Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Testing encrypted private keys (Read 235 times)

ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Testing encrypted private keys
May 26, 2019, 11:58:51 AM
#4
Quote from: PC_M@niac on May 26, 2019, 11:49:32 AM
It is not HD wallet. Addresses started with "1". Keys encrypted independently or in some big chunk?

AFAIK it should be in one big chunk (located on similar byte location), but each private keys should be encrypted independently.

Quote from: PC_M@niac on May 26, 2019, 11:49:32 AM
This PBKDF2 key stored in some fixed place? It is possible to find them manually?

Unfortunately, i only know high-level information about Bitcoin core wallet & i don't know if PBKDF2 was used on older version of Bitcoin Core wallet.

But there are 2 core developer who's active in this forum, your question should be answered few days later.
PC_M@niac
jr. member
Activity: 52
Merit: 3
Re: Testing encrypted private keys
May 26, 2019, 11:49:32 AM
#3
Quote from: ABCbits on May 26, 2019, 11:42:31 AM
If the wallet really encrypted, you won't able to find private key/master private key (xprv) on the raw file.
There are several wallet.dat format, but the one i know use PBKDF2 where PBKDF2 private key used to encrypt master private key & PBKDF2 private key is encrypted with user's password.

There are few tools to brute-force Bitcoin core (such as https://github.com/glv2/bruteforce-wallet), but i've no idea if it's works with broken/corrupt wallet.
Personally i'd recommend professional recovery services (such as https://walletrecoveryservices.com/) in this case.
It is not HD wallet. Addresses started with "1". Keys encrypted independently or in some big chunk? This PBKDF2 key stored in some fixed place? It is possible to find them manually?
ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Re: Testing encrypted private keys
May 26, 2019, 11:42:31 AM
#2
If the wallet really encrypted, you won't able to find private key/master private key (xprv) on the raw file.
There are several wallet.dat format, but the one i know use PBKDF2 where PBKDF2 private key used to encrypt master private key & PBKDF2 private key is encrypted with user's password.

There are few tools to brute-force Bitcoin core (such as https://github.com/glv2/bruteforce-wallet), but i've no idea if it's works with broken/corrupt wallet.
Personally i'd recommend professional recovery services (such as https://walletrecoveryservices.com/) in this case.
PC_M@niac
jr. member
Activity: 52
Merit: 3
Re: Testing encrypted private keys
May 26, 2019, 10:07:11 AM
#1
Hello. I'm have some broken wallet.dat, restored from raw drive image. Wallet made by Bitcoin core v0.15-0.16 (as I know).
Tested in different restore/brutforce software. All scripts stuck while opening file. Bitcoin Core says that file was broken and sweep isn't possible.
But if I open this file using basic text editor, it's contain addresses in plaintext and all other data looks like normal wallet.dat.

I'm tried to understand raw file structure, but only find some high level tools/libs.

I think it is possible to recover private keys from this file, but I need some tool to check/decrypt raw data from wallet.

Anyone know how in low level does private keys stored and encrypted in this file?

Maybe exist some tool that can test provided data (bitcoin address, encryption password, some raw string) by all encryption methods that used in different versions of Bitcoin Core software? So I can scan all this file, cut it on chunks length of encrypted private key, and test it by this tool.

Maybe not a ready to use tool, but some low level libs.
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: