Pages:
Author

Topic: Bitcoin private key/wallet.dat data recovery tool! - page 2. (Read 68945 times)

newbie
Activity: 1
Merit: 0
So after doing a scan with System Rescue CD, it find 226 keys. How do I transfer them to a usb? After Googling the issue, I cant seem to find a way to mount a usb in System Rescue so I can move files to it. Can anyone help me? Also plan on donating if I am able to get my wallet back. Thank you.
legendary
Activity: 2940
Merit: 1333
You might be surprised to learn this, but your code is equivalent to mine.

Interesting, you are right, I thought left-to-right evaluation for && operator is not guaranteed.

Solution may be to introduce another variable to buffer first next getchar() value, and then in case of missed match take the value of c from that buffer instead of getchar() in the while loop condition statement.

I expect reading characters one by one is introducing lots of overhead, and it would be better to do some kind of buffering. Or maybe stdio.h handles that for me. There's also ungetc():

     ungetc() pushes  c back  to stream,  cast to  unsigned char,
     where  it  is  available  for  subsequent  read  operations.
     Pushed-back characters  will be  returned in  reverse order;
     only one pushback is guaranteed.

which could be all I need to avoid missing keys.

My main aim in sharing this was to show a very simple way of scanning a device for private keys that recently worked for me. It took maybe 5 hours to scan my whole (full-disk encrypted) 1 TB root partition.
hero member
Activity: 952
Merit: 503
This is actually a good tool to use, but kinda hard to use for a newbie
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
You might be surprised to learn this, but your code is equivalent to mine.

Interesting, you are right, I thought left-to-right evaluation for && operator is not guaranteed.

Solution may be to introduce another variable to buffer first next getchar() value, and then in case of missed match take the value of c from that buffer instead of getchar() in the while loop condition statement.
legendary
Activity: 2940
Merit: 1333
IMHO your code should use nested If's instead of ANDs, that way not finding expected byte should reset search to the beginning, without ever encountering false positives or missing something:

You might be surprised to learn this, but your code is equivalent to mine.

Both

Code:
if (a() && b()) ...

and

Code:
if (a()) if (b()) ...

don't call b() if a() returns a falsy value.

For example:

Code:
#include

main() {
  if (printf("hello\n") == 1234 &&
      printf("world\n"))
    printf("omfg\n");
}

Then...

Code:
$ gcc if-shortcut.c
$ ./a.out
hello
$

Edit: see http://stackoverflow.com/a/628538/1253362 for confirmation of this.
legendary
Activity: 2940
Merit: 1333
IMHO your code should use nested If's instead of ANDs, that way not finding expected byte should reset search to the beginning, without ever encountering false positives or missing something:

You might be surprised to learn this, but your code is equivalent to mine.

Both

Code:
if (a() && b()) ...

and

Code:
if (a()) if (b()) ...

don't call b() if a() returns a falsy value.

For example:

Code:
#include

main() {
  if (printf("hello\n") == 1234 &&
      printf("world\n"))
    printf("omfg\n");
}

Then...

Code:
$ gcc if-shortcut.c
$ ./a.out
hello
$
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.

Code:
#include

main() {
  int c, i;

  // privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
  while ((c = getchar()) != EOF)
    if (c == 0x81 &&
        getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
        getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
      for (i = 0; i < 32; i++)
        printf("%02x", getchar());
      printf("\n");
    }
}

Simple and useful program, dooglus, thanks for sharing it.  One follow up question, I can see how you're just checing for each byte and then printing if you find them.  But the code you pasted just checks for 7 bytes.  There should be a check for 0x30 before the 0x81, right?  Or what am I missing?

Suppose the disk image contains: "2930 3081 d302 0101 0420 privkey". Checking for 0x30 would cause my simple program to miss that privkey completely, since it never backtracks. I figured it was better to maybe get some false positives than to miss some private keys.

In tests, my code encountered bytes like these, and so missed the privkey:

    0081 d302 0101 0420 3081 d302 0101 0420 privkey

It output:

    3081 d302 0101 0420 privke

since the 7 bytes before the real 8 byte prefix triggered the matching code.

I'm guessing that's quite an uncommon situation.

Oh I see what you mean.  I guess you could make it more robust if you, say, recurse when you find 0x30 so that you check all potential 8 byte windows.  Anyway, thanks again.
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins

Code:
#include

main() {
  int c, i;

  // privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
  while ((c = getchar()) != EOF)
    if (c == 0x81 &&
        getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
        getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
      for (i = 0; i < 32; i++)
        printf("%02x", getchar());
      printf("\n");
    }
}

Simple and useful program, dooglus, thanks for sharing it.  One follow up question, I can see how you're just checing for each byte and then printing if you find them.  But the code you pasted just checks for 7 bytes.  There should be a check for 0x30 before the 0x81, right?  Or what am I missing?

Suppose the disk image contains: "2930 3081 d302 0101 0420 privkey". Checking for 0x30 would cause my simple program to miss that privkey completely, since it never backtracks. I figured it was better to maybe get some false positives than to miss some private keys.

In tests, my code encountered bytes like these, and so missed the privkey:

    0081 d302 0101 0420 3081 d302 0101 0420 privkey

It output:

    3081 d302 0101 0420 privke

since the 7 bytes before the real 8 byte prefix triggered the matching code.

I'm guessing that's quite an uncommon situation.

IMHO your code should use nested If's instead of ANDs, that way not finding expected byte should reset search to the beginning, without ever encountering false positives or missing something:
Code:
#include

main() {
  int c, i;

  // privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
  while ((c = getchar()) != EOF)
    if (c == 0x30)
        if (getchar() == 0x81)
            if (getchar() == 0xd3)
                if (getchar() == 0x02)
                    if (getchar() == 0x01)
                        if (getchar() == 0x01)
                            if (getchar() == 0x04)
                                if (getchar() == 0x20) {
      for (i = 0; i < 32; i++)
        printf("%02x", getchar());
      printf("\n");
    }
}
legendary
Activity: 2940
Merit: 1333

Code:
#include

main() {
  int c, i;

  // privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
  while ((c = getchar()) != EOF)
    if (c == 0x81 &&
        getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
        getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
      for (i = 0; i < 32; i++)
        printf("%02x", getchar());
      printf("\n");
    }
}

Simple and useful program, dooglus, thanks for sharing it.  One follow up question, I can see how you're just checing for each byte and then printing if you find them.  But the code you pasted just checks for 7 bytes.  There should be a check for 0x30 before the 0x81, right?  Or what am I missing?

Suppose the disk image contains: "2930 3081 d302 0101 0420 privkey". Checking for 0x30 would cause my simple program to miss that privkey completely, since it never backtracks. I figured it was better to maybe get some false positives than to miss some private keys.

In tests, my code encountered bytes like these, and so missed the privkey:

    0081 d302 0101 0420 3081 d302 0101 0420 privkey

It output:

    3081 d302 0101 0420 privke

since the 7 bytes before the real 8 byte prefix triggered the matching code.

I'm guessing that's quite an uncommon situation.
legendary
Activity: 1064
Merit: 1000
Can this be used on other wallets other than bitcoin if so would be good as I have lost a few wallets in the past on one drive that I have not used in ages and has had deleted partitions and all sorts go wrong on it. is their any windows version to t his tool or just Linux?

My code should work on any wallet and any OS with a C compiler. You may need to change the 8 bytes it looks for. Make a new wallet, load it up in a hex editor, look for the 8 bytes which precede each private key.

I thank you so much for sharing this as well, light enough to use on my arm based node.
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.

Code:
#include

main() {
  int c, i;

  // privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
  while ((c = getchar()) != EOF)
    if (c == 0x81 &&
        getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
        getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
      for (i = 0; i < 32; i++)
        printf("%02x", getchar());
      printf("\n");
    }
}

Simple and useful program, dooglus, thanks for sharing it.  One follow up question, I can see how you're just checing for each byte and then printing if you find them.  But the code you pasted just checks for 7 bytes.  There should be a check for 0x30 before the 0x81, right?  Or what am I missing?
legendary
Activity: 2940
Merit: 1333
Can this be used on other wallets other than bitcoin if so would be good as I have lost a few wallets in the past on one drive that I have not used in ages and has had deleted partitions and all sorts go wrong on it. is their any windows version to t his tool or just Linux?

My code should work on any wallet and any OS with a C compiler. You may need to change the 8 bytes it looks for. Make a new wallet, load it up in a hex editor, look for the 8 bytes which precede each private key.
member
Activity: 112
Merit: 10
Can this be used on other wallets other than bitcoin if so would be good as I have lost a few wallets in the past on one drive that I have not used in ages and has had deleted partitions and all sorts go wrong on it. is their any windows version to t his tool or just Linux?
legendary
Activity: 2940
Merit: 1333
So this morning I noticed there was an outgoing transaction in my wallet that hadn't confirmed for a week. I decided I would try to send it again with a bigger fee. So I did a 'dumpprivkey' on the address that funded the unconfirmed transaction, made a new wallet, did an 'importprivkey' to import the address into the new wallet, then re-sent the transaction. There was only a single output on the address, so it used the same one again, effectively double-spending it.

