_{img src}

Tonight I had in mind to move some funds in Bitcoin that I hadn't touched since early 2017.

I originally used a passphrase to secure my private key and with immense terror tonight I found out that the passphrase was not working!!

For those of you who don't know, if you lose your bitcoin private key or your passphrase, your funds are lost forever. That's how encryption works and nowadays almost 4 million bitcoin are lost forever because of this.

If you lose your private key trying to brute force it is nearly impossible with nowadays technologies and
trying to brute force a passphrase from scratch (ie. completely forgotten) it's gonna be a tough job and depends on how complex it is (ie. strong password).

As you may imagine, when I found out that the passphrase I stored was trying to use to import my funds was not working, I think pretty much half of my hair became grey and my life span shortened by 10 years 🙈

At first, I spent almost 2 hours trying different variations of my passphrase, double checking the private key and trying to think whether a part of it was missing and what it could have been.

I then ended up writing a script to try different variations of the same passphrase simulating likely typos. I'm going to share it with you at the end of this post, hoping that it can help someone else in the situation I was in.

I executed my script with almost 1000 different variations of my passphrase and, since according to my calculations it was going to take about 50 minutes, I laid on the bed without even looking at the monitor and hoping for a miracle.

I thought that maybe it was karma, I had a fight with my wife earlier and I was probably wrong and should be the one to apologize tomorrow when she wakes up. I reflected a bit on my life and promised myself to improve in some areas. After all these thoughts I also promised myself that if I found the correct passphrase I would have sent $ 1,000 to a charity. It just seemed fair.

I had been laying on my bed for a while already, I think the script had been running for about 20 minutes. Suddenly something came to my mind. Since I used my own encoding for the bip38 encoded private key (lol, paranoid much?), I thought.. maybe I used the same encoding for my passphrase too?? 🤔🤔 worth a shot..
It was not in my notes so I didn't expect it to work. And instead.. IT DID!! I jumped up from my desk and started celebrating! 🥳🎉

So now I'm going to keep my word. I explained what happened to my family and asked them already if they have a charity to recommend. They haven't replied yet so I'm going to ask here too. Put in the comments some good recommendations and I will pick one in the next couple days. I'll attach proof of my transfer both in case I go with one my family recommends or one you guys suggest.

Alright, now it's past 6am now so I'm finally going to sleep (like a baby).. 🙈

Take care everyone, and keep your keys safe. I hope this is a lesson for someone else too!

---

---

_{img src}

In case you'll find yourself in a similar situation, here is how I was brute forcing my passphrase with minor variations to it to simulate typos:

1. Open https://bitaddress.org. It's safe but if you're concerned you can even disconnect your internet while you try to decrypt your wallet. (if you are the paranoid type you can even use a temporary virtual machine and if you are willing to spend a little bit more time on it, clone their github and run their site locally).

2. On bitaddress.org navigate to Wallet Details (there you can decrypt a bip38 encoded private key). Eg. paper wallets.

3. Open Chrome Dev Tools (Ctrl + Shift + J on Linux/Windows and Cmd + Opt + J on Mac).

4. Paste this code snippet in the Console:

var key = '6PnRyourprivatekey123yourprivatekeysfQHu';
document.getElementById('detailprivkey').value = key;

var typos = [
  'my passsphrases with typos',
  // PASTE YOUR PASSPHRASES HERE

];

var original = alert;
alert = () => {}; // disables alerts

var foundAddress = () => !!document.getElementById('detailaddresscomp').innerText;

var nap = ms => new Promise(res => setTimeout(res, ms));

var waitForSpinnerDisappear = async () => {
  while (true) {
    const busyblock = document.getElementById('busyblock');
    const isBusy = busyblock.classList.contains('busy');
    if (isBusy) await nap(100);
    else { break; }
  }
};

// Iterates through possible passphrases
for (var id = 0; id < typos.length; id++) {
  console.log(new Date(), '- Attempt', id + 1, ' of ' + typos.length + ' -> ', typos[id]);
  // enters passphrase variation
  document.getElementById('detailprivkeypassphrase').value = typos[id];
  // clicks on decrypt buttton
  document.getElementById('detailbip38decryptbutton').click();

  // waits for the spinner to disappear
  await waitForSpinnerDisappear();
  await nap(500);

  // checks whether the passphrase worked
  if (foundAddress()) {
    console.log('Thank god!! Send some BTC to a charity!!');
    break;
  }
}

1. Change the value of the variable in the first line (var key = '';) with your private key. This will not leave you machine at all.

2. Navigate to a keyword generator like http://tools.seobook.com/spelling/keywords-typos.cgi and enter what you thought your passphrase was (you need to be pretty sure as these sites will only do minor variations to it). For this specific site click all the checkboxes for: Skip letter, Double letters, Skip spaces, Missed key and Inserted key. I suggest not adding Reverse letters as that's less common but up to you.
   Based on the length of your passphrase you'll get hundreds of results. Copy them in an editor (eg. Atom) and just wrap each result with single quotes and a final comma for each line.
   Eg.
   site result 1
   site result 2
   ...becomes:
   'site result 1',
   'site result 2',
   Trick: in Atom you can select and space at the end of the first line and keep ctrl + D pressed in order to have a cursor on each line and add quotes and comma in seconds. You can also easily see how many passphrases were generating checking the line number of the last entry in the bottom left corner.

3. copy and paste the list of variations of your passphrase in my code snipped where it says "// PASTE YOUR PASSPHRASES HERE".

4. Press enter! 🤞🤞🍀🍀

Using this script it takes about 6 seconds for each attempt so based on how many variations of you passphrase you are testing that's your wait time.

Good luck!!!