Topic: Recover BTC using private keys and passphrase. Need Help! (Read 2890 times)

Thank you so much for all your responses. :-)

I was just searching for everything starting with 01 01 04 20, because right after that starts a private key in the wallet file. After that i used bitcointools to convert them into WIF-format and imported them with the importwallet command from the debug console. It worked for unencrypted wallets i created for testing purposes so fingers crossed.

Iam gonna try the decrypt.cpp. Thank you for the hint

If you run bitcoin core and there is no wallet.dat file in the data directory then bitcoin core will generate a new unencrypted wallet.dat file. It will obviously be empty of any coins. I think that if you found unencrypted private keys in WIF format then those are from the empty wallet.dat file that core generated.

Everything you need to decrypt these keys is here: https://github.com/bitcoin/bitcoin/blob/master/src/wallet/crypter.cpp

So just write a command line tool to do it.

Agreed.  If a moderator would like to come clean out all of this trolling and keep this thread on topic, I'd be happy to remove any quoting or responding to Luca82 that I've done.

Clearly he knows enough about technical stuff to do this:


Which he immediately followed with
which clearly shows that he isn't sure about whether those are valid keys. Importing them is not going to help if they are not valid, and the first step of a validity check is to make sure they are actually WIF keys before importing them.

Well good for you. A lot of people have been using Bitcoin since mid 2009 but have no idea on how it works technically or how a specific modern implementation of Bitcoin (Bitcoin Core) works. The amount of time you have been using Bitcoin does not matter.

---

Anyways, this is off topic and not helping the OP.

I can see why this has lead to confusion.

I would have tried the same though.

I was trying to explain things in an easier way for him instead of being too technical. Not everyone who uses bitcoin is technical and I assumed he had the WIF keys as he said in his sentence no need to be a bitcointalk elitist, I have been using Bitcoin since mid 2009. If I had decided to stay using this forum I would have a high post count also.

I am giving him more information that is relevant than you did. I told him to check for things and make sure that they are in the proper format instead of just telling him how to do something. The point is to get more information about the situation, especially since he worded things confusingly, before jumping to conclusions and trying things that will waste time and not work, as you were doing. You were assuming that he actually had WIF keys, but looking further up the thread, it is not clear whether he does as some parts of his story conflicts.

Secondly, giving instructions on how to do something in Bitcoin Core does not have anything to do with cryptography. The only things you have said about cryptography are incorrect.

LOL my point all along in bold ^^ and it was danny who said that... so gang up on the newbie why don't you. Your not more intelligent when it comes to cryptography because you have put more sentences together on a forum. you do know that right?

Are you sure that they are in WIF format? Do they start with a '5', 'K', or 'L'? If they are WIF, then you can just import them. If they are hex, then you will have to convert them to WIF format. If they are encrypted, then you will have to find the master encryption key, decrypt that, and then decrypt the private keys.

The fact that you are confusing terminology just further shows that you don't know what you are talking about. The stretching has nothing to do with the private keys but rather the password he must enter. There is not "re-encrypted", just encrypted and not.

but if he has found a key in WIF format then it has not been stretched and he should just be able to import it. If it has been stretched or "re-encrypted" it wouldnt look like a WIF key at all or even be the same length.

I have more understanding than you think I do. I am also just going by what OP is saying. The least he should do with the keys is try what I say, If it is WIF then it will work. if its not it will fail.

You wrote a program that scanned your deleted hard drive for encrypted private keys and then imported those encrypted keys into a new wallet with "importprivkey"?

Given your lack of technical understanding of the OP's problem, I highly doubt it.


It is impossible to give good advice until the OP provides more information.  He claims that he found deleted encrypted private keys on his hard drive, but since he wrote his own program rather than using an existing program, it is impossible to know for certain what he actually found.  He doesn't explain why he thinks that the data he found is a private key or why he thinks it is encrypted. He doesn't explain what exactly the program he wrote was looking for. He claims that the program scanned for private keys in HEX format, but a private key in HEX format is just 32 sequential bytes of random data.  There is nothing unique about a HEX private key that would identify it.

You claim:

But this is completely false. You clearly have no understanding about how Bitcoin Core protects your private keys with the password.

I'm not completely sure, but I think Bitcoin Core performs some key stretching on the password and then uses that to encrypt a random master encryption key.  The (unencrypted) master key is then used to encrypt each of the private keys before they are stored on the hard drive.  If I'm right, then the OP will need to find not only the encrypted private keys on the hard drive, but also the encrypted master key.  Without it, it will be impossible to decrypt any private keys that were encrypted by his Bitcoin Core.

That is what I done and it worked for me. I'm only giving advice from experience. what is the correct advice then if you know so well?
Yet you don't say because you don't want to help or you just think your too good for this question?

Please don't give advice in the Technical Support sub-forum if you have no idea what you're talking about.  You're just going to give bad advice and create more confusion.

Create a new wallet.dat file.
import your private keys to the new wallet.dat file using the debug console
I think the command is


private keys themselves are not encrypted with a passphrase, they are the private key. its the wallet thats protected. You can then set a new passphrase on your wallet.

I deleted the wallet.dat by accident. I replaced the wallet.dat while bitcoin core was still running which caused an error and then the wallet.dat was gone.

I then wrote a small programm which scans the harddisk on a low level for finding even deleted private keys. So right now iam having my passphrase and the keys (in hex and in wif format) or strings similar to private keys.

I dont know if those informations are still valid but from what i read are just the keys in the wallet encrypted and not the full wallet.

You said you lost the wallet.dat file yet have the private keys, but they are encrypted.   This is the confusing part: How do you have the private keys without the wallet file and yet they are encrypted with Bitcoin core?  Bitcoin core won't encrypt the keys alone.

Are you sure you don't have a pass phrase encrypted Bitcoin core wallet.dat file with the keys in it?  If so, you just need to use the pass phrase to unlock the wallet.dat file with Bitcoin core.

may I suggest to restore your wallet account, you just need to make a new wallet account and transfer it to it

I am just using bitcoin core.

What program was used to encrypt the private keys?

Which wallet are you using? Passphrase is the words used to unock the privatekeys if I understand correctly. I have those with my mycelium wallet. What I do is import the privatekey and it will prompt me to enter the passphrase. IF the passphrase is correct you should be able to access the wallet again.

Hey Guys,

i have lost my wallet file but i have been able to recover the private keys. Problem is that they are encrypted with a passphrase. I know the passphrase but how can i now decrypt them to import them into a new wallet?