Topic: Bitcoin private key/wallet.dat data recovery tool! - page 2. (Read 68804 times)
So after doing a scan with System Rescue CD, it find 226 keys. How do I transfer them to a usb? After Googling the issue, I cant seem to find a way to mount a usb in System Rescue so I can move files to it. Can anyone help me? Also plan on donating if I am able to get my wallet back. Thank you.
You might be surprised to learn this, but your code is equivalent to mine.
Interesting, you are right, I thought left-to-right evaluation for && operator is not guaranteed.
Solution may be to introduce another variable to buffer first next getchar() value, and then in case of missed match take the value of c from that buffer instead of getchar() in the while loop condition statement.
I expect reading characters one by one is introducing lots of overhead, and it would be better to do some kind of buffering. Or maybe stdio.h handles that for me. There's also ungetc():
ungetc() pushes c back to stream, cast to unsigned char,
where it is available for subsequent read operations.
Pushed-back characters will be returned in reverse order;
only one pushback is guaranteed.
which could be all I need to avoid missing keys.
My main aim in sharing this was to show a very simple way of scanning a device for private keys that recently worked for me. It took maybe 5 hours to scan my whole (full-disk encrypted) 1 TB root partition.
This is actually a good tool to use, but kinda hard to use for a newbie
You might be surprised to learn this, but your code is equivalent to mine.
Interesting, you are right, I thought left-to-right evaluation for && operator is not guaranteed.
Solution may be to introduce another variable to buffer first next getchar() value, and then in case of missed match take the value of c from that buffer instead of getchar() in the while loop condition statement.
IMHO your code should use nested If's instead of ANDs, that way not finding expected byte should reset search to the beginning, without ever encountering false positives or missing something:
You might be surprised to learn this, but your code is equivalent to mine.
Both
Code:
if (a() && b()) ...
and
Code:
if (a()) if (b()) ...
don't call b() if a() returns a falsy value.
For example:
Code:
#include
main() {
if (printf("hello\n") == 1234 &&
printf("world\n"))
printf("omfg\n");
}
main() {
if (printf("hello\n") == 1234 &&
printf("world\n"))
printf("omfg\n");
}
Then...
Code:
$ gcc if-shortcut.c
$ ./a.out
hello
$
$ ./a.out
hello
$
Edit: see http://stackoverflow.com/a/628538/1253362 for confirmation of this.
IMHO your code should use nested If's instead of ANDs, that way not finding expected byte should reset search to the beginning, without ever encountering false positives or missing something:
You might be surprised to learn this, but your code is equivalent to mine.
Both
Code:
if (a() && b()) ...
and
Code:
if (a()) if (b()) ...
don't call b() if a() returns a falsy value.
For example:
Code:
#include
main() {
if (printf("hello\n") == 1234 &&
printf("world\n"))
printf("omfg\n");
}
main() {
if (printf("hello\n") == 1234 &&
printf("world\n"))
printf("omfg\n");
}
Then...
Code:
$ gcc if-shortcut.c
$ ./a.out
hello
$
$ ./a.out
hello
$
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
Simple and useful program, dooglus, thanks for sharing it. One follow up question, I can see how you're just checing for each byte and then printing if you find them. But the code you pasted just checks for 7 bytes. There should be a check for 0x30 before the 0x81, right? Or what am I missing?
Suppose the disk image contains: "2930 3081 d302 0101 0420 privkey". Checking for 0x30 would cause my simple program to miss that privkey completely, since it never backtracks. I figured it was better to maybe get some false positives than to miss some private keys.
In tests, my code encountered bytes like these, and so missed the privkey:
0081 d302 0101 0420 3081 d302 0101 0420 privkey
It output:
3081 d302 0101 0420 privke
since the 7 bytes before the real 8 byte prefix triggered the matching code.
I'm guessing that's quite an uncommon situation.
Oh I see what you mean. I guess you could make it more robust if you, say, recurse when you find 0x30 so that you check all potential 8 byte windows. Anyway, thanks again.
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
Simple and useful program, dooglus, thanks for sharing it. One follow up question, I can see how you're just checing for each byte and then printing if you find them. But the code you pasted just checks for 7 bytes. There should be a check for 0x30 before the 0x81, right? Or what am I missing?
Suppose the disk image contains: "2930 3081 d302 0101 0420 privkey". Checking for 0x30 would cause my simple program to miss that privkey completely, since it never backtracks. I figured it was better to maybe get some false positives than to miss some private keys.
