Author

Topic: pywallet recovery found deleted encrypted keys, now what? (Read 2360 times)

legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Hi,
I just saw this thread
Did you manage to solve your problems?
newbie
Activity: 2
Merit: 0
I have found resources that answer many of my questions.

First, pywallet doesn't gather any encrypted keys.  It can only gather keys if a correct passphrase is provided for a recovered wallet that is encrypted.  However, if keys and or wallets are unencrypted, then it does place them in the resulting wallet.dat file. If the wallets/keys are encrypted, pywallet's --recover command allows for an unlimited amount of possible passphrases to be manually entered to try.  This answers many of my questions such as "I get "error in dump page" when I try to dump recovered_wallet.dat using pywallet's web browser interface."  pywallet defaults to an error message if a wallet is dumped with no keys in it.

It seems that most of the documentation for the program was lost when [Suspicious link removed] was no longer maintained.

https://bitcointa.lk/threads/data-recovery-problem-recovering-many-wallet-dat-from-repartitioned-hard-drive.151558/ is a four page thread that explains many of its functions.  Especially things such as pywallet_partial_recovery_.dat that can be used after an initial scan so that you can avoid re-scanning and simply try different passphrases.  That file lists locations on a drive that are of interest and syntax is included in the above thread indicating how to use it.  

"How can I find out what types of keys they are?" seems to be answered in this thread: http://bitcoin.stackexchange.com/questions/19589/how-to-determine-what-type-of-coins-a-wallet-dat-contains.  Use --dumpwallet= .  If it is encrypted, include --passphrase= in the command line string.

I am currently testing the results of my pywallet recovery and hope that the stackexchange thread is accurate.

jackjack, if you see this, your program is a godsend.  I'll be sending you a percentage of what I recover.
newbie
Activity: 2
Merit: 0
I need some help figuring out what to do with pywallet recovery results.  For starters, it would be great to find out if the keys it found are bitcoins or not.

I got pywallet working on windows and used the command line recovery to get this from a formatted drive:

Code:
Found 7 possible wallets
Found 1375 possible encrypted keys
Found 0 possible unencrypted keys
Can't decrypt them as you didn't provide any passphrase.
The wallet is encrypted and the passphrase is correct

And these two files:
pywallet_partial_recovery_1461990397.dat   20KB (this file is always 1KB for drives with no results)
recovered_wallet_1461990399.dat  32KB  (results or not, these files are all the same size)

I get "error in dump page" when I try to dump recovered_wallet.dat using pywallet's web browser interface.
I get this with recovered_wallet_1461990399.dat:

Code:
"ckey": [],
    "keys": [],
    "mkey": {
        "encrypted_key": "e618****47d7",
        "nDerivationIterations": 59639,
        "nDerivationMethod": 0,
        "nID": 1,
        "otherParams": "",
        "salt": "359c****8bb"
    },
    "names": {},
    "pool": [],
    "tx": [],
    "version": 32500

Trying to dump via the command line gives the same error for both:

Code:
C:\Windows\system32>\pywallet\pywallet.py --dumpwallet --datadir= C:\ --wallet=wallet.dat --passphrase= ********* > dump.txt
ERROR:root:Couldn't open wallet.dat/main. Try quitting Bitcoin and running this again.

Dumping keys via the web browser results in "error in dump page" for both wallet files.

Obviously, I ran pywallet without supplying possible passphrases.  I'm now running the same recovery again with a long list of all of my old passphrase iterations.  However, that will take several hours and might not successfully decrypt any of them.

I don't even know if the keys are bitcoins or some other altcoin. I did CPU mine BTC sometime around 2011 and then forgot all about them.  Also spent $2 for several thousand Dogecoins many years ago.

Did pywallet not output any keys into the DAT files because the keys are encrypted?  How can I find out what types of keys they are?  I just don't know what to do or what is going on at this point.
Jump to: