SteemRecovery - A Python CLI to recover Steem accounts

8개월 전


Image: MaxPixel, CC0

Repository

https://github.com/crokkon/steemrecovery

The need for account recovery tools

As for every other crypto, whoever owns the private keys, owns the account and the funds stored there. Steem is no exception here, but provides an option to recover the ownership of an account in case the keys got leaked, phished or lost. With Steemit trying to shift account creation duties to dApps and users, this also means that account creators need tools to handle the recovery of Steem accounts created by them if needed.

This tools provides a Python CLI to recover Steem accounts and to remove left-overs from a hack.

This tool is for you if

  • you have to recover a Steem account created by you.
  • you need your account to be recovered and your recovery partner also uses this tool.
  • you got your account recovered from any recovery partner and want to remove left-overs from a hack like recovery account change requests, withdraw vesting routes or power-downs.

This tool is not for you if

  • you registered your account via steemit.com and need recovery. In this case, please follow the Stolen Accounts Recovery instructions from Steemit.

Features

  • Calculate new keys from a random or given master password
  • Request and perform the recovery of Steem accounts
  • Analyze accounts for possible hack left-overs
    • detect and stop power-downs
    • find and remove withdraw routes
    • find and cancel requests to change the recovery partner
  • Support for custom Steem node URLs and Steem forks via the --node [URL] parameter
  • Test commands in --dry-run mode without sending any operations to the chain

How does the Steem account recovery process work?

The recovery process requires the account owner to know an owner key or a master password which was the valid key/password at some point in time within the last 30 days. Additionally, the recovery process has to be initiated from the recovery partner of the account to be recovered. It is the responsibility of the recovery partner to ensure that the person asking for recovery is the original owner of the account to be recovered. The recovery process then consists of 3 steps:

  • The owner of the account to be recovered generates a new set of keys for the account.
  • The recovery partner requests the recovery of the account with the public owner key from step 1.
  • The owner of the account to be recovered can now recover the account with the help of both the old and the new owner key.

Note that an account recovery cannot undo or revert any transfers, posts, comments or votes.

Installation and tool stack:

SteemRecovery is available on pypi:

pip install -U steemrecovery

The tool is based on beem and uses click as CLI handler.

Usage

Step 1: Create new keys

  • Who: The owner of the to-be-recovered account
  • Keys needed: none
$ steemrecovery suggest-keys [account_name]

Step 2: Request the account recovery

  • Who: The owner of the corresponding recovery account
  • Keys needed: Active key of the recovery account

This command asks for the new public owner key from step 1.

$ steemrecovery request-recovery [account_name]

Step 3: Recover the account

  • Who: The owner of the to-be-recovered account
  • Keys needed: The old and the new owner key or master password
$ steemrecovery recover-account [account_name]

Analyzing accounts for hack left-overs

  • Who: The analysis can be done by anybody.
  • Keys needed: The analysis needs no keys. The countermeasures need owner or active keys, or the master password.
$ steemrecovery analyze [account_name]

Detects:

  • Recovery account change requests
  • Power-downs
  • Vesting withdraw routes (e.g. STEEM ending up in another account after a power-down)

Sample Output:

$ steemrecovery analyze stmdev
INFO - Last owner update: 2018-11-11 22:09:48+00:00 (26 days ago)
INFO - Recovery account: crokkon
WARNING - Account is currently powering down:
WARNING - Next vesting withdrawal: 154.648882 VESTS (~0.077 STEEM) at 2019-01-04 08:58:33+00:00
WARNING - Account has withdraw routes set:
+--------+---------+---------+-----------+
|  From  |    To   | Percent | Auto-vest |
+--------+---------+---------+-----------+
| stmdev | crokkon |  100.0  |   False   |
+--------+---------+---------+-----------+
WARNING - Request to change the recovery account to @crokkon, will be effective on: 2019-01-27T09:07:06
Countermeasures
  • Stop power-down: $ steemrecovery stop-powerdown [account_name]
  • Cancel recovery account change requests: $ steemrecovery cancel-recovery-account-change [account_name]
  • Remove withdraw vesting routes: $ steemrecovery remove-withdraw-vesting-routes [account_name]

Roadmap

  • Implement support for non-trivial recent owner authorities
  • Test with more python versions
  • Test on Steem forks

Are you missing a feature? Let me know!

Alternative tools:

  • If you prefer a JavaScript solution for the recovery, check @reazuliqbal's Steem Account Recovery GUI. The code is on GitHub.
  • The Steem-provided cli_wallet can also do account recovery, but is not very user friendly and requires deeper knowledge of Steem.

GitHub Account

https://github.com/crokkon

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
STEEMKR.COM IS SPONSORED BY
ADVERTISEMENT
Sort Order:  trending

Thank you for your contribution. I am sure this will help many steemians recover their account.

  1. As I can see all the features are implemented in one single file, which is not easy to maintain and scale - you might want to break into modules.
  2. No unit tests
  3. Your functions like stop_powerdown, remove_withdraw_vesting_routes directly depend on getpass which relies on the user input. This is not a good design as it is not easily unit test-able. Instead, you might want to pass password i.e. getpass so that you can test those functions.
  4. account.replace("@", "") appears many many times - which should be extracted - avoid duplicate code, even it is one-line.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

·

Thank you for your review, @justyy! Keep up the good work!

Right on dude, just claimed my second account definitely going to save this for future reflection.... I was wondering about account recovery with creating accounts for my friends 💪

Posted using Partiko iOS

·

Cool! Thanks for the resteem :)

Perfect.

Thank you so much for participating the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!

Hi @crokkon!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server

Hello, as a member of @steemdunk you have received a free courtesy boost! Steemdunk is an automated curation platform that is easy to use and built for the community. Join us at https://steemdunk.xyz

Upvote this comment to support the bot and increase your future rewards!

Hey, @crokkon!

Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!