Pages:
Author

Topic: Early Bitcoin Wallet - Help Needed - Advice Appreciated - page 2. (Read 1040 times)

hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Anywoo last night I boot up one of the random drives I already had & transfered the majority of the files unrelated to media (music/video). One of the folders contain a series of public keys but funnily enough an Armory wallet screenshot I don't even remember from 2014. Screenshot has a box with eighteen random 4 letter combinations & a QR to regerated the wallet. Sent pics to CryptoJ0hn on email & will also send them to you.
I'm not sure anyone can follow what you do with those files on one of your "random drives". OK, I can't and that's just me, ignore it.

Your details are confusing. Public keys are this: https://learnmeabitcoin.com/beginners/guide/public-keys/
I've no good explanation why someone not-so-Bitcoin-technical would've a folder with a "series of public keys". Is this folder in proximity of some wallet related folders? Do you mind telling its name, unless it's totally private and self-named? Not sure if this would shed some more light into this mystery.

Does this Armory wallet screenshot look similar to this one?


Source of picture: https://recovermycryptowallet.com/recover-bitcoin-from-armory-wallet/

I can't speak for the integrity of users whom you send possibly pictures of wallet recovery details. You should be careful whom you can trust with such details.

I also don't get why you speak of PGP keys in the context of wallets. You mentioned PGP keys already earlier which confused at least me a bit, but I didn't see it as important.

Every now and then new things pop up. Next is "keygen software". I would associate this with the warez scene, keygens being usually small pieces of software to generate serial keys for some software which needs specific serial keys to activate/license it.

This is no rant, I'm just confused by your story. Consider to omit unnecessary personal details of your family and how you spend your time. I don't see how this relates to your topic here. You may think it's nice for the context, but I find it rather off-topic and distracting. I don't know how others think of it.

Personally I find a lot of recovery related topics quite interesting because many have good challenges and things to learn from. Enough for now...
jr. member
Activity: 21
Merit: 6
8 words and a password sounds like an old blockchain.info wallet recovery mnemonic

Does this look familiar?  https://web.archive.org/web/20120120172358/https://blockchain.info/wallet
?
Activity: -
Merit: -
Im still unsure the harddrives are secured into forensic images? and not just a logical copy?
If the harddrives has been imaged byte for byte, you would be able to search in the unallocated area too.
 
Since we're talking about a wallet.dat from 2010, what i've read is that the header should not be encrypted, so it should be possible to search for a specific header, with regular expression for all the volume, including the unallocated area.

Take a look at this topic for inspiration:
https://bitcointalksearch.org/topic/walletdat-hex-code-in-2009-2857580  

Before I start banging on I've sent you pics on email.

Went looking for the external harddrive today & the manilla folder that should have my name on it along with a piece of paper re. BTC/wallet/keys. Neither could be found in the "liveable" section of the house/garage. Had roughly 2 hours spare to get as much done as possible after a kids party that finished at 1.30pm. Then had to get my misses to the shops before they shut by 4.30pm with drive time taking up a solid hour between.

Came across one plastic container filled with paperwork from that era that look forever to go through page by page. Fairly certain its a "home" base container not the one from "work". Managed to find a series of the larger SD cards, one older laptop that's not early enough, a heap of phones one iPhone particular that may have an image of the piece of paper & a small USB that just doesn't look right.

All that said there is still a "storage" section that hasn't been checked but to get this done its going to be an absolute nightmare. No chance I could do it by myself in a day. Just looked at it & why me. Feel it's necessary to mention today's events.

Anywoo last night I boot up one of the random drives I already had & transfered the majority of the files unrelated to media (music/video). One of the folders contain a series of public keys but funnily enough an Armory wallet screenshot I don't even remember from 2014. Screenshot has a box with eighteen random 4 letter combinations & a QR to regerated the wallet. Sent pics to CryptoJ0hn on email & will also send them to you.

Done some more thinking & what's not making any sense to me now is why would PGP keys have been used in 2010 if there's no reason to encrypted a message when simply buying & transferring coins to a "wallet" with private/public keys that are in a different format. I'm pretty sure after find other people's public keys along with the Armoury wallet that I didn't learn/explore PGP encryption until 2011 possibly later & had no reason to use it till 2014.

So now my theory is there was basic keygen software. Software created two keys with 8 words & a password.

Keys could then be stored in a "vault" that were encrypted with same password.

A series of words were given incase you forgot your password to access the encrypted keys but then you would have to change your password to have the ability to decrypt the keys or those words themselves may have been enough to do the decryption.

My guess is any piece of paper for that era may have been printed & contain a QR plus the encrypted keys printed on it aswell. I suspected that this piece of paper/wallet may have just been turned over then all I did was write the master key on the back. How a master key comes into play along with a public/private key has got my miffed.

https://www.reddit.com/r/Bitcoin/comments/n2hup6/help_with_possible_nonbip39_8word_key_phrase/?rdt=37418

That dude seems to be the only scenario I can find that's similar accept he's missing the password. He's also missing the program that stores the encrypted keys same as I am.

Now I'm wondering if a "brainwallet" could be generated super easy then printed on a piece of paper making it a paper wallet without the use of anything other than basic keygen software. I remember the whole move the mouse non sense for entropy for keys & I just don't think I used it. Instead I picked another option where 8 words & password did the samething using an algorithm.

The whole wallet.dat concept for me is over. Has nothing to do with my story whatsoever. The simple fact that a series of words were given to me for password recovery in 2010 rules out the Bitcoin Client & there was no other option.
jr. member
Activity: 85
Merit: 1
Im still unsure the harddrives are secured into forensic images? and not just a logical copy?
If the harddrives has been imaged byte for byte, you would be able to search in the unallocated area too.
 
Since we're talking about a wallet.dat from 2010, what i've read is that the header should not be encrypted, so it should be possible to search for a specific header, with regular expression for all the volume, including the unallocated area.

Take a look at this topic for inspiration:
https://bitcointalksearch.org/topic/walletdat-hex-code-in-2009-2857580 
?
Activity: -
Merit: -
Is it a big balance? Is it small? Let's find out what you're worried about. Then, if it's worth it, we'll try to solve it. Maybe it's not... The situation is slightly different if the address is from 2010. Mnemonic words started to be used frequently in 2013. The earlier ones are different ...

Well $200 AUD even at 0.9c gets you 2222.22 BTC. Then times that 100K AUD. So I guess that's worst case for 2010 without taking into consideration any exchange rates that based on the 0.003c day pizza guy bought his pizzas, 0.03c two weeks after he bought them & 0.09c at the end of the year.

Mnemonics is not a factor. Words were given to recover password. Not the "wallet".

Gone off wallets. Can't be Multibit, can't be Electrum, can't be Amroury. Bitcoin Client maybe but as far as I know the blockchain had to be downloaded to open a wallet (or so I've read) which i dont think ever took place on the work desktop. No mnemonic or series of words for password recovery were ever given on that platform either.

This leads be to believe there way have been another way to store the coins. For some reason a remember some sort of "vault" where either the private keys were locked in a password protected vault by them selves or many even with a coin balance. 8 words I selected to encrypted the vault.

If this was the case this is where paper way come into play aswell..I'm playing a massive game of catch up. Spent two weeks looking in to "wallet" recovery. Hard to find info on the early days.

The search on old 1TB Seagate drive copy came back negative for wallet.dat. Was hoping there may be other searches possible for private keys or vault program. Going through every file one by one with unhide files selected for the drive.

Tomorrow I'm off on a treasure hunt...so just hope luck is on my side.
newbie
Activity: 13
Merit: 0
Is it a big balance? Is it small? Let's find out what you're worried about. Then, if it's worth it, we'll try to solve it. Maybe it's not... The situation is slightly different if the address is from 2010. Mnemonic words started to be used frequently in 2013. The earlier ones are different ...
?
Activity: -
Merit: -
Had a massive reply to the last two post. Took forever to write. Went to send it but session had timed out & I lost it completely.

Want to run this scenario past you guys even though it may sound ridiculous. Done the whole wallet concept to death & now something else is bugging me. Using orginal post as reference in my mind this seems like a logical explanation. Done no research on the topic yet & can explain later but just go with me...

1. Lets just say the keys are created in the simplest way possible & leave it at that.
2. Rather than a wallet a "vault" is used to store the keys.
3. Keys are encrypted inside the "vault" using 8 words i picked & say Base56.
4. Password is used to access the "vault".
4. A series of words are given to access "vault" if password is forgotten.
5. Paper then comes into play somehow.

This ticks all the boxes but in a different way. Paper wallets come up quite a bit across the board early possible storage option...

"Bitcoin paper wallets were introduced in the early 2010s as the go-to way to store the crypto private keys safely."

I've come across this post a couple of times re. wallet 2010. Whenever i read "seed" words I normally tap out but this time it got me thinking. The above would be my explanation as to why (12) words were given in both cases.

https://bitcointalksearch.org/topic/seed-from-2010-bitcoin-5457689
jr. member
Activity: 85
Merit: 1
Assume that's something that can be done while I watch him do it.

I've been running pywallet on some old hard drives. It takes ages, especially if it is a large capacity drive.

You're probably better off trying to run it yourself at home on a machine that's not connected to the net.

My approach would be to get both harddrives secured forensicly correct into digital images, when done these are the ones you're working on.
Examining the secured images can either be done with forensic software and/or mounting tools, and then use whatever software or script you prefer.

Doing it this way has no impact on the original harddrives, as they are only touched with a writeblocker while imaging them.
The data transfer between the examining PC and a digital image vs. an old mechanic drive will also be a signigicant advantage.
jr. member
Activity: 21
Merit: 6
Assume that's something that can be done while I watch him do it.

I've been running pywallet on some old hard drives. It takes ages, especially if it is a large capacity drive.

You're probably better off trying to run it yourself at home on a machine that's not connected to the net.
?
Activity: -
Merit: -
Yeah nice. That's definitely doable. 20 minute train ride. 4.9 stars & 260 reviews. Not bad at all. 😁
jr. member
Activity: 21
Merit: 6
The data recovery company is www.payam.com.au

They specialise in recovering data from busted drives. I'd use them as a last resort for you original external drive, if you are unsuccessful in recovering the wallet data from your other copied drives.
 
?
Activity: -
Merit: -
Thanks for the info. Intend on getting absolutely everything I've got togeather then putting the whole lot on one drive. Once complete doing a search on the whole lot in one hit.

Plan on using the new computer dude for everything. Not waiting till Xmas for the external hard drive hunt either. Got that organised for Sunday.

Also plan on buying a new laptop aswell in the next couple of days so I've got one that's "air gapped" so if there any clowns reading all this intending on doing something strange I've got that covered.

Still don't really know what I'm doing so still researching & just going with what's seems logical. No real computer use since 2012 when half decent smart phones could do most of what the average person needs. Next time I walk past his shop I'll show him that command list. Assume that's something that can be done while I watch him do it.

Can't understand why doing it the hard way isn't more exciting. 😂
jr. member
Activity: 21
Merit: 6
I tried to PM you today. Got error saying can't message newbie. Got the messaged saved. Will send it when I figure out how to fix the problem. Anything Linux related is above my head but do have someone that can help me. Ps. Think you have to message me first.

I tried to message you too and got the same message. It said you have to allow messages from newbies in your mail settings in profile>personal message options : Allow newbies to send you PMs. Ive been on here since 2013 yet somehow I'm still a newbie. Must be related to post count or merit. I dont post all that often.

I was going to recommend a data recovery company if you are in Australia, and have no luck finding the wallet on your drive copy. We recommend this company to all our clients.

As for finding the wallet on the drive copy you have, I would scan the drive with pywallet:  https://github.com/jackjack-jj/pywallet
It's a python script, so you would need to install python2.7 (I assume you have a windows PC) : https://www.python.org/download/releases/2.7/

You would then need to open a command prompt, eg type cmd in the windows search bar. If you're as old as I am you should be fairly comfortable running commands from the command prompt.

You then run it like so:
Code:
python pywallet.py --recover --recov_size=XXX.XGio --recov_device X:\ --recov_outputdir X:\Where\to\put\found\stuff

# --recover  option tells pywallet to operate in recovery mode (ie. scan the device looking for wallet files)
# --recov_size options specifies the size of the device... 256Gioif you have a 256gig drive, or 1024Gio if you have a 1Tb drive etc
# --recov_device specifies the drive letter for the device you want to scan
# --recov_outputdir tells the script where to place any "recovered" wallet files etc.

For example:
Code:
python pywallet.py --recover --recov_size=1024.0Gio --recov_device e:\ --recov_outputdir c:\recovered-wallets

In the above example
Pywallet will scan the entire e: drive (you would use the letter windows assigns the drive when you connect it) looking for the data signature of old bitcoin wallet files, even if they are hidden/deleted, and if found put the results in c:\recovered-wallets folder

Edit: have been testing pywallet and found that the above command threw some errors.
Didn't  like the decimal place in the size parameter. Didn't like the "\" in the device parameter.
Have tested this and it works:
Code:
python pywallet.py --recover --recov_size=1024Gio --recov_device e: --recov_outputdir c:\recovered-wallets

?
Activity: -
Merit: -
Just got a bit mixed up at the start mate. Already told you I have't used a forum before & didnt realise there was a rule book. If you can't understand that I'd pop that in the ignorance basket along with my "unruly" behaviour. Lazy would be not responding at all for days to messages or taking the easy route of only concentrating on a wallet.dat file.

I've figured out how to edit so cheers for that. On the the subject of rockets I bought at 0.06c so all I really have to say to your rocket science remark is BTC to the moon. 🚀 😂😂😂

If you've got anything productive to say I'm all ears. Lets start with how to rebuild private keys using 8 words & a password on GPG4win, Kleopatra or Keepass.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Moderators are deleteling half my posts so if that part of said story isn't on here that's why.
Your posts get merged and/or deleted because you're constantly violating rule #32 of Unofficial list of (official) Bitcointalk.org rules, guidelines, FAQ which prohibits consecutive posts within 24h by same user. There's absolutely no reason and need to reply to different users in separate consecutive posts other than pure ignorance or lazyness.

If you have something to add to your last post even after a few hours past, you can always simply edit your last post if it's the very last one in the thread. No rocket science...
?
Activity: -
Merit: -
I've some doubts that you and your local computer store guy know what's required and needed to create a full bit-by-bit, sector-by-sector copy of your source drive.

He wanted you to wait? Let's do some ballpark calculation: assume your old 1TB Seagate drive reads 100MB/s (likely not that fast on average over the whole capacity of the drive, but we neglect this); 10s per GB, 10,000s for one TB, so under optimistical conditions reading the whole source drive takes at least 2h 47min (hooked to an appropriate interface that supports such a transfer speed), very likely even longer (depending on how "modern" the source drive is).

And you trust the local computer store guy to not keep a copy of your drive and peek around to see if there's something valuable on it? Well, good luck with that, sincerely.

Yeah I do. Didn't have to wait. Scan & transfer to new drive took total 4.5 hours. Dude probably didnt start straight away & maybe had some lunch before he called me back so you probably about right. Noticing a bit of sarcasm. If you want the specs on the drive is a Seagate Barracuda 7200.12...first released Q1 2011. Now you can go calculate yourself silly. Ps. There was nothing wrong with the drive so guess lucks on my side. 🍻

I hope for the OPs sake the wallet is encrypted, and the password is not on the same hard drive.

But, yeah, should have taken it to a professional data recovery service, not the local computer guy.

Whys that...Huh  Dont know what country you live in but of you can't trust your local computer tech to copy a drive without looking at your files theres something wrong. 60+ year old asain & all I said was there were old family photos, movies & music on there.

Spoke to him first yesterday. & wasn't suss on him at all. Nice guy actually. Scanned the drive first then copied it for me. Dropped it off at 9 30am & got it back by 2pm. If you read the story the wallet is only on this drive if it's "hidden" in a movie folder.

Moderators are deleteling half my posts so if that part of said story isn't on here that's why. Haven't done anything with it yet accept look at old family photos & videos. Was also busy doing other "things"

Pretty sure theres two ways to do this...the easy way find the wallet.dat (blah blah blah) or the hard way rebuild the wallet. I'll get there either way & if I don't I'm fine with that.

Finally password is in my brain no where else.
jr. member
Activity: 21
Merit: 6
I hope for the OPs sake the wallet is encrypted, and the password is not on the same hard drive.

But, yeah, should have taken it to a professional data recovery service, not the local computer guy.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I've some doubts that you and your local computer store guy know what's required and needed to create a full bit-by-bit, sector-by-sector copy of your source drive.

He wanted you to wait? Let's do some ballpark calculation: assume your old 1TB Seagate drive reads 100MB/s (likely not that fast on average over the whole capacity of the drive, but we neglect this); 10s per GB, 10,000s for one TB, so under optimistical conditions reading the whole source drive takes at least 2h 47min (hooked to an appropriate interface that supports such a transfer speed), very likely even longer (depending on how "modern" the source drive is).

And you trust the local computer store guy to not keep a copy of your drive and peek around to see if there's something valuable on it? Well, good luck with that, sincerely.
?
Activity: -
Merit: -
It could be quite important to have that harddrive with the OS examined, as it might have information about what you used it for back in 2010, which websites were visited, which software was installed etc..
Windows keeps track of all this, and it's possible to dig into this stuff.

If the harddrive with the Operating System has been formatted since you used it in 2010, there is a risk some of the missing information has been overwritten by other data, but still there would be a chance some important parts of the puzzle could emerge.

I would suggest you stop using any of the harddrives, and get some help in securing these into digital images for a proper examination.

As stated in one of my earlier posts, i've been working with stuff like this for many years, and willing to help in whatever capacity fits you.
I get that trust is a big issue here.

Feel free to reach out in private messages (if you can)

Never played the formatting game. Once it goes on a drive it stays on a drive & I leave it. Never really needed to format anything other than a small drive that was attached to a pen. Did it just for fun. Had the option other Fat32 or NTFC from memory. Again no idea what I was doing just picked one hit format thought wow that was fun & never used the format function again for anything.

I get what your saying about the external harddrive & understand next level stuff would be required to recover the data. If I ever were to find it I'll wrap it in cotton wool before I do move it but I dont think it matters. It's pretty fair to say nothing has going to have changed since computer dude touched it. It's just been moved from place to place heaps of times same as this Seagate. I managed to find that pulled that apart, bought the sata universal jack, plugged it in & it booted straight away. That thing hadn't been touched in 10+ years just didn't have the files I thought it had.  I knew straight away it wasnt identical to the orginal external harddrive cause there was no porn file in the first list of files so had to rethink what happened. 😂



I tried to PM you today. Got error saying can't message newbie.
Strange, I have the option to accept messages from newbies enabled in my settings.

Yo John,

It's probably about time to fess up. There is a very good chance I did use Keypass for the private keys. Master key is the dead giveaway. It's been on my radar along with encrypted keys from the get go just didn't know where it fit in.

My memory squishes everything I've ever done together when it comes to encryption. I was sure PGP keys were used same as what you would use for encrypted messages but I was getting them confused with private keys.

Was talking to a mate (computer programmer) about it the other day & he was adament PGP keys in there format were never used then imported into a program to create a wallet. I tried arguing with him & was meant to go away from the conversation then prove him wrong. Turns out he's right I'm wrong & what you have suggested is a piece of the puzzle I'm missing

I'm not exactly sure what I should & shouldn't be sharing on a forum that can be seen by the entire world. Just trying to play it pretty safe right now. I do appreciate your help so far & I've always found that honesty is best policy in life & it doesn't feel right not to confess before I move forward. Just been playing a bit "dumb" on the thread so people don't take too much notice of it unless they really know what they are talking about. I knew most of what people would say already ie. Mnemonics on blockchain.info, Github & wallet.dat blah blah blah.

I haven't figured out where the 8 words fit in to Keypass yet nor have i tried Googling it either. Been waiting for my mate to reply to yestersdays messages with the new information but he takes forever.

Been talking on Signal not SMS & he keeps notifications off. No doubt hes sick of getting message bombed by me for 2 weeks straight. Using his account as a record of what we both come up with as we go.

Plan on getting a new computer for anything that has to happen off-line that's never connected to a network. My understanding is thats an air gapped computer.

Ive read horror stories of people losing coins to malicious code written into programs on Github. If I'm going to keep going down this road I want to do it right & double then triple check everything I do before I do it.

Right now I'm assuming the next step is definitely the new computer along with downloading older version of Keypass to see what the story was at the time.

Open to suggestions. Appreciate your help & you will not be forgotten if I do manage to pull this miracle off.

Kind Regards,

UJ

There's my message to John for everyone to see. I see no issue posting this after some thought. As of now two people on this forum have been emailed pics of the Seagate drive I keep banging on about. Seagate 1TB not 2TB Barracuda. Released Q1 2011. I bought the coins before drive was ever released so there your concrete evidence it happened in 2010 folks.

I know this forum has the knowledge & talent to figure this out. Ive seen alsorts of crazy stuff being done on here. Just need the right people to take me seriously. Here's an example of what I'm talking about...

https://bitcointalksearch.org/topic/how-is-a-private-key-generated-from-the-seed-phrase-5249764

Plan on going to the cryptology department at MIT next. I'm not fooling around I'm just plain lost & being overly cautious. It's only been two weeks since starting this wallet rebuild quest started. The external drive stuff has to be secondary till Xmas. Even then I might not find anything & it's just waiting two months.



Basic best practice in data recovery is to avoid touching the original storage media/drive as much as possible. You make one or more forensic master copies (bit-by-bit, every sector of source device needs to be copied). Faulty media is a challenge, there are some tools to deal with problematical source media. A common Linux tool would be ddrescue that tries to read as much as possible from a faulty media in a clever way, reading first all the good parts and then approaching the bad spots. Beware that stressing an already faulty drive could finally break it.

From master copies you make work copies and do any recovery steps on such disposable work copies. The idea is to be able to always create a fresh work copy of the original source media. If you screw up, doesn't matter, you can always restart with a new fresh work copy.

Tried copying the 1TB old Seagate drive today to the new 5TB drive myself. Didn't work so went to the local computer & asked if the guy there was prepared to try. He was fine with it...also gettting another new 2TB drive today so he's working with a brand new drive that has never been touched & the 1TB old Seagate.

Asked about Linux & Ubuntu. He just me down & said don't over complicate the process. Wants me to wait till he's done a scan with whatever program he uses first before going any further.


jr. member
Activity: 85
Merit: 1
It could be quite important to have that harddrive with the OS examined, as it might have information about what you used it for back in 2010, which websites were visited, which software was installed etc..
Windows keeps track of all this, and it's possible to dig into this stuff.

If the harddrive with the Operating System has been formatted since you used it in 2010, there is a risk some of the missing information has been overwritten by other data, but still there would be a chance some important parts of the puzzle could emerge.

I would suggest you stop using any of the harddrives, and get some help in securing these into digital images for a proper examination.

As stated in one of my earlier posts, i've been working with stuff like this for many years, and willing to help in whatever capacity fits you.
I get that trust is a big issue here.

Feel free to reach out in private messages (if you can)
Pages:
Jump to: