Add ability to limit BIP39 words tested

[3rdIteration]

Add ability to use the tool in the situation where someone has scrambled their seed phrase.

Isn't practical for 24 word seeds, but very do-able for 12 word seeds.

[geeezer9]

amazing

[diegopau]

@3rdIteration would there be a way to say which words you are 100% sure of their position? my specific situation (maybe too specific... but maybe some other people out there are in similar situation):

• It is a seed with 24 words
• I know all the words that are in even positions and I am sure of their position, so that's 12 words for which there is not combinations to try.
• I have a vague idea of the other 12 words: when looking at the 2048 BIP39 words dictionary I managed to reduce it to around 100 words because I am sure the other 1948 words were not in the seed, that's just because in the past I memorized those 12 words even if now I forgot.
• For other 12 words I also have a vague idea of their position, so it is likely that I get right 6 or 7.

So all together maybe it gives a number of combinations that possible to compute in a reasonable time? for that I would need to be able to first reduce the number of dictionary words to 100 and then to tell the software which words/positions I am sure of.

Thank you

[3rdIteration]

Basically the approach that I am going with is going to re-use the existing functionality and syntax from the TokenList functionality that is currently used with passwords.

What that means is that you can have "anchors" for words where you know their position.

In terms of working out what is do-able, it comes down to working out how many permutations exist for a given set of possibilities. For reference, if you have a 24 word seed, know which 24 words you are after but don't know the positions there are still 24! (24 factorial) so about 6.2e+23 options, not really brute-forcible using these tools. If you work it out, you will see that there are very large number of possible permutations with 100 words making up half of the seed (12 words)... Basically you will need more than a vague idea about half of it.

Once I merge this change, I will do a short YouTube video which will look at some of the realistic limits for what it can do with longer seeds.

[diegopau]

Great, the implementation sounds like it will be exactly what I need. Then... as you said, maybe still my possibilities are low if the number of combinations go too high, the problem with memory is that maybe I think I remember more than I actually do. But if memory didn't fail too much I should really have around total of 20 words that I know for sure they are there and around 16-18 positions that I know for sure with a bit more than zero knowledge about the other positions. I don't know. It might work. Thank you for your reply, looking forward to it

[giantmonster]

I'm looking for the python3 seed recovery release method to allow me to use token.txt instead of the general dictionary approach. I've used special characters and odd spellings in my legacy bitcoin seed phrase. This is in the works?

[fran2k]

What´s your benchmark on this permutation? I want to know how many words can I sort if I know the correct ones but don´t know the order. I understand 12! is solvable, but I want to know how far away we are from a 18 words unsorted seed.

[3rdIteration]

Added initial support for this in the latest commit to the python3 branch. abaaa65

Documentation for installing the python3 branch has also had an update, but may still have a few errors here or there. Will have a YouTube video that demonstrates this feature out in a few days.

[3rdIteration]

What´s your benchmark on this permutation? I want to know how many words can I sort if I know the correct ones but don´t know the order. I understand 12! is solvable, but I want to know how far away we are from a 18 words unsorted seed.

Basically you can assume that a middle of the road CPU can test about 2 billion seeds per day. Running the full test for all possible seeds on a 12 word seed will therefore take about 5 hours.

We are dealing with exponential growth here, so a 13 word seed would take almost 3 days days, 14 words 1.5 months, 15 words over a year, etc... (So 15 words would be what I would consider to be the limit if you threw a 48 core CPU at it. could knock it over in a few months) 18 words would still take thousands of years. (And won't really be workable without having this tool use a GPU)

[rem0g]

Thank you, would it be possible to use GPU acceleration or --performance with --tokenlist? As per your calculation i'm more obliged to use GPU But i'm getting this:

seedrecover.py: error: --performance cannot be used with --tokenlist or --passwordlist

And Seedrecover.py doesnt recognize enable-gpu. Apparently only btcrecover.py supports this as of https://github.com/gurnec/btcrecover/blob/master/docs/GPU_Acceleration.md

[3rdIteration]

GPU acceleration for other wallet types is certainly something that I will look at. The other thing is that it does scale well with CPU cores, so it may be something that a 224 vCPU Google cloud VM could be useful for. (depending on how much you are looking to recover)

The reality is that GPU performance may be a 100-1000x performance increase, so the question is whether that will be enough for your scenario.

Electrum seeds can be brute-forced at about 550 k P/s, BIP39 seeds at about 160 k P/s (k P/s = thousands of passwords per second) on a 48 core Linode instance, so you can work out what is workable as an upper limit with a 100x performance increase.

[3rdIteration]

Implemented and works. Guide on how to use it here: https://youtu.be/ruSF8OKwBRk