Topic: Bitcoin private key/wallet.dat data recovery tool! - page 5. (Read 68945 times)

Source code?

Excellent that this is out there as a resource now.
If I ever need to use it I'll definitely send some coin your way!

Unless you know how the system works, you should assume that the answer is yes. Windows caches files on the disk before burning it to CD. When copying from USB -> USB you'd expect nothing to be written to the hard drive, but it goes through RAM and anything in there could potentially end up in your paging file and therefore written to disk.

The ideal solution would be USB -> USB using a Linux live CD, with either no hard drive plugged in, or by running "swapoff" to make sure no virtual memory is in use at the time of the copy.

sorry to bug you with an off topic question but when i transfer a wallet.dat from a usb stick to a cdrom or to another usb stick on same computer, are there any traces of it left on hard drive?

That tool's a lot easier to use, but relies on you having a filesystem and enough of wallet.dat left intact for BerkleyDB to be able to open it.

Not a chance, sorry. Live CDs deliberately don't save anything to your computer unless you specifically tell them to - it's why I suggest using one for this, because that way you don't risk overwriting any more of the data you're trying to recover - so there's just nothing there to be recovered.

http://forum.bitcoin.org/index.php?topic=11331.0

how does your tool differ from above?

i created a new wallet using Live CD Ubuntu, tx'd some btc to it, but then didn't save it properly.  would there be any traces left on my computer?

Edit: Updated to create a new wallet.dat with the recovered keys.
Edit 2: New v0.2 release, new instructions. Note that this still can't recover encrypted wallets!
Edit 3: v0.3 release to support the compressed public keys created by recent Bitcoin versions. Still can't recover encrypted wallets.

For some reason, people keep reformatting their drive or deleting their wallet.dat without taking proper backups. As casascius helpfully points out - and this is something I'd already suspected - it may be possible to recover the crucial wallet.dat private keys and the bitcoins secured with them by scanning the disk for certain markers, so long as you're lucky and the data you need isn't too fragmented and hasn't already been overwritten.

To that end, I've written a little experimental utility that tries to search for and validate those keys. It's not even close to being able to recover all keys that are recoverable - though it should work in a decent proportion of cases - and importing those keys back into a new wallet is left as an exercise for the user to figure out for now, but it might be useful to some people.

Instructions:

• Stop using your computer until you've recovered your data, in case something overwrites it. Shut down the PC as soon as possible.
• Obtain a suitable 32-bit Linux LiveCD, like the System Rescue CD, and boot your computer from it. You'll need working internet access (or some other way to download http://makomk.com/~aidan/wallet-recover and transfer it over)
• Open a terminal.
• Run these commands to download the utility and unpack it (2MB download - it contains largish crypto and database libraries):

Run the program on your drive:
For 99% of users, this will be:
Hopefully it should find and print out a bunch of public keys and corresponding private keys, at least 100 of them, together with a file recovered-wallet.dat. Copy the recovered-wallet.dat to a USB drive and load it up in the Bitcoin client as usual (not forgetting to start it with -rescan) - with a bit of luck you should have access to your money again. I suggest not doing anything with the computer you lost the bitcoins on until you're 100% sure the recovery was successful - load up recovered-wallet.data on a different PC if at all possible.

WARNING: The recovered wallet does not contain a pool of spare keys to send change to (the old ones should get recovered but aren't marked as such). It also doesn't include any names for addresses, so the address you can copy-and-paste in the client is a NEW address created when you first started bitcoin using your recovered wallet, and any change from transactions also goes to a NEW address - none of these addresses are in the original recovered wallet. After first running Bitcoin with the recovered wallet, you MUST exit it and take backup copies of the wallet.dat in your .bitcoin directory to several locations BEFORE making or receiving any transactions - then be sure to use this version and NOT THE ORIGINAL recovered-wallet.dat from this point on. If you're using bitcoind rather than the GUI, you must also call "bitcoind getnewaddress" before shutting down and copying the wallet.dat. Also, be extremely careful about backing up your wallet on a regular basis after using this tool - Bitcoin's handling of the keypool is quirky and this may trigger bugs in it. (Added 9th July, amended 19th Sept.)

Disclaimer: This code comes with no warranty, not even an implied warranty of fitness for its intended purpose. I don't guarantee that it won't make things worse, or that the recovered keys are correct, and obviously I can't guarantee that it'll manage to recover the keys you need. Oh, and it may not be able to recover older wallets at all.