Content of wallet.dat - Bounty | Bitcointalksearch.org

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: Lucky Cris on August 15, 2014, 09:30:57 AM

Quote from: 0xAli on August 13, 2014, 07:05:06 AM

Yeah actually that's a very good idea.

And you can simply do (without globstar)

Code:

find ./ -type f -exec file {} \; | grep "Berkeley DB"

(And replace ./ with the directory path)

I'm getting this error back:

find: missing argument to '-exec' I guess something's missing from the line?

You probably need to escape the braces, like this:

Code:

find ./ -type f -exec file \{\} \; | grep "Berkeley DB"

0xAli

member

Activity: 72

Merit: 10

42

Quote from: Lucky Cris on August 15, 2014, 09:30:57 AM

Quote from: 0xAli on August 13, 2014, 07:05:06 AM

Quote from: Dare on August 13, 2014, 06:09:51 AM

Another option, if you have Linux/Cygwin/(probably)OSX, you can search through all of the extensionless files recovered by Photorec and use the `file` command to determine the type. Wallet files appear as "Berkeley DB (Btree, version 9, little-endian)", and so you should be able to find it relatively easily by running something like `file ** | grep "Berkeley DB"` (if you have globstar enabled, though there are many other ways of recursively searching every file within a specified location). You can use this technique for other file types as well, though anything plaintext will simply show up as "ASCII text" so it'll only help for binary file types with a specific identifier such as PNG (though presumably Photorec handles much of this, given the name).

Yeah actually that's a very good idea.

And you can simply do (without globstar)

Code:

find ./ -type f -exec file {} \; | grep "Berkeley DB"

(And replace ./ with the directory path)

I'm getting this error back:

find: missing argument to '-exec' I guess something's missing from the line?

If you copy pasted it properly shouldn't have any problems..

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: 0xAli on August 13, 2014, 07:05:06 AM

Quote from: Dare on August 13, 2014, 06:09:51 AM

Another option, if you have Linux/Cygwin/(probably)OSX, you can search through all of the extensionless files recovered by Photorec and use the `file` command to determine the type. Wallet files appear as "Berkeley DB (Btree, version 9, little-endian)", and so you should be able to find it relatively easily by running something like `file ** | grep "Berkeley DB"` (if you have globstar enabled, though there are many other ways of recursively searching every file within a specified location). You can use this technique for other file types as well, though anything plaintext will simply show up as "ASCII text" so it'll only help for binary file types with a specific identifier such as PNG (though presumably Photorec handles much of this, given the name).

Yeah actually that's a very good idea.

And you can simply do (without globstar)

Code:

find ./ -type f -exec file {} \; | grep "Berkeley DB"

(And replace ./ with the directory path)

I'm getting this error back:

find: missing argument to '-exec' I guess something's missing from the line?

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: 0xAli on August 13, 2014, 07:05:06 AM

Quote from: Dare on August 13, 2014, 06:09:51 AM

Another option, if you have Linux/Cygwin/(probably)OSX, you can search through all of the extensionless files recovered by Photorec and use the `file` command to determine the type. Wallet files appear as "Berkeley DB (Btree, version 9, little-endian)", and so you should be able to find it relatively easily by running something like `file ** | grep "Berkeley DB"` (if you have globstar enabled, though there are many other ways of recursively searching every file within a specified location). You can use this technique for other file types as well, though anything plaintext will simply show up as "ASCII text" so it'll only help for binary file types with a specific identifier such as PNG (though presumably Photorec handles much of this, given the name).

Yeah actually that's a very good idea.

And you can simply do (without globstar)

Code:

find ./ -type f -exec file {} \; | grep "Berkeley DB"

(And replace ./ with the directory path)

Sweet!!! Will try this next

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: Nexigen on August 14, 2014, 04:32:26 AM

Did you already get your wallet data back?
I had this problem as well, using a simple recovery tool. Anything should work really.
I hope you get yours back!

Thanks! I haven't yet, but here's hoping!

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: zahra4571 on August 14, 2014, 05:46:06 AM

Try Recuva recovery software and search for wallet.dat or just type .dat you can search it in specific participation, you can also search for any other format you need for.

I think I tried that - I think it's only for Windows. But even so, the majority of the files I recovered extension was renamed to .txt.

zahra4571

sr. member

Activity: 467

Merit: 250

Try Recuva recovery software and search for wallet.dat or just type .dat you can search it in specific participation, you can also search for any other format you need for.

Nexigen

full member

Activity: 297

Merit: 100

Did you already get your wallet data back?
I had this problem as well, using a simple recovery tool. Anything should work really.
I hope you get yours back!

0xAli

member

Activity: 72

Merit: 10

42

Quote from: Dare on August 13, 2014, 06:09:51 AM

Another option, if you have Linux/Cygwin/(probably)OSX, you can search through all of the extensionless files recovered by Photorec and use the `file` command to determine the type. Wallet files appear as "Berkeley DB (Btree, version 9, little-endian)", and so you should be able to find it relatively easily by running something like `file ** | grep "Berkeley DB"` (if you have globstar enabled, though there are many other ways of recursively searching every file within a specified location). You can use this technique for other file types as well, though anything plaintext will simply show up as "ASCII text" so it'll only help for binary file types with a specific identifier such as PNG (though presumably Photorec handles much of this, given the name).

Yeah actually that's a very good idea.

And you can simply do (without globstar)

Code:

find ./ -type f -exec file {} \; | grep "Berkeley DB"

(And replace ./ with the directory path)

Dare

hero member

Activity: 508

Merit: 500

Techwolf on #bitcoin and Reddit

Another option, if you have Linux/Cygwin/(probably)OSX, you can search through all of the extensionless files recovered by Photorec and use the `file` command to determine the type. Wallet files appear as "Berkeley DB (Btree, version 9, little-endian)", and so you should be able to find it relatively easily by running something like `file ** | grep "Berkeley DB"` (if you have globstar enabled, though there are many other ways of recursively searching every file within a specified location). You can use this technique for other file types as well, though anything plaintext will simply show up as "ASCII text" so it'll only help for binary file types with a specific identifier such as PNG (though presumably Photorec handles much of this, given the name).

Muhammed Zakir

hero member

Activity: 560

Merit: 509

I prefer Zakir over Muhammed when mentioning me!

Quote from: Lucky Cris on August 09, 2014, 01:52:15 PM

Quote from: Newar on August 09, 2014, 01:39:32 PM

Quote from: Lucky Cris on August 09, 2014, 01:33:39 PM

Thanks... but I don't even know my addresses.

Your post history does (only had a quick look):
16K6t4BtQwhbeTBaRrocCuptESyKcXTcuZ
1BUJ92LbERYLEPxfaxcRJECm5rXYasvsxE

Nice detective work

But those are from my online wallet... This is a new system I built a couple of months ago to start to start hosting pools so I had to download the client.

Try checking history of your browser. Somehow if you checked your balance of an address in blockchain or any other exploerer, you might get it from browser.

Kindly,
MZ

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: bigasic on August 09, 2014, 11:42:19 PM

Wouldn't you only need the private address? no need for the public one if you have the private one, correct? I hope you are able to find your cons, I know it sucks to lose coins from technical issues.

I have to find the wallet.dat files first! Tongue

Here's hoping

I was able to find a couple of my most precious files... my index.html and style css for my website. Lots of me went into those... they're not the latest iteration, but at least I can work from that. Tomorrow I'll work on the wallet.dats.

bigasic

hero member

Activity: 924

Merit: 1000

Wouldn't you only need the private address? no need for the public one if you have the private one, correct? I hope you are able to find your cons, I know it sucks to lose coins from technical issues.

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: harlenadler on August 09, 2014, 09:37:35 PM

How much do you have in those wallets, if you don't mind me asking!

10s of 1000s of a few pretty much worthless coins

harlenadler

sr. member

Activity: 430

Merit: 250

Agent of Chaos

How much do you have in those wallets, if you don't mind me asking!

science

member

Activity: 72

Merit: 10

nearly all cryptocoins use the DB Berkeley format

science

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: science on August 09, 2014, 02:41:53 PM

Hi!

Here are the sig for DB Berkeley (wallet.dat) add it to photorec and run it again...

Code:

dat 0x0 0x00061561
dat 0x0 0x61150600
dat 0x0 0x00053162
dat 0x0 0x62310500
dat 0xc 0x00061561
dat 0xc 0x61150600
dat 0xc 0x00053162
dat 0xc 0x62310500
dat 0xc 0x00042253
dat 0xc 0x53220400
dat 0xc 0x00040988
dat 0xc 0x88090400

Science

Sweet! So I do have to run it again... guess I'll go ahead and stop this session. Before I do though, I want to see if FaSan's method of using keyhunter is faster than Photorec. It's been running now for 17hours and says I still have 6 hours left. I'm scanning the entire disk.

EDIT - this might be a stupid question... do all wallets use this signature, or will this only find my bitcoin wallat.dat?

science

member

Activity: 72

Merit: 10

Hi!

Here are the sig for DB Berkeley (wallet.dat) add it to photorec and run it again...

Code:

dat 0x0 0x00061561
dat 0x0 0x61150600
dat 0x0 0x00053162
dat 0x0 0x62310500
dat 0xc 0x00061561
dat 0xc 0x61150600
dat 0xc 0x00053162
dat 0xc 0x62310500
dat 0xc 0x00042253
dat 0xc 0x53220400
dat 0xc 0x00040988
dat 0xc 0x88090400

Science

Lucky Cris

sr. member

Activity: 280

Merit: 250

Quote from: 0xAli on August 09, 2014, 02:21:54 PM

Quote from: Lucky Cris on August 09, 2014, 02:09:13 PM

So I've already ran Photorec (this is second time around actually - 6 hours left). Do I have to run it again so that the wallet.dat signature file can be included in the recovery? I was under the impression that maybe they'd be in the 1mil files I got on the first run, just perhaps a .txt format....

Didn't you get a backup in the external drive? then just run (assuming you are on ubuntu now)

Code:

grep -RH 'defaultkey' EXTERNAL_DRIVE

Against your backed up files, and it will get the wallets for you no matter what their name/extension is.

(And put the real path of the external drive instead of EXTERNAL_DRIVE)

Ah! Yes, Photorec saved all of my copied files over to my external drive. But because they're a default file signature type I was asking whether the wallet files were recovered to begin with. It looks like you have to add a custom signature prior to running Photorec so the files can be included in the recovery:

http://www.cgsecurity.org/wiki/Add_your_own_extension_to_PhotoRec

0xAli

member

Activity: 72

Merit: 10

42

Quote from: Lucky Cris on August 09, 2014, 02:09:13 PM

So I've already ran Photorec (this is second time around actually - 6 hours left). Do I have to run it again so that the wallet.dat signature file can be included in the recovery? I was under the impression that maybe they'd be in the 1mil files I got on the first run, just perhaps a .txt format....

Didn't you get a backup in the external drive? then just run (assuming you are on ubuntu now)

Code:

grep -RH 'defaultkey' EXTERNAL_DRIVE

Against your backed up files, and it will get the wallets for you no matter what their name/extension is.

(And put the real path of the external drive instead of EXTERNAL_DRIVE)

Topic: Content of wallet.dat - Bounty (Read 4004 times)