Extract private key from multibit-hd

I used this wallet for a long time. Since they dropped the development and didn’t really provide a good way to extract the private keys from the wallet, I had to find a hacky way to do it. Fortunately for me, someone else had already done this. However, I realise that this method might not be very easy for everyone, so I decided to fork the wallet and provide a patched compiled version that anyone can use to extract their keys. The instructions are the same as in the source link below.

Source for patch and instructions: https://bitcoin.stackexchange.com/questions/40507/how-can-you-extract-private-keys-from-multibit-hd/51297#51297

My patched fork: https://github.com/jra89/multibit-hd

Compiled jar: https://www.alcor.se/files/multibit-hd.jar

If you downloaded and used the compiled jar above, you can skip to step 4.

  1. Clone the MultiBit HD Git repository
  2. Apply the patch above
  3. Build the project: mvn clean dependency:sources install
  4. Start the application: java -jar mbhd-swing/target/multibit-hd.jar
  5. Go to Tools -> Sign message and enter a Bitcoin address from your wallet for which you want to recover the private key.
  6. Press finish.
  7. Read the Bitcoin address and corresponding private key from the console output

When you have the key you can import it in whatever client you have. Remember that different addresses in the wallet equals different private keys, so you will need to extract all of them via the “Sign” method in multibit-hd. If you can’t figure it out, leave a comment and I might be able to help.

Too hot for cracking

A few weeks ago one of the PSUs for my hash cracking rig decided to give up on life.
Luckily I had a few months left on the warranty so I could get it switched for a new one just a week later.
I have decided that I want to make some new wordlists and thus needed the rig to be fully operational again (only 2/4 cards worked when one PSU was gone).

Currently it’s hashing away at a rather okay speed, although using the old unoptimized wordlists that I have.

Session.Name...: oclHashcat
Status.........: Running
Input.Mode.....: File (../dics/full_en.txt)
Hash.Target....: File (testhashes)
Hash.Type......: phpass, MD5(WordPress), MD5(phpBB3), MD5(Joomla)
Time.Started...: Fri Aug 8 18:48:24 2014 (10 hours, 27 mins)
Time.Estimated.: Sun Aug 10 07:37:18 2014 (14 hours, 11 mins)
Speed.GPU.#1...: 2881 H/s
Speed.GPU.#2...: 2869 H/s
Speed.GPU.#3...: 3113 H/s
Speed.GPU.#4...: 2752 H/s
Speed.GPU.#*...: 11614 H/s
Recovered......: 11/15 (6.59%) Digests, 11/167 (6.59%) Salts
Progress.......: 71936802816/164154971801 (43.82%)
Skipped........: 3950772224/71936802816 (5.49%)
Rejected.......: 0/71936802816 (0.00%)
HWMon.GPU.#1...: 90% Util, 71c Temp, 76% Fan
HWMon.GPU.#2...: 89% Util, 70c Temp, 76% Fan
HWMon.GPU.#3...: 88% Util, 74c Temp, 93% Fan
HWMon.GPU.#4...: 90% Util, 72c Temp, 52% Fan

The temperature as you can see is okay right now due an extra fan and an open window.
But the rig has already stopped working once due to high temperatures in the room.
It’s been really hot recently here, even on some of the days when it’s been raining heavily (like today).
Which has made it difficult to run the rig.


I have decided to gather all my wordlists and do the following on them:

* Remove “dirty” ones (some has bad encoding and some are clones of others for some reason)
* Merge smaller lists and categorize the rest in a neatly fashion
* Sort and remove duplicate words (So that every word is unique)

I will make another post soon with a link to two different downloads.
One link will be the categorized and neatly sorted lists, and another link will go to a “super list” with all other lists merged into one large.
The super one will also be cleaned and sorted properly after merging.
I might start releasing my wordlists in different versions since I add new lists once in a while.

More to come.

Bought new laptop

Haven’t written anything in a while now, so I decided it’s time write all those posts that have been piling up lately.
I’ll start with my new laptop.

I got the Asus UX31A, and I have to say that I’m really loving it so far.
It’s really slick and lightweight, and I really like how thin it is.
It doesn’t have any optical unit, nor does it have an Ethernet port.
Although the Ethernet comes as a USB adapter, which is pretty neat.
The screen is very clear and the machine is really fast and well performing overall.

I’ve been having some trouble with the touch pad since the pad and the buttons for it are one and the same,
so I keep moving the mouse pointer whenever I want to click something, which can get pretty frustrating (Especially when I’m sitting in bed and coding).


Isn’t it just beautiful?
2014-01-14 22.39.57

Comes with a really nice little case as well.
2014-01-14 22.39.07

I salvaged some nice stickers from my old work laptop.
2014-01-14 22.39.37

Bought a Ladybird

A friend of mine invited me and my wife to an RC flight show the other day, and they had a little tent where they sold stuff as well.
Unluckily I had just transfered some money to my card, so I couldn’t resist in buying this rather cute little quad copter.

It’s a Ladybird QR Series V939 and it went at 400 SEK (~$62), but normally it’s around 650 SEK (~$100).

It’s rather difficult to fly at first, and you need to take it very easy and simply go up and down for a while until you get the hang of it.
So far I have been able to fly around pretty well, but turning it around in the air is very difficult, since the up and down acceleration is on the same switch, which makes it harder since it tends to go either up or down then at the same time as you turn it, so that requires some practice.
I have crashed mine at least 50 times now, and it’s still working like a charm, so I’m pretty confident when I say that it can take quite a few hits without any problems.
So although you shouldn’t throw it into walls or drop it from buildings, it’s fine to play around and learn by doing wrong quite a few times.
As long as you turn off the engines when you feel that you are loosing control, it should be fine (since if you don’t, the propellers might get stuck somewhere when/if you crash, and that will damage the engines and the quad wont live for very long).

I made a short demo of when I fly it at home, and although it’s not much, and I don’t want to fly around too much in here, it still shows you how it looks when it moves around, and how it sounds.
As you can see, there are diodes and the propellers have different colors.
This is so that you can see which direction it’s facing.
Blue light and orange propellers means front.

<video removed>

I have tried flying it outside as well, and it does remarkably well there as well, although it can’t handle much wind. But it’s still loads of fun.

The controller has a few buttons, the sticks to control the directions, the upper left button to change the effect of the engines (higher percentage makes it more sensitive), the upper right button makes the quad do a loop, which is not recommended inside (tried it a few times, and you need a lot of altitude to manage it if you don’t want it to crash). Then there’s 4 buttons for trimming the engines, which can be used if the quad is not flying stable enough when idle in the air, and thus you can compensate for lost power in any of the directions (or possibly if it’s windy outside).
And then of course we have the power button.

I would highly recommend this little toy for almost any kind of person.
Since it flies around at pretty high speed and is not “that small”, it can still damage stuff that it hits, so I don’t recommend it as a toy for children, at least not for playing inside the house.

That’s it for now I guess 🙂


So a friend told me about cloudcracker.com, which is a service for cracking password hashes and password protected files.
I was thinking about trying it out on my home WiFi, but they only support phone numbers, English words and 2WIRE default passwords.
And since my password is a long one with random chars in it, there wont be any point in trying it at the moment, even though I’ve read on forums around the net that their service is effective, so I’ll just take them for their words 🙂

Currently the algorithms they support are

  • WPA / WPA2
  • LM / NTLM
  • SHA-512 (Unix)
  • MD5 (Unix)
  • MS-CHAPv2

I was curious if I could create a hypothetical service in my mind that was better than cloudcracker, and still realistic enough for me to accomplish.
So I started calculating how large a dictionary would be, uncompressed, if I wanted all words with the length 8, using 62 chars (A-Za-z0-9).
It would become ((62^8)*9)/(1024^4) = ~1787 TB (TeraBytes), which is just too much right now, seeing that the cheapest 2TB harddrive right now costs around 700 SEK (~$116), and then times 1000 would be 700000 (~$116000), and yeah, not within my budget :).
So I’ll just wait for the PetaByte drives to arrive, whenever that will happen :D.

I wrote a small Perl script for fun, to calculate it

use warnings;
use strict;

my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
my $length = 8;

print "Calculating dictionary size in TeraBytesn";
print "Size: " . (((length($chars) ** $length)*($length+1))/(1024 ** 4)) . " TBn";