Topic: NEED HELP WITH 2010 WALLET.DAT FILE (Read 737 times)
If you have a 64 character (or 32 bytes) hex private key, convert it as follows to a WIF (which you can import):
Go to web site :
https://www.btcschools.net/tron/tron_tool_base58check_hex.php
bad advice.Go to web site :
https://www.btcschools.net/tron/tron_tool_base58check_hex.php
Quote
NEVER type it into a blockchain explorer or anything, that will expose it.
better advice.
If you have a 64 character (or 32 bytes) hex private key, convert it as follows to a WIF (which you can import):
Go to web site :
https://www.btcschools.net/tron/tron_tool_base58check_hex.php
fill in the Hex to Base58check 'Hex String:' box with the following
80 followed by the 64 character hex you found
example
0DF741E9FC092A9306881B6B07E93937D17A487062A99C1D2AD21B0C959EBCE4 is the hex string
fill in 800DF741E9FC092A9306881B6B07E93937D17A487062A99C1D2AD21B0C959EBCE4
and get:
Base58 String: 5HvSKY3noCN82Afh3tuagBS1XZwGzr81px2hLDm7B6Nt7RcVefx
This is the private key in WIF format.
Import this in any wallet.
NEVER type it into a blockchain explorer or anything, that will expose it.
Go to web site :
https://www.btcschools.net/tron/tron_tool_base58check_hex.php
fill in the Hex to Base58check 'Hex String:' box with the following
80 followed by the 64 character hex you found
example
0DF741E9FC092A9306881B6B07E93937D17A487062A99C1D2AD21B0C959EBCE4 is the hex string
fill in 800DF741E9FC092A9306881B6B07E93937D17A487062A99C1D2AD21B0C959EBCE4
and get:
Base58 String: 5HvSKY3noCN82Afh3tuagBS1XZwGzr81px2hLDm7B6Nt7RcVefx
This is the private key in WIF format.
Import this in any wallet.
NEVER type it into a blockchain explorer or anything, that will expose it.
SO i found 130201010420 couple of times on my hard drive with winhex
i hope its a good sign , but dont know what i do from here
i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it .
i hope its a good sign , but dont know what i do from here
i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it .
Code:
from bit import Key
from bit.format import bytes_to_wif
import re
import requests
import json
import sys, os.path, json, struct, base64, zlib
## created by litecoin_messiah for bitcointalk. 2022. (consider modifying matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())) to b'\x01\x01\x04\x1f(.{31})' and prepending 00
prog = os.path.basename(sys.argv[0])
if len(sys.argv) != 2 or sys.argv[1].startswith("-"):
print("usage:", prog, "wallet.dat", file=sys.stderr)
sys.exit(2)
wallet_file = sys.argv[1]
def salvage(priv):
key = Key.from_hex(priv)
wif = bytes_to_wif(key.to_bytes(), compressed=False)
key = Key(wif)
return wif
def salvageC(priv):
key = Key.from_hex(priv)
wif = bytes_to_wif(key.to_bytes(), compressed=True)
key = Key(wif)
return wif
with open(wallet_file, "rb") as f:
matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())
def processWIF(wif):
key = Key(wif)
return(key.address)
def getB(addr):
url = ('https://blockbook-bitcoin.binancechain.io/api/address/'+addr+"?details=basic")
r = requests.get(url)
return(r.text)
def processWIFB(wif):
try:
result = getB(processWIF(wif))
return(result['addrStr'],result['balance'],result['totalSent'],result['txApperances'],result['totalReceived'])
except:
return("fail")
for priv in matches:
v1 = json.loads(getB(processWIF(salvage(priv.hex()))))
v2 = json.loads(getB(processWIF(salvageC(priv.hex()))))
if (v2['txApperances'] != 0):
print(v2)
if (v1['txApperances'] != 0):
print(v1)
from bit.format import bytes_to_wif
import re
import requests
import json
import sys, os.path, json, struct, base64, zlib
## created by litecoin_messiah for bitcointalk. 2022. (consider modifying matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())) to b'\x01\x01\x04\x1f(.{31})' and prepending 00
prog = os.path.basename(sys.argv[0])
if len(sys.argv) != 2 or sys.argv[1].startswith("-"):
print("usage:", prog, "wallet.dat", file=sys.stderr)
sys.exit(2)
wallet_file = sys.argv[1]
def salvage(priv):
key = Key.from_hex(priv)
wif = bytes_to_wif(key.to_bytes(), compressed=False)
key = Key(wif)
return wif
def salvageC(priv):
key = Key.from_hex(priv)
wif = bytes_to_wif(key.to_bytes(), compressed=True)
key = Key(wif)
return wif
with open(wallet_file, "rb") as f:
matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())
def processWIF(wif):
key = Key(wif)
return(key.address)
def getB(addr):
url = ('https://blockbook-bitcoin.binancechain.io/api/address/'+addr+"?details=basic")
r = requests.get(url)
return(r.text)
def processWIFB(wif):
try:
result = getB(processWIF(wif))
return(result['addrStr'],result['balance'],result['totalSent'],result['txApperances'],result['totalReceived'])
except:
return("fail")
for priv in matches:
v1 = json.loads(getB(processWIF(salvage(priv.hex()))))
v2 = json.loads(getB(processWIF(salvageC(priv.hex()))))
if (v2['txApperances'] != 0):
print(v2)
if (v1['txApperances'] != 0):
print(v1)
Ian Coleman's key compression tool will not accept HEX Private keys, only WIF and BIP38 PrvKeys.
Yes, you are right, my mistake. Lack of coffee - that page accepts public key hex, not private key.
There is also: https://learnmeabitcoin.com/technical/wif but I am not sure if it is possible to run it offline.
Ian Coleman's key compression tool will not accept HEX Private keys, only WIF and BIP38 PrvKeys.
Webpage (do not use it online): https://brainwalletx.github.io/#generator
Download ZIP, extract it and transfer the whole folder to your offline PC, run "index.html" using your browser.
To use it for converting HEX into WIF prvKey:
NO IDONT KNOW HOW to convert 64 digit hex into private key wallet import format
As an alternative, you can use brainwallet tool, but same as PawGo's suggestion: use it offline.Webpage (do not use it online): https://brainwalletx.github.io/#generator
Download ZIP, extract it and transfer the whole folder to your offline PC, run "index.html" using your browser.
To use it for converting HEX into WIF prvKey:
- In 'Get Address From' line, click "Secret Component" button.
- In 'Secret Exponent' line, paste your 64 digit hex.
- In 'Address QR Code', click "Toggle Key" and the private key WIF will be displayed above the address.
- You can toggle between compressed and uncompressed WIF by clicking the bottons with the same name in "Point Conversion' line.
- Copy both Compressed (starts with 'K' or 'L') and Uncompressed (starts with '5') WIF and import them to your preferred wallet.
NO IDONT KNOW HOW to convert 64 digit hex into private key wallet import format
https://iancoleman.io/bitcoin-key-compression/
Or it’s offline version ti download from github. Link at the bottom of the page
NO IDONT KNOW HOW to convert 64 digit hex into private key wallet import format
Ok this sounds right. Yes it should be different numbers. Did you find out anything.
OK , SO IT LOOKS LIKE SOME KIND OF A KEY ...
I HAVE LIKE 95 TIMES THIS 130201010420
AFTER THE 0420 I HAVE 64 BITS IN ALL OF THEM THAT START WITH THE SAME FIRST 6 BITS AND THEY ALL FINISH WITH THE SAME 2 BITS AND AFTER EVERY 64 BITS I HAVE 00 00
THET ALL START WITH D0 30
BUT THEY NOT THE SAME , EVERY ONE OF THEM IS A BIT DEFERENT
IS THAT LOOKS RIGHT ?
I HAVE LIKE 95 TIMES THIS 130201010420
AFTER THE 0420 I HAVE 64 BITS IN ALL OF THEM THAT START WITH THE SAME FIRST 6 BITS AND THEY ALL FINISH WITH THE SAME 2 BITS AND AFTER EVERY 64 BITS I HAVE 00 00
THET ALL START WITH D0 30
BUT THEY NOT THE SAME , EVERY ONE OF THEM IS A BIT DEFERENT
IS THAT LOOKS RIGHT ?
Yes i can help. This is good news you might have found your key. After the 0420 digits there will be 64 digits this is usually the key. So count 64 digits after 0420 and write the digits on paper. Then you have the privkey in hex. You will need to convert it to a key that can be imported to wallet which you can get at www.electrum.org
You need to convert 64 digit hex into private key wallet import format , then import it
Hope it works send me tip thank you.
You need to convert 64 digit hex into private key wallet import format , then import it
Hope it works send me tip thank you.
SO i found 130201010420 couple of times on my hard drive with winhex
i hope its a good sign , but dont know what i do from here
i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it .
olso found Cipherblockchaining , bitcoin
can someone help me what the next step ?
i hope its a good sign , but dont know what i do from here
i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it .
olso found Cipherblockchaining , bitcoin
can someone help me what the next step ?
Anyways, now I can't get the flash drive to open on my computer., is it possible that its not compatible with my newer computer?
What OS are you running? Windows? If so, does it make the USB connected noise when you plug the flash drive in? Do you get any "error" notifications saying the device has failed to be recognised or initialised?12 years is quite a long time for flash drives... so, it is possible that the device is actually dead.
What kind of problem do you have?
Do you see files and you do not know how to open them?
Or
Is usb recognized by your computer and opened?
If not, which system do you use?
Maybe disk was formatted for example for linux and you are using on windows and it is not recognized.
More details please.
Later you will have to probably use old Bitcoin Core to extract keys or external program like pywallet. But if you have access to files, first do the backup. Or two.
Do you see files and you do not know how to open them?
Or
Is usb recognized by your computer and opened?
If not, which system do you use?
Maybe disk was formatted for example for linux and you are using on windows and it is not recognized.
More details please.
Later you will have to probably use old Bitcoin Core to extract keys or external program like pywallet. But if you have access to files, first do the backup. Or two.
Ok so I am new to this forum so I am not sure if this is the proper place to be but I have a problem I am looking for help with.
Back in 2010 someone gave me a gift that was a flash drive which contained some bitcoin in a wallet(?). At the time very few people knew of crypto currency and I thought it was useless. (Ungrateful, I know). Anyways, now I can't get the flash drive to open on my computer., is it possible that its not compatible with my newer computer?Any help would be appreciated.
Back in 2010 someone gave me a gift that was a flash drive which contained some bitcoin in a wallet(?). At the time very few people knew of crypto currency and I thought it was useless. (Ungrateful, I know). Anyways, now I can't get the flash drive to open on my computer., is it possible that its not compatible with my newer computer?Any help would be appreciated.
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker
i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something.
go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something)
source: https://github.com/Sepero/SearchBin/blob/master/searchbin.py
is useful works out fo the box without dependencies,
might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills.
it probably will miss it, so try
it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file.
also a bonus,
i mean its not guaranteed to, but it should help you get closer to recovering it.
if you get rich please ask me for my wallet address. thanks
also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code]
i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something.
go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something)
Code:
#!/usr/bin/env python
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main()
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main()
source: https://github.com/Sepero/SearchBin/blob/master/searchbin.py
is useful works out fo the box without dependencies,
might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills.
Code:
searchbin -p 01010420 "path to disk image of .img" file,
Code:
searchbin -p 01010420 /dev/whicheverpath
its on might work too if you want to go cowboy mode.it probably will miss it, so try
Code:
searchbin -p 10141f
if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i thinkit will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file.
also a bonus,
Code:
searchbin.py -p 6231050009000000 "path to disk image"
will output offsets to wallet files.i mean its not guaranteed to, but it should help you get closer to recovering it.
if you get rich please ask me for my wallet address. thanks
also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code] 
I REMEMBER THAT I DIDNT KNOW how to put a password , so no password
when i look with hex i find wallet.dat but no address and nothing looks like a wallet
when i look with hex i find wallet.dat but no address and nothing looks like a wallet
Since you said above that you can see any hex code that looks like a wallet then maybe your wallet.dat is encrypted with a password.
Why not try to extract the wallet.dat file from your hex tool and then try to install Bitcoin and import the wallet let it sync it for a while or use the pywallet from jackjackjj as suggested above and then use the dump command to export the private keys. Make sure you have python installed.
Here's the command:
Code:
python pywallet.py --dumpwallet --datadir=. > wallet.txt
Jump to: