by AVBforge.com
Amulet Arsenal
← Back
Plan for the worst · Recover anyway

Tools may vanish. Your coins must not.

Suppose this site is gone, the HTML tools with it, and all you have left is a backup file and your passwords — or a handful of Shamir shares. Two small Python scripts recover everything. Keep a copy of them next to every backup you make.

Download amulet_relic.py → Download amulet_shamir_relic.py → Practice fixtures ↗

  1. What recovers what

    amulet_relic.py decrypts everything that has a password: vault wallet and timelock .enc files, the vault.meta index, and the Generator's encrypted reports. amulet_shamir_relic.py rebuilds a vault from Shamir shares — any T of N .amulet-share files, no password needed.

    One-time setup on any computer with Python 3:

    pip install cryptography argon2-cffi

    For an air-gapped machine: run pip download cryptography argon2-cffi on an online computer, carry the files over on a USB stick, then pip install --no-index --find-links . cryptography argon2-cffi.

  2. Decrypt a password-protected file

    # a wallet, timelock or vault.meta file
python3 amulet_relic.py decrypt w-yourwallet.enc

# a Generator report (.enc)
python3 amulet_relic.py decrypt amulet-wallet-24w-….enc

# list everything inside a vault backup
python3 amulet_relic.py list vault.meta

    The script asks for the password and prints the plaintext. It runs the exact same crypto as the HTML tools (Argon2id + AES-256-GCM, or PBKDF2 for Generator files), so every file decrypts bit-for-bit.

  3. Rebuild a vault from Shamir shares

    # any T of your N self-contained share files
python3 amulet_shamir_relic.py share1.amulet-share share2.amulet-share share3.amulet-share

# paper (hex) shares + your backup zip
python3 amulet_shamir_relic.py --hex 01ab… --hex 02cd… --hex 05ef… --vault backup.zip

    The shares alone rebuild the master key — no password required, exactly like the HTML tool. Add --extract-zip recovered.zip to also write out the encrypted wallet files for step 2.

    SLIP-0039 word shares (the 33-word kind) need one extra hop: recover the 32-byte secret with any SLIP-0039 tool (a Trezor, or pip install shamir-mnemonic), then pass it in with --raw-key.

  4. Prove it works — today, not during the emergency

    The practice fixtures are a complete throwaway vault (passwords published, never any real funds): a backup zip, a 2-of-3 Shamir split of it, and an encrypted Generator report. Run both scripts against them now. Each script also self-tests its own crypto:

    python3 amulet_relic.py verify
python3 amulet_shamir_relic.py verify

    If the fixtures decrypt and both verifies pass, your recovery setup works. Check the scripts' SHA-256 against the hash list and store copies in more than one place.

The principle: every Amulet file format is open and documented, and the recovery scripts are plain Python anyone can read in ten minutes. You never depend on this website, on us, or on a browser. The losing scenarios that remain are the honest ones: a lost password, or fewer than T shares.