Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: moneygames on November 21, 2013, 07:39:57 PM



Title: Need help extracting keys from wallet.dat
Post by: moneygames on November 21, 2013, 07:39:57 PM
I am trying to recover a few coins from a wallet on a hard drive with a corrupt filesystem.(Yeah I know backups and all, this is from a while ago and I had planned to spend the balance on this wallet) The standard bitcointools such as dbdump.py will not read any wallet.dat that I construct with found hex bytes from my old wallet. So I moved on to a recovery method described by John Tobey as follows:

https://bitcointalk.org/index.php?topic=8274.msg126698#msg126698

Basically his Perl script searches for the regular expression: (/keyA(.{65})/sg) with the 65 characters representing public keys, and uses these public keys to find keypairs elsewhere in the file. If you know the address of your coins(which I do) you can use http://blockexplorer.com/q/addresstohash and http://blockexplorer.com/q/hashpubkey/ to determine which of the public keys you found correspond to the address. You can run your address through addresstohash, and then run hashpubkey on all the public keys you found in the file until a hashpubkey result matches the addresstohash result for your address.

My problem is that the file format has changed since John Tobey figured this stuff out. I don't see any instances of "keyA", instead I see "key!". Simple modifications didn't work and I started testing the methods with a fresh wallet.dat which seems to be in the same format as the wallet I need to recover. When I do this I can never find a public key that corresponds to my address. I have read that the public keys always start with "0x04" so I went as far as to make a python script that returns hashes for all instances of 65 bytes starting with 0x04. Not a single one of these hashes matches the result of addresstohash even for a fresh wallet.

This is where I realize I am stuck, it looks like either public keys are no longer 65 bytes starting with 0x04, the public key corresponding to my address is not even contained in the file, or I am missing something important.

Here is the python script I wrote to generate hashes for all possible public keys:

Quote
import hashlib
import array
import binascii
import re

f=open("C:\Users\user1\AppData\Roaming\Bitcoin\wallet.dat", "rb");
A=f.read()

hexstr=binascii.hexlify(A)

ms=re.findall('04.{128}',hexstr);
#ms=re.findall('key!(.{65})',A);

hlist=[];
pklist=[];

print len(ms)

for m in ms:

    pklist.append(m)
    mraw=binascii.unhexlify(m)
    dSHA2=hashlib.sha256(mraw).digest()
    h = hashlib.new('ripemd160')
    h.update(dSHA2)
    dR160=h.hexdigest()
    hlist.append(dR160)
        
refhash='60c3ce5d7343f66d2fabea37dcf749828facc7ca'
        
for h in hlist:
    print h

I have confirmed that instances of 65 bytes starting with 0x04 are returned and hashed correctly. Help would be appreciated, thanks!


Title: Re: Need help extracting keys from wallet.dat
Post by: moneygames on November 21, 2013, 11:46:30 PM
Thanks to these two helpful articles:

https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses

https://en.bitcoin.it/wiki/ECDSA

I have determined that my public keys are compressed, and that uncompressed keys starting with 0x04 are a thing of the past.

These are my next possible steps:

1. Determine how to decompress my public keys and continue which what I was doing before using the decompressed keys.

2. Extract all possible 32 byte private keys and generate public keys and hashes of those public keys until one of these hashes matches the hash for my address.

It occurs to me that if the runtime for going from 32 byte private key to hash of public address is small, as long as someone has the correct address, they should be able to essentially brute force an entire hard drive to find the private key that is associated with the address. That would be a cool recovery tool to have, it would be slow but sure to work. Also if the runtime is too long, you could start with byte sequences that have higher entropy, because byte sequences with low entropy are unlikely to be private keys.

Any recommendations are appreciated.


Title: Re: Need help extracting keys from wallet.dat
Post by: moneygames on November 22, 2013, 09:42:35 PM
Got my private key using the following script:

https://gist.github.com/msm595/7595164

ctrl+f on the output to find my address and corresponding private key(unencrypted), then use the import/export function on blockchain.info to sweep my coins to a new address.


Title: Re: Need help extracting keys from wallet.dat
Post by: btchris on September 16, 2014, 04:31:21 PM
How you did that? can you write me please at this email adresse karmelle.oana@yahoo.com . Please help

Unless there's a good reason to keep things private, discussing them publicly is preferred because it can help out people later on with the same problems.

Can you describe the problems you're having? Which wallet software are you using? Have you added a password to the wallet?


Title: Re: Need help extracting keys from wallet.dat
Post by: Schnudelu on September 16, 2014, 05:27:17 PM
Wait if you can get the private key from a wallet.dat where is the security then  ???


Title: Re: Need help extracting keys from wallet.dat
Post by: cr1776 on September 16, 2014, 06:25:13 PM
Wait if you can get the private key from a wallet.dat where is the security then  ???

Encrypted wallet, making sure your machine is not infected by malware - or better, not connected to the network.

See:
https://en.bitcoin.it/wiki/Wallet


Title: Re: Need help extracting keys from wallet.dat
Post by: Schnudelu on September 16, 2014, 06:57:03 PM
Thanks for the link now i understanding it better


Title: Re: Need help extracting keys from wallet.dat
Post by: cr1776 on September 16, 2014, 11:24:47 PM
Thanks for the link now i understanding it better

Sure.  There is a lot of information here and online, many times it is difficult to know where to start to find an answer.

:-)