Topic: Bitcoin private key/wallet.dat data recovery tool! (Read 68804 times)
up
Hi,
Will it recover litecoin wallet.dat as well? I made a huge mistake and lost all my coins. Will appreciate if you can help with it.
Will it recover litecoin wallet.dat as well? I made a huge mistake and lost all my coins. Will appreciate if you can help with it.
Interested as well, whats needed for other wallets
edit: just checked the source, a bit lost here, could someone point out which parts need changes for this to work for e.g. litecoin?
i guess this tool checks constants that are in the btc curve (secp256k1?) and picks the right bits around it?
Pls enlighten me
Edit: Updated to create a new wallet.dat with the recovered keys.
Edit 2: New v0.2 release, new instructions. Note that this still can't recover encrypted wallets!
Edit 3: v0.3 release to support the compressed public keys created by recent Bitcoin versions. Still can't recover encrypted wallets.
For some reason, people keep reformatting their drive or deleting their wallet.dat without taking proper backups. As casascius helpfully points out - and this is something I'd already suspected - it may be possible to recover the crucial wallet.dat private keys and the bitcoins secured with them by scanning the disk for certain markers, so long as you're lucky and the data you need isn't too fragmented and hasn't already been overwritten.
To that end, I've written a little experimental utility that tries to search for and validate those keys. It's not even close to being able to recover all keys that are recoverable - though it should work in a decent proportion of cases -and importing those keys back into a new wallet is left as an exercise for the user to figure out for now, but it might be useful to some people.
Instructions:
WARNING: The recovered wallet does not contain a pool of spare keys to send change to (the old ones should get recovered but aren't marked as such). It also doesn't include any names for addresses, so the address you can copy-and-paste in the client is a NEW address created when you first started bitcoin using your recovered wallet, and any change from transactions also goes to a NEW address - none of these addresses are in the original recovered wallet. After first running Bitcoin with the recovered wallet, you MUST exit it and take backup copies of the wallet.dat in your .bitcoin directory to several locations BEFORE making or receiving any transactions - then be sure to use this version and NOT THE ORIGINAL recovered-wallet.dat from this point on. If you're using bitcoind rather than the GUI, you must also call "bitcoind getnewaddress" before shutting down and copying the wallet.dat. Also, be extremely careful about backing up your wallet on a regular basis after using this tool - Bitcoin's handling of the keypool is quirky and this may trigger bugs in it. (Added 9th July, amended 19th Sept.)
Disclaimer: This code comes with no warranty, not even an implied warranty of fitness for its intended purpose. I don't guarantee that it won't make things worse, or that the recovered keys are correct, and obviously I can't guarantee that it'll manage to recover the keys you need. Oh, and it may not be able to recover older wallets at all.
Edit 2: New v0.2 release, new instructions. Note that this still can't recover encrypted wallets!
Edit 3: v0.3 release to support the compressed public keys created by recent Bitcoin versions. Still can't recover encrypted wallets.
For some reason, people keep reformatting their drive or deleting their wallet.dat without taking proper backups. As casascius helpfully points out - and this is something I'd already suspected - it may be possible to recover the crucial wallet.dat private keys and the bitcoins secured with them by scanning the disk for certain markers, so long as you're lucky and the data you need isn't too fragmented and hasn't already been overwritten.
To that end, I've written a little experimental utility that tries to search for and validate those keys. It's not even close to being able to recover all keys that are recoverable - though it should work in a decent proportion of cases -
Instructions:
- Stop using your computer until you've recovered your data, in case something overwrites it. Shut down the PC as soon as possible.
- Obtain a suitable 32-bit Linux LiveCD, like the System Rescue CD, and boot your computer from it. You'll need working internet access (or some other way to download http://makomk.com/~aidan/wallet-recover and transfer it over)
- Open a terminal.
- Run these commands to download the utility and unpack it (2MB download - it contains largish crypto and database libraries):
Code:
wget http://www.makomk.com/~aidan/wallet-recover-0.3-linux.tar.gz
tar xzf wallet-recover-0.3-linux.tar.gz
Run the program on your drive:tar xzf wallet-recover-0.3-linux.tar.gz
Code:
sudo ./wallet-recover-0.3-linux/bin/32/wallet-recover recovered-wallet.dat
For 99% of users, this will be:Code:
sudo ./wallet-recover-0.3-linux/bin/32/wallet-recover /dev/sda recovered-wallet.dat
Hopefully it should find and print out a bunch of public keys and corresponding private keys, at least 100 of them, together with a file recovered-wallet.dat. Copy the recovered-wallet.dat to a USB drive and load it up in the Bitcoin client as usual (not forgetting to start it with -rescan) - with a bit of luck you should have access to your money again. I suggest not doing anything with the computer you lost the bitcoins on until you're 100% sure the recovery was successful - load up recovered-wallet.data on a different PC if at all possible.WARNING: The recovered wallet does not contain a pool of spare keys to send change to (the old ones should get recovered but aren't marked as such). It also doesn't include any names for addresses, so the address you can copy-and-paste in the client is a NEW address created when you first started bitcoin using your recovered wallet, and any change from transactions also goes to a NEW address - none of these addresses are in the original recovered wallet. After first running Bitcoin with the recovered wallet, you MUST exit it and take backup copies of the wallet.dat in your .bitcoin directory to several locations BEFORE making or receiving any transactions - then be sure to use this version and NOT THE ORIGINAL recovered-wallet.dat from this point on. If you're using bitcoind rather than the GUI, you must also call "bitcoind getnewaddress" before shutting down and copying the wallet.dat. Also, be extremely careful about backing up your wallet on a regular basis after using this tool - Bitcoin's handling of the keypool is quirky and this may trigger bugs in it. (Added 9th July, amended 19th Sept.)
Disclaimer: This code comes with no warranty, not even an implied warranty of fitness for its intended purpose. I don't guarantee that it won't make things worse, or that the recovered keys are correct, and obviously I can't guarantee that it'll manage to recover the keys you need. Oh, and it may not be able to recover older wallets at all.
Hi,
Will it recover litecoin wallet.dat as well? I made a huge mistake and lost all my coins. Will appreciate if you can help with it.
Is this useable with windows? and is there a computer novices guide to getting it running?.
i used it
it works really well
my hdd was virus attacked now my wallet.dat is recovered
great job
it works really well
my hdd was virus attacked now my wallet.dat is recovered
great job
Hey, thanks a lot for posting this. I will keep it in mind.
Will be checking it out this weekend.
The suspense is killing me
Thank you for your contribution, this is a very helpful tool. I have a friend that past away in 2013 supposedly his mom said his laptop has a bunch of BTC on it. Will be checking it out this weekend.
So I wrote my own simple "privkey finder":
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
Hi dooglus, where did you get the 3081 d302 0101 0420 sequence from? Did you reverse engineer that yourself, or see it elsewhere? I don't think that sequences covers all keys, because I found several in my wallet which had different leading bytes. I've modified your code to extract keys more aggressively - using a smaller sequence - and also backtrack if the conditional fails:
Code:
#include
int main() {
int c, i;
/* assume that the 32 bytes following the sequence 0420 are a private key */
while ((c = getchar()) != EOF) {
if (c == 0x04) {
if ((c = getchar()) == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
fflush(stdout);
} else {
ungetc(c, stdin); /* push back in case it's 0x04 */
}
}
}
}
int main() {
int c, i;
/* assume that the 32 bytes following the sequence 0420 are a private key */
while ((c = getchar()) != EOF) {
if (c == 0x04) {
if ((c = getchar()) == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
fflush(stdout);
} else {
ungetc(c, stdin); /* push back in case it's 0x04 */
}
}
}
}
The downside of the reduced lead sequence is that the program will cause a lot more false positives, particularly if you use it to scan an entire raw device, rather than (say) a corrupt wallet.dat file. I fed it an old 40GB Windows XP backup image, and it output nearly 600,000 potential keys, so it's really only practical for extracting keys from a known wallet file.
Hope this helps someone, anyway.
I just created the code to insert random private key into wallet.dat and bitcoin core says wallet.dat is corrupt. I just got my answer.
Code:
printf("found: ");
for (i = 0; i < 32; i++)
{
printf("%02x", fgetc(file));
fputc(rnd(),file2);
}
for (i = 0; i < 32; i++)
{
printf("%02x", fgetc(file));
fputc(rnd(),file2);
}
I think you would have better luck if you did a fgetc() with each of those fputc() calls. That way you are effectively overwriting the old privkey with a new random one rather than inserting new bytes into the file which will corrupt it.
Edit: oh, you are already doing that.
So I'm not sure what went wrong. I'll take another look.Edit2: wallet.dat stores the public keys as well as the private keys and complains if they don't match. That's why you're getting the error you're getting.
From walletdb.cpp:
Code:
// Old wallets store keys as "key" [pubkey] => [privkey]
// ... which was slow for wallets with lots of keys, because the public key is re-derived from the private key
// using EC operations as a checksum.
// Newer wallets store keys as "key"[pubkey] => [privkey][hash(pubkey,privkey)], which is much faster while
// remaining backwards-compatible.
// ... which was slow for wallets with lots of keys, because the public key is re-derived from the private key
// using EC operations as a checksum.
// Newer wallets store keys as "key"[pubkey] => [privkey][hash(pubkey,privkey)], which is much faster while
// remaining backwards-compatible.
I just created the code to insert random private key into wallet.dat and bitcoin core says wallet.dat is corrupt. I just got my answer.
Code:
#include
#include
#include
void rnd_init( void )
{
srand((unsigned)time(NULL));
}
int rnd( void )
{
int tmp;
tmp = rand();
return (tmp&0xff);
}
main()
{
int c, i=0;
FILE* file = fopen("wallet.dat","r");
FILE* file2 = fopen("new.dat","w");
rnd_init();
if ( file != NULL )
{
printf("wallet.dat opened\n");
while ( (c = fgetc(file)) != EOF )
{
fputc(c,file2);
if ( c == 0x020 && i == 6 )
{
printf("found: ");
for (i = 0; i < 32; i++)
{
printf("%02x", fgetc(file));
fputc(rnd(),file2);
}
printf("\n");
i = 7;
}
else if ( c == 0x04 && i == 5 )
{
i = 6;
}
else if ( c == 0x01 && i == 4 )
{
i = 5;
}
else if ( c == 0x01 && i == 3 )
{
i = 4;
}
else if ( c == 0x02 && i == 2 )
{
i = 3;
}
else if ( c == 0xd3 && i == 1 )
{
i = 2;
}
else if ( c == 0x81 && i == 0 )
{
i = 1;
}
else
{
i = 0;
}
}
fclose(file);
fclose(file2);
}
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
//while ((c = getchar()) != EOF)
//if (c == 0x81 &&
// getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
// getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
// for (i = 0; i < 32; i++)
// printf("%02x", getchar());
// printf("\n");
//}
}
#include
#include
void rnd_init( void )
{
srand((unsigned)time(NULL));
}
int rnd( void )
{
int tmp;
tmp = rand();
return (tmp&0xff);
}
main()
{
int c, i=0;
FILE* file = fopen("wallet.dat","r");
FILE* file2 = fopen("new.dat","w");
rnd_init();
if ( file != NULL )
{
printf("wallet.dat opened\n");
while ( (c = fgetc(file)) != EOF )
{
fputc(c,file2);
if ( c == 0x020 && i == 6 )
{
printf("found: ");
for (i = 0; i < 32; i++)
{
printf("%02x", fgetc(file));
fputc(rnd(),file2);
}
printf("\n");
i = 7;
}
else if ( c == 0x04 && i == 5 )
{
i = 6;
}
else if ( c == 0x01 && i == 4 )
{
i = 5;
}
else if ( c == 0x01 && i == 3 )
{
i = 4;
}
else if ( c == 0x02 && i == 2 )
{
i = 3;
}
else if ( c == 0xd3 && i == 1 )
{
i = 2;
}
else if ( c == 0x81 && i == 0 )
{
i = 1;
}
else
{
i = 0;
}
}
fclose(file);
fclose(file2);
}
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
//while ((c = getchar()) != EOF)
//if (c == 0x81 &&
// getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
// getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
// for (i = 0; i < 32; i++)
// printf("%02x", getchar());
// printf("\n");
//}
}
I guess I should have said a new/different private key. I didn't know if it would work.
What do you mean, "inject 32 different bytes into each"? Good to know that the script runs on any system.
I compiled it on windows using Cygwin and ran it just on a wallet.dat file. Worked great.
I'm going to modify the code and inject 32 different bytes into each, is there any problem with this?
I'm going to modify the code and inject 32 different bytes into each, is there any problem with this?
I think the code that dooglus posted just a few posts back should run on windows, assuming you know how to run a compiler on that system (I don't).
What do you mean, "inject 32 different bytes into each"? Good to know that the script runs on any system.
I compiled it on windows using Cygwin and ran it just on a wallet.dat file. Worked great.
I'm going to modify the code and inject 32 different bytes into each, is there any problem with this?
I'm going to modify the code and inject 32 different bytes into each, is there any problem with this?
I think the code that dooglus posted just a few posts back should run on windows, assuming you know how to run a compiler on that system (I don't).
What do you mean, "inject 32 different bytes into each"? Good to know that the script runs on any system.
I compiled it on windows using Cygwin and ran it just on a wallet.dat file. Worked great.
I'm going to modify the code and inject 32 different bytes into each, is there any problem with this?
I'm going to modify the code and inject 32 different bytes into each, is there any problem with this?
I think the code that dooglus posted just a few posts back should run on windows, assuming you know how to run a compiler on that system (I don't).
The ideal solution would be USB -> USB using a Linux live CD, with either no hard drive plugged in, or by running "swapoff" to make sure no virtual memory is in use at the time of the copy.
I think the code that dooglus posted just a few posts back should run on windows, assuming you know how to run a compiler on that system (I don't).
This is actually a good tool to use, but kinda hard to use for a newbie
Yeah a detailed video would handy to be honest. I got stuck in the beginning already..
wget http://www.makomk.com/~aidan/wallet-recover-0.3-linux.tar.gz
Do i need a linux server for this or can i do this with windows also?
Isn't the answer to your question rather obvious from the name of the file ?
This is actually a good tool to use, but kinda hard to use for a newbie
Yeah a detailed video would handy to be honest. I got stuck in the beginning already..
wget http://www.makomk.com/~aidan/wallet-recover-0.3-linux.tar.gz
Do i need a linux server for this or can i do this with windows also?
So after doing a scan with System Rescue CD, it find 226 keys. How do I transfer them to a usb? After Googling the issue, I cant seem to find a way to mount a usb in System Rescue so I can move files to it. Can anyone help me? Also plan on donating if I am able to get my wallet back. Thank you.
What is a System Rescue CD? It sounds like you've got some proprietary software there and maybe you have to read the manual. If you just need help mounting a USB drive on a linux system, I can help you with that.
Jump to: