Pages:
Author

Topic: Help me to recover 33.54 BTC from a corrupt wallet.dat, I'll pay you a Reward! - page 2. (Read 3354 times)

newbie
Activity: 4
Merit: 0
H guys! I'm getting back with this post. I was kinda frustrated because I tried so many things.

Now, I became a software engineer with Sr level python experience. So, if you have any Python script that maybe help I'll try it. Or, if you have any procedure I'll listen to you and try it. But, I'll not give you the .dat file. Also, I'll try only the source code provided, for security reasons.




Thanks for the response, i tried to dump my wallet and i get "error un dump page". See the image

https://drive.google.com/file/d/1VriRG4hyGxcqBNRL5QL7x7Wzl4QR185X/view?usp=sharing

You can't dump a corrupt wallet to json as it won't have the correct format.
I quickly wrote a small Python script for parsing a wallet and dumping the private keys from it (run with Python 2):

Code:
import sys
import struct
from bsddb.db import *
from hashlib import sha256

# Dumps the private keys from a wallet.dat file.
# Inspired by pywallet.
# Credits: https://bitcoin.stackexchange.com/questions/13681/opening-wallet-dat-in-python-using-bsddb3

B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"

if not len(sys.argv) == 2:
    print("Usage: %s " % sys.argv[2])
    sys.exit(1)

def read_size(buffer, offset):
    size = ord(buffer[offset])
    offset += 1

    if size == 0xfd:
        size = struct.unpack_from("        offset += 2
    if size == 0xfe:
        size = struct.unpack_from("        offset += 4
    if size == 0xff:
        size = struct.unpack_from("        offset += 8

    return offset, size

def read_string(buffer, offset):
    offset, string_len = read_size(buffer, offset)
    return offset + string_len, buffer[offset: offset + string_len]

def b58_encode(d):
    out = ""
    p = 0
    x = 0

    while ord(d[0]) == 0:
        out += "1"
        d = d[1:]

    for i, v in enumerate(d[::-1]):
        x += ord(v)*(256**i)

    while x > 58**(p+1):
        p += 1

    while p >= 0:
        a, x = divmod(x, 58**p)
        out += B58[a]
        p -= 1

    return out

def b58check_encode(d):
    checksum = sha256(sha256(d).digest()).digest()[:4]
    return b58_encode(d + checksum)


db = DB()
db.open(sys.argv[1], "main", DB_BTREE, DB_RDONLY)

items = db.items()

for item in items:
    k, v = item
    koff, voff = 0, 0
    koff, item_type = read_string(k, koff)

    if item_type == "key":
        koff, pubkey = read_string(k, koff)
        voff, privkey = read_string(v, voff)

        if len(privkey) == 279:
            secret = privkey[9:9+32]
        else:
            secret = privkey[8:8+32]

        if pubkey[0] != "\x04":
            secret += "\x01"

        print(b58check_encode("\x80" + secret))
db.close()

It's very simple, and outputs a bunch of WIF private keys (you can paste them into Electrum's Sweep dialog for example, but if there's many of them, it's going to take a while to check their balances, so be patient.
NOTE: the method of working with the database used here is different from pywallet's. It may work better on corrupted wallets.
A pip install of the bsddb may be required.

You might also be able to get bitcointools to turn a private key from one of the mentioned scripts and convert it to an address to scan for a balance on blockchain.info's API.
The user jackjack here wrote pywallet (you can search for it on githum and it should appear under the name jackjack-jj/pywallet).

What drive was the file on before it became corrupted? Was it in amongst other files or on its own on the drive - can you get that drive professionally recovered, have you?

Thanks for the response, my client doesn't have the original drive where the wallet was not corrupted.
How do you know this is your exact wallet.dat? Do you just think it's for bitcoin or had you put it on a specific drive to back it up which it got corrupted on. Do you have any backups of the corrupted wallet also as in if you did a full system backup at the time that you still have a copy of?
staff
Activity: 3458
Merit: 6793
Just writing some code
Seems like this has gotten a bit off topic and OP hasn't responded in years. /locked

Edit: Reopened as requested by OP on 2020-11-25
newbie
Activity: 24
Merit: 0

Hi folks! I have a Old corrupt wallet.dat from a client. I tried some things to recover those 33.54 BTC, since July 16. This is the wallet:

https://blockchain.info/address/1KYYVUwWSMrNkje41jzvubSRsjABu3EUt6


As of today this address still has funds, so I presume the wallet hasn't been recovered?

Here's a simple program which looks for the byte sequence 04 20, and assumes anything following that is a raw private key (note, I don't guarantee that all privkeys will necessarily start with this sequence). Note that it outputs hex rather than WIF format, and it will probably output some false positive values which are not actually wallet keys. You'll need to convert the raw keys to WIF and import to a new wallet determine which keys work.

Code:
#include 

int main() {
  int c, i;

/* assume that the 32 bytes following the sequence 0420 are a private key */

  while ((c = getchar()) != EOF) {
    if (c == 0x04) {
      if ((c = getchar()) == 0x20) {
        for (i = 0; i < 32; i++)
          printf("%02x", getchar());
        printf("\n");
        fflush(stdout);
      } else {
        ungetc(c, stdin);  /* push back in case it's 0x04 */
      }
    }
  }
}

On a *nix box:

cc -O3 findkey.c -o findkey
cat wallet.dat | ./findkey > recoveredkeys.txt


Then using something like https://github.com/matja/bitcoin-tool ...

bitcoin-tool --input-type private-key --input-format hex --output-type private-key-wif --output-format base58check --batch --input-file recoveredkeys.txt > wifimport.txt

If you are still stuck, I do know of some other methods, which will find any valid keys without needing to look for byte sequences, but as the process is more involved I will require a copy of the wallet. I'm currently doing a deep key recovery of digitalcoin and other coin keys from a 40GB drive image backed up in 2014.

Let me know if the above program works for you (or anyone else reading this).

Thanks for your tool along with instruction..

I have try as per your instruction & recover hex key & also recovery compressed key. Note that i have encrypted wallet.dat & lost password as follow BTC address: 1F654t1HxrZtg7uhcXyZeFvRsyB8HCnBXJ also positive Balance: 1.08 BTC. Unfortunately it was not found my at actual key; i have check with the electrum that address was not match to my encrypted wallet address. I don't know i am right way or anything wrong...

Please advice any solution to recover wallet...
member
Activity: 180
Merit: 38
I'll take a look, it's not looking good for me, such as why I posted in a old thread instead of a new one.. thanks for the real replies I appreciate your response and time.. I guess I am wondering if there is any way to get the master key from the source code using my information as it's a version of Bitcoin from beginning of 2012 🤔
?  Oh and no thanks to the one asking for my wallet haha 🤨🙄

Start by making a one on one backup, mount the drive in read-only to preserve the data.

Then you can mount the backup file and examine it on the raw binary level.

If you still have the wallet it you can dump it with dbutils.

Code:
$ db_dump -d a wallet.dat > wallet_dump.txt

newbie
Activity: 3
Merit: 0
I'll take a look, it's not looking good for me, such as why I posted in a old thread instead of a new one.. thanks for the real replies I appreciate your response and time.. I guess I am wondering if there is any way to get the master key from the source code using my information as it's a version of Bitcoin from beginning of 2012 🤔
?  Oh and no thanks to the one asking for my wallet haha 🤨🙄
legendary
Activity: 952
Merit: 1386

 I saved a bunch of files from the bitcoin core directory knowing the file I needed to save was in %APPDATA%\bitcoin ...I copy/pasted the files all together on a notepad..

Let me understand - you copied all the files from the directory into one file in notepad, right? So now you have one file and you cannot extract from it the 'part' of the original wallet?
Could you open the file in notepad and look for sequence: (in text it looks like "           b1 ")
00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00
it should be the beginning of your wallet.
legendary
Activity: 1624
Merit: 2481
~snip~

Your post and situation is very confusing.

The best probably would be to create a new thread in the technical support section and including all relevant information (e.g. what happend, what you tried, what results you got and obviously what kind of files you have now).

Continuing in such an old thread will result in absolutely non-attentive people finding the thread having a new reply, and replying to the 2,5 year old OP.
For example this inattentive user which mostly makes "meh" quality replies which in most cases don't help at all:

~quoting 2 year old post~
Did you try to dump the wallet or read the db manually with python? There are several scripts for this
member
Activity: 180
Merit: 38

Hi

 provide me with wallet.dat file


Hahahahahahahahahahahahah  Grin Grin Grin Grin
Nice one  Wink
member
Activity: 378
Merit: 53
Telegram @keychainX

Hi folks! I have a Old corrupt wallet.dat from a client. I tried some things to recover those 33.54 BTC, since July 16. This is the wallet:

https://blockchain.info/address/1KYYVUwWSMrNkje41jzvubSRsjABu3EUt6

Next, a short summary of the history of this wallet:

*) This wallet comes from a old version of bitcoin-qt (2011), my client said "0.3.24 Beta version", but that is not sure. He remember, he could mining with that client of bitcoin-qt. In fact, he did a "copy & paste" of the wallet.dat when the client was mining and updating. Then, he put that file in a USB drive, and stored for years. When he tried to recover the wallet.dat with a new client of bitcoin-qt, bit he never had success.

*) He said, "the wallet is not encrypted with a password".

*) The size of the wallet.dat file is 112kb

What i tried, with no success :

1) I downloaded the bitcoin-qt client 0.3.24beta, and i tried to open the client with the wallet.dat loadded. i had this messagge:



2) I downloaded the new version of bitcoin-qt client 0.12.1 (i did in July 16), and i tried to open with the same method above.

3) I tried commands from the bitcoin-qt client 0.12.1, like "salvagewallet" and "upgradewallet".

4) I tried bitcointools.

5) Then i started to open the wallet with a HEX editor and looking for a pattern like "KeyA", "key!" or any other kind.

6) Also i tried this script: https://gist.github.com/msm595/7595164. I got 0 privkey.

7)I modified the script above, changing the line 17, with other kinds of REGEX patterns. I tried:

What i need:

*)Any Kind of help, I don't rule out that I could have tried badly some previously mentioned method.

*)Don't Waste your time, requesting the wallet.dat file. I'll not pass it on.

*)You can pass me, open source scripts writed for you, with the following steps to make it work.

*)I am a Python Developer, so i'll prefer scripts writed in that lenguage.

If your recover method, helps me to recover the wallet.dat i'll pay you a reward (We can negociate it)

Did you try to dump the wallet or read the db manually with python? There are several scripts for this
legendary
Activity: 2730
Merit: 7065
Do not contact or send any personal/private/wallet information to Btcspot. Take a look at his trust ratings to understand who you are dealing with:
https://bitcointalk.org/index.php?action=trust;u=904227

He shouldn't be trusted!
jr. member
Activity: 190
Merit: 1
 Hi, i can help with this, send me a message, my email [email protected].
HCP
legendary
Activity: 2086
Merit: 4363
I copy/pasted the files all together on a notepad..
What exactly do you mean by this? Did you open a bunch of different files in the Bitcoin Core datadir in a text editor... and then copy/paste all that data together into one file? Huh

If so, then you're probably S.O.L... the wallet.dat is a "binary" data file... it's not meant to be opened/manipulated in a text editor.
newbie
Activity: 3
Merit: 0
I have that same type of file (a little different/but same just older) and have been reading about going through the source code to retrieve the "redeem script" or the "derivation method" but first I wanted to ask .. what is that src/wallet/walletdb.cpp specifically? as I don't see any strings but I do see key all over..
It sounds like you have become very confused... I'm not sure what you hope to find by looking in the Bitcoin Core source... A wallet.dat is simply a "BerkeleyDB" database format file. You are NOT going to find any "redeem script" or "derivation method" for a wallet file that is as old as you claim by looking at C++ source code for Bitcoin Core. Undecided


Quote
my python said "cannot import name 'generator_secp256k1' from 'pycoin.ecdsa" when trying to install bitwalletrecover.
This means that you have not installed the appropriate Python library... specifically, this one: https://github.com/richardkiss/pycoin


In any case, I would suggest that you take a few steps backwards as you seem to be heading down the wrong path. Have you attempted to dump the contents of your wallet.dat using something like PyWallet (https://bitcointalk.org/index.php?topic=34028.0)? Huh

One last tip... make a couple of copies of your wallet.dat and work on the copies, don't try and run scripts etc on the original version of your wallet.dat file.

very confused indeed, either way.. what does the berkleydb wallet look like as I have that file..

I hope.. long story short
even though I saved also the c++ code files,
I saved the berkleydb file as well which should be the wallet.dat, thankyou for your reply and yes... unfortunately I am mentally disabled to the max! so maybe i didnt save the wallet.dat but I believe I did.. I also did something (stupid) thinking i was being clever (which I was not) incase a hacker got ahold of my files and would open it and see nothing useful (I had no clue what a hack even consisted of) so I saved a bunch of files from the bitcoin core directory knowing the file I needed to save was in %APPDATA%\bitcoin ...I copy/pasted the files all together on a notepad.. which being I knew the only file I needed was the wallet.dat from %APPDATA%\bitcoin I feel like I must have it, clearly how i saved it, it would come up corrupt.. not knowing that then, anyway unless I stupidly forgot to include the only file i was trying to save(which I just dont think happened but guessing its possible) so I'm trying to say that the redeem script or dirivitation method or masterprivatekey should be there, some place and i possibly just need to follow script .. do math or try things idk, something's gotta give!! maybe? possibly? hopefully? or i could just be s.o.l i dont know
HCP
legendary
Activity: 2086
Merit: 4363
I have that same type of file (a little different/but same just older) and have been reading about going through the source code to retrieve the "redeem script" or the "derivation method" but first I wanted to ask .. what is that src/wallet/walletdb.cpp specifically? as I don't see any strings but I do see key all over..
It sounds like you have become very confused... I'm not sure what you hope to find by looking in the Bitcoin Core source... A wallet.dat is simply a "BerkeleyDB" database format file. You are NOT going to find any "redeem script" or "derivation method" for a wallet file that is as old as you claim by looking at C++ source code for Bitcoin Core. Undecided


Quote
my python said "cannot import name 'generator_secp256k1' from 'pycoin.ecdsa" when trying to install bitwalletrecover.
This means that you have not installed the appropriate Python library... specifically, this one: https://github.com/richardkiss/pycoin


In any case, I would suggest that you take a few steps backwards as you seem to be heading down the wrong path. Have you attempted to dump the contents of your wallet.dat using something like PyWallet (https://bitcointalk.org/index.php?topic=34028.0)? Huh

One last tip... make a couple of copies of your wallet.dat and work on the copies, don't try and run scripts etc on the original version of your wallet.dat file.
newbie
Activity: 3
Merit: 0
I might need to start a new thread in that case if I do.. sorry my friends! I saw this post and am in a similar situation and I am trying every option exhaustingly as I have a similar (more) balance.. with a corrupt wallet from 2012... I too offer a reward for successful results, I am of course trying to learn everything on my own and am not trying to send my wallet (obviously) which makes things as tough as can be of course, anyway i wanted to quote the post concerning the link that took me to (https://github.com/bitcoin/bitcoin/blob/48b5b84ee511d5ccd0d47bb0018c1b3c9ddebeff/src/wallet/walletdb.cpp)
which is the src/wallet/walletdb.cpp source code.. I have that same type of file (a little different/but same just older) and have been reading about going through the source code to retrieve the "redeem script" or the "derivation method" but first I wanted to ask .. what is that src/wallet/walletdb.cpp specifically? as I don't see any strings but I do see key all over.. and I also read the db can leave bits of unencrypted private keys in the db slack space, I just don't follow direction too well but I will try to follow the mentioned directions to get my wallet back, also wanted to ask (off subject mind racing) my python said "cannot import name 'generator_secp256k1' from 'pycoin.ecdsa" when trying to install bitwalletrecover. anyway hoping to get help with this as I have not asked for help on a forum before but been trying for years to figure it out, guess i finally reached my breaking point for my need to get help with this!!! thankyou for reading and I understand walletrecoveryservices is not trying to help me as I have already tried.. did I not save the right file? did I corrupt it and lose the info I need when I saved it possibly by saving it wrong?
  hoping I am not S.O.L!! thankyou for reading I appreciate all and any help, and as I said a successful return of my only hope in the world to not restart my broke ass from scratch will be compensated. CHEERS!
Your unencrypted wallet.dat sounds pretty messed up if not even one 'key' related entry was found.

Take a look at this https://github.com/bitcoin/bitcoin/blob/48b5b84ee511d5ccd0d47bb0018c1b3c9ddebeff/src/wallet/walletdb.cpp
There should be plenty of entries starting or ending with 'key'.

Guess you have to resort to: https://walletrecoveryservices.com/  afterall.
legendary
Activity: 2268
Merit: 1092

Hi folks! I have a Old corrupt wallet.dat from a client. I tried some things to recover those 33.54 BTC, since July 16. This is the wallet:

https://blockchain.info/address/1KYYVUwWSMrNkje41jzvubSRsjABu3EUt6


As of today this address still has funds, so I presume the wallet hasn't been recovered?

Here's a simple program which looks for the byte sequence 04 20, and assumes anything following that is a raw private key (note, I don't guarantee that all privkeys will necessarily start with this sequence). Note that it outputs hex rather than WIF format, and it will probably output some false positive values which are not actually wallet keys. You'll need to convert the raw keys to WIF and import to a new wallet determine which keys work.

Code:
#include 

int main() {
  int c, i;

/* assume that the 32 bytes following the sequence 0420 are a private key */

  while ((c = getchar()) != EOF) {
    if (c == 0x04) {
      if ((c = getchar()) == 0x20) {
        for (i = 0; i < 32; i++)
          printf("%02x", getchar());
        printf("\n");
        fflush(stdout);
      } else {
        ungetc(c, stdin);  /* push back in case it's 0x04 */
      }
    }
  }
}

On a *nix box:

cc -O3 findkey.c -o findkey
cat wallet.dat | ./findkey > recoveredkeys.txt


Then using something like https://github.com/matja/bitcoin-tool ...

bitcoin-tool --input-type private-key --input-format hex --output-type private-key-wif --output-format base58check --batch --input-file recoveredkeys.txt > wifimport.txt

If you are still stuck, I do know of some other methods, which will find any valid keys without needing to look for byte sequences, but as the process is more involved I will require a copy of the wallet. I'm currently doing a deep key recovery of digitalcoin and other coin keys from a 40GB drive image backed up in 2014.

Let me know if the above program works for you (or anyone else reading this).
copper member
Activity: 2394
Merit: 539
DGbet.fun - Crypto Sportsbook
well as you says client saved into USB and saved it somewhere i suggest you to try from different point have you checked your USB drive health maybe there is some MBR or header corrupted that why system is unable to read wallet.dat .

you can try to recover USB drive hopefully its not over written . but now days softwares available which even can recover data from 35 passes
newbie
Activity: 1
Merit: 0
In case this one hasn't been solved yet.

I wrote a Python (2.7) script recently after getting a corrupt wallet for an altcoin. It should work for most coins based on Bitcoin, including Bitcoin itself. It has a GUI to make it a bit easier to use. It may find some "junk" keys, but it should definitely find the real keys too if they are present. It directly searches the binary data for keys and then generates the address for each key, so it could be slow on huge wallet files.

You can choose to dump all possible keys or you can specify which addresses to get the keys for in a search box. For Bitcoin you do not need to edit the config file, it's set to Bitcoin by default.

GitHub can be found here, download ZIP of repository.
member
Activity: 176
Merit: 43
I hope you are able to recover your bitcoins, that is a big amount.  Smiley
Pages:
Jump to: