Topic: Seeking guidance in attempts to recover legacy wallets (2009, 2010, 2013). (Read 208 times)

There's really a good chance that the story is made up to seek help with the backup files he got access from somewhere unspecified ("Jay").
We often get a few of this kind of topic here where obvious lies can be observed right from the OP or in the next replies.

IMO, OP's haven't reached my personal lie-detector threshold yet, but sadly, he never replied after I've pointed the errors in his detailed explanations of the story.

Just to point out, OP didn't mentioned mnemonic/words backup,
He's talking about Bitcoin Core and appears to be from correct based from wallet dump contents which is arguably created by Pywallet (his screenshot)

No they were not bought. They just don't exist. Deterministic wallets (your words) did not exist in those years
The Berkeley/DB format of wallets from that time is not viewable using Notepad
But what motivates someone to post such a hoax here?

ckey refers to encrypted private key, where you need mkey and the password to decrypt ckey[1]. There are many software which can decrypt/crack wallet.dat, but i'm not aware of any software which only ask for ckey and mkey data though.


Middle 2016 is the correct date. To be specific, Bitcoin Core starts to use deterministic/HD wallet since Bitcoin Core 0.13.0[2].

[1] https://bitcoin.stackexchange.com/a/115049
[2] https://bitcoincore.org/en/releases/0.13.0/

Before helping him, you must have multiple backups of wallet files.

You can try with
[overview] Recover Bitcoin from any old storage format and come back with more details.
The FinderOuter, a bitcoin recovery tool
https://github.com/gurnec/btcrecover/tree/master

If your friend is ready with a paid recovery service, inform him about this.
Bitcoin Wallet Recovery Services - for forgotten wallet password
http://walletrecoveryservices.com/

You can't get those results if you open a wallet.dat via Notepad.
Those are wallet dump files created by a third-party software, maybe renamed into "wallet.dat" file.

If those are your wallet.dat files, it's not surprising that Bitcoin Core failed to load those.

Another is the "best block" line which is 0x00, that indicates that the dumped wallet files haven't been loaded and scanned by a synced Bitcoin client.
(in other word: unused)

If a transaction created in 2009 belongs to a deterministic wallet, it's highly likely that it's just edited-in there (shown not as "watch-only").
You can't spend it since the wallet doesn't have the correct private key to sign.

FYI, Bitcoin Core doesn't use deterministic wallet in 2009 or even until mid 2016.

If giving dates in an attempt that someone might be aware of the formats used at the time, screenshots of what we are seeing and explaining what we have tried, with specific questions, equates to an unbelievable story, then I may just have misunderstood the tech support request format in the "[READ BEFORE POSTING] Tech Support Help Request Format" thread, insofar as defining the client, posting screenshots of errors or what is being encountered, etc.

The wallets were not bought, believe what you will. A lot of the tools I mention are already covered on this very forum, so I have attempted to outline what has been covered already. Working in IT, we tend to believe in providing as much information as possible in an effort to not duplicate work.

The longer these walls of texts are, the less believable the story.

Here's the simple solution to your dilemma; there is no bitcoin in those wallets.  If you payed for them, you were scammed.

Hi there everyone.

Firstly, my disclaimer, I am not an expert, I am a person who works in IT who is trying to help a friend who is into Crypto. So forgive me if I get some of the language mixed up... I will do my best to relay everything.

I have a friend (we can call him Jay) who has some old wallet.dat files from his various years of working with crypto. He decided to look at some old hard drives that he had, and look to see what he could recover after formatting them some years back. Using Recuva, he found a few wallet.dat files, along with their associated addresses. Given that they were recovered, we are not sure of the state of the wallets. He has said that because he has worked with so many platforms across the years, he is not sure exactly which platform he was working with when exporting the .dat files, but he believes these were Bitcoin Core.

He was initially involved in BTC Mining right in the beginning, when you could still use memory sticks to mine coins and you received a 50BTC reward for working on the mining...

