How to recover a lost Bitcoin wallet.dat password with non English characters.

KeychainX
KeychainX
Aug 9 · 4 min read
Image for post
Image for post

An old client of ours got back recently asking if we could help him recover a lost password to Bitcoin core wallet file called wallet.dat.

He believed he had the password correctly written down and did not understand why the password did not work anymore.

We received a list of possible hints, the wallet file and agreed on a fixed fee if we managed to recover his coins. The fee is usually a cut of whatever is inside the wallet and we never charge anything upfront.

The first thing that struck us was that some of the password hints were non UTF-8 characters not available in several language or keyboard layouts. This complicated things as recovering a password requires you to setup a specific set of characters. The bigger space of characters, the longer it takes to recover the password.

Depending on your operating system (Unix, OSX or Windows) those characters behave differently AND the password looks different.

Our approach would need either to create custom character sets (in hex format) or simply do several language setups.

Image for post
Image for post

After examining the hints we separated the parts which would include foreign characters with the rest of the password.

All the password hints were 15 characters or longer so there was little hope with could dry run a massive brute force. It would not be feasible.

A wallet.dat wallet uses double encryption using AES-256-CBS and SHA-512. This type of encryption is very slow and even with a custom GPU rig with 9 GTX 1080 Ti cards there is only 50.000 Hashes per second. Since the password is using 5000 thousand rounds of encryption, in reality you are trying 10 passwords per second. Meaning a password with a length of 15 plus characters using Upper/lower case, numbers, special and foreign characters would be impossible to crack using brute force in a lifetime.

We started with extracting the hash of the wallet with a custom python script. The hash is an encrypted representation of the password that is later used to feed the password cracking software.

We wrote a custom script which split up the password in known parts and added random parts where we saw there were variations.

The next step was to add multiple language characters and special characters not visible on the keyboard layout.

HINTS PART 1 + HINTS PART 2 + HINTS PART 3 + RANDOM FOREIGN CHARACTER + SPECIAL CHARACTER

Basically the schematics looked like this. Three different hint parts, random foreign character and one special character.

As impossible as it looked, we ran the script. Weeks passed. Months passed. Meanwhile the price of Bitcoin doubled. The client asked how long before we open the wallet, as he was really eager to open it. But we saw no end in sight after three months.

Then while working on another wallet with Cyrillic characters, and by recovering that password, we discovered a new pattern we could apply on our wallet.dat file. It required a complete new setup using only HEX numbers for the character set, those would be the same with different password languages.

We changed the algorithm accordingly.

The next morning as we entered the office and checked on the servers, it was surprisingly working on a different wallet that would mean two things. Either there was an error or the password was found and it jumped to the next task. (We have backlog with non-cracked wallets that the idle servers always go back to after a successful recovery).

We checked the pot file which is storing found password hashes into a specific file, and there was our hash. But the password was really strange, with two totally random characters.

Entering the password as it looked inside the pot file would not unlock the wallet. We contacted the owner and asked what language setup he was using. We changed our windows box language accordingly and BOOM, it converted the password with a non English character in the middle.

The Bitcoin core software recognized the password this time and we were able to unlock the lost funds. It was 17 characters log, Upper/Lower case, special chacters and non-english characters…

Image for post
Image for post

Lesson learned: Foreign characters behave differently on different computers if the language differs. A Russian password may be decoded differently on a computer setup with German language and may not unlock the wallet. Do NOT only write the password down, but also some information about the operating system version and language setup.

Disclaimer! This article was written by Robert Rhodin, the CEO of Wallet Recovery Service KEYCHAINX LLC, based in California USA. To read more about our company visit https://keychainx.io or send us an email to keychainx@protonmail.com if you need to talk about password recovery.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store