Need help with a 6year old file related to Bitcoin keys

Deadrisinghelp

newbie

Activity: 93

Merit: 0

Quote from: HCP on April 15, 2021, 07:26:13 PM

Does the text start with "U2F" and look something like this:

Code:

U2FsdGVkX18LSYm98B5HRgLWHgx35xMcsSpjjtdC9XG6iEYh9OC+vfyQA1fNmjEKs64cm/bntH7g
/AMeb5NNSEe9hzYAgp/DRvOR+GX9E95pGcl4Gb2AHGMyUfAww7uV

If so, then it could be a MultiBit .key file... which means it is AES256 encrypted text... if you don't know the password, then you'd have to attempt to bruteforce it... which could be problematic if your dead friend used a long complex password.

Your options would be btcrecover (https://github.com/3rdIteration/btcrecover/) or hashcat (https://hashcat.net/hashcat/) and use the "multibit2john" script to extract the hash from the .key file and then bruteforce the hash using hashcat.

yes it does! thanks! so that means it really is Multibit! thanks! i'm going to give Hashcat a try first, i don't think he used a complex password at all, but we'll see
thanks for all the help!

HCP

legendary

Activity: 2086

Merit: 4316

Does the text start with "U2F" and look something like this:

Code:

U2FsdGVkX18LSYm98B5HRgLWHgx35xMcsSpjjtdC9XG6iEYh9OC+vfyQA1fNmjEKs64cm/bntH7g
/AMeb5NNSEe9hzYAgp/DRvOR+GX9E95pGcl4Gb2AHGMyUfAww7uV

If so, then it could be a MultiBit .key file... which means it is AES256 encrypted text... if you don't know the password, then you'd have to attempt to bruteforce it... which could be problematic if your dead friend used a long complex password.

Your options would be btcrecover (https://github.com/3rdIteration/btcrecover/) or hashcat (https://hashcat.net/hashcat/) and use the "multibit2john" script to extract the hash from the .key file and then bruteforce the hash using hashcat.

Deadrisinghelp

newbie

Activity: 93

Merit: 0

Quote from: ranochigo on April 15, 2021, 07:02:47 PM

.key extension was most commonly used with Multibit. If you were to open the wallet file with a text editor, are there any human readable parts? It should contains some references to Bitcoin addresses, they're around 34 characters long and starts with 1.

okey i actually managed to download MultiBit Classic version 0.5.19, when i click on "import private keys" i can select from files, and the only files showing up is the .key file. so i'm guessing you're right that Multit was used. however it looks like it's encrypted.

Deadrisinghelp

newbie

Activity: 93

Merit: 0

Quote from: ranochigo on April 15, 2021, 07:02:47 PM

.key extension was most commonly used with Multibit. If you were to open the wallet file with a text editor, are there any human readable parts? It should contains some references to Bitcoin addresses, they're around 34 characters long and starts with 1.

i never used multibit, but it does ring a bell, he might've used that wallet now that i think about it.

Deadrisinghelp

newbie

Activity: 93

Merit: 0

Quote from: ranochigo on April 15, 2021, 07:02:47 PM

.key extension was most commonly used with Multibit. If you were to open the wallet file with a text editor, are there any human readable parts? It should contains some references to Bitcoin addresses, they're around 34 characters long and starts with 1.

i opened it with notepad, it a well strucktured block of text, but no adresses. might be encrypted, is there anyway i can use this .KEY with Multibit and Bruteforce it using my GPU farm ?

ranochigo

legendary

Activity: 2982

Merit: 4193

.key extension was most commonly used with Multibit. If you were to open the wallet file with a text editor, are there any human readable parts? It should contains some references to Bitcoin addresses, they're around 34 characters long and starts with 1.

Deadrisinghelp

newbie

Activity: 93

Merit: 0

Hello, i got a file named "Name-23423423.key" that my friend sent me, apperently he used this file to get his BTC 6 years ago, can anyone shed some light on this file ? friend is dead by the way so i can't ask him anymore sadly.

Topic: Need help with a 6year old file related to Bitcoin keys (Read 98 times)