In tests, my code encountered bytes like these, and so missed the privkey:
0081 d302 0101 0420 3081 d302 0101 0420 privkey
It output:
3081 d302 0101 0420 privke
since the 7 bytes before the real 8 byte prefix triggered the matching code.
I'm guessing that's quite an uncommon situation.
IMHO your code should use nested If's instead of ANDs, that way not finding expected byte should reset search to the beginning, without ever encountering false positives or missing something:
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x30)
if (getchar() == 0x81)
if (getchar() == 0xd3)
if (getchar() == 0x02)
if (getchar() == 0x01)
if (getchar() == 0x01)
if (getchar() == 0x04)
if (getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
Simple and useful program, dooglus, thanks for sharing it. One follow up question, I can see how you're just checing for each byte and then printing if you find them. But the code you pasted just checks for 7 bytes. There should be a check for 0x30 before the 0x81, right? Or what am I missing?
Suppose the disk image contains: "2930 3081 d302 0101 0420 privkey". Checking for 0x30 would cause my simple program to miss that privkey completely, since it never backtracks. I figured it was better to maybe get some false positives than to miss some private keys.
In tests, my code encountered bytes like these, and so missed the privkey:
0081 d302 0101 0420 3081 d302 0101 0420 privkey
It output:
3081 d302 0101 0420 privke
since the 7 bytes before the real 8 byte prefix triggered the matching code.
I'm guessing that's quite an uncommon situation.
Can this be used on other wallets other than bitcoin if so would be good as I have lost a few wallets in the past on one drive that I have not used in ages and has had deleted partitions and all sorts go wrong on it. is their any windows version to t his tool or just Linux?
My code should work on any wallet and any OS with a C compiler. You may need to change the 8 bytes it looks for. Make a new wallet, load it up in a hex editor, look for the 8 bytes which precede each private key.
I thank you so much for sharing this as well, light enough to use on my arm based node.
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
Simple and useful program, dooglus, thanks for sharing it. One follow up question, I can see how you're just checing for each byte and then printing if you find them. But the code you pasted just checks for 7 bytes. There should be a check for 0x30 before the 0x81, right? Or what am I missing?
Can this be used on other wallets other than bitcoin if so would be good as I have lost a few wallets in the past on one drive that I have not used in ages and has had deleted partitions and all sorts go wrong on it. is their any windows version to t his tool or just Linux?
My code should work on any wallet and any OS with a C compiler. You may need to change the 8 bytes it looks for. Make a new wallet, load it up in a hex editor, look for the 8 bytes which precede each private key.
Can this be used on other wallets other than bitcoin if so would be good as I have lost a few wallets in the past on one drive that I have not used in ages and has had deleted partitions and all sorts go wrong on it. is their any windows version to t his tool or just Linux?
So this morning I noticed there was an outgoing transaction in my wallet that hadn't confirmed for a week. I decided I would try to send it again with a bigger fee. So I did a 'dumpprivkey' on the address that funded the unconfirmed transaction, made a new wallet, did an 'importprivkey' to import the address into the new wallet, then re-sent the transaction. There was only a single output on the address, so it used the same one again, effectively double-spending it.
Once the transaction confirmed, which it did quickly, I switched back to my main wallet, and deleted the temporary new wallet, since I was done with it. Right?
I rescanned the old wallet, using the -zapwallettxes argument to delete the old conflicting transaction, and it came up showing that I had made two spends recently, not the one that I expected. Then I remembered: the change from the new spend is only in the new temporary wallet that I just deleted.
Oops.
I looked for 'undelete' programs, but didn't find anything that looked useful. I found this thread, but the git repository seems to have died. So I wrote my own simple "privkey finder":
It's much simpler than the tool this thread is about, but it did the trick. It found the deleted private keys and I was able to get my coins back.
So I figured I'd share it.
I built and ran it like this:
I was somewhat surprised to find that the private key for the change address was on the drive 5 times. It was a new wallet that I created just to double-spend that single output, then deleted. And somehow the key found itself written to disk 5 times.
Once the transaction confirmed, which it did quickly, I switched back to my main wallet, and deleted the temporary new wallet, since I was done with it. Right?
I rescanned the old wallet, using the -zapwallettxes argument to delete the old conflicting transaction, and it came up showing that I had made two spends recently, not the one that I expected. Then I remembered: the change from the new spend is only in the new temporary wallet that I just deleted.
Oops.
I looked for 'undelete' programs, but didn't find anything that looked useful. I found this thread, but the git repository seems to have died. So I wrote my own simple "privkey finder":
Code:
#include
main() {
int c, i;
// privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
while ((c = getchar()) != EOF)
if (c == 0x81 &&
getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
for (i = 0; i < 32; i++)
printf("%02x", getchar());
printf("\n");
}
}
It's much simpler than the tool this thread is about, but it did the trick. It found the deleted private keys and I was able to get my coins back.
So I figured I'd share it.
I built and ran it like this:
Code:
$ gcc -O4 -o pkgrep pkgrep.c
$ df ~/.bitcoin
Filesystem Size Used Avail Use% Mounted on
/dev/dm-1 901G 497G 359G 59% /
$ su
Password:
# ./pkgrep < /dev/dm-1
I was somewhat surprised to find that the private key for the change address was on the drive 5 times. It was a new wallet that I created just to double-spend that single output, then deleted. And somehow the key found itself written to disk 5 times.
Data Recovery is a wonderful and multifunctional recovery tool to retrieve your lost videos, photos, music, documents, emails, etc. from your computer's hard drive. Besides, it can also recover data from USB drives, external hard drives, mobile phones, digital cameras, iPods, MP3/MP4 players and other storage devices.
Some steps on how to recover the lost data with Data Recovery:
1. Select types of lost data. All the common file formats are generally classified into six different categories. Only choose the specific types of the files you need to retrieve will accelerate the scan speed.
2. Choose a location to start searching data. This option is suitable for the situation of a data loss caused by deleting or losing a partition, and re-partition.
3. Scan your computer or device. The process bar displays how long the scan will take.
4. Preview and recover the files. When the preview or search finishes, select the target files and press Recover button to save data again on your device.
Want to get back your lost data right now? IfCoupons.com offers you Discounts and Coupons for Data Recovery from different brands and companies. Come and get one!
Some steps on how to recover the lost data with Data Recovery:
1. Select types of lost data. All the common file formats are generally classified into six different categories. Only choose the specific types of the files you need to retrieve will accelerate the scan speed.
2. Choose a location to start searching data. This option is suitable for the situation of a data loss caused by deleting or losing a partition, and re-partition.
3. Scan your computer or device. The process bar displays how long the scan will take.
4. Preview and recover the files. When the preview or search finishes, select the target files and press Recover button to save data again on your device.
Want to get back your lost data right now? IfCoupons.com offers you Discounts and Coupons for Data Recovery from different brands and companies. Come and get one!
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
I have lost all private keys of blockchain.info wallet,
Can anyone recover it, I have nearly 50,000 btc in it.
I tried many ways but I couldn't. Help me out
Can anyone recover it, I have nearly 50,000 btc in it.
I tried many ways but I couldn't. Help me out
I think this is a spam just to increase activity. Please don't spam, you will get banned from the forum.
Blockchain.info is an online wallet. So what do you mean by that question? What are the ways you tried?
~~MZ~~
I have lost all private keys of blockchain.info wallet,
Can anyone recover it, I have nearly 50,000 btc in it.
I tried many ways but I couldn't. Help me out
Can anyone recover it, I have nearly 50,000 btc in it.
I tried many ways but I couldn't. Help me out
u are life saver to many people!
You may need an additional library
Also I don't want to hijack the thread but OP haven't logged for more than a year
Have you tried pywallet? I only requires python2.7
lol, I hadn't noticed how old the thread was Also I don't want to hijack the thread but OP haven't logged for more than a year
Have you tried pywallet? I only requires python2.7
Thanks for the tip 
Hello,
I'm trying to build your very useful tool form source as a member of the forum stated that they had more success when it was built on their machine.
I downloaded a .tar.gz snapshot of the master branch and ran make in the same directory as the akefile but got:
Please could you give me some directions if possible? I don't build software very often
Thanks
I'm trying to build your very useful tool form source as a member of the forum stated that they had more success when it was built on their machine.
I downloaded a .tar.gz snapshot of the master branch and ran make in the same directory as the akefile but got:
Code:
g++ -I/usr/include/db4.8 -I/usr/include/cryptopp -ggdb -Wall -O2 -o wallet-recover main.cpp -lcryptopp -ldb-4.8
main.cpp:29:0: warning: "_GNU_SOURCE" redefined [enabled by default]
#define _GNU_SOURCE
^:0:0: note: this is the location of the previous definition
main.cpp:39:16: fatal error: db.h: No such file or directory
#include
^
compilation terminated.
make: *** [wallet-recover] Error 1
Please could you give me some directions if possible? I don't build software very often
Thanks
You may need an additional library
Also I don't want to hijack the thread but OP haven't logged for more than a year
Have you tried pywallet? I only requires python2.7
Jump to: