Professional Documents
Culture Documents
*btcrecover* is a free and open source multithreaded wallet password recovery tool
with support for Armory, Bitcoin Unlimited/Classic/XT/Core, MultiBit (Classic and
HD), Electrum (1.x and 2.x), mSIGNA (CoinVault), Hive for OS X, Blockchain.info
(v1-v3 wallet formats, both main and second passwords), Bither, and Bitcoin & KNC
Wallets for Android. It is designed for the case where you already know most of
your password, but need assistance in trying different possible combinations. This
tutorial will guide you through the features it has to offer.
If you find *btcrecover* helpful, please consider a small donation to help support
my efforts:
**[3Au8ZodNHPei7MQiSVAWb7NB2yqsb48GW4](bitcoin:3Au8ZodNHPei7MQiSVAWb7NB2yqsb48GW4?
label=btcrecover)**
## Quick Start ##
This tutorial is pretty long... you don't have to read the whole thing. Here are
some places to start.
*btcrecover* can accept as input a text file which has a list of what are called
password “tokens”. A token is simply a portion of a password which you do remember,
even if you don't remember where that portion appears in the actual password. It
will combine these tokens in different ways to create different whole password
guesses to try.
This file, typically named `tokens.txt`, can be created in any basic text editor,
such as Notepad on Windows or TextEdit on OS X, and should probably be saved into
the same folder as the `btcrecover.py` script (just to keep things simple). Note
that if your password contains any non-[ASCII](https://en.wikipedia.org/wiki/ASCII)
(non-English) characters, you should read the section on [Unicode Support]
(#unicode-support) before continuing.
Let’s say that you remember your password contains 3 parts, you just can’t remember
in what order you used them. Here are the contents of a simple `tokens.txt` file:
Cairo
Beetlejuice
Hotel_california
When used with these contents, *btcrecover* will try all possible combinations
using one or more of these three tokens, e.g. `Hotel_california` (just one token),
`BettlejuiceCairo` (two tokens pasted together), etc.
Note that lines which start with a `#` are ignored as comments, but only if the `#`
is at the *very beginning* of the line:
Maybe you’re not sure about how you spelled or capitalized one of those words. Take
this token file:
Cairo
Beetlejuice beetlejuice Betelgeuse betelgeuse
Hotel_california
Tokens listed on the same line, separated by spaces, are mutually exclusive and
will never be tried together in a password guess. *btcrecover* will try `Cairo` and
`bettlejuiceCairoHotel_california`, but it will skip over `Betelgeusebetelgeuse`.
Had all four Beetlejuice versions been listed out on separate lines, this would
have resulted in trying thousands of additional passwords which we know to be
incorrect. As is, this token file only needs to try 48 passwords to account for all
possible combinations. Had they all been on separate lines, it would have had to
try 1,956 different combinations.
In short, when you’re sure that certain tokens or variations of a token have no
chance of appearing together in a password, placing them all on the same line can
save a lot of time.
What if you’re certain that `Cairo` appears in the password, but you’re not so sure
about the other tokens?
+ Cairo
Beetlejuice beetlejuice Betelgeuse betelgeuse
Hotel_california
Placing a `+` (and some space after it) at the beginning of a line tells
*btcrecover* to only try passwords that include `Cairo` in them. You can also
combine these two last features. Here’s a longer example:
In this example above, passwords will be constructed by taking at most one token
from the first line, exactly one token from the second line (it’s required), and at
most one token from the third line. So `Hotel_californiaBetelgeuse` would be tried,
but `cairoKatmaiBetelgeuse` would be skipped (`cairo` and `Katmai` are on the same
line, so they’re never tried together) and `katmaiHotel_california` is also skipped
(because one token from the second line is required in every try).
This file will create a total of just 244 different combinations. Had all ten of
those tokens been listed on separate lines, it would have produced 9,864,100
guesses, which could take days longer to test!
Another way to save time is to use “anchors”. You can tell *btcrecover* that
certain tokens, if they are present at all, are definitely at the beginning or end
of the password:
^Cairo
Beetlejuice beetlejuice Betelgeuse betelgeuse
Hotel_california$
In this example above, the `^` symbol is considered special if it appears at the
beginning of any token (it’s not actually a part of the password), and the `$`
symbol is special if it appears at the end of any token. `Cairo`, if it is tried,
is only tried at the beginning of a password, and `Hotel_california`, if it is
tried, is only tried at the end. Note that neither is required to be tried in
password guesses with the example above. As before, all of these options can be
combined:
Cairo
Beetlejuice beetlejuice Betelgeuse betelgeuse
+ ^Hotel_california ^hotel_california
Tokens with positional anchors may only appear at one specific position in the
password -- there are always a specific number of other tokens which precede the
anchored one. In the example below you'll notice a number in between the two `^`
symbols added to the very beginning to create positionally anchored tokens (with no
spaces):
^2^Second_or_bust
^3^Third_or_bust
Cairo
Beetlejuice
Hotel_california
Middle anchors are a bit like positional anchors, only more flexible: the anchored
tokens may appear once throughout a specific *range* of positions in the password.
You specify a middle anchor by adding a comma and two numbers (between the `^`
symbols) at the very beginning of a token (all with no spaces):
^2,3^Second_or_third_(but_never_last)
^2,4^Second_to_fourth_(but_never_last)
Cairo
Beetlejuice
Hotel_california
^3,^Third_or_after_(but_never_last)
^,3^Third_or_earlier(but_never_first_or_last)
^,^Anywhere_in_the_middle
Cairo
Beetlejuice
Hotel_california
You can't leave out the comma (that's what makes it a middle anchor instead of a
positional anchor). Leaving out a number doesn't change the “never at the beginning
or the end” rule which always applies to middle anchors. If you do need a token
with a middle anchor to also possibly appear at the beginning or end of a password,
you can add second copy to the same line with a beginning or end anchor (because at
most one token on a line can appear in any guess):
^,^Anywhere_in_the_middle_or_end Anywhere_in_the_middle_or_end$
^,^Anywhere_in_the_middle_or_beginning ^Anywhere_in_the_middle_or_beginning
Relative anchors restrict the position of tokens relative to one another. They are
only affected by other tokens which also have relative anchors. They look like
positional anchors, except they have a single `r` preceding the relative number
value:
^r1^Earlier
^r2^Middlish_A
^r2^Middlish_B
^r3^Later
Anywhere
You cannot specify a single token with both a positional and relative anchor at the
same time.
There are a number of command-line options that affect the combinations tried. The
`--max-tokens` option limits the number of tokens that are added together and
tried. With `--max-tokens` set to 2, `Hotel_californiaCairo`, made from two tokens,
would be tried from the earlier example, but `Hotel_californiaCairoBeetlejuice`
would be skipped because it’s made from three tokens. You can still use
*btcrecover* even if you have a large number of tokens, as long as `--max-tokens`
is set to something reasonable. If you’d like to re-run *btcrecover* with a larger
number of `--max-tokens` if at first it didn’t succeed, you can also specify `--
min-tokens` to avoid trying combinations you’ve already tried.
What if you think one of the tokens has a number in it, but you’re not sure what
that number is? For example, if you think that Cairo is definitely followed by a
single digit, you could do this:
Cairo0 Cairo1 Cairo2 Cairo3 Cairo4 Cairo5 Cairo6 Cairo7 Cairo8 Cairo9
Beetlejuice
Hotel_california
While this definitely works, it’s not very convenient. This next token file has the
same effect, but it’s easier to write:
Cairo%d
Beetlejuice
Hotel_california
Up until now, most of the features help by reducing the number of passwords that
need to be tried by exploiting your knowledge of what’s probably in the password.
Wildcards significantly expand the number of passwords that need to be tried, so
they’re best used in moderation.
Backreference wildcards copy one or more characters which appear somewhere earlier
in the password. In the simplest case, they're not very useful. For example, in the
token `Z%b`, the `%b` simply copies the character which immediately precedes it,
resulting in `ZZ`.
Consider the case where the password contains patterns such as `AA`, `BB`, up
through `ZZ`, but would never contain `AZ`. You could use `%2A` to generate these
patterns, but then you'd end up with `AZ` being tried. `%2A` generates 676
different combinations, but in this example we only want to try 26. Instead you can
use two wildcards together: `%A%b`. The `%A` will expand into a single letter (from
`A` to `Z`), and *after* this expansion happens, the `%b` will copy that letter,
resulting in only the 26 patterns we want.
As with normal wildcards, backreference wildcards may contain a copy length, for
example:
In the examples so far, the copying starts with the character immediately to the
left of the `%b`, but this can be changed by adding a `;#` just before the `b`, for
example:
* `Test%b` - `Testt`
* `Test%;1b` - starts 1 back, same as above, `Testt`
* `Test%;2b` - starts 2 back, `Tests`
* `Test%;4b` - starts 4 back, `TestT`
* `Test%2;4b` - starts 4 back, with a copy length of 2: `TestTe`
* `Test%8;4b` - starts 4 back, with a copy length of 8: `TestTestTest`
* `Test%0,2;4b` - starts 4 back, with a copy length from 0 to 2: `Test`, `TestT`,
and `TestTe`
* `%2Atest%2;6b` - patterns such as `ABtestAB` and `XKtestXK` where the two
capital letters before and after `test` match each other, but never `ABtestXK`
where they don't match
To summarize, wildcards to the left of a `%b` are expanded first, and then the `%b`
is replaced by copying one or more characters from the left, and then wildcards
towards the right (if any) are examined.
Start%0,2-End
The `%0,2-` contracting wildcard will remove between 0 and 2 adjacent characters
from either side, so that each of `StartEnd` (removes 0), `StarEnd` (removes 1 from
left), `StaEnd` (removes 2 from left), `Starnd` (removes 1 from left and 1 from
right), `Startnd` (removes 1 from right), and `Startd` (removes 2 from right) will
be tried. This can be useful when considering copy-paste errors, for example:
%0,20-A/Long/Password/with/symbols/that/maybe/was/partially/copy/pasted%0,20-
* `%0,5-` - removes between 0 and 5 adjacent characters (total) taken from either
side of the wildcard
* `%0,5<` - removes between 0 and 5 adjacent characters only from the wildcard's
left
* `%0,5>` - removes between 0 and 5 adjacent characters only from the wildcard's
right
You may want to note that a contracting wildcard in one token can potentially
remove characters from other tokens, but it will never remove or cross over another
wildcard. Here's an example to fully illustrate this (feel free to skip to the next
section if you're not interested in these specific details):
AAAA%0,10>BBBB
xxxx%dyyyy
These two tokens each have eight normal letters. The first token has a contracting
wildcard which removes up to 10 characters from its right, and the second token has
an expanding wildcard which expands to a single digit.
One of the passwords generated from these tokens is `AAAABBxxxx5yyyy`, which comes
from selecting the first token followed by the second token, and then applying the
wildcards with the contracting wildcard removing two characters. Another is
`AAAAxx5yyyy` which comes from the same tokens, but the contracting wildcard now is
removing six characters, two of which are from the second token.
The digit and the `yyyy` will never be removed by the contracting wildcard because
other wildcards are never removed or crossed over. Even though the contracting
wildcard is set to remove up to 10 characters, `AAAAyyy` will never be produced
because the `%d` blocks it.
This feature combines traits of both backreference wildcards and typos maps into a
single function. If you haven't read about typos maps below (or about backreference
wildcards above), you should probably skip this section for now and come back
later.
Instead a way is needed for a backreference wildcard to do more than simply copy a
previous character, it must be able to create a *modified copy* of a previous
character. It can do this the same way that a typos map replaces characters by
using a separate map file to determine the replacement. So to continue this
example, a new map file is needed, `nextdigit.txt`:
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
8 9
Finally, here's a token that makes use of this map file to generate the pattern
we're looking for: `%d%btest%2;nextdigit.txt;6b`. That's pretty complicated, so
let's break it down:
The result of expanding this wildcard when the token starts off with `00test`
is `00test11`. It expands into *two* `1`'s because the copy length is 2, and it
expands into modified `1`'s instead of just copying the `0`'s because the file maps
a `0` (in its first column) to a `1` (in the second column). Likewise, a `77test`
is expanded into `77test88`. `99test` is expanded into `99test99` because the the
lookup character, a `9`, isn't present in (the first column of) the map file, and
so it's copied unmodified.
Note that when you use a map file inside a backreference wildcard, the file name
always has a semicolon (`;`) on either side. These are all valid backreference
wildcards (but they're all different because the have different copy lengths and
starting positions): `%;file.txt;b`, `%2;file.txt;b`, `%;file.txt;6b`, `
%2;file.txt;6b`.
The final example involves something called keyboard walking. Consider a password
pattern where a typist starts with any letter, and then chooses the next character
by moving their finger using a particular pattern, for example by always going
either diagonal up and right, or diagonal down and right, and then repeating until
the result is a certain length. A single backreference wildcard that uses a map
file can create this pattern.
Here's what the beginning of a map file for this pattern, `pattern.txt`, would look
like:
q 2a
a wz
z s
2 w
w 3s
...
So if the last letter is a `q`, the next letter in the pattern is either a `2` or
an `a` (for going upper-right or lower-right). If the last letter is a `z`, there's
only one direction available for the next letter, upper-right to `s`. With this map
file, and the following token, all combinations which follow this pattern between 4
and 6 characters long would be tried: `%a%3,5;pattern.txt;b`
## The Passwordlist ##
If you already have a simple list of whole passwords you'd like to test, and you
don't need any of the features described above, you can use the `--passwordlist`
command-line option (instead of the `--tokenlist` option as described later in the
[Running *btcrecover*](#running-btcrecover) section). If your password contains any
non-[ASCII](https://en.wikipedia.org/wiki/ASCII) (non-English) characters, you
should read the section on [Unicode Support](#unicode-support) before continuing.
Be sure not to add any extra spaces, unless those spaces are actually a part of a
password.
Each line is used verbatim as a single password when using the `--passwordlist`
option (and none of the features from above are applied). You can however use any
of the Typos features described below to try different variations of the passwords
in the passwordlist.
## Typos ##
If you'd just like some specific examples of command-line options you can add,
please see the [Typos Quick Start Guide](docs/Typos_Quick_Start_Guide.md).
With the `--typos #` command-line option (with `#` replaced with a count of typos),
you tell *btcrecover* up to how many typos you’d like it to add to each password
(that has been either generated from a token file or taken from a passwordlist as
described above). You must also specify the types of typos you’d like it to
generate, and it goes through all possible combinations for you (including the no-
typos-present possibility). Here is a summary of the basic types of typos along
with the command-line options which enable each:
Here are some additional types of typos that require a bit more explanation:
Even when `--typos` is greater than 1, `--typos-insert` will not normally try
inserting multiple copies of the string at the same position. For example, with `--
typos 2 --typos-insert Z` specified, guesses such as `CaiZro` and `CZairoZ` are
tried, but `CaiZZro` is not. You can change this by using `--max-adjacent-inserts
#` with a number greater than 1.
. ,/;
; [‘/.
In this example, *btcrecover* will try replacing each `.` with one of the three
punctuation marks which follow the spaces on the same line, and it will try
replacing each `;` with one of the four punctuation marks which follow it.
This feature can be used for more than just typos. If for example you’re a fan
of “1337” (leet) speak in your passwords, you could create a typos-map along these
lines:
aA @
sS $5
oO 0
This would try replacing instances of `a` or `A` with `@`, instances of `s` or
`S` with either a `$` or a `5`, etc., up to the maximum number of typos specified
with the `--typos #` option. For example, if the token file contained the token
`Passwords`, and if you specified `--typos 3`, `P@55words` and `Pa$sword5` would
both be tried because they each have three or fewer typos/replacements, but `P@$
$w0rd5` with its 5 typos would not be tried.
The *btcrecover* package includes a few typos-map example files in the `typos`
directory. You can read more about them in the [Typos Quick Start Guide]
(docs/Typos_Quick_Start_Guide.md#typos-maps).
As described above, the `--typos #` command-line option limits the total number of
typos, regardless of type, that will ever be applied to a single guess. You can
also set limits which are only applied to specific types of typos. For each of the
`--typos-xxxx` command-line options above there is a corresponding `--max-typos-
xxxx #` option.
## Autosave ##
If interrupted, you can restart testing by either running it with the exact same
options, or by providing this option and nothing else: `--restore savefile`.
*btcrecover* will then begin testing exactly where it had left off. (Note that the
token file, as well as the typos-map file, if used, must still be present and must
be unmodified for this to work. If they are not present or if they’ve been changed,
*btcrecover* will refuse to start.)
The autosave feature is not currently supported with passwordlists, only with token
files.
If you need to interrupt *btcrecover* in the middle of testing, you can do so with
Ctrl-C (hold down the Ctrl key and press C) and it will respond with a message such
this and then it will exit:
If you didn't have the autosave feature enabled, you can still manually start
testing where you left off. You need to start *btcrecover* with the *exact same*
token file or passwordlist, typos-map file (if you were using one), and command-
line options plus one extra option, `--skip 357449`, and it will start up right
where it had left off.
## Unicode Support ##
Please note that all input to and output from *btcrecover* must be UTF-8 encoded
(either with or without a Byte Order Mark, or "BOM"), so be sure to change the
Encoding to UTF-8 when you save any text files. For example in Windows Notepad, the
file *Encoding* setting is right next to the *Save* button in the *File* -> *Save
As...* dialog.
On Windows (but usually not on Linux or OS X), you may have trouble if any of the
command line options you need to use contain any non-ASCII characters. Usually, if
it displays in the command prompt window correctly when you type it in, it will
work correctly with `btcrecover.py`. If it doesn't display correctly, please read
the section describing how to put [command-line options inside the tokens file]
(#command-line-options-inside-the-tokens-file).
Also on Windows (but usually not on Linux or OS X), if your password is found it
may not be displayed correctly in the command prompt window. Here is an example of
what an incorrect output might look like:
As you can see, the Windows command prompt was incapable of rendering some of the
characters (and they were replaced with `?` characters). To view the password that
was found, copy and paste the `HTML encoded` line into a text file, and save it
with a name that ends with `.html` instead of the usual `.txt`. Double-click the
new `.html` file and it will open in your web browser to display the correct
password:
## Running *btcrecover* ##
(Also see the [Quick Start](#quick-start) section.) After you've installed all of
the requirements (above) and have downloaded the latest version:
cd Downloads\btcrecover-master
C:\python27\python btcrecover.py --wallet wallet.dat --tokenlist
tokens.txt [other-options...]
* *OS X*: Open a terminal window (open the Launchpad and search for
"terminal"), and type in the two lines below.
cd Downloads/btcrecover-master
python btcrecover.py --wallet wallet.dat --tokenlist tokens.txt [other-
options...]
After a short delay, *btcrecover* should begin testing passwords and will display a
progress bar and an ETA as shown below. If it appears to be stuck just counting
upwards with the message `Counting passwords ...` and no progress bar, please read
the [Memory limitations](docs/Limitations_and_Caveats.md#memory) section. If that
doesn't help, then you've probably chosen too many tokens or typos to test
resulting in more combinations than your system can handle (although the [`--max-
tokens`](#token-counts) option may be able to help).
If one of the combinations is the correct password for the wallet, the password
will eventually be displayed and *btcrecover* will stop running:
If all of the password combinations are tried, and none of them were correct for
the wallet, this message will be dislayed instead:
Running `btcrecover.py` with the `--help` option will give you a summary of all of
the available command-line options, most of which are described in the sections
above.
If you'd just like to test your token file and/or chosen typos, you can use the `--
listpass` option in place of the `--wallet FILE` option as demonstrated below.
*btcrecover* will then list out all the passwords to the screen instead of actually
testing them against a wallet file. This can also be useful if you have another
tool which can test some other type of wallet, and is capable of taking a list of
passwords to test from *btcrecover*. Because this option can generate so much
output, you may want only use it with short token files and few typo options.
C:\python27\python btcrecover.py --listpass --tokenlist tokens.txt | more
The `| more` at the end (the `|` symbol is a shifted `\` backslash) will introduce
a pause after each screenful of passwords.
%appdata%\MultiBit\multibit-data\key-backup
The key files have names which look like `walletname-20140407200743.key`. If you've
created additional wallets, their `key-backup` directories will be located
elsewhere and it's up to you to locate them. Once you have, choose the most recent
`.key` file and copy it into the directory containing `btcrecover.py` for it to
use.
For more details on locating your MultiBit private key backup files, see:
<https://www.multibit.org/en/help/v0.5/help_fileDescriptions.html>
Bitcoin Wallet for Android/BlackBerry has a *spending PIN* feature which can
optionally be enabled. If you lose your spending PIN, you can use *btcrecover* to
try to recover it.
1. Open the Bitcoin Wallet app, press the menu button, and choose Safety.
2. Choose *Back up wallet*.
3. Type in a password to protect your wallet backup file, and press OK. You'll
need to remember this password for later.
4. Press the Archive button in the lower-right corner.
5. Select a method of sharing the wallet backup file with your PC, for example you
might choose Gmail or perhaps Drive.
This wallet backup file, once saved to your PC, can be used just like any other
wallet file in *btcrecover* with one important exception: when you run
*btcrecover*, you **must** add the `--android-pin` option. When you do,
*btcrecover* will ask you for your backup password (from step 3), and then it will
try to recover the spending PIN.
Because PINs usually just contain digits, your token file will usually just contain
something like this (for PINs of up to 6 digits for example): `%1,6d`. (See the
section on [Wildcards](#expanding-wildcards) for more details.)
Note that if you don't include the `--android-pin` option, *btcrecover* will try to
recover the backup password instead.
Some [BIP-39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki)
compliant wallets offer a feature to add a “BIP-39” or “plausible deniability”
passphrase to your seed (mnemonic), most notably the TREZOR hardware wallet. (Note
that most hardware wallets also offer a PIN feature which is not supported by
*btcrecover*.)
If you know your seed, but don't remember this passphrase, *btcrecover* may be able
to help. You will also need to know either:
1. Preferably your master public key / “xpub” (for the *first* account in your
wallet, if it supports multiple accounts), *or*
2. a receiving address that was generated by your wallet (in its first account),
along with a good estimate of how many addresses you created before the receiving
address you'd like to use.
Once you have this information, run *btcrecover* normally, except that *instead* of
providing a wallet file on the command line as described above with the `--wallet
wallet.dat` option, use the `--bip39` option, e.g.:
If you have an Ethereum seed, also add the `--wallet-type ethereum` option. When
you run this, you will be prompted for your master public key (or your address),
and your seed.
**Note** that *btcrecover* assumes your wallet software is using both the BIP-39
the BIP-44 standards. If your wallet is not strictly complaint with these
standards, *btcrecover* will probably not work correctly to find your passphrase.
It may be possible to use the `--bip32-path` option to work correctly with a wallet
using different standards—feel free to open an [issue on GitHub]
(https://github.com/gurnec/btcrecover/issues/new) if you're unsure of your wallet's
compatibility with *btcrecover*.
*btcrecover* includes experimental support for using one or more graphics cards or
dedicated accelerator cards to increase search performance. This can offer on the
order of *100x* better performance with Bitcoin Unlimited/Classic/XT/Core or
Litecoin-Qt wallets when enabled and correctly tuned. With Armory (which uses a
GPU-resistant key derivation function), this can offer a modest improvement of 2x -
5x.
If you'd prefer, you can also place command-line options directly inside the
`tokens.txt` file. In order to do this, the very first line of the tokens file must
begin with exactly `#--`, and the rest of this line (and only this line) is
interpreted as additional command-line options. For example, here's a tokens file
which enables autosave, pause-before-exit, and one type of typo:
Although this software is unlikely to harm any wallet files, **you are strongly
encouraged to only run it with copies of your wallets**. In particular, this
software is distributed **WITHOUT ANY WARRANTY**; please see the accompanying GPLv2
licensing terms for more details.
Because this software is beta software, and also because it interacts with other
beta software, it’s entirely possible that it may fail to find a password which
it’s been correctly configure by you to find.
This program is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this
program. If not, see http://www.gnu.org/licenses/