Author

Topic: findwallet - Bitcoin Core Wallet Finder (Read 881 times)

brand new
Activity: 0
Merit: 0
May 23, 2022, 11:02:16 AM
#21
Virtual reality is an innovative technology that, using a special VR helmet and controllers, allows you to create the impression of being in another place. Over the past decade, these gadgets have become increasingly common not only in the entertainment industry, but also in medicine. With the help of virtual reality, doctors are opening up new possibilities in diagnosing and treating common diseases, which was impossible with old technologies. https://lucidrealitylabs.com/blog/importance-vr-technology-healthcare
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
-snip-
How should I set the path? I don't understand the computer. Can you give me a detailed suggestion
Start by giving details like the command that you've used and the directory where you're looking for wallet.dat files.

Since you got that error, then findwallet must be working correctly now but the given directory followed by " -i " is incorrect.
example: findwallet -i "E:/appdata/bitcoin"

Also for reference, the Bitcoin Core user folder is C:/Users//AppData/Roaming/Bitcoin (It is very important to put Roaming inside the name after AppData) unless you deliberately changed the datadir in the bitcoin.conf configuration file (in the same folder).

For the maximum chance of discovery (and consequent recovery from raw disk), the wallet folder should be on a separate disk - merely a partition on the same disk is not enough - that is not the OS primary disk, nor is used for dual booting.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip-
How should I set the path? I don't understand the computer. Can you give me a detailed suggestion
Start by giving details like the command that you've used and the directory where you're looking for wallet.dat files.

Since you got that error, then findwallet must be working correctly now but the given directory followed by " -i " is incorrect.
example: findwallet -i "E:/appdata/bitcoin"
newbie
Activity: 5
Merit: 0
I tried to run findwallet, but the results always showed up
Zee's Wallet Finder.
That path or file doesn't exist!。
How should I set the path? I don't understand the computer. Can you give me a detailed suggestion
newbie
Activity: 5
Merit: 0
April 06, 2022, 05:48:29 AM
#16
After I install findwallet, it displays:
changed 50 packages, and audited 51 packages in 9s
6 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
I try to enter the command findwallet - I []. Then the program doesn't respond. Is it already running?
sr. member
Activity: 938
Merit: 452
Check your coin privilege
February 20, 2021, 10:12:25 AM
#15
I've looked into it, and while I couldn't really work around the Windows 10 permission issue, (It's out of my hands, you just simply can't get read access on some folders or files as they might be currently used by other core processes) I added a flag that ignores errors and will keep scanning even if it runs into inaccessible files.

I wish I could manually handle that error when that happens, but it would need me to rewrite my own scanning code and I currently don't have that much time to sink into this.

https://github.com/isaacs/node-glob/issues/284#issuecomment-297567660

The issue is currently still open, and I would like to not lose the dependency on "glob" because it is THE fastest reading package I've tested. I've also updated all versions while I was at it.

So while this won't run into permission errors anymore, you still should know that it will skip files it doesn't have permission to access, if you suspect your wallet was in one of those files, simply plug the drive externally, or run it on a unix-based system.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
February 20, 2021, 04:37:38 AM
#14
Is there a way to ignore certain directories? When running the script, it seems to crash on folders it cant access. Getting this error message: "Error indexing a path : Error: EPERM: operation not permitted, scandir", which then kills the process.

Wow Smiley It's been a while since I've been active on the forums so I'm sorry if I didn't see your message earlier.

It seems the process doesnt have permissions to scan the folder, this program was made all the way back in 2018 and both NodeJS and Windows  have upgraded their versions.

I suspect this has to do with windows specifically as even using the main administrator account I run into pemission issues on Windows 10, while this was only tested on Windows 7.

I'll see if I can find time and run it again and see if I run into the same issue myself. I'm really happy people are still using this nearly 3 years later Smiley
newbie
Activity: 1
Merit: 2
February 07, 2021, 05:25:15 PM
#13
Is there a way to ignore certain directories? When running the script, it seems to crash on folders it cant access. Getting this error message: "Error indexing a path : Error: EPERM: operation not permitted, scandir", which then kills the process.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
January 28, 2019, 03:32:54 PM
#12
bump
hero member
Activity: 1241
Merit: 623
OGRaccoon
December 04, 2018, 05:05:23 PM
#11
https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm-packages-could-have-been-hacked-via-weak-credentials/

Just watch out with NPM right now many of the packages on there are hosting malware or wallet stealers.


