Hi there,
Let me first explain the generic situation, then what I tried, and where I succeeded/failed.
Setup:
Bitcoin core 0.12.1.0 compiled by myself on intel amd64 (64bit)
Running on Debian Linux(Jessie) with some modifications regarding X(needed to make the skylake chipset in the computer work)
So, what happened:
Friday I had a kernel Panic, which forced me to hard reboot my notebook. Bitcoin-qt was running while this happened. After reboot, bitcoin-qt started up, but complained about a damaged blockchain database.
After trying again, I decided to try and just delete any files from within the blockchain directory that had been modified on said Friday. this didnt fix the corrupted blockchain message, so I decided I'd just redownload the blockchain over the weekend. While at it, I decided to run fsck.ext4 on my root file system(which is also where bitcoin core's .bitcoin directory resides in). Bad mistake. After running fsck, bitcoin-qt complained about a corrupt wallet file, and claimed to have fixed the wallet. After a restart of bitcoin-qt it just complained about corrupt wallet file and quit. Good, after fsck I had made a backup of my wallet. Or so I thought. There's somewhat considerable funds on that wallet, or more specifically associated with a change address from thursday evening.
What I tried:
First try, ofc, was creating another backup copy of that corrupted wallet. I went trying to just dump all private keys with pywallet, which failed. I then did some googling, found out that there's a dbutils package for working with berkeleydb files, so I went for that and dbdump'd the wallet. Surprisingly this worked without any errors, but I couldnt make much sense of the contents of said dump just yet(going on there later). Then I did some more googling. In the mean time I figured out that parts of the blockchain in .bitcoin/chainstate became undeletable, even as root. I managed to move the files out of there, yet still have no way or reading attributes, deleting them, setting attributes, delete the file by name or inode. So more googling went on. I figured out that there's two tools that could help in said situation: bitcointools by gavin andreesen and wallet_recover by some other guy here on the forums. I went for bitcointools first. To my glad surprise the db_dump from bitcointools was able to find the addresses, but only printed the keys out shorted. the wallet file fixwallet.py created was corrupt and unreadable by bitcoin. So I went for wallet_recover, which seems to scan through the block device looking for datasets that could be keys. It found 1800 of them, and created a new wallet file, which was readable by bitcoin-qt. It didnt show any keys under receiving addresses though, so I went on and wrote a script converting the private keys found by wallet_recovers stdout to wallet format keys and importing them into bitcoin-qt. Then I let it download the entire blockchain, which was finished by saturday night. to my surprise, it ended with the last transaction, and the only key missing was the one where the almost 0.6 BTC change went to. What a bummer. so I scraped through the output of wallet_recover only to figure out that the key with the change balance was not found by wallet_recover. GREAT!
Now I went back to gavins bitcointools. Checking the transaction on blockchain.info and my wallet, I know that the change address was 18baf7AfBbN38EBP1uJsUv13x3eGEp7wes (
https://blockchain.info/address/18baf7AfBbN38EBP1uJsUv13x3eGEp7wes). Said address actually showed up in gavins db_dump.py output, yet pubkey and privkey remained shorted. I did some magic, simply changing short_hex to long_hex in wallet.py lines 228/229, which produced me with the full keys. However they seemed to be in an odd, non-key format, so I exported one of the keys I had in bitcoin-qt with an address showing up in db_dump.py, converted it to hex, and searched for it so I could figure out what part of its output I'd need. Ok, I was prematurely happy, checked the pubkey for 18baf7AfBbN38EBP1uJsUv13x3eGEp7wes which matched the address, and I thought, great, I have my funds back, time to secure my funds. Bad did it turn out, I used the private key that was listed in gavins tools output, converted it to wallet format, imported it into bitcoin, just to find out that the address it produced was different. So my guess is the key itself inside the wallet is more or less corrupted.
Question is now: Is it possible that there's just a bit error in the db_dump output, which could somewhat easily be fixed by brute forcing it out(considering there's a possible maximum of 8 bits error that would still be feasible also considering bit errors are all together)? What else could have gone wrong? Does anyone see any option to recover said key? It seems to be the only thing corrupted(greetings from murphys law)
I'm willing to put out 0.1 BTC as bounty, considering that the funds at risk are only 0.54BTC I hope thats reasonable. Also by now I more or less said goodbye to my funds, its mostly about figuring out how to clean out this situation.
Also: Please dont blame me for not having a backup, I had one but it was too old and its keypool unfortunately isnt recent enough. I also know thats my fault, and for now I'm happy that the losses are limited to $300 ish, it could have been more. I'm going to be extremely happy for any help provided on that matter.
As for steps to recover, after I figured out something was wrong after fsck, I immediately made a dd copy of the entire partition. I am fairly aware of how bitcoin works, and I think I have enough basic knowledge to apply more complex steps into recovery, it's just that I have run out of decent ideas, so I'll be glad for suggestions.