I freelance for wallet recovery services. Sometimes they have something they can't figure out, and they present the problem to me. Often this also involves me talking with the customer and doing sleuthing etc.

When I can't figure something out, just in case, I'll go to forums/social media and ask around. When I do that, I always say "my friend asked me for X and Y", because i don't think anybody cares about the details of exactly why I need help...

In this case, after investigating, it turns out the customer's story about a 10 year old iphone is bullshit, and his private key can easily be found just through Googling. Apparently this is pretty common, if you run a wallet recovery service, people will frequentely contact you with keys they found randomly on the internet, pretending they are theirs, asking you for help with getting them to work.

Not if you think about how the wallet would work.

If the wallet does not store the WIF key (5f...) but instead stores the "raw" private key bytes in a file (flash), and *only* when it is asked to display it, it generates the WiF format, then this would completely make sense.

Also, it's possible it's stored as a WiF "object", with the prefix, key, and checksum, each stored as separate "properties" of an object.

Lots of options here that would keep the private key separate and would allow it to get independently corrupted.

Looking at the other comments though, looks like that's not what's going on here, but thanks for the comment.

I did email them and have not gotten an answer yet, yes.

Thanks for the reply!

A friend had Bitcoin stored on an old iPhone (back from 2012), in an app called «Bitwallet» (by Sollico software).

But when they tried to transfer it out, it complained about the key being "neither a compressed or uncompressed key".

No software would take the private key in (tried a dozen), and trying a WiF decoder showed it's invalid (even though it "looks" right, starts with 5K, right length, etc).

So I decoded it using a small nodejs script, and what I found is a key where 15 of the bytes are FF.

Something like :

80 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff etc... <15 real bytes, kept secret, presumably valid> <checksum>

So my guess here would be that somehow the flash on the iphone got corrupted, and half the key is missing.

Does that make sense, or am I missing something, and a key with half of it being ffff makes sense in some way I couldn't find?

We also have the public key/address. So what we have (if I get this right) is the public address, half the private key, and the checksum.

Any reasonable way to get to the coins with this?

This is like around 128bits of entropy, which doesn't sound like it can be cracked, but could the checksum and public address help in some way?

Any other ideas of what to do? There's 3 BTC on there.

Thanks in advance for any ideas.

Did you ever solve this? I'm helping somebody with something very similar and might be able to help.

wolf.arthur@gmail.com

I doubt anyone is still looking into this, but just in case:

I recently coded a tool for this problem for somebody else, so I could help anyone in this situation. Just ask here or in PM.

I'm helping a friend with a Bitcoin mystery he's been trying to figure out for a year or so.

He discovered a list of 85 words on a sheet of paper, and he remembers little about it, except that:

* Some of the 85 words lead to Bitcoin (and the others are camouflage)
* The words are in order (order was preserved when jumbling)
* The words might not be consecutive (words might have been inserted between the words of the original sentence)
* He set up and provisioned the wallet end of July of 2012

We first suspected that he might have used https://www.bitaddress.org to convert a series of words into a private key (and address), and then "hid" his series of words in the larger list.

So I coded a tool to bruteforce this. All HTML/Js so he could run it easily on an air-gapped computer:

https://i.imgur.com/q67Oxrx.png

It generates sentences of increasing lengths from samples of the 85 words of increasing size, testing all combinations.

It tests the generated public keys against all public addresses of July and August 2012 (as well as all addresses with around the same amount as his wallet is supposed to have), and displays a match if it's found (this was tested with a dummy 07-2022 wallet with some sats in it, with the seed/sentence jumbled in the same way, and it found it).

But running this against his 85 words, nothing is found.

And recently, we discovered (from archive.org) that BitAddress only added the ability to generate keys based on specified strings of characters in August 2012 (so at least a week after his wallet was created). Before that it only did random keys, so there wouldn't have been a list of words.

Both the bruteforce's failure and this discovery should disqualify BitAddress, we **think**.

So if not BitAddress, then what?

Some people on Reddit suggested Blockchain.info (now blockchain.com)

He contacted blockchain.info, and they don't have any of his email addresses (some of which the host of died anyway) on record, so no go there.

Back in July 2012, they had an option to create "brain wallets", and when you created such a wallet, they would give you a "seed" (a phrase) like we have.
That phrase was a "password recovery" phrase: You could use it to get your password back (not from them, with math). Later in 2013 they made it so this recovered the username also, but our phrase is from earlier than that.

So even if we find the password by bruteforcing, aren't we just stuck if we don't have the username?
That's where something special about the 85 words comes in:

All 85 words are english words (and part of the "v3" list in blockchain.com's source code we found on archive.org for July 2012), **except for two of them**.

Two words are different, special, they are the same length, and they have random characters, including special characters. They look like passwords, or maybe usernames.

So, our guess (and only hope really) is that one of these two words are the username (and some of the rest of the 85 words can be used to recover the associated password.

So I wrote another bruteforce tool:

https://i.imgur.com/xpIj9Fw.png

It's pretty straightforward, it does the same kind of combination brute forcing to find sequences of words in order but not necessarily adjacent (though it also tests that possibility).

It tests them against the code from blockchain.info, checking if the checksum matches, and if it does, it shows the password. I created a "dummy" seed to test it against, and it does find the password (and a few false positives, the checksum isn't very strict).

My friend hasn't been able to run this one tool yet due to technical issues on their end, but it should happen soon.

Question.

I'm coming to this community for help: I found two possibilities for where these words could come from: bitaddress and blockchain.info.

Are there other possibilities you know of for that time?

Do you have any comments on what I have done so far? Anything I could have missed? Any idea of where to look and what to do?

Maybe a tutorial popular on the net or this forum they might have followed at that time? Anything.

Any help would be extremely appreciated (and if we do find coins, though the wallet isn't supposed to contain much, we'd still reward anyone who would have helped along the way).

Thanks to you all for your time!