This is the most recent one..

https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/

Thanks for the heads up, while I did have a good laugh from all the memes here : https://github.com/dominictarr/event-stream/issues

This is genuinely concerning. Mainly because event-stream is not just a small-time package, the fact that a dev infiltrated it and managed to sneak malicious code through the eyes of a dozen other developers is very very bad. ESPECIALLY because this wont just affect the package itself, but pretty much all the other ones depending on it.

For now findwallet is relatively small, I'm definitely going to try and chop off as many dependencies I can for this exact reason. Thanks again!

Yep turns out almost 12% of the packages there could have been compromised. 
anyone with NPM should do some checking asap.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
December 04, 2018, 10:05:08 AM
#10
https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm-packages-could-have-been-hacked-via-weak-credentials/

Just watch out with NPM right now many of the packages on there are hosting malware or wallet stealers.


This is the most recent one..

https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/

Thanks for the heads up, while I did have a good laugh from all the memes here : https://github.com/dominictarr/event-stream/issues

This is genuinely concerning. Mainly because event-stream is not just a small-time package, the fact that a dev infiltrated it and managed to sneak malicious code through the eyes of a dozen other developers is very very bad. ESPECIALLY because this wont just affect the package itself, but pretty much all the other ones depending on it.

For now findwallet is relatively small, I'm definitely going to try and chop off as many dependencies I can for this exact reason. Thanks again!
hero member
Activity: 1241
Merit: 623
OGRaccoon
December 04, 2018, 08:29:43 AM
#9
https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm-packages-could-have-been-hacked-via-weak-credentials/

Just watch out with NPM right now many of the packages on there are hosting malware or wallet stealers.


This is the most recent one..

https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
sr. member
Activity: 938
Merit: 452
Check your coin privilege
December 03, 2018, 08:33:11 PM
#8
Updated version of the software!

Taken from the package url : https://www.npmjs.com/package/findwallet

Quote from: KingZee
Release History

    2.0.0
        Added extraction functionality! If the wallet is not encrypted, the program will export both compressed and uncompressed private keys to a text file in the same folder.

findwallet can now extract your private keys if the wallet is not encrypted! It will create them by default and store them in a text file within the same folder where it discovered the wallet files.

I have tested the build on my Windows, and linux machines, and it's working great! Let me know if any issues arise. Cheers.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
November 19, 2018, 01:49:28 PM
#7
Nice, thanks for the insight KingZee.

The script works fine on Windows 7 Professional.

On my Xubuntu 16.04 machine I wasn't quite as lucky, when trying to run it after installing findwallet via npm I got the following error:

Code:
/usr/bin/env: ‘node\r’: No such file or directory

Which seems to be an issue with how npm publish handles linebreaks on Windows:
https://github.com/darkguy2008/parallelshell/issues/58

(note that I just picked this issue at random, not sure whether it's relevant for your specific case but there's a bunch of related issues describing this error)

Thanks again for your help HeRetiK! I've sent you a PM on how to fix that issue on linux, I couldn't reproduce it on my own Ubuntu so for now I won't think of pushing a new version and re-publishing a package yet. If the problem arises for someone else, please let me know your Linux distro, and I'll start considering a new version. Cheers!
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
November 19, 2018, 09:22:51 AM
#6
Nice, thanks for the insight KingZee.

The script works fine on Windows 7 Professional.

On my Xubuntu 16.04 machine I wasn't quite as lucky, when trying to run it after installing findwallet via npm I got the following error:

Code:
/usr/bin/env: ‘node\r’: No such file or directory

Which seems to be an issue with how npm publish handles linebreaks on Windows:
https://github.com/darkguy2008/parallelshell/issues/58

(note that I just picked this issue at random, not sure whether it's relevant for your specific case but there's a bunch of related issues describing this error)
sr. member
Activity: 938
Merit: 452
Check your coin privilege
November 19, 2018, 08:46:32 AM
#5
Where did you find the values that you are checking for, btw?


Code:
acentry 61 63 65 6e 74 72 79
key 00 01 03 *6b 65 79
mkey 00 01 04 *6d 6b 65 79
ckey 00 01 04 *63 6b 65 79
defaultkey 00 01 0a *64 65 66 61 75 6c 74 6b 65 79
pool 70 6f 6f 6c
minversion 00 01 0a *6d 69 6e 76 65 72 73 69 6f 6e
cscript 63 73 63 72 69 70 74
bestblock 00 01 09 *62 65 73 74 62 6c 6f 63 6b

These are examples of words encoded to hex inside the wallet file, I experimented with a few of them, ended up using "bestblock" and a (magic) hex that's always used in berkley DB files because it was consistent. Also "mkey" is short for master key I figure, which contains the hash of the master wallet password. Which will mean the wallet is encrypted.


I'll give it a whirl and let you know if I stumble upon any issues.


Please do! Like I said I still only tested it on my own machine.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
November 19, 2018, 08:27:32 AM
#4
The script as of the initial commit #07e0fb4 looks fine to me. It really is quite simple and easily readable with very few but well-known dependencies. With a few tweaks it should also work for finding lost zip and rar files, if you know what file header to look for.

Where did you find the values that you are checking for, btw?

I'll give it a whirl and let you know if I stumble upon any issues.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
November 19, 2018, 07:22:45 AM
#3
It looks promising, but I'm not skilled enough to check the source code and don't dare test it on my own system. Therefore I'm just posting here for updates on reviews, so I can add your link to [overview] Recover Bitcoin from any old storage format.

Nice thread you have! findwallet doesn't actually extract keys or try to open the wallet file, it just looks for bit sequences that are specific to a bitcoin core wallet file. Like I mentioned it can find a the file regardless of extension, or any extra data added to it. And can also figure out if it's encrypted or not.

The code is just pure javascript so I'm sure someone can come verify its integrity soon enough!
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 19, 2018, 07:01:11 AM
#2
It looks promising, but I'm not skilled enough to check the source code and don't dare test it on my own system. Therefore I'm just posting here for updates on reviews, so I can add your link to [overview] Recover Bitcoin from any old storage format.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
November 19, 2018, 04:15:16 AM
#1

So, I saw quite a few people having problems like these :

Several years back around 2013-ish I sold my friend some Bitcoins and hid the wallet.dat in a file.

I cannot remember if it was a picture file vs MP3 or what...

The point is I can't find his wallet.dat anywhere... I tried scanning files that looked like they were "it" through Winrar but got nowhere.

I need someone who's good with data and can do a deep scan on about 12 gigs of data and find any missing artifacts (wallet.dat!).

If you find the wallet.dat you can keep 10% of the total BTC. I think the number was no less than 10 BTC so this might be a good way to earn a Bitcoin!

PM me with your contact information and any relevant experience you may have. I WILL NOT be releasing the data to anyone who's anonymous...

TRUSTWORTHY people only!

Cheers,
Brian


...

Based on this I have started a forensic search using a mac data recovery tool (I moved to apple around 2010 after the purchase) . Unfortunately the wallet.dat file did not appear. However the Helpdesk people at forensic search company indicate that I can significantly increase the chance of finding the file if they have an example to work with. Ie they will train the software to look for that particular MIME type.
I have been trying to find a way of generating an empty legacy wallet.dat file for them to work with. Can anyone help me with that.

PS I also discovered around 10 old hard disks that each got swapped between multiple devices over the years. So thiere is  a remote chance that if I can provide the right MIME definition to the forensic search company. To be honest I believe the chances are very low; but worth pursuing - much better than buying lottery tickets. If you believe there is a better way of searching I am open to that as well.
...


I figured I might make a software to help them all out once and for all.

When you might need my software :

  • You know there's a wallet file somewhere through your files.
  • You're not sure if you kept the .dat extension.
  • You're not sure if you hid the file adding fake data.
  • You're sure the file isn't modified destructively : Includes compression, corruption, and file splitting.

If you can answer yes to most of those question, you can try using findwallet to crawl through your files and try to find your wallet(s).
It can currently only find Bitcoin Core wallets. (Berkley DB type).

I may add more wallet types later..
OR
YOU add more wallet types later! This software is completely open source : https://github.com/KingZee/findwallet/

How to install :


Code:
1. Download node.js : https://nodejs.org/en/ (It's like Python but cooler)
2. In the command line type : npm install findwallet -g
3. Run findwallet! Read the package information here : https://www.npmjs.com/package/findwallet or type : findwallet -h for help.


It should work for every OS, keep in mind for windows, path slashes still follow unix style, so it's not C:\myfolder, but C:/myfolder.

Of course all of this is for free, but if this software helped you recover any coins a tip here would be appreciated : 1KingZeeW97uLvngcUA3R6QJx18Fn78ddb (I'm sure most people won't though, too tempting)

I kept the source code unminified and easily readable, also, I'd appreciate if people tested this on other versions of Bitcoin core wallets, let me know if it actually works outside of my computer.

Any questions or feedback welcome, cheers!
Jump to: