Another Lost Bitcoin Wallet Story

Published: 2021-12-14

Tagged: hacking

In 2014, Bitcoin was emerging into the mainstream. People were doing funny things like producing physical coins or setting up BTC ATMs. Expecting that this was the moment the world turns into a Neal Stephenson novel, preferably The Diamond Age, I acquired a wallet and some bitcoin.

I used it twice. The first time to pay back my buddy for lunch when I forgot my wallet. The last time to donate to some open source project. It was all very underwhelming, so I soon forgot all about it. Until a few days ago.

I began preparing my trusty ol' Thinkpad T420 for sale. I haven't used it since 2017 or so I wanted to give it one last pass before wiping the drive. (Or maybe it was just nostalgia). Upon booting it up, I discovered that it was still running an Electrum wallet, wherein I discovered a few 2014 dollars worth of BTC. In today's terms, it was about one and a half months of my NYC rent.

The problem?

(Of course there's a problem!)

I had forgotten the password. No password, no rent.

But! 2014-me had been in a similar pickle and 2014-me, devious creature, had found, copied, and modified a Ruby script that submitted combinations of hand-picked tokens to the wallet until one of them turned out to the right password.

This would be the end of the story if that just worked, but course it didn't. Technology changes and what I actually had was a Ruby script that was too old to run and a version of the wallet that didn't accept the flags the script was passing to it.

This would take patience, but some quick arithmetic told me that ROI would be worth it.

So, my first step was to find the right version of the Electrum wallet. A quick search pointed me at a github repository with its source code. That was lucky--it meant I had access to every little change, every version of the software. What's more, it was all written in Python, a language and ecosystem I've spent a few years with, making my investigation much easier.

I cloned the repository and began to sift through git tags, eventually capping my search at about two dozen versions spanning 2014 and 2015. Then, using git log -S, I listed all the commits that included the flag that was giving me trouble. That left maybe a dozen versions.

At this point, I could have spent time analyzing the code, but I opted for a brute-force approach: I created a bunch of python virtual environments (thanks pyenv!) and installed all the versions. Most of them didn't even want to start because of dependencies too old to install without more effort, but a few did and even read my wallet files.

Now, I needed to get that Ruby script running. If I couldn't, I would just translate it into Python or Go, but that introduced new risks and would have cost more time. To my surprise, I discovered that RVM, the ruby version manager that I haven't used since about 2014, was still around. But when I tried to install Rubyies from 2014, they all failed because my system's openssl was too new. I had just spent a day setting up my new Thinkpad (T14 gen 2 AMD :finger-guns:) so I did not want to fuck around with my system. I could either use virtual machines to run older ubuntu versions or... I could trust my luck again and see if the earliest working version of Ruby would happen to be compatible with the script.

And it worked! A few seconds after kicking it off, the password showed up in my terminal.

Success!

...or so I thought.

The version of the Electrum wallet that allowed me to get that password was too old to sync with any bitcoin servers, preventing me from actually doing anything with my newly-recovered BTC.

Back to git and virtual environments. It took a few git checkout and pip install . until I hit a version that both read my wallet file and synced with the servers, allowing me to finally transfer that BTC to a new, working wallet.

And that's how two hours of educated-guessing, I got 2014-me to cover my next rent payment.