Author

Topic: Recover BTC using private keys and passphrase. Need Help! (Read 2898 times)

newbie
Activity: 6
Merit: 0
Thank you so much for all your responses. :-)

I was just searching for everything starting with 01 01 04 20, because right after that starts a private key in the wallet file. After that i used bitcointools to convert them into WIF-format and imported them with the importwallet command from the debug console. It worked for unencrypted wallets i created for testing purposes so fingers crossed.

Iam gonna try the decrypt.cpp. Thank you for the hint Smiley
legendary
Activity: 3682
Merit: 1580
I deleted the wallet.dat by accident. I replaced the wallet.dat while bitcoin core was still running which caused an error and then the wallet.dat was gone.

If you run bitcoin core and there is no wallet.dat file in the data directory then bitcoin core will generate a new unencrypted wallet.dat file. It will obviously be empty of any coins. I think that if you found unencrypted private keys in WIF format then those are from the empty wallet.dat file that core generated.

newbie
Activity: 53
Merit: 0
I deleted the wallet.dat by accident. I replaced the wallet.dat while bitcoin core was still running which caused an error and then the wallet.dat was gone.

I then wrote a small programm which scans the harddisk on a low level for finding even deleted private keys. So right now iam having my passphrase and the keys (in hex and in wif format) or strings similar to private keys.

I dont know if those informations are still valid but from what i read are just the keys in the wallet encrypted and not the full wallet.
Everything you need to decrypt these keys is here: https://github.com/bitcoin/bitcoin/blob/master/src/wallet/crypter.cpp

So just write a command line tool to do it. Wink
legendary
Activity: 3472
Merit: 4801
Anyways, this is off topic and not helping the OP.

Agreed.  If a moderator would like to come clean out all of this trolling and keep this thread on topic, I'd be happy to remove any quoting or responding to Luca82 that I've done.
staff
Activity: 3458
Merit: 6793
Just writing some code
I was trying to explain things in an easier way for him instead of being too technical. Not everyone who uses bitcoin is technical
Clearly he knows enough about technical stuff to do this:
I then wrote a small programm which scans the harddisk on a low level for finding even deleted private keys.


and I assumed he had the WIF keys as he said in his sentence
Quote
"So right now iam having my passphrase and the keys (in hex and in wif format)"
Which he immediately followed with
or strings similar to private keys.

I dont know if those informations are still valid but from what i read are just the keys in the wallet encrypted and not the full wallet.
which clearly shows that he isn't sure about whether those are valid keys. Importing them is not going to help if they are not valid, and the first step of a validity check is to make sure they are actually WIF keys before importing them.

no need to be a bitcointalk elitist, I have been using Bitcoin since mid 2009. If I had decided to stay using this forum I would have a high post count also.
Well good for you. A lot of people have been using Bitcoin since mid 2009 but have no idea on how it works technically or how a specific modern implementation of Bitcoin (Bitcoin Core) works. The amount of time you have been using Bitcoin does not matter.



Anyways, this is off topic and not helping the OP.
hero member
Activity: 686
Merit: 502
Create a new wallet.dat file.
import your private keys to the new wallet.dat file using the debug console
I think the command is

Quote
importprivkey

private keys themselves are not encrypted with a passphrase, they are the private key. its the wallet thats protected. You can then set a new passphrase on your wallet.

I can see why this has lead to confusion.

I would have tried the same though.
newbie
Activity: 5
Merit: 0
LOL my point all along in bold ^^ and it was danny who said that... so gang up on the newbie why don't you. Your not more intelligent when it comes to cryptography because you have put more sentences together on a forum. you do know that right?
I am giving him more information that is relevant than you did. I told him to check for things and make sure that they are in the proper format instead of just telling him how to do something. The point is to get more information about the situation, especially since he worded things confusingly, before jumping to conclusions and trying things that will waste time and not work, as you were doing. You were assuming that he actually had WIF keys, but looking further up the thread, it is not clear whether he does as some parts of his story conflicts.

Secondly, giving instructions on how to do something in Bitcoin Core does not have anything to do with cryptography. The only things you have said about cryptography are incorrect.

I was trying to explain things in an easier way for him instead of being too technical. Not everyone who uses bitcoin is technical and I assumed he had the WIF keys as he said in his sentence
Quote
"So right now iam having my passphrase and the keys (in hex and in wif format)"
no need to be a bitcointalk elitist, I have been using Bitcoin since mid 2009. If I had decided to stay using this forum I would have a high post count also.
staff
Activity: 3458
Merit: 6793
Just writing some code
LOL my point all along in bold ^^ and it was danny who said that... so gang up on the newbie why don't you. Your not more intelligent when it comes to cryptography because you have put more sentences together on a forum. you do know that right?
I am giving him more information that is relevant than you did. I told him to check for things and make sure that they are in the proper format instead of just telling him how to do something. The point is to get more information about the situation, especially since he worded things confusingly, before jumping to conclusions and trying things that will waste time and not work, as you were doing. You were assuming that he actually had WIF keys, but looking further up the thread, it is not clear whether he does as some parts of his story conflicts.

Secondly, giving instructions on how to do something in Bitcoin Core does not have anything to do with cryptography. The only things you have said about cryptography are incorrect.
newbie
Activity: 5
Merit: 0
I deleted the wallet.dat by accident. I replaced the wallet.dat while bitcoin core was still running which caused an error and then the wallet.dat was gone.

I then wrote a small programm which scans the harddisk on a low level for finding even deleted private keys. So right now iam having my passphrase and the keys (in hex and in wif format) or strings similar to private keys.

I dont know if those informations are still valid but from what i read are just the keys in the wallet encrypted and not the full wallet.
Are you sure that they are in WIF format? Do they start with a '5', 'K', or 'L'? If they are WIF, then you can just import them. If they are hex, then you will have to convert them to WIF format. If they are encrypted, then you will have to find the master encryption key, decrypt that, and then decrypt the private keys.

but if he has found a key in WIF format then it has not been stretched and he should just be able to import it. If it has been stretched or "re-encrypted" it wouldnt look like a WIF key at all or even be the same length.

I have more understanding than you think I do. I am also just going by what OP is saying. The least he should do with the keys is try what I say, If it is WIF then it will work. if its not it will fail.
The fact that you are confusing terminology just further shows that you don't know what you are talking about. The stretching has nothing to do with the private keys but rather the password he must enter. There is not "re-encrypted", just encrypted and not.

LOL my point all along in bold ^^ and it was danny who said that... so gang up on the newbie why don't you. Your not more intelligent when it comes to cryptography because you have put more sentences together on a forum. you do know that right?
staff
Activity: 3458
Merit: 6793
Just writing some code
I deleted the wallet.dat by accident. I replaced the wallet.dat while bitcoin core was still running which caused an error and then the wallet.dat was gone.

I then wrote a small programm which scans the harddisk on a low level for finding even deleted private keys. So right now iam having my passphrase and the keys (in hex and in wif format) or strings similar to private keys.

I dont know if those informations are still valid but from what i read are just the keys in the wallet encrypted and not the full wallet.
Are you sure that they are in WIF format? Do they start with a '5', 'K', or 'L'? If they are WIF, then you can just import them. If they are hex, then you will have to convert them to WIF format. If they are encrypted, then you will have to find the master encryption key, decrypt that, and then decrypt the private keys.

but if he has found a key in WIF format then it has not been stretched and he should just be able to import it. If it has been stretched or "re-encrypted" it wouldnt look like a WIF key at all or even be the same length.

I have more understanding than you think I do. I am also just going by what OP is saying. The least he should do with the keys is try what I say, If it is WIF then it will work. if its not it will fail.
The fact that you are confusing terminology just further shows that you don't know what you are talking about. The stretching has nothing to do with the private keys but rather the password he must enter. There is not "re-encrypted", just encrypted and not.
newbie
Activity: 5
Merit: 0
but if he has found a key in WIF format then it has not been stretched and he should just be able to import it. If it has been stretched or "re-encrypted" it wouldnt look like a WIF key at all or even be the same length.

I have more understanding than you think I do. I am also just going by what OP is saying. The least he should do with the keys is try what I say, If it is WIF then it will work. if its not it will fail.
legendary
Activity: 3472
Merit: 4801
That is what I done and it worked for me. I'm only giving advice from experience.

You wrote a program that scanned your deleted hard drive for encrypted private keys and then imported those encrypted keys into a new wallet with "importprivkey"?

Given your lack of technical understanding of the OP's problem, I highly doubt it.

what is the correct advice then if you know so well?

It is impossible to give good advice until the OP provides more information.  He claims that he found deleted encrypted private keys on his hard drive, but since he wrote his own program rather than using an existing program, it is impossible to know for certain what he actually found.  He doesn't explain why he thinks that the data he found is a private key or why he thinks it is encrypted. He doesn't explain what exactly the program he wrote was looking for. He claims that the program scanned for private keys in HEX format, but a private key in HEX format is just 32 sequential bytes of random data.  There is nothing unique about a HEX private key that would identify it.

You claim:
Quote
private keys themselves are not encrypted with a passphrase

But this is completely false. You clearly have no understanding about how Bitcoin Core protects your private keys with the password.

I'm not completely sure, but I think Bitcoin Core performs some key stretching on the password and then uses that to encrypt a random master encryption key.  The (unencrypted) master key is then used to encrypt each of the private keys before they are stored on the hard drive.  If I'm right, then the OP will need to find not only the encrypted private keys on the hard drive, but also the encrypted master key.  Without it, it will be impossible to decrypt any private keys that were encrypted by his Bitcoin Core.
newbie
Activity: 5
Merit: 0
Create a new wallet.dat file.
import your private keys to the new wallet.dat file using the debug console
I think the command is


Quote
importprivkey

private keys themselves are not encrypted with a passphrase, they are the private key. its the wallet thats protected. You can then set a new passphrase on your wallet.

Please don't give advice in the Technical Support sub-forum if you have no idea what you're talking about.  You're just going to give bad advice and create more confusion.


That is what I done and it worked for me. I'm only giving advice from experience. what is the correct advice then if you know so well?
Yet you don't say because you don't want to help or you just think your too good for this question?
legendary
Activity: 3472
Merit: 4801
Create a new wallet.dat file.
import your private keys to the new wallet.dat file using the debug console
I think the command is


Quote
importprivkey

private keys themselves are not encrypted with a passphrase, they are the private key. its the wallet thats protected. You can then set a new passphrase on your wallet.

Please don't give advice in the Technical Support sub-forum if you have no idea what you're talking about.  You're just going to give bad advice and create more confusion.
newbie
Activity: 5
Merit: 0
Create a new wallet.dat file.
import your private keys to the new wallet.dat file using the debug console
I think the command is

Quote
importprivkey

private keys themselves are not encrypted with a passphrase, they are the private key. its the wallet thats protected. You can then set a new passphrase on your wallet.
newbie
Activity: 6
Merit: 0
I deleted the wallet.dat by accident. I replaced the wallet.dat while bitcoin core was still running which caused an error and then the wallet.dat was gone.

I then wrote a small programm which scans the harddisk on a low level for finding even deleted private keys. So right now iam having my passphrase and the keys (in hex and in wif format) or strings similar to private keys.

I dont know if those informations are still valid but from what i read are just the keys in the wallet encrypted and not the full wallet.
legendary
Activity: 4228
Merit: 1313
I am just using bitcoin core.

You said you lost the wallet.dat file yet have the private keys, but they are encrypted.   This is the confusing part: How do you have the private keys without the wallet file and yet they are encrypted with Bitcoin core?  Bitcoin core won't encrypt the keys alone.

Are you sure you don't have a pass phrase encrypted Bitcoin core wallet.dat file with the keys in it?  If so, you just need to use the pass phrase to unlock the wallet.dat file with Bitcoin core.
newbie
Activity: 15
Merit: 0
may I suggest to restore your wallet account, you just need to make a new wallet account and transfer it to it Roll Eyes
newbie
Activity: 6
Merit: 0
I am just using bitcoin core.
legendary
Activity: 4228
Merit: 1313
Hey Guys,

i have lost my wallet file but i have been able to recover the private keys. Problem is that they are encrypted with a passphrase. I know the passphrase but how can i now decrypt them to import them into a new wallet?

What program was used to encrypt the private keys?
hero member
Activity: 980
Merit: 500
Hey Guys,

i have lost my wallet file but i have been able to recover the private keys. Problem is that they are encrypted with a passphrase. I know the passphrase but how can i now decrypt them to import them into a new wallet?
Which wallet are you using? Passphrase is the words used to unock the privatekeys if I understand correctly. I have those with my mycelium wallet. What I do is import the privatekey and it will prompt me to enter the passphrase. IF the passphrase is correct you should be able to access the wallet again.
newbie
Activity: 6
Merit: 0
Hey Guys,

i have lost my wallet file but i have been able to recover the private keys. Problem is that they are encrypted with a passphrase. I know the passphrase but how can i now decrypt them to import them into a new wallet?
Jump to: