I need Help finding or recovering bitcoins off an old hard drive

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: SheriffBass on February 08, 2021, 03:14:46 PM

that’s what PYwallet is for though, right?
I’ll pile up 1.5 GB of .dat files run it and The program will do the work, skip the junk and find wallet files if present!
I’ll have to buy a bigger hard drive!!

Well technically it is going to skip over the .dat files it can't read and raise an error, but the more errors related to unreadable files are in your log the output for the real wallet.dat files are going to be buried under an avalanche of "cannot read file" kind of messages.

SheriffBass

member

Activity: 77

Merit: 11

Quote from: NotATether on February 08, 2021, 03:02:19 PM

Quote from: SheriffBass on February 08, 2021, 10:22:56 AM

I was using windows search looking for .dat files on a 500 GB drive yesterday and it said it needs 1.4TB disk space

Bear in mind that searching only for files that have a .dat file extension at the end will give you A LOT of false positives. .dat's usage is extremely loaded and dozens of programs store their own different file format in files that have this extension, so you might end up with a bunch of .dat files that are not wallet files!

that’s what PYwallet is for though, right?
I’ll pile up 1.5 GB of .dat files run it and The program will do the work, skip the junk and find wallet files if present!
I’ll have to buy a bigger hard drive!!

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: SheriffBass on February 08, 2021, 10:22:56 AM

I was using windows search looking for .dat files on a 500 GB drive yesterday and it said it needs 1.4TB disk space

Bear in mind that searching only for files that have a .dat file extension at the end will give you A LOT of false positives. .dat's usage is extremely loaded and dozens of programs store their own different file format in files that have this extension, so you might end up with a bunch of .dat files that are not wallet files!

SheriffBass

member

Activity: 77

Merit: 11

Are you absolutely sure that all those wallets aren't just password-protected with no receiving addresses created for it yet? Huh

Core doesn't create receiving addresses for new wallets by default, you have to explicitly tell it to give you an address so it's possible the wallets you're trying to dump were only created but never used (by virtue of having not receiving addresses for it).

As far as looking for the private key is concerned, look for something with "5H" "5J" "5K" or "5L" at the beginning of a line.

[ I believe the 70 found "wallets" were probably the empty .dat files created by PYwallet when I ran it (probably 70 times)!!

I thought that bitcoin core automatically creates one wallet when installed, I wasn't trying to dump wallets as I don't know how, was just trying to find a wallet then go to the next step of extracting keys and........ so now I'll plug in a drive with electrum wallet and a backed up bitcoine core wallet to test the PYwallet again to see if PYwallet works as designed on my machine, I also just learned that it doesn't look into compressed files, back up files in their current status no wonder I can't find any wallets Roll Eyes

will have a long way to find good quality programs to decompress and decipher/make backup files readable to PYwallet, I was using windows search looking for .dat files on a 500 GB drive yesterday and it said it needs 1.4TB disk space Shocked

.]

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: SheriffBass on February 06, 2021, 10:11:57 AM

... ran PYwallet and got this result: Found 70 possible wallets
found 0 possible encrypted keys
found 0 possible unencrypted keys
the wallet is encrypted and the passphrase is correct

Are you absolutely sure that all those wallets aren't just password-protected with no receiving addresses created for it yet? Huh

Core doesn't create receiving addresses for new wallets by default, you have to explicitly tell it to give you an address so it's possible the wallets you're trying to dump were only created but never used (by virtue of having not receiving addresses for it).

As far as looking for the private key is concerned, look for something with "5H" "5J" "5K" or "5L" at the beginning of a line.

jackjack

legendary

Activity: 1176

Merit: 1280

May Bitcoin be touched by his Noodly Appendage

Well the recovery has some bugs but from my tests it finds at least a few keys for recent wallets
Things will be clearer in a few weeks

SheriffBass

member

Activity: 77

Merit: 11

Quote from: jackjack on February 06, 2021, 04:12:07 PM

I'm sorry I'm a little confused, this thread is a year and a half old and I don't get if you managed to find any wallet or key
Based on this I guessed not

Quote

Found 70 possible wallets
found 0 possible encrypted keys
found 0 possible unencrypted keys

The 70 only means pywallet found 70 master keys (wallet encryption parameters) but no addresses at all, this is weird

When were the wallets created? Are you sure it is a bitcoin-qt/core wallet?
BTW I found out the pywallet recovery is bugged, I fix a bit of that a couple hours ago you can try the new version and see if it finds any key
I'll be fixing this over the next weeks

[yes I’ve been looking since 2017!! Believe the wallet was from 2009-2010! I Barley Lerned enough python to download and run Pywallet, already ran it on all my drives and every time it’s done it say either partial wallet or creates a wallet but never shows any keys!
I’m surprised because this test was to see it if will capture the keys off the Bitcoin core wallet I had running on that hard drive 2 weeks ago but it didn’t 🤔 that’s why I question if I have something missing in my program download or operation?]

jackjack

legendary

Activity: 1176

Merit: 1280

May Bitcoin be touched by his Noodly Appendage

I'm sorry I'm a little confused, this thread is a year and a half old and I don't get if you managed to find any wallet or key
Based on this I guessed not

Quote

Found 70 possible wallets
found 0 possible encrypted keys
found 0 possible unencrypted keys

The 70 only means pywallet found 70 master keys (wallet encryption parameters) but no addresses at all, this is weird

When were the wallets created? Are you sure it is a bitcoin-qt/core wallet?
BTW I found out the pywallet recovery is bugged, I fix a bit of that a couple hours ago you can try the new version and see if it finds any key
I'll be fixing this over the next weeks

SheriffBass

member

Activity: 77

Merit: 11

Quote from: NotATether on February 06, 2021, 11:47:23 AM

Quote from: SheriffBass on February 06, 2021, 10:11:57 AM

then since I'm pretty bad with computers, don't trust myself with proper installation, operation of PY wallet and can't run simple commands as dump wallet or privkeys….. I ran Electrum to sweep keys from the Py wallet generated/ found wallets which gave me a page full of numbers multiple lines of zeros and a bunch of numbers on the last 3 lines. looked it up and referred me to adding p2wpkh IN front of the key but its a whole page full of numbers and I can't tell which is the key!!
[I didn’t run Pywallet dump keys as I don’t know how! I as assuming the Pywallet would acknowledge the presence of a wallet and keys and display them]

pywallet with the --dumpwallet switch writes the private keys to a JSON file which is a kind of file that has a structure like this:

{
"key": "value",
"key2": [1, 2, 3],
"key3": {
"subkey": "anothervalue"
}
}

and so on. If your file doesn't look like this, then it was created with another pywallet command.

In your case, look for a key called "keys", and it's going to have a list of key-values {} in them that have "address" and "sec" subkeys. The "sec" key has your private key inside and it begins with a "H","J","K" or "L" (or any of these with a "5" at the beginning). This is what you import into Electrum.

"addr" is the address for the private key. Look at the characters at the beginning ("1", "3", or "bc1") and add the correct prefix in front of the private key to import it into Electrum (p2pkh: , p2sh: , or p2wpkh: respectively).

If you don't see "sec" keys next to "addr" keys then it means that particular private key is encrypted and you need to run "pywallet --dumpwallet --passphrase yourpasswordhere" to decrypt it.
[/ I’ll been to learn the command for Pywallet dump keys and dump wallet to proceed! ] just opening the wallet file from Electrum did show an address on the bottom starting with bc1 and asked to add p2wphk to the key but I can’t figure out what the key is from all these numbers in the file!!

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: SheriffBass on February 06, 2021, 10:11:57 AM

then since I'm pretty bad with computers, don't trust myself with proper installation, operation of PY wallet and can't run simple commands as dump wallet or privkeys….. I ran Electrum to sweep keys from the Py wallet generated/ found wallets which gave me a page full of numbers multiple lines of zeros and a bunch of numbers on the last 3 lines. looked it up and referred me to adding p2wpkh IN front of the key but its a whole page full of numbers and I can't tell which is the key!!

pywallet with the --dumpwallet switch writes the private keys to a JSON file which is a kind of file that has a structure like this:

{
"key": "value",
"key2": [1, 2, 3],
"key3": {
"subkey": "anothervalue"
}
}

and so on. If your file doesn't look like this, then it was created with another pywallet command.

In your case, look for a key called "keys", and it's going to have a list of key-values {} in them that have "address" and "sec" subkeys. The "sec" key has your private key inside and it begins with a "H","J","K" or "L" (or any of these with a "5" at the beginning). This is what you import into Electrum.

"addr" is the address for the private key. Look at the characters at the beginning ("1", "3", or "bc1") and add the correct prefix in front of the private key to import it into Electrum (p2pkh: , p2sh: , or p2wpkh: respectively).

If you don't see "sec" keys next to "addr" keys then it means that particular private key is encrypted and you need to run "pywallet --dumpwallet --passphrase yourpasswordhere" to decrypt it.

SheriffBass

member

Activity: 77

Merit: 11

so to be sure I have PYwallet properly installed and operating as it should, I ran it on a hard drive with bitcoin core (which I assume should already have a wallet and keys) , I also had a folder of previously found/ created wallets and partial wallets (results from running PY wallet multiple times on multiple drives) on that same hard drive, ran PYwallet and got this result: Found 70 possible wallets
found 0 possible encrypted keys
found 0 possible unencrypted keys
the wallet is encrypted and the passphrase is correct
importing:...…..

I was hoping PY wallet would recognize the bitcoin core wallet and I would get at least the one good key off the drive!!
what am I doing wrong??

then since I'm pretty bad with computers, don't trust myself with proper installation, operation of PY wallet and can't run simple commands as dump wallet or privkeys….. I ran Electrum to sweep keys from the Py wallet generated/ found wallets which gave me a page full of numbers multiple lines of zeros and a bunch of numbers on the last 3 lines. looked it up and referred me to adding p2wpkh IN front of the key but its a whole page full of numbers and I can't tell which is the key!!

any advice??
Thank you,

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: SheriffBass on October 15, 2020, 06:38:49 PM

Quote from: nc50lc on October 14, 2020, 11:22:28 PM

-snip-

I think the encryption in Core is just to open and close access to the wallet spending ability without having any link to recreating the keys: https://chainquery.com/bitcoin-cli/walletpassphrase

The link you've provided is just about encrypting Bitcoin core's wallet file, not specifically "12-words to encrypt".
Anyways, it will accept 12-words as a passphrase because core accepts spaces.

Please fix your quote, it looks like the text in the middle was posted by me:

Insert [/quote] after "Can you provide the link of that paper or article?"
And insert [quote author=nc50lc] before "Because as far as I know" to fix it.

HCP

legendary

Activity: 2086

Merit: 4361

That is correct. The encryption in Bitcoin Core is simply encrypting the private key data stored in the wallet file. The walletpassphrase could be "12 words", it could also be 200 random characters or non-existent or some other combination of letters/numbers/symbols etc... it's basically just a standard "password"... and has no direct bearing on the ability to recreate any keys.

Historically though, "12 word" phrases (consisting of 12 "random" words) have been some form of backup/recovery system as opposed to a password.

In other words, if you have 12 words, they're probably more likely to be a mnemonic of some description than they are to be a "password", but that doesn't mean they aren't a password.

The crucial point is that Bitcoin Core has never used a mnemonic system for recovery/backup... it has always been "make a copy of wallet.dat". So, if these 12 words are indeed a recovery mnemonic of some description, they're most likely not related to Bitcoin Core.

SheriffBass

member

Activity: 77

Merit: 11

Quote from: nc50lc on October 14, 2020, 11:22:28 PM

Quote from: SheriffBass on October 14, 2020, 07:57:25 PM

I was just reading about using 12 words to encrypt a bitcoin core wallet!!

Can you provide the link of that paper or article?
Here Is one from 2011: https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README

You can read the Technical details of wallet encryption.

and here is more recent one: https://vhernando.github.io/bitcoin-wallet-encrypt-decrypt-cipher
I think the encryption in Core is just to open and close access to the wallet spending ability without having any link to recreating the keys: https://chainquery.com/bitcoin-cli/walletpassphrase

Because as far as I know, a mnemonic phrase is mostly used as a human-readable representation of an entropy.
If it's used to encrypt a wallet, then it might a passphrase/password disguised as a mnemonic phrase.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: SheriffBass on October 14, 2020, 07:57:25 PM

I was just reading about using 12 words to encrypt a bitcoin core wallet!!

Are you sure that you actually understood what you have read?

While encrypting a wallet(file?) with words is definitely possible, it is rarely done. And if done, it can be quite confusing.

12 words almost always are a mnemonic code which is the encoded seed which is used to derive the keys from a HD wallet.

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: SheriffBass on October 14, 2020, 07:57:25 PM

I was just reading about using 12 words to encrypt a bitcoin core wallet!!

Can you provide the link of that paper or article?

Because as far as I know, a mnemonic phrase is mostly used as a human-readable representation of an entropy.
If it's used to encrypt a wallet, then it might a passphrase/password disguised as a mnemonic phrase.

SheriffBass

member

Activity: 77

Merit: 11

I was just reading about using 12 words to encrypt a bitcoin core wallet!!

so apparently the 12 words maybe used to encrypt and decrypt "A" wallet, but which wallet???
Hope its not that long gone shredded paper Roll Eyes

However there is a list of dormant bitcoin addresses that I can try to work on every single one to try to decrypt it Using these 12 words till One works 🤔🤔
And gotta dig deeper into the old drives browser history, and cookies.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: SheriffBass on October 14, 2020, 11:40:46 AM

I plugged in the 12 words to the Blockchain legacy wallet recovery and got a " unknown word" msg which I thought with the mnemonic words there shouldn't be such a msg since all words are accepted!!

No, just like other wallets... the blockchain legacy recovery system uses a "word list". If you are getting an "unknown word" error, then either one or more of your 12 words are incorrect (check spelling etc) or the 12 words are NOT blockchain legacy recovery words.

If you also get "unknown word" type errors when trying to restore using a BIP39 wallet (like Electrum with "BIP39 seed" option set or using Ian Coleman's BIP39 tool) then the 12 words are not a BIP39 recovery seed mnemonic either.

You're left with the option of it being:

1. a brainwallet... but which wallet? and what method did it use for converting words to private keys? Huh

or
2. some other obscure wallet with it's own recovery system

Unless you can identify which wallet these words belong to (or possibly the incorrect word(s)), your chances of recovery are relatively slim Undecided

SheriffBass

member

Activity: 77

Merit: 11

Quote from: Potato Chips on October 08, 2020, 05:29:36 AM

Blockchain.com before switching to HD wallets did have paper wallet as another form of backup. I'm not sure when did it became a thing in blockchain.com but definitely not 10 years ago cause their wallet service weren't around that time.

But still, this is what they look like and you can compare them to yours. (both source are from 2014)

1. Tutorial: Backup Basics! The Best Ways to Backup Your Blockchain Wallet (It doesn't look like a private key to me, not sure if it's intended that way because it's just a sample)
2. Blockchain.info Paper Backup Stores Private Keys in the Browser History (LOL)
Yea, that's funny having all your coins stored on your browser!!!

Your old email accounts might have some trace of which wallet you've used. It's worth looking into them.

all old emails were read and eliminated except for Verizon as they don't exist, and I don't have access to it any longer!!! Angry

I plugged in the 12 words to the Blockchain legacy wallet recovery and got a " unknown word" msg which I thought with the mnemonic words there shouldn't be such a msg since all words are accepted!!
will look up the browser history and scan for Json files on the old drives and see what I can find Undecided

Potato Chips

hero member

Activity: 2786

Merit: 902

yesssir! 🫡

Blockchain.com before switching to HD wallets did have paper wallet as another form of backup. I'm not sure when did it became a thing in blockchain.com but definitely not 10 years ago cause their wallet service weren't around that time.

But still, this is what they look like and you can compare them to yours. (both source are from 2014)

1. Tutorial: Backup Basics! The Best Ways to Backup Your Blockchain Wallet (It doesn't look like a private key to me, not sure if it's intended that way because it's just a sample)
2. Blockchain.info Paper Backup Stores Private Keys in the Browser History (LOL)

Your old email accounts might have some trace of which wallet you've used. It's worth looking into them.

Topic: I need Help finding or recovering bitcoins off an old hard drive (Read 2481 times)