Topic: Can I recover BTC from old wallet.dat without password? (Read 91 times)

BTCRecover and hashcat support both Windows and Linux, so it's not problem. Although you probably find more guide for those software using Linux.

What does it show below (lower-left)? "Processing blocks on disk..." or "Synchronizing with network..."?

For the former, it's continuing to reindex despite not showing the progress window which you might have hidden.
For the latter, your node now started to sync after it successfully reindexed the blocks it has on disk.
If you see either message, you don't have to do anything, just let it finish.

If there's none and you see a 'check' icon on Bitcoin Core's lower-right, your node is fully synced.

This shouldn't be a problem even if you found it later.
You can always use the current version to sync to check for transactions.
And once you recover the correct password, you can use "migrate" to convert it into a compatible descriptor wallet if you want to update your client.

I'm not entirely sure, but it shouldn't matter for Bitcoin Core if you open the old wallet during re-indexing.

You may look into your debug.log file if you see similar log entries. Today I opened a wallet that I last used around June 2022.

Core logs from which block it started the rescan; in your case it would be the block your old wallet was last time synced or the birthday of your old wallet. Then there are regular progress pings "Still rescanning. At block xxxxxx. Progress=0.xxxxxx".
The finish is logged with "Rescan completed in ......ms".

Thanks, everyone!

Good to know Bitcoin Core can import an old wallet without swapping/hacking it into a newly created one, and good to know there are multiple options for password recovery.

Happy new year!

---

Progress update:

So, the only machine with sufficient storage is a windows machine, so I cannot use my linux machine. This was instantly less than ideal, as I got errors on first-time start-up indicating I needed to reindex the database/state.

I was able to eventually get it running, but it automatically started indexing before I could import the old wallet. Not great.

I'll probably need the windows box for the GPU anyway for password recovery.

I went ahead and imported the old wallet anyway, and it appeared to succeed, but with a warning that support for that format would be deprecated soon. Looks like I got to this just in time.

Questions:

Can I restart indexing now that I've imported the old wallet?

Does importing the old wallet during re-indexing cause problems?

Thanks again!

First of all, please stay away from see article, video or software which claim can unlock wallet.dat without entering or brute-force password. Those are scam, which occasionally shilled by newbie or new account on this forum.


Mt. Gox was an exchange, where AFAIK they never offer wallet feature/service.


It's very likely the wallet.dat created by Bitcoin Core. Take note Bitcoin-Qt was old or former name of Bitcoin Core software.


1. It's only true on very old version of Bitcoin Core.
2. Bitcoin Core never support generate or load wallet using 12-24 seed words. Make sure to write down portion of passphrase or password you remember.


As stated by other member, BTCRecover is best choice. Hashcat is good alternative since it also support GPU usage, although i never perform or see benchmark speed between those two software.

This is not true. You can have a wallet with encryption and Bitcoin Core will happily sync and show the wallet balance without the need to enter the encryption password or passphrase. You will need the wallet encryption password only for certain operations which usually have to do with the private keys in the wallet, most commonly when you want to spend any coins of that wallet.

Spending coins requires to sign the transaction with the private keys of the transaction's inputs. For this the private keys have to be decrypted. This can't be done without the wallet encryption password.


This looks very much like the files and folders that Bitcoin Core stores. The most important part for you is the wallet.dat file, because this is the wallet.

Make multiple redundant backup copies of that file, so that you never can loose it.

The debug.log is a log file and Bitcoin Core writes it's version in the first line of a new block of log entries when it is started. It's only interesting to see what the last version of Bitcoin Core was which loaded your wallet.

If you have to install a current version of Bitcoin Core then make sure to download it from https://bitcoincore.org and verify that it is genuine. Use a safe computer, Linux OS recommended, not your daily driver.

You can try to restore a copy of your old wallet.dat with a current Bitcoin Core, use "Restore Wallet..." from File menu. I'm not entirely sure if the latest version, currently v28.0.0, will open and update a very old wallet.dat. The wallet encryption is no blocker. It doesn't hurt to simply try with a copy of your wallet file.

You can setup your Bitcoin Core node as pruned node and sync your wallet.dat with a pruned node. But syncing to the blockchain tip will require to download and read the whole blockchain anyway, a pruned node won't just need the storage space of more than 700GB for blocks, chainstate and maybe transaction index.

It's good when you do the blockchain sync already with your old wallet.dat loaded in Core. That way the wallet is synced in parallel and the full blockchain download is only needed once if you choose pruned mode.


You don't need to swap your old wallet in. Simply load it via File>Restore Wallet...


Bitcoin Core doesn't use mnemonic recovery words. Usually a Core wallet file is encrypted, rarely it's not encrypted but that would be very unsafe.

You should try to think very carefully what building blocks your used wallet encryption passphrase had. It's good that you remember portions of it, that is better than knowing nothing. Try to remember of what the unknown parts could've been made of. It's fine to have multiple choices like numbers, special characters and such.

The better you have an idea what parts were assembled for your password the better you can construct rules for the password cracking tool to search for your true encryption password. This step is important, take your time for it.


To spend the coins of your encrypted wallet, you need to brute-force the encryption passphrase. You can use Hashcat for this (needs to extract the encrypted portion of a random secret encryption key of your wallet). There are guides how to do that here in this forum and also in Hashcat forums/guides.

BTCrecover should also be able to do it. For the sake of speed and depending on the complexity of your encryption passphrase and how large the search space is, you should opt for GPU enhanced tools.


As I already said, you can sync an encrypted Bitcoin Core wallet without the encryption passphrase. Once it is fully synced, you can see how much coins are spendable and if the cracking efforts are worth the hassle and compute time & energy.

If you decide to do the cracking, I would recommend to construct a test case with a known encryption password which you then try to crack with your tool chain. If you don't succeed with such a test case where you already know what the solution should be, then you likely won't succeed with your real case.

The test case should involve some rule or pattern based password construction, but not with a huge search space. Just so that crunching can be done in minutes or so.

Before doing anything, make a few backup copies of the wallet.dat file and store it on something offline / secure.

Never do any manipulation / testing on your only copy.

-Dave

Take note if your backup is wallet.dat it means this wallet was created from Bitcoin core this wallet doesn't generate a seed phrase.


If you don't know the password then your last hope is to brute force the password. But the problem is this would take years or maybe decades if you don't know some of the parts of your password.



There's no chance to know the balance of this wallet if you don't have a password. However, you can try importing it to Bitcoin Core; it might show the balance without using the password(If the wallet is not encrypted); just set it to prune if you don't want to download the entire blockchain.


If you are looking for the tool, check this one below
- https://btcrecover.readthedocs.io/en/latest/

You should be able to see all guides on the top how to use it.

I realize this comes up quite a bit, and I've scoured both this and other forums/Reddit, but I'd like to verify some assumptions from that reading and ensure I'm using the very latest methods and tools available.

Background
I created a BTC wallet back in 2013-14. I don't recall much about the process, except for it possibly involving MtGox. I recall they were hacked of nearly 1M BTC at some point.

I've recovered an entire folder around the wallet.dat, named "Bitcoin" and structured like so:

Bitcoin/
- wallet.dat
- peers.dat
- debug.log
- db.log
- chainstate/
- blocks/

I assume this is helpful for both identifying what format of BTC/wallet this is and hopefully for recovering important data.

Assumptions

1. I can't simply create a new default Bitcoin Core wallet and swap this old one in, because that requires knowing the password. I would love to be wrong about this.

2. I need to brute force the password/phrase/key. I don't recall needing/creating a list of 12-24 seed words, just a single passphrase, though I could be wrong. I do remember portions of the passphrase, which should facilitate/expedite brute force operations.

Questions
Am I correct that I need to brute force the passphrase to actually use this BTC?
- If so, what are the best tools for that job? I write code professionally, but would prefer to use existing tools if possible.

Can I see how much is in there before I attempt to brute force access?
- It looks like this is possible, maybe even trivial via Bitcoin Core.
- This will help me determine whether or not to bother with the brute force op.

Thanks in advance!