Bitcoin Somewhat-Bruteforce Recovery

# Bitcoin encrypted wallet somewhat-brute-force-recovery.
# Also works for litecoins probably (untested).
# By Rahazan
#
# Originally created for veryveryinteresting (VVI)
# https://bitcointalk.org/index.php?topic=85495.120
# My first ever powershell script, by the way.
# Pardon any convention I broke in this language (for I did not study any conventions of this language).

################################################################
# Recovered your coin     using this? Consider a donation to   #
# the AI student who scripted this :)                          #
# Donations BTC:    1FkXY2WVG9X4WqVuKdrSrX64ZTj9HgG34U         #
# Donations LTC:    LKdLS4seKpE2MNmt4t618oZV7v7tNkD6zL         #
################################################################


######################################################
# How does it work?
######################################################

# This script creates every possible combination in a depth-first order.
# After this it tries all of these. On my crappy laptop it achieved ~ 5 attempts per second.

######################################################
# How do I use this?
######################################################

# - Edit the values in the next block of this script to your likings, make sure you set your RPC password & username.
# - Run the daemon service found in Bitcoin\daemon  (bitcoind.exe)
# - Run this script (save as SOMENAME.ps1 and right click -> run with PowerShell.
# (To run it you might have to change some settings regarding allowing PowerShell scripts to run.. Google this.)
# (Press CTRL+C to cancel if you wish to stop it.)
# - Grab a cup of coffee as it tries a gazillion combinations.
# - Get your coin back.
# - Maybe donate a portion? ;)
# - DELETE THIS SCRIPT (Shred it!). It holds way too valuable information about your password!


######################################################
#Values you will probably want to set!
#Please note that the more free you make these variables, computation time will increase by A LOT.
######################################################

# Min/Max length of your password (included! so min:1 max: 3 would allow password length 1 but also length 3)
# So if you know the length, these should both be the same number.
[int] $global:minLength = 10
[int] $global:maxLength = 16

#Word list
$wordsList = @("abcd","efgh")
[int] $numWords = 2 #Amount of times one of these word blocks can exist in your pass

#Symbol list
$symbolList = @("&")
[int] $numSymbols = 1 #Amount of times one of these symbol blocks can exist in your pass

#Number list
$numberList = @("0","1","2","3","4","5","6","7","8","9") #Possible numbers, do not have to be single numbers. For instance it could be just "22" if you know you have that in your pass somewhere with numNumbers 1
[int] $numNumbers = 2 #Amount of times one of these number blocks can exist in your pass

#Option to print when adding a possibility to the list of possibilities.
#Consider making this false, it might make it somewhat faster (especially for very long passwords with small "blocks" in the lists.
$verbose = $TRUE


# Please put the correct RPC username/password below
$h = new-object Net.WebClient
$h.Credentials = new-object Net.NetworkCredential("RPCUSERNAME","RPCPASSWORD")
$h.Encoding = [Text.Encoding]::Default
# Above "Default" works for original encryption from the command line
# Change to "UTF8" when the GUI was used to encrypt (Was not necessary when tested -Rahazan)

[string[]]  $global:allPossibilities = @() #Empty array, you can manually add possibilities if you want (that you think will not be generated by the algorithm).

######################################################
# Time to create an array of all the possibilities! No need to change anything past this point.
######################################################


# Algorithm is next, it recursively builds the array of all possibilities.

Function generateAllPossibilities([string]$wordSoFar, $wordsList, $symbolList, $numberList, [int]$numWords, [int]$numSymbols, [int]$numNumbers)
{
    #Base case: Length of the created pass is too big, no need to further explore this node, go up one step in the tree.
    if ($wordSoFar.length -gt $global:maxLength) {
        #Too long! Done with this branch!
        return
    }

   #Add the word to the possibilities if the right length
    if ($wordSoFar.length -gt $global:minLength) {
        $global:allPossibilities += $wordSoFar
    }

    if ($numWords -gt 0) {#Have not added max amount of words to this possibility yet.
        for ($i=0;$i -lt $wordsList.length; $i++) {
          generateAllPossibilities ($wordSoFar+$wordsList[$i]) $wordsList $symbolList $numberList ($numWords-1) $numSymbols $numNumbers
        }
    }

    if ($numSymbols -gt 0) {#Have not added max amount of symbols to this branch yet.
        for ($i=0;$i -lt $symbolList.length; $i++) {
          generateAllPossibilities ($wordSoFar + $symbolList[$i]) $wordsList $symbolList $numberList ($numSymbols-1) $numNumbers
        }
    }

    if ($numNumbers -gt 0) {#Have not added max amount of nums to this branch yet.
        for ($i=0;$i -lt $numberList.length; $i++) {
          generateAllPossibilities ($wordSoFar + $numberList[$i] ) $wordsList $symbolList $numberList $numWords $numSymbols ($numNumbers-1)
        }
    }

}

[string]$wordsofar = ""

Write-Host "Generating all possibilities, may take a long time depending on the amount + size of the \"blocks\" you have given !"

#Calling the algorithm (function) above to fill the list!
generateAllPossibilities $wordSoFar $wordsList $symbolList $numberList $numWords $numSymbols $numNumbers

Write-Host "DONE Generating!"
Write-Host "Note: There seems to be a slight bug, about 1 in 100 of these strings break the rules (for instance 2 symbols where numSymbols was 1).. don't know why."
Write-Host "Will be printing all possibilities now:"


Write-Host $global:allPossibilities

Write-Host "===================="
Write-Host "Amount to be tested:"  $global:allPossibilities.length
Write-Host "Starting bruteforce!"
Write-Host "===================="
######################################################
# Time to start trying them one by one!
######################################################

$i = 0

# Somewhat altered code by 2112 -> from https://bitcointalk.org/index.php?topic=85495.msg1756901#msg1756901
$global:allPossibilities | foreach {
    $i++
    try {
        $p = $_

        if ($i%4 -eq 0) {
            Write-Host "   '$p' " $i "/" $global:allPossibilities.length
        }
        else {
         Write-Host "   '$p'" -nonewline
        }

        $r = $h.UploadString('http://localhost:8332/','{"method":"walletpassphrase","params":["'+$p+'",1]}')
        # Write-Output $r
        Write-Output "Correct password found!"
        Write-Output "'$p'"
        break
    }
    catch [Net.WebException] {
        $e = $_
        switch -wildcard ($e.Exception.Message) {
             "*(401) Unauthorized*" {
                  Write-Output "Fix the user/pass!"
                  Exit-PSSession
             }
             "*(500) Internal Server Error*" {
                  continue
             }
             default {
                  $e | Format-List -Force
                  Exit-PSSession
            }
        }
    }
}
#
# Exiting without success!
#
Write-Output "===================="

Write-Output "Exiting!"