One of the wallets is from these initial mining efforts, but from what he has said, it seems that the one .dat file is a deterministic wallet that's also linked to three other addresses. So let's call this one Wallet 1 (I think he called one of the addresses an origin wallet or a genesis wallet or something along those lines). When examining the primary address, we can see the block reward from 2009 and a few other transactions, but none outgoing for several years. (I am not sure how deterministic wallets are different from regular ones, so I don't know if this makes a difference to another wallet.dat file)

There is another wallet, Wallet 2, which also has its own wallet.dat file. This one first received and then performed a few transactions in 2010, but still holds its contents as well.

Wallet1 is 67kb. Wallet2 is 62kb. When opening these wallets in a notepad, we can see ckey values.
This is a sample of Wallet 1's format in Notepad:
https://imgur.com/a/4bvrUVx
Wallet 1 is 66537 characters in Notepad, and has 205 sets of data.
This is a sample of Wallet 2's format in Notepad:
https://imgur.com/a/z9iOGFy
Wallet 2 is 65388 characters in Notepad, and has 202 sets of data.

When attempting to open Wallet1 and Wallet2 in the most up-to-date version (27.0) of Bitcoin Core, we get this:
https://imgur.com/a/a3kc3Bp

It is, however, my understanding that some of the oldest wallets may be incompatible with the newer BTC Core installation.

There is another wallet.dat file (136kb), Wallet3, which is associated with an address which was created in 2013. This one is different from the first two, insofar as the format in Notepad is vastly different, and opening it in Notepad just presents 139 261 characters of gibberish. We (another friend of mine, Kay, who is more competent in python that I am, and I) believe it's been double encrypted. Wallet 3 can open in Bitcoin Core, even though we receive a warning that it is a legacy wallet... but attempting a transaction prompts for a passphrase.

I have asked Jay if he doesn't have some way to check the restorations for any associated .json files which might have been associated with any of the wallets, and he is adamant that "Back then we literally just needed to save the .dat file to a memory stick for it to be considered as backed up"... He doesn't remember what he was using in 2013.

Kay and I have been working with as many online resources as possible, scouring forums and trying a multitude of methods for recovery, including Pywallet (in both Python 2.7 and 3., BTCRecover, and Salvage commands. We have also been trying to extract WIF values from the ckey values in the .dat files to try and pull the wallets into Electrum, but the WIF values we are able to extract appear to be for the incorrect wallets, or our attempts return 51/52-character long values, which is not supported... We have tried hashcat, and have gone through over 25million password combinations, but none seem to be working. Sadly, because these are such old wallets, it would appear that resources which were available to recover them several years ago are either tricky to find or completely missing today.

So, a few questions:
1. Is there a way to verify that Wallet1 and Wallet2 are, in fact, viable? I don't know how to validate these wallets to be sure that they aren't corrupted, which could be (I would imagine) a valid reason for them failing.
2. If my understanding of the notepad values of W1 and W2 are correct, then each ckey value is a private key which has been compressed. As mentioned, I have tried to convert them into WIF formats to try and bring into Electrum... I am not sure if I am missing something. The last few weeks have seen us trying so many different theories, attempts etc, my head is a bit fuzzy with it all, so I apologize if I don't have exact references for everything. Please feel free to point me in the direction of tutorials if you are aware of any.

The next thing which I wanted to try was wallet-recover from makomk, as referenced here:
https://bitcointalksearch.org/topic/walletdat-recovery-help-solved-2668480
https://bitcointalksearch.org/topic/bitcoin-private-keywalletdat-data-recovery-tool-25091

Unfortunately I don't seem to be able to download the  wallet-recover utility from the url in those posts (http://makomk.com/~aidan/wallet-recover), and going to makomk.com and searching for it returns no results. Is there a chance that someone has the url to be able to download this tool? I am not even sure that it would work, considering that the wallets were restored from Recuva, there are likely not any temp files which might be associated with the private keys to look for...

Any guidance would be truly appreciated.

Sincerely,
Angel