Author

Topic: Recovery Operation for an old Wallet.dat (Read 59 times)

legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
December 23, 2024, 07:31:05 AM
#4
Hello, thank you for your response. While scanning hexadecimal values, I found multiple identical hex codes. For example, there are 15 instances of the value D030123456...47 00, and I converted only one of them into a WIF code. I found many similar results. Does this seem normal?
Those example may not be private keys since the possibility of randomly generating multiple collisions (or even one) is near impossible.
The logical explanation is those are may be from duplicate copies of your wallet.dat file or the same private key imported to multiple wallets or other data that's normally repeated.

Quote from: callerman
Am I correct in understanding that, using the method you mentioned, I need to convert the hexadecimal code into a WIF code and then randomly modify the prvKey values?
You need to modify the private key one or multiple Bits per iteration.
To visualize that and to do it manually, you need the "binary" format, it's not something that can be easily done manually.
Flipping each Bit (change '1' to '0', vice-versa) at a time, maybe, since that's 256 iterations per private key, but with 2 or more, you'll need to automate it.

That suggestion isn't normally used to recover corrupted data since it's basically bruteforcing your way to reproduce the correct data.

Quote from: callerman
Also, could entering the wrong password while scanning with Pywallet lead to a result like the one above?
No, pywallet will still show if there are encrypted private keys to be recovered from the "recov-device".
Providing the wrong password will result with failed to decrypt private keys, it'll show you an error message saying that the provided passwords do not work.
?
Activity: -
Merit: -
December 23, 2024, 03:47:04 AM
#3
When I checked the address, it showed activity between 2014 and 2020, with transactions totaling 2.81 BTC. However, I’m certain this is not my wallet, as the balance should have been higher. Could this just be a coincidence?
With the size of a Bitcoin private key (almost 2^256), that can't be a random coincidence and you've properly restored one of the private key in that disk.
If you're certain that it's not yours, then you might have imported that private key that you got somewhere.

If you're expecting more bitcoins, those might be the other keys but each has at least one Bit flipped since it's already party overwritten or corrupted.
You could iterate one to a few bits difference of the result empty private keys;
e.g.: if your restored privKey is ...001010101 but the actual private key is ...001011101, you can try to switch each Bit of the restored prvKey to reproduce the correct prvKey.
But don't put your hopes on it since usually, the damage is a significant chunk, not just a few bits.

It's worth the try for a last resort but I can't find a tool that does that so you need a specifically written script for that.
Hello, thank you for your response. While scanning hexadecimal values, I found multiple identical hex codes. For example, there are 15 instances of the value D030123456...47 00, and I converted only one of them into a WIF code. I found many similar results. Does this seem normal?


Am I correct in understanding that, using the method you mentioned, I need to convert the hexadecimal code into a WIF code and then randomly modify the prvKey values?

Also, could entering the wrong password while scanning with Pywallet lead to a result like the one above?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
December 23, 2024, 01:42:26 AM
#2
When I checked the address, it showed activity between 2014 and 2020, with transactions totaling 2.81 BTC. However, I’m certain this is not my wallet, as the balance should have been higher. Could this just be a coincidence?
With the size of a Bitcoin private key (almost 2^256), that can't be a random coincidence and you've properly restored one of the private key in that disk.
If you're certain that it's not yours, then you might have imported that private key that you got somewhere.

If you're expecting more bitcoins, those might be the other keys but each has at least one Bit flipped since it's already party overwritten or corrupted.
You could iterate one to a few bits difference of the result empty private keys;
e.g.: if your restored privKey is ...001010101 but the actual private key is ...001011101, you can try to switch each Bit of the restored prvKey to reproduce the correct prvKey.
But don't put your hopes on it since usually, the damage is a significant chunk, not just a few bits.

It's worth the try for a last resort but I can't find a tool that does that so you need a specifically written script for that.
?
Activity: -
Merit: -
December 22, 2024, 06:30:15 AM
#1
Hello,

A few years ago, between 2011-2012, I remember mining with Bitcoin-QT. Of course, at that time, I didn’t have any knowledge about Bitcoin and ended up deleting Bitcoin-QT from my computer. It was an old computer, and I needed to free up some space. Yes, this is very unfortunate.

I have little to no technical knowledge, so I’ve been trying to recover this wallet for several years. I did manage to create a backup of the disk. As far as I remember, the computer wasn’t used much after Bitcoin-QT was deleted because it eventually broke down. I still have the hard disk and made a copy of it to work on.

Any advice or guidance would be greatly appreciated.

I’ve tried several methods to recover the wallet.dat file. I scanned the external drive using data recovery programs, but it seems the file name and path have been altered, so I don’t know how to locate it.

I searched for hexadecimal code strings like 0201010420 and found a lot of results. I converted these to WIF (Wallet Import Format) keys, but the unencrypted WIF keys turned out to be completely invalid. However, I did find one encrypted WIF wallet.

When I checked the address, it showed activity between 2014 and 2020, with transactions totaling 2.81 BTC. However, I’m certain this is not my wallet, as the balance should have been higher. Could this just be a coincidence?


By trying to recall more details, I remembered that my Bitcoin-QT wallet was encrypted, and back then, I used just a few passwords across all platforms.  I still remember those passwords. Later, I learned that the hex string 0201010420 doesn’t apply to encrypted wallets, or maybe I’m making a mistake somewhere.

Then, I came across another method using Pywallet. I installed Python 2.7.18, Pywallet, and necessary dependencies like ecdsa, twisted, pycrypto, and bsddb3 on Windows 10.

I ran the following command:
Code:
pywallet.py --dumpwallet --recover --recov_device=G: --recov_size=80Gio --recov_outputdir=C:\users\computer\desktop\newwallet

Enter the passphrase for the wallet that will contain all the recovered keys:

Enter the possible passphrases used in your deleted wallets.
Don't forget that more passphrases = more time to test the possibilities.
Write one passphrase per line and end with an empty line.
Possible passphrase:
Possible passphrase:
Possible passphrase:
Possible passphrase:
Possible passphrase:
Possible passphrase:
Possible passphrase:
Possible passphrase:
Possible passphrase:

Starting recovery.
.
.
.
.
.
Read 59.0 Go in 54.0 minutes

Found 0 possible wallets
Found 0 possible encrypted keys
Found 0 possible unencrypted keys


All the found encrypted private keys have been decrypted.
The wallet is encrypted and the passphrase is correct


Importing:


The new wallet C:\Users\computer\Desktop\newwallet/recovered_wallet_1734864041.dat contains the 0 recovered key

After these results, I scanned another wallet.dat file that I created with PyWallet in Bitcoin Core, and the result was the same. Right now, I don’t know what to do or which method to use. I’m writing here as a last resort, hoping we can find a few different methods. Thank you in advance for all the answers.
Jump to: