I'm currently struggling to understand how to bruteforce my possible passphrases. Simply adding them to tokenlist and changing --mnemonic-length to 13 didn't work.
You can't do that, it won't work like you tried, because the UTF-8 normalized mnemonic recovery words are fed with the mnemonic passphrase (in the form "mnemonic" plus normalized optional passphrase) as kind of salt into the PBKDF2 w/ HMAC-SHA512 2048 iterations.
See here for more details on how to attack optional BIP39 passphrases:
https://github.com/3rdIteration/btcrecover/blob/master/docs/TUTORIAL.md#bip-39-passphrases--electrum-extra-wordsYou will have a hard time if you're not sure about your derivation path. You think you know a few candidates, BUT an attack on the optional BIP39 passphrase would have to be executed for every derivation path candidate seperately.
Too man fuzzy variables are a pain in the ass.