Author

Topic: 2009 Bitcoin Wallet Help & Possible Find : UPDATE (Read 329 times)

newbie
Activity: 5
Merit: 6
Update

Recently I used different AI engines to write me different python bitcoin recovery programs and these programs have found addresses and private keys.
I was really surprised because I didn't think these programs would find anything useful.

Questions:
1. Would old wallet files have hundreds of addresses? Even if you mined lets say a little bit of coin?
2. I have hundreds of addresses and hundreds of private keys. The keys themselves are unencrypted.

I'm still trying to digest all this information and make sense of it all. I have downloaded Electrum and I am also using Bitaddress to correlate the Private Keys to the Addresses.

member
Activity: 119
Merit: 36
Hello,


4. Any programs to recover a deleted Users file from Windows 7.


Please see attached images.



If you ever made a backup, have you tried system restore from Windows?
Do this on a cloned drive not the original..

Attached images not showing (for me).

This link gives various ways to recover deleted user files. I have not tried them.
https://7datarecovery.com/blog/undelete-user-profile-windows/
Do this on a cloned drive not the original..
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
Great command, though, there isn't a recover command in Jack Jack pywallet. Is there another pywallet you're referring to?
There is, here's the code that shows the command line option: https://github.com/jackjack-jj/pywallet/blob/811c6bee054657783e7c2683bdfded5700241e17/pywallet.py#L3939-L3940
You can also refer to that link to check if you're using the official pywallet by jackjack.

Even jackjack himself has posted instructions on how to use the command here: https://bitcointalksearch.org/topic/m.2794856
newbie
Activity: 5
Merit: 6
https://github.com/jackjack-jj/pywallet also have ability to scan for wallet.dat file directly on disk partition. Although i've no idea whether it perform better than FindBTC or not.

--snip--
I've installed and looked over Pywallet and it doesn't seem that is can scan for a wallet file. Do you know the command from Pywallet off hand?

If you want to scan the HDD or raw copy of the HDD directly, use following command

Code:
python3 pywallet.py --recover --recov_device INSERT_PATH_HERE --recov_size xxxMo --recov_outputdir INSERT_PATH_HERE

Here's an example (i've tried on my linux device),

Code:
sudo python3 pywallet.py --recover --recov_device /dev/vda1 --recov_size 28024Mo --recov_outputdir ./pywallet_output

Few things to note,
  • Make sure folder on parameter --recov_outputdir already created.
  • You'll need admin/root permission if you want to scan the drive directly.
  • You must specify size of the drive or file manually.


Great command, though, there isn't a recover command in Jack Jack pywallet. Is there another pywallet you're referring to?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
https://github.com/jackjack-jj/pywallet also have ability to scan for wallet.dat file directly on disk partition. Although i've no idea whether it perform better than FindBTC or not.

--snip--
I've installed and looked over Pywallet and it doesn't seem that is can scan for a wallet file. Do you know the command from Pywallet off hand?

If you want to scan the HDD or raw copy of the HDD directly, use following command

Code:
python3 pywallet.py --recover --recov_device INSERT_PATH_HERE --recov_size xxxMo --recov_outputdir INSERT_PATH_HERE

Here's an example (i've tried on my linux device),

Code:
sudo python3 pywallet.py --recover --recov_device /dev/vda1 --recov_size 28024Mo --recov_outputdir ./pywallet_output

Few things to note,
  • Make sure folder on parameter --recov_outputdir already created.
  • You'll need admin/root permission if you want to scan the drive directly.
  • You must specify size of the drive or file manually.
legendary
Activity: 1260
Merit: 2014
I've installed and looked over Pywallet and it doesn't seem that is can scan for a wallet file. Do you know the command from Pywallet off hand?

For the following command you need to specify the path to ur wallet-file if you want to use pywallet.
This means: You must already know the path where the wallet.dat is located. So no classic scanning for the whole hard drive.

Code:
python pywallet.py --dumpwallet --datadir=INSERT_PATH_HERE --wallet=INSERT_PATH_HERE > wallet.txt

To explain it:
--dumpwallet will dump the content of the selected wallet file
--datadir specifies the directory where the wallet-file is located
--wallet specifies the path to the wallet.dat
> wallet.txt means that all data that can be extracted will be stored in the wallet.txt
newbie
Activity: 5
Merit: 6
https://github.com/jackjack-jj/pywallet also have ability to scan for wallet.dat file directly on disk partition. Although i've no idea whether it perform better than FindBTC or not.

4. Any programs to recover a deleted Users file from Windows 7.
5. Any programs exist to recover deleted wallet.dat file.

Personally i'd suggest https://github.com/cgsecurity/testdisk if you're willing to use cmd/terminal or you can ask your programmer friend to do that for you. But first of all, make sure you already make raw copy of the HDD.

Seems pretty messed up situation. From my experience, relying on your 14 year old disk to not have written on top of your private keys, usually doesn't go well.

Actually the disk is at least 19 years old, while the data is on it at least for 14 years old.

I've installed and looked over Pywallet and it doesn't seem that is can scan for a wallet file. Do you know the command from Pywallet off hand?
newbie
Activity: 5
Merit: 6
Update:

Tried DMDE recovery tool. I find this to be a really powerful tool to search for .dat files.

My programmer friend wants to trace the path to the Bitcoin folder in Linux. He gave me a series of commands to run.

We first want to search the word Bitcoin. This hard drive was also stopped being used in early 2010.

Sure enough I got a number of hits for the word Bitcoin, which, correlates to what we discovered earlier with one of the possible wallet files hex code read out showing the pathway for Bitcoin with wallet.dat.

Tracing the word using Grep command and than finding BlockOffset than running debugfs. Though icheck and inode don't work in NTFS on Linux.

We're trying to find the sector block where the Bitcoin folder/wallet file starts.  Any ideas much appreciated!

https://share.icloud.com/photos/01cQfRfdd9Evfni_X7oKR-oRQd

https://share.icloud.com/photos/01cQfRfdd9Evfni_X7oKR-oRQ
newbie
Activity: 5
Merit: 6
Seems pretty messed up situation. From my experience, relying on your 14 year old disk to not have written on top of your private keys, usually doesn't go well.

I have never helped someone recover deleted files, so I am not the best to help you in this, but I'd absolutely attempt to recover anything in there. I mean, we're talking about at least 50 BTC; that is a shitload amount of money. The first thing I'd do is use software which allows you to make quick searches on the drive, and I'd look for "wallet.dat". If that does not work, then chances aren't with your side. You should then start searching for uncompressed public keys I guess?

I stopped using the hard drive in early 2010. Other than extracting information from it and deleting files.
newbie
Activity: 2
Merit: 0
Having a re-read of thread.

'The Sleuth Kit' might find the text string GenerateBitcoins or even coin:

https://www.lmgsecurity.com/sleuth-kit/

newbie
Activity: 2
Merit: 0
Hi,

> "Back in the summer of 2009, I downloaded Bitcoin and mined very briefly"

Do you recall what software you used?

As noted above, creating an image of the whole drive before potentially destroying the remnants of your wallet/s would be wise.

You could use 'ddrescue' or 'dd' under Linux, with the source drive attached via the interface of the time (SCSI/SATA/SAS....) to create a disk image. Once complete set the source drive aside for safe storage.

Then mount, read-only, the disk image on a Linux system, see the instructions under the Ubuntu data recovery page.  New to this forum, can I post URLs?

Then try: PhotoRec,Foremost, Scalpel.... being careful to only install from the official repositories, be wary of downloading software not from the official repositories.

If you don't have luck with open source utilities, you could use the following rig to potentially recover the assets, take careful note of instructions:

- Create a Windows VM on a Linux system (KVM...) and install data recovery utilities from any source.
- Shutdown the VM and remove the network interface, assume the system might now be tainted.
- Attach the disk image from earlier, you will need to convert it into something like a qcow file depending on the virtualization software you have used.
- Boot and see what can be recovered with the various utilities.
- Attach an additional disk to move assets out of the rig.
- Assume it might too be tainted so be wary of moving onto a Windows system.
- Eventually move coins to a fresh wallet.

Good luck

John  

      
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
https://github.com/jackjack-jj/pywallet also have ability to scan for wallet.dat file directly on disk partition. Although i've no idea whether it perform better than FindBTC or not.

4. Any programs to recover a deleted Users file from Windows 7.
5. Any programs exist to recover deleted wallet.dat file.

Personally i'd suggest https://github.com/cgsecurity/testdisk if you're willing to use cmd/terminal or you can ask your programmer friend to do that for you. But first of all, make sure you already make raw copy of the HDD.

Seems pretty messed up situation. From my experience, relying on your 14 year old disk to not have written on top of your private keys, usually doesn't go well.

Actually the disk is at least 19 years old, while the data is on it at least for 14 years old.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Like for example, the toggle-able setting: "GenerateBitcoins" is in it.
According to db.cpp from the v0.1 source code, there appear to be the following set of strings written in the wallet.dat:
Code: (https://pastebin.com/raw/nAE1Wqqw)
printf("fGenerateBitcoins = %d\n", fGenerateBitcoins);
printf("nTransactionFee = %I64d\n", nTransactionFee);
printf("addrIncoming = %s\n", addrIncoming.ToString().c_str());

I quickly spin off a Bitcoin v0.1 to try it out:


(wallet.dat can be downloaded from: https://anonymfile.com/agZe/wallet.dat to check)

You can indeed find strings like 'fGenerateBitcoins' and 'Your Address(...name"'. If you dig up your disk and find these using a hex editor, you're lucky.
legendary
Activity: 1260
Merit: 2014
There are parts of it that are actually human-readable when parsed as text.

Like for example, the toggle-able setting: "GenerateBitcoins" is in it.
And the significant: "name" followed by his address which could potentially answer his second question.

Got ya.
There are some parts that are "human-readable" when the wallet.dat is parsed via pywallet or something.
Since the OP didn't specifically talk about it, I assumed he meant the original file. In my previous post I had already mentioned the possibility of pywallet under his second question. There you could then extract exactly such parts from the wallet.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
1. What type of wording or language is contained in wallet.dat file from 2009?
The file would be a binary format, so not really readable for a human.
There are parts of it that are actually human-readable when parsed as text.

Like for example, the toggle-able setting: "GenerateBitcoins" is in it.
And the significant: "name" followed by his address which could potentially answer his second question.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
The first thing I'd do is use software which allows you to make quick searches on the drive, and I'd look for "wallet.dat".
There's one step before that: create a disk image, backup the image, and only work on the image.

Quote
From my experience, relying on your 14 year old disk to not have written on top of your private keys, usually doesn't go well.
Indeed. A computer easily writes many terabytes per year to it's disk when you use it. This makes it very unlikely to find back the sector you're looking for.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Seems pretty messed up situation. From my experience, relying on your 14 year old disk to not have written on top of your private keys, usually doesn't go well.

I have never helped someone recover deleted files, so I am not the best to help you in this, but I'd absolutely attempt to recover anything in there. I mean, we're talking about at least 50 BTC; that is a shitload amount of money. The first thing I'd do is use software which allows you to make quick searches on the drive, and I'd look for "wallet.dat". If that does not work, then chances aren't with your side. You should then start searching for uncompressed public keys I guess?
legendary
Activity: 1260
Merit: 2014
Hi there,


1. What type of wording or language is contained in wallet.dat file from 2009?
The file would be a binary format, so not really readable for a human.

2. Using sector editor to read the file, can I locate the address within the file?
That would be challenging due to the binary format as mentioned above.
You might wanna use Bitcoin Core if you find that file. That would be the easiest way to import the wallet.dat. Another method would be pywallet.

3. How large should wallet.dat file be typically from 2009?
As @bitmover already said, that file wouldn't be big. From your statement, it also sounds like you haven't been mining for long. The size of the file depends on the generated addresses and their transactions, so it might not have been too much in your case. On top of that there were a lot of things not implemented in 2009 that could make it a larger file. So it should be in the range of a few kilobytes to a few megabytes?

4. Any programs to recover a deleted Users file from Windows 7.
5. Any programs exist to recover deleted wallet.dat file.

I'm goin to summarize the question as it relates to both.
There are several software such as EaseUS Data Recovery Wizard or Recuva that could lead to success. However, success is not guaranteed especially since it has been a very long time and the deleted data may have already been overwritten with new ones.

legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Questions/Help:
1. What type of wording or language is contained in wallet.dat file from 2009?
2. Using sector editor to read the file, can I locate the address within the file?
3. How large should wallet.dat file be typically from 2009?
4. Any programs to recover a deleted Users file from Windows 7.
5. Any programs exist to recover deleted wallet.dat file.

The wallet.dat file size depends on the number of addresses you have generated.

I found this thread asking this question about the file size and the information that 1135 bytes per address was confirmed.

Quote
This is a graph showing how wallet.dat's size increases as I keep adding new addresses:

Looks pretty linear to me with a slope of 1135.0361445783133 bytes per address.

https://bitcoin.stackexchange.com/questions/98497/what-determines-btcs-wallet-size-in-bytes


I made your images visible here:



newbie
Activity: 5
Merit: 6
Hello,

Back in the summer of 2009, I downloaded Bitcoin and mined very briefly. At the time I had a cutting edge gaming rig and I came across Bitcoin in a new article.  I remember mining Bitcoin and it brought my gaming rig to a crawl. After brief period of time and with Bitcoin being worthless, I uninstalled Bitcoin. A decade later, Bitcoin explodes and it made me think if I had any Bitcoin.

I was really skeptical. I tried many many times over the years to find the wallet.dat file and no luck. Maybe my memory was bad.

I very recently found the JakeWins, FindBTC, Github program to search hard drives that have seen better days. I get my computer programmer friend involved and we run FindBTC on Debian Linux. In 2009, I was using a WD 36GB Raptor drive made in 2004. At 73% of the way into the scan it hits a possible wallet.dat file trace.

The possible wallet.dat file is seperated into four parts. FindBTC gives byte offset numbers where the file exists. We use sector editor to open each wallet file in linux. In wallet file 3, if gives the install location C:/Users/.../start menu/bitcoin/wallet.dat. Appearing to confirm that Bitcoin was installed.

The problem is many years ago, I deleted the Users file on this hard drive.

Questions/Help:
1. What type of wording or language is contained in wallet.dat file from 2009?
2. Using sector editor to read the file, can I locate the address within the file?
3. How large should wallet.dat file be typically from 2009?
4. Any programs to recover a deleted Users file from Windows 7.
5. Any programs exist to recover deleted wallet.dat file.

Please see attached images.
https://share.icloud.com/photos/038socKcaDgEvzbr2BgW99twg
https://share.icloud.com/photos/04b2VtgMIusQWUPG8WUcBzzxw
Jump to: