Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Electrum
Re: Seeking solutions to a 12 year old Electrum wallet mystery
by
apogio
on 03/03/2024, 08:45:40 UTC
Quote from: nc50lc on Today at 06:39:32 AM
For older versions, he can look for a specific commit in GitHub and browse the repository at that point.

For example; from initial commit onwards: github.com/spesmilo/electrum/commits/master?after=bdbd59300fbd35b01605e66145458e5f396108e8+14035
By clicking "<>" (Browse repository at this point), you can get to the source code at that time to try to run it with old version of Python. (only useful if the seed is complete)
For example; v0.31: github.com/spesmilo/electrum/tree/eaedbae083529fc12044ecfb5b0b613c32c70691

Great! However, if we know how the seed phrase generation worked back then, we could implement a solution to brute force the missing words. The problem is, I am not aware of the way the used to generate the seed phrases from the entropy.

IF (and ONLY IF) it's a BIP39:
The algorithm is:
1. ENT = generate random bits as the entropy (128 bits)
2. B = parse ENT in SHA256
3. CHECK = retrieve the first 4 bits from B
4. FINAL = ENT + CHECK (appended)
5. MNEMONIC = split FINAL into 12 segments of 11 bits each. Convert the 11 bit numbers into decimals. Go to BIP39 wordlist and find in the words in the corresponding decimal places.

So if you wanted to bruteforce it, you could theoretically brute force the missing bits.

Let's move backwards, shall we?

So since you have some of the words, you have something like this:
MNEMONIC = [WORD 1] [WORD 2] [XXXXX] [XXXXX] [XXXXX] [XXXXX] [WORD 7] [WORD 8] [WORD 9] [WORD 10] [WORD 11] [WORD 12]

So, if you find the words in BIP39 word list and get their decimal numbers, then you can convert the decimals to binaries and you will have something like this:
FINAL = [10011001110] [01011111101] [XXXXXXXXXXX] [XXXXXXXXXXX] [XXXXXXXXXXX] [XXXXXXXXXXX] [00000000111] [00110010111] [00011000000] [00000000111] [00111100111] [11000010101]

So, now you can split the FINAL variable into ENT + CHECK (4 bits). It should look like this:
FINAL = ENT + CHECK
FINAL = ENT + [0101]
FINAL = [10011001110] [01011111101]  [XXXXXXXXXXX] [XXXXXXXXXXX] [XXXXXXXXXXX] [XXXXXXXXXXX] [00000000111] [00110010111] [00011000000] [00000000111] [00111100111] [1100001] + [0101]

So, now the difficult part...

1. You must generate random bits for all the places where you have an X and parse the whole ENT through SHA256.
2. Then you must take the first 4 bits of the result and check if they are [0101]. Be careful! You will get more than one sequence that starts with 0101. But you will have a much narrower space to search into.
3. Then for every binary sequence that produces the correct checksum, you must produce the mnemonic again and try it to see if it produces your wallet.


If it's Electrum's seed, I will leave it to someone more knowledgeable than me.