I have a 12 word mnemonic but I'm unsure of the order, I know that the BIP39 mnemonics use a checksum, are there any tools I can use to re-order the 12 words correctly so that they pass the checksum?
Asked
Active
Viewed 2,938 times
1
Pieter Wuille
- 98,249
- 9
- 183
- 287
theintellects
- 111
- 1
- 2
-
Is the checksum used for fixing the order or just for fixing typos / eliminating similar looking words? – Sergei Tikhomirov Dec 07 '17 at 17:24
-
@SergeiTikhomirov typos fixed by words being distant enough from each other. I would say check sums are for fixing order, mostly. – Moonwalker Jan 03 '23 at 21:38
3 Answers
2
The bitcoin-explorer (bx) command at mnemonic-to-seed throws exceptions if the checksums don't don't add up.
When you find combinations of BIP 39 words that pass checksum tests, then perform an operation like this to identify Bitcoin compressed Bitcoin addresses that might have funds:
% echo "bunker wreck real edge inflict aerobic buddy mercy divorce wolf bright immune fat foot poet section sustain reveal unique reflect have latin problem chapter" | bx mnemonic-to-seed -p 123 | bx hd-new | bx hd-private -d -i 44 | bx hd-private -d -i 0 | bx hd-private -d -i 0 | bx hd-public -i 0 | bx hd-public -i 0 | bx hd-to-ec | bx ec-to-address -v 0
1Ec2nBkUMSQmmhxWeXMB98gFVCKTmHbRJb
Then examine the results of https://blockchain.info/address/1Ec2nBkUMSQmmhxWeXMB98gFVCKTmHbRJb to see if there was ever any wallet activity for M/44'/0'/0'/0/0.
This approach for older BIP 44 P2PKH addresses can be automated with scripts. This approach can also be extended to accommodate newer segwit-related BIP 49 P2WPKH-nested-in-P2SH addresses that begin with the number 3. The basis for doing so is provided below.
% echo "bunker wreck real edge inflict aerobic buddy mercy divorce wolf bright immune fat foot poet section sustain reveal unique reflect have latin problem chapter" | bx mnemonic-to-seed -p 123 | bx hd-new | bx hd-private -d -i 49 | bx hd-private -d -i 0 | bx hd-private -d -i 0 | bx hd-private -i 0 | bx hd-private -i 0 | bx hd-to-ec | bx ec-to-public | bx bitcoin160
351d3fffea471eb3740a5661cf059b5eb73483dd
% echo "0 [351d3fffea471eb3740a5661cf059b5eb73483dd]" | bx script-to-address -v 5
35QwHbjUTo31tyTJruMPbrokCqjaTVdmTr
skaht
- 3,017
- 1
- 12
- 23
-
As I implied in my answer, I don't see anything in BIP39 that would imply that the order of the words is checksummed. Can you be more specific about "checksums don't add up" or "pass checksum tests"? If I'm right, the only way to test word order is the blockchain.info test with bx's output that you specified, or the input-into-HD-wallet test that I mentioned. Thanks for any insight... – brec Dec 07 '17 at 19:01
-
Proper behavior: % bx mnemonic-to-seed --language en rebel genius lunar mosquito pupil toilet web machine make stumble wear identify **bc1dc4505b7c258cd7a140d8ccc14d6a5bcd5313ad4c132d3db089e69845ae95a5bd43d43194a12036acf46a9a78c1f3a86d40f7cab8a0d6789365c5ab1497e7** Exception thrown: % bx mnemonic-to-seed --language en rebel genius lunar mosquito pupil toilet web machine make stumble wear wear **The specified words are not a valid mnemonic in the specified dictionary.** – skaht Dec 07 '17 at 19:10
-
At least one of those words, "en", is not on the BIP39 word list, so that would generate a "not a valid mnemonic" exception; I believe a count of 14 words would also. What I'm inquiring about is an exception generated by an incorrect word ordering. – brec Dec 07 '17 at 19:18
-
That tells one that a bad combination of BIP 39 words were grouped together. Read https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-mnemonic-to-seed to see what the **en** argument does. – skaht Dec 07 '17 at 19:20
-
Right, I overlooked the "--" prefix on "language" ("language" is in the BIP39 dictionary!) Sorry. But, copy-pasting the command from your reply above: $ ./bx mnemonic-to-seed --language en rebel genius lunar mosquito pupil toilet web machine make stumble wear identify bc1dc4505b7c258cd7a140d8ccc14d6a5bcd5313ad4c132d3db089e69845ae95a5bd43d43194a12036acf46a9a78c1f3a86d40f7cab8a0d6789365c5ab1497e7 – brec Dec 07 '17 at 21:28
-
...And then I changed the word order and got the error! So I'll go back to the (mental) drawing board on the order issue. Meanwhile, any idea why you get an error but I don't on this particular word list? – brec Dec 07 '17 at 21:48
-
With 12 words, there will be 12! (479,001,600) combinations of words. Most of the combinations will fail. Scripting is needed to run through the combinations to find combination that don't through exceptions. The seed word that don't throw exceptions are the ones that have their addresses checked to determine if any public addresses have funds. The needle in the haystack can be found with 12 seed words. It will take some time, possibly months to calculate and perform blockchain lookups to identify the proper seed word order. – skaht Dec 09 '17 at 03:19
-
Exactly so, although in the terminology of combinatorics the issue is permutations rather than combinations. – brec Dec 09 '17 at 13:48
0
Have you tried btcrecover?: https://github.com/gurnec/btcrecover
An open source Bitcoin wallet password and seed recovery tool designed for the case where you already know most of your password/seed, but need assistance in trying different possible combinations.
Herald Smit
- 210
- 2
- 7
