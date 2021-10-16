Welcome to mnemonic hell.

19 December 2020 Miguel Cuneta tweeted:

“Helping a friend recover his old blockchain wallet from 2013. Fingers crossed for him, because the $ 50 won by our betting UFC is now $ 3000 +.”

Keychainx the wallet solution in twenty words

Miguel sent to Keychainx 17 words, a wallet.aes.json and a bunch of suggestions, like the name of his friends, year and month he created the wallet and some variants of the password.

We immediately started brute forcing the password using algorithms custom and our cracked servers of the customized password. Oh how little we knew about how things were going to evolve in the following weeks!

Even with the simplest suggestions, our algorithm can find a password to the Bitcoin wallet even with several errors, adding random characters in between, removing characters and putting before or adding random characters and words. In most cases this will work if the suggestions are similar to the final password. We had high hopes with the wallet itself, which was a blockchain.info V1 wallet where it was possible try nearly 300 million words different accesses per second. On a big GPU server. And we have many …

That the battle commences!

The battle of algorithms

Like the old siege of Jerusalem, we tried hard! Our algorithm tried all possible combinations up to 13 characters with no luck.

One week has passed. We thought there was another way.

Luckily Miguel sent us a 17-word sequence called a mnemonic seed. Unfortunately, it is no longer supported by blockchain.com. Now a mnemonic 12th word is used from a list of 2048 words that is yours encrypted private key.

The old mnemonic was your ID and the encrypted password using a variety of words. The word lists, however, were nowhere to be found. It could be something like 15 to 21 words or more. They had three different encryption variants and used a different interaction (sometimes the password was encrypted using the specific algorithm).

Traditional mnemonic seeds used with Ledger, Trezor, Electrum or wallets Bitcoin Core they were 12 or 24 words (with a thirteenth or twenty-fifth word called a passphrase).

Using old-fashioned reverse engineering, we searched for old snapshots of blockchain.info on archive.org and we found a snapshot from 2014 that accepted those words.

Unfortunately, he gave us a wrong control code and didn’t have a copy of all the libraries.

Lists of words and passwords by check code

Archive.org is a great resource to check out old variations or defunct websites. Unfortunately, it’s not a 100% full backup.

Using Google Chrome web developer tools, we looked at what the java script did, then we found that it was using a list of about 50,000 words! The mnemonic used today, with blockchain.com semi recovery wallet uses only 2048 different words.

We also found that they used two different word lists to crack their wallets in 2014. One to calculate the check code, the other to calculate the wallet ID and password. So, what different use has the length of the mnemonic had? The seeds with more words were for longer passwords.

But back to Miguel and his friend. The 17 words gave us the wrong control code, so we decided to take a look at the blockchain.com-s GITHUB page where they store all their source codes.

Unfortunately, the code for the V1 wallets was no longer available, we had to search somewhere else, knowing only the name of the larger wordlist from the archive.org snapshot since 2014.

Google could be very useful at times. We found a hidden Github with the old source code of the wallet using that bigger word list, only the 17 words still gave us a wrong control code.

So we decided to write a mnemonic brute forcer using the GPU. A brute forcer for Trezor mnemonics using 2048 words was quite a feat to break. Here we needed to create a brute forcer with 50,000 variations of each word.

Like this we had 17 words where each word could have 50,000 combinations.

Then 3 of the words were a check code from a completely different word list.

Instead of worrying about the amount of combinations, we decided to examine what each group of words would give us, managing to recover the word Jesp and 1980, which was part of the suggestions. We knew we were on the right track.

Another batch of words gave us 0301 which was the birthday date and month present in the suggestions list.

So we decided to randomly add words from the 50,000 word list where the word group gave us weird non-English characters (the suggestions were all numbers or English word names)

300 lines of code later …

Eliminated!

We managed to find the right combination of words, and it turned out that Miguels’ friend had a missing word.

We now have the correct control code, using the combination of 18 words, and we were able to decrypt the wallet.aes.json with the password our custom tool found.

UFC bet won, Bitcoin recovered since 2014!

Thanks to Keychainx PRO, our business unit located the Tweet and contacted Miguel from us.

LESSON LEARNED.

Although many argue that there are no 15 or 17 or 19 or 21 mnemonic words, and they are no longer possible to use or decipher, we have proved them wrong. There are several odd mnemonic numbers used in early blockchain.info wallets and it is possible to retrieve them.