Author

Topic: [solved!] How can I extract private keys from a compromised wallet.dat? (Read 2283 times)

hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Can you spend that money or are those imported addresses readonly?
hero member
Activity: 518
Merit: 500
Have a look at jackjacks python wallet stuff. might be of help.

 Thank you for your suggestion. I've actually tried jackjack's PyWallet fork, along with a few other ones, and none of them would open the wallet. they didn't even output anything.

 I was successful in copying hex data from the compromised wallet and pasting it into a working stock wallet and I now have access to the Bitcoins that were inside of it. Thank you everyone for your replies!

wow - that's brilliant - well done!!
newbie
Activity: 15
Merit: 0
Have a look at jackjacks python wallet stuff. might be of help.

 Thank you for your suggestion. I've actually tried jackjack's PyWallet fork, along with a few other ones, and none of them would open the wallet. they didn't even output anything.

 I was successful in copying hex data from the compromised wallet and pasting it into a working stock wallet and I now have access to the Bitcoins that were inside of it. Thank you everyone for your replies!
full member
Activity: 176
Merit: 100
Have a look at jackjacks python wallet stuff. might be of help.
hero member
Activity: 518
Merit: 500
What if the wallet is locked with a password? Would it still not look like gibberish?

Of course - that's what passwords are for Smiley
newbie
Activity: 15
Merit: 0
 I appreciate the responses!

 I opened both the compromised and a working wallet in a hex editor. It looks like most of the data in the wallet is intact. I was sifting through the wallet and noticed a bunch of strings called Key, is this where the keys are? (It may seem like a silly question, but I don't want to just assume.) I tried to copy the hexadecimal values and import them as keys in both Bitcoin-Qt and Electrum, but neither saw them as valid keys. Are they compressed and need to be uncompressed before they can be used? Where do they start and where do they end? I extracted keys from working wallets to see if I can see a pattern, but the extracted keys aren't in hexadecimal, so they don't match. I thought I'd create a new wallet.dat and try to copy and paste the data between keys strings, but that didn't work, and somehow still shows the stock wallet's original receiving address. I feel like they are here, just waiting to be pulled out.

*Update

I might have posted a little too soon. I did some more copy pasting of the wallet and I think I found the private key. Waiting to test it, I just have to wait on Bitcoin-Qt...
hero member
Activity: 728
Merit: 500
I'm not sure how this happens, but the wallet.dat file will not load in any version of Bitcoin-Qt. It just comes up corrupt. I tried to run PyWallet on it to recover it, but it just exists and doesn't spit any output out. (I am familiar with how to use it, as I used to to extract keys from a good wallet. Of course, suggestions are welcome regardless!) The wallet didn't have much in it, but I'd still like to have them accounted for. The sad thing is, I backed up this specific wallet both when I first created it, and when I had to reload my computer. The original one just .. vanished. I have no Earthly idea how that just happens, but the only copy I have. Is it possible to extract the keys using a hex editor? It was created using BitCoin-Qt 0.8.1 and I think I upgraded the client to 0.8.5, but I don't remember now.

And people keep telling me bitcoin-qt wallet never gets corrupted and is so easy to use. Sigh.

Issues like this might very well be due to harddrive-problems. There's not much you can do against that.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
What if the wallet is locked with a password? Would it still not look like gibberish?
member
Activity: 99
Merit: 10
I'm not sure how this happens, but the wallet.dat file will not load in any version of Bitcoin-Qt. It just comes up corrupt. I tried to run PyWallet on it to recover it, but it just exists and doesn't spit any output out. (I am familiar with how to use it, as I used to to extract keys from a good wallet. Of course, suggestions are welcome regardless!) The wallet didn't have much in it, but I'd still like to have them accounted for. The sad thing is, I backed up this specific wallet both when I first created it, and when I had to reload my computer. The original one just .. vanished. I have no Earthly idea how that just happens, but the only copy I have. Is it possible to extract the keys using a hex editor? It was created using BitCoin-Qt 0.8.1 and I think I upgraded the client to 0.8.5, but I don't remember now.

Load up the file in a hex editor, if it's a bunch of zeros or you see random identifiable strings that have nothing to do with bitcoin, the file is probably corrupt.
newbie
Activity: 15
Merit: 0
I'm not sure how this happens, but the wallet.dat file will not load in any version of Bitcoin-Qt. It just comes up corrupt. I tried to run PyWallet on it to recover it, but it just exists and doesn't spit any output out. (I am familiar with how to use it, as I used to to extract keys from a good wallet. Of course, suggestions are welcome regardless!) The wallet didn't have much in it, but I'd still like to have them accounted for. The sad thing is, I backed up this specific wallet both when I first created it, and when I had to reload my computer. The original one just .. vanished. I have no Earthly idea how that just happens, but the only copy I have. Is it possible to extract the keys using a hex editor? It was created using BitCoin-Qt 0.8.1 and I think I upgraded the client to 0.8.5, but I don't remember now.
Jump to: