Topic: 2009 Bitcoin Wallet Help & Possible Find : UPDATE (Read 393 times)

I did a private key import and it is showing a little over 229,000 or private keys. So I really don't know what to think, most of the private keys have a 0 balance.

My question is if I recovered data from my possible wallet, would it contain thousands of private keys? Because that is what my scanner program found and these private keys are verified as bitcoin addresses.

I don't know. I thought it was one address or addresses and one or couple private keys???

It's hard to believe AI is useful for such specific task, but you have no reason to lie here.


1. Probably no, since key pool feature created back in 2010. See Key pool feature for safer wallet backup.
2. So what is your question? If the private key is in WIF format, you could just import those to Electrum or other wallet which have feature to import bunch of private keys.

Update

Recently I used different AI engines to write me different python bitcoin recovery programs and these programs have found addresses and private keys.
I was really surprised because I didn't think these programs would find anything useful.

Questions:
1. Would old wallet files have hundreds of addresses? Even if you mined lets say a little bit of coin?
2. I have hundreds of addresses and hundreds of private keys. The keys themselves are unencrypted.

I'm still trying to digest all this information and make sense of it all. I have downloaded Electrum and I am also using Bitaddress to correlate the Private Keys to the Addresses.

If you ever made a backup, have you tried system restore from Windows?
Do this on a cloned drive not the original..

Attached images not showing (for me).

This link gives various ways to recover deleted user files. I have not tried them.
https://7datarecovery.com/blog/undelete-user-profile-windows/
Do this on a cloned drive not the original..

There is, here's the code that shows the command line option: https://github.com/jackjack-jj/pywallet/blob/811c6bee054657783e7c2683bdfded5700241e17/pywallet.py#L3939-L3940
You can also refer to that link to check if you're using the official pywallet by jackjack.

Even jackjack himself has posted instructions on how to use the command here: https://bitcointalksearch.org/topic/m.2794856

Great command, though, there isn't a recover command in Jack Jack pywallet. Is there another pywallet you're referring to?

If you want to scan the HDD or raw copy of the HDD directly, use following command


Here's an example (i've tried on my linux device),


Few things to note,

• Make sure folder on parameter --recov_outputdir already created.
• You'll need admin/root permission if you want to scan the drive directly.
• You must specify size of the drive or file manually.

For the following command you need to specify the path to ur wallet-file if you want to use pywallet.
This means: You must already know the path where the wallet.dat is located. So no classic scanning for the whole hard drive.


To explain it:
--dumpwallet will dump the content of the selected wallet file
--datadir specifies the directory where the wallet-file is located
--wallet specifies the path to the wallet.dat
> wallet.txt means that all data that can be extracted will be stored in the wallet.txt

I've installed and looked over Pywallet and it doesn't seem that is can scan for a wallet file. Do you know the command from Pywallet off hand?

Update:

Tried DMDE recovery tool. I find this to be a really powerful tool to search for .dat files.

My programmer friend wants to trace the path to the Bitcoin folder in Linux. He gave me a series of commands to run.

We first want to search the word Bitcoin. This hard drive was also stopped being used in early 2010.

Sure enough I got a number of hits for the word Bitcoin, which, correlates to what we discovered earlier with one of the possible wallet files hex code read out showing the pathway for Bitcoin with wallet.dat.

Tracing the word using Grep command and than finding BlockOffset than running debugfs. Though icheck and inode don't work in NTFS on Linux.

We're trying to find the sector block where the Bitcoin folder/wallet file starts.  Any ideas much appreciated!

https://share.icloud.com/photos/01cQfRfdd9Evfni_X7oKR-oRQd

https://share.icloud.com/photos/01cQfRfdd9Evfni_X7oKR-oRQ

I stopped using the hard drive in early 2010. Other than extracting information from it and deleting files.

Having a re-read of thread.

'The Sleuth Kit' might find the text string GenerateBitcoins or even coin:

https://www.lmgsecurity.com/sleuth-kit/

Hi,

> "Back in the summer of 2009, I downloaded Bitcoin and mined very briefly"

Do you recall what software you used?

As noted above, creating an image of the whole drive before potentially destroying the remnants of your wallet/s would be wise.

You could use 'ddrescue' or 'dd' under Linux, with the source drive attached via the interface of the time (SCSI/SATA/SAS....) to create a disk image. Once complete set the source drive aside for safe storage.

Then mount, read-only, the disk image on a Linux system, see the instructions under the Ubuntu data recovery page.  New to this forum, can I post URLs?

Then try: PhotoRec,Foremost, Scalpel.... being careful to only install from the official repositories, be wary of downloading software not from the official repositories.

If you don't have luck with open source utilities, you could use the following rig to potentially recover the assets, take careful note of instructions:

- Create a Windows VM on a Linux system (KVM...) and install data recovery utilities from any source.
- Shutdown the VM and remove the network interface, assume the system might now be tainted.
- Attach the disk image from earlier, you will need to convert it into something like a qcow file depending on the virtualization software you have used.
- Boot and see what can be recovered with the various utilities.
- Attach an additional disk to move assets out of the rig.
- Assume it might too be tainted so be wary of moving onto a Windows system.
- Eventually move coins to a fresh wallet.

Good luck

John  

      

https://github.com/jackjack-jj/pywallet also have ability to scan for wallet.dat file directly on disk partition. Although i've no idea whether it perform better than FindBTC or not.


Personally i'd suggest https://github.com/cgsecurity/testdisk if you're willing to use cmd/terminal or you can ask your programmer friend to do that for you. But first of all, make sure you already make raw copy of the HDD.


Actually the disk is at least 19 years old, while the data is on it at least for 14 years old.

According to db.cpp from the v0.1 source code, there appear to be the following set of strings written in the wallet.dat:

I quickly spin off a Bitcoin v0.1 to try it out:


(wallet.dat can be downloaded from: https://anonymfile.com/agZe/wallet.dat to check)

You can indeed find strings like 'fGenerateBitcoins' and 'Your Address(...name"'. If you dig up your disk and find these using a hex editor, you're lucky.

Got ya.
There are some parts that are "human-readable" when the wallet.dat is parsed via pywallet or something.
Since the OP didn't specifically talk about it, I assumed he meant the original file. In my previous post I had already mentioned the possibility of pywallet under his second question. There you could then extract exactly such parts from the wallet.

There are parts of it that are actually human-readable when parsed as text.

Like for example, the toggle-able setting: "GenerateBitcoins" is in it.
And the significant: "name" followed by his address which could potentially answer his second question.

There's one step before that: create a disk image, backup the image, and only work on the image.

Indeed. A computer easily writes many terabytes per year to it's disk when you use it. This makes it very unlikely to find back the sector you're looking for.

Seems pretty messed up situation. From my experience, relying on your 14 year old disk to not have written on top of your private keys, usually doesn't go well.

I have never helped someone recover deleted files, so I am not the best to help you in this, but I'd absolutely attempt to recover anything in there. I mean, we're talking about at least 50 BTC; that is a shitload amount of money. The first thing I'd do is use software which allows you to make quick searches on the drive, and I'd look for "wallet.dat". If that does not work, then chances aren't with your side. You should then start searching for uncompressed public keys I guess?