Once the transaction confirmed, which it did quickly, I switched back to my main wallet, and deleted the temporary new wallet, since I was done with it. Right?

I rescanned the old wallet, using the -zapwallettxes argument to delete the old conflicting transaction, and it came up showing that I had made two spends recently, not the one that I expected. Then I remembered: the change from the new spend is only in the new temporary wallet that I just deleted.

Oops.

I looked for 'undelete' programs, but didn't find anything that looked useful. I found this thread, but the git repository seems to have died. So I wrote my own simple "privkey finder":

Code:
#include

main() {
  int c, i;

  // privkeys are preceeded by: 3081 d302 0101 0420 and are 32 bytes long:
  while ((c = getchar()) != EOF)
    if (c == 0x81 &&
        getchar() == 0xd3 && getchar() == 0x02 && getchar() == 0x01 &&
        getchar() == 0x01 && getchar() == 0x04 && getchar() == 0x20) {
      for (i = 0; i < 32; i++)
        printf("%02x", getchar());
      printf("\n");
    }
}

It's much simpler than the tool this thread is about, but it did the trick. It found the deleted private keys and I was able to get my coins back.

So I figured I'd share it.

I built and ran it like this:

Code:
$ gcc -O4 -o pkgrep pkgrep.c
$ df ~/.bitcoin
Filesystem      Size  Used Avail Use% Mounted on
/dev/dm-1       901G  497G  359G  59% /
$ su
Password:
# ./pkgrep < /dev/dm-1

I was somewhat surprised to find that the private key for the change address was on the drive 5 times. It was a new wallet that I created just to double-spend that single output, then deleted. And somehow the key found itself written to disk 5 times.
newbie
Activity: 1
Merit: 0
Data Recovery is a wonderful and multifunctional recovery tool to retrieve your lost videos, photos, music, documents, emails, etc. from your computer's hard drive. Besides, it can also recover data from USB drives, external hard drives, mobile phones, digital cameras, iPods, MP3/MP4 players and other storage devices.

Some steps on how to recover the lost data with Data Recovery:
1. Select types of lost data. All the common file formats are generally classified into six different categories. Only choose the specific types of the files you need to retrieve will accelerate the scan speed.

2. Choose a location to start searching data. This option is suitable for the situation of a data loss caused by deleting or losing a partition, and re-partition.

3. Scan your computer or device. The process bar displays how long the scan will take.

4. Preview and recover the files. When the preview or search finishes, select the target files and press Recover button to save data again on your device.

Want to get back your lost data right now? IfCoupons.com offers you Discounts and Coupons for Data Recovery from different brands and companies. Come and get one!
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
I have lost all private keys of blockchain.info wallet,
Can anyone recover it, I have nearly 50,000 btc in it.
I tried many ways but I couldn't. Help me out

I think this is a spam just to increase activity. Please don't spam, you will get banned from the forum.

Blockchain.info is an online wallet. So what do you mean by that question? What are the ways you tried?

   ~~MZ~~
newbie
Activity: 1
Merit: 0
I have lost all private keys of blockchain.info wallet,
Can anyone recover it, I have nearly 50,000 btc in it.
I tried many ways but I couldn't. Help me out
hero member
Activity: 672
Merit: 500
http://fuk.io - check it out!
u are life saver to many people!
hero member
Activity: 707
Merit: 505
You may need an additional library

Also I don't want to hijack the thread but OP haven't logged for more than a year
Have you tried pywallet? I only requires python2.7
lol, I hadn't noticed how old the thread was Smiley Thanks for the tip Smiley
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Hello,

I'm trying to build your very useful tool form source as a member of the forum stated that they had more success when it was built on their machine.
I downloaded a .tar.gz snapshot of the master branch and ran make in the same directory as the akefile but got:

Code:
g++ -I/usr/include/db4.8 -I/usr/include/cryptopp -ggdb -Wall -O2 -o wallet-recover main.cpp -lcryptopp -ldb-4.8
main.cpp:29:0: warning: "_GNU_SOURCE" redefined [enabled by default]
 #define _GNU_SOURCE
 ^
:0:0: note: this is the location of the previous definition
main.cpp:39:16: fatal error: db.h: No such file or directory
 #include
                ^
compilation terminated.
make: *** [wallet-recover] Error 1

Please could you give me some directions if possible? I don't build software very often Wink

Thanks Smiley

You may need an additional library

Also I don't want to hijack the thread but OP haven't logged for more than a year
Have you tried pywallet? I only requires python2.7
Pages:
Jump to: