovery phrase, but are unsure about 1 word, it will give you the ~128 of 2048 possible words that can satisfy the recovery phrase checksum.
Cardano uses 128 bits of entropy for wallets. Missing 1 word off the recovery phrase means that you are uncertain about 11 out of 128 bits. The 4 bit checksum narrows that uncertainty down to ~7 bits.
Brute force the recovery phrase from nothing to try to get collisions with actual wallets is infeasible.
This post on stackoverflow illustrates the point quite well:
I like your idea regarding charity, and I’d be happy to donate it to the first charity that accepts ada.
In regards to discussing seeds on this forum, your right it could be unwise for beginners, but I think in this context people are just trying to help ScotterMonkey recover his wallet. I also think discussing how the recovery process works, ‘what are seed phrases anyway?’ and general knowledge sharing helps to educate the community so we can learn from others mistakes, and understand how to keep our ada secure. Human error is the biggest risk, and sharing knowledge and educating others is the best way to reduce this risk.
Ok I’m having same issue I have 12 words that I thought all were right so do I do the same thing @isferos going through number by number with the scrypt just seeing which ones it accepts?
Cause I have no idea about this program and the words it brings up for say word 0 gives most same words for word 1 , am I just trying every word it comes up with hoping something sticks
Most words wether I’m picking word 1 or 7 seen be same sub set of words
Good job guys!