Bitcoin Forum

Several years back around 2013-ish I sold my friend some Bitcoins and hid the wallet.dat in a file.

I cannot remember if it was a picture file vs MP3 or what...

The point is I can't find his wallet.dat anywhere... I tried scanning files that looked like they were "it" through Winrar but got nowhere.

I need someone who's good with data and can do a deep scan on about 12 gigs of data and find any missing artifacts (wallet.dat!).

If you find the wallet.dat you can keep 10% of the total BTC. I think the number was no less than 10 BTC so this might be a good way to earn a Bitcoin!

PM me with your contact information and any relevant experience you may have. I WILL NOT be releasing the data to anyone who's anonymous...

TRUSTWORTHY people only!

Cheers,
Brian

The problem with Steganography is that you could have hidden your wallet.dat into any video, audio, image or text... 12Gb can (and probably will) contain hundreds of potential files... Without knowing which technique you used and which password you used, it's a daunting task

I guess you'll be able to improve your odds if you have a clue about:

• The time when you hid the wallet.dat... If you haven't edited the picture/movie/text/audiofile since then, you *might* be able to look at the timestamp when the media files on your disk were last modified and decrease the number of files that have to be examined drastically
• The password used... Without this password, it's a task that virtually impossible

But in my honest opinion, just sending a random on the internet 12 Gb of random data with the promise that in one of the files you're sending them, you've steganographically hidden a wallet.dat won't give you any positive results...

Hi FlipPro, i am a computer engineer, i can try to find your wallet.dat.
I’m one of the developer of xdag coin and i did a lot escrows services for that coin (at least one shot worth 50k$, but a lot of 20k$ each). So i think that i’m reliable, if interested you can send me a PM and i’ll show you more references, if you need.
Cheers
Marco.

When you say that you hid the wallet.dat in a file what exactly do you mean? Did you put it in an archive together with pictures, MP3 files, used an icon changer to change its appearance  and used winrar to archive it? Give me some more info please.

EDIT: or you could use backtrack and just go through the files that you created in that time frame when you hid the file. For example if you know that the wallet.dat was hidden before NOV 2013 but not earlier than JUL 2013 - search through the files created in those months. You might remember where you hid it.

Take a look at this video here
https://www.youtube.com/watch?v=VqWZBbLsCG8

Presumably OP used one of the many Steganography tools out there, but you're right, that may not necessarily be the case.

OP what tool did you use to hide the wallet.dat file?

This is extremely bad practice when it comes to handling money. There is no guarantee that the file is even in there at all. :-X

I can help you recover your wallet.dat. I'm sure that as long as the file is there I'll probably find it, I've sent you a PM.

I'd like to know this too :)
Depending on what you did, pywallet (https://bitcointalk.org/index.php?topic=38004.0) can be used to search the entire partition. Don't forget to create one or more backups before continuing your search.

I think I used Winrar but I'm not sure, it was a long time ago :(

So you used something like WinRar / WinZip / 7zip to compress the file and then changed the file extension? If so, did you also use a password or did you merely zip the file?

If you just renamed the file from wallet.dat to "someOtherNameAnd.ext", then pywallet would probably work...

However, if the structure of the wallet.dat was fundamentally changed on disk by compressing it (using an archiving tool like WinRar)... Or by encrypting the file using an external encryption tool... Or "hiding it" in another file using stenography... Chances are that finding that data will be next to impossible as it will just look like any other random block of data of disk.

Unless you have a very good idea of how you "hid" this file... Your chances of finding it in amongst 12gigs of data is very very very small. :-\

It depends... if OP used a steganography tool or something like a hidden encrypted volume than there's pretty much no chance of finding the file (which is the whole point of steganography and hidden volumes after all).

If OP merely renamed the extension of a zipped wallet file it should be possible to scan the files for meta data indicating a file archive (ie. zip utilities don't try their hardest to hide).

OK, so you put the wallet.dat file together with pictures and/or MP3 files and made an archive of those files, correct?
Did you change the name of the wallet.dat file?
Did you change the extension to something else other than .dat?
Did you change the icon of the file?

And also tell us when you say that there are 12gb of data, is that the size of the whole disk/partition where you think the wallet.dat is located or is that the size of all the archives you have there, or music files, pictures? Can it be narrowed down?

Made a quick program. It could find wallets regardless of extension (or bitcoin_core version). Even if OP added some fake data to the file, or merged a wallet file with another one, it will still be able to find it.

However, compression as expected, completely changes a file because of compression algos, but I guess it might help narrow down the search to only those compressed files if OP is sure the wallet is there..

My code is pretty fast too, 5gb of data in less than a minute. I'll wait for OP to show up so I can help him out.

https://puu.sh/C31mf/1768614fee.png

^a reminder to OP and others, do not run any executables and no code without inspecting what it does first.

If it's only 12 GB, with a 10+BTC reward, why don't you start by manually checking all files? Just make a copy of your 12 GB, and work on that. You can check images pretty fast: anything that shows a thumbnail or plays music can be deleted (again: from your copy!) to narrow it down. After making this first selection, see what files are left and continue your deeper search from there.

There is a "popular" way to hide data in the end of videofile that lengthens the file. The video will still work normally though. Probably the same with some other file formats.

Of course, if you are sure you used winrar, then it is easier.

With linux should be easy...


But if it's hidden in an image that's another thing, i know how to hide a privatekey in an image, sha256 makes that possible, but hide a full wallet file in an image sound really weird to me.

You will have to share or give access to that hard disk to a user on this section if you want to recover that btc and doesn't have a clue about how to do it.

I remember there were days when people used to hide mp3s inside jpeg/jpg files. Maybe it's the case.
If you also archived the file first, maybe you should try a search for jpg/jpeg files that contain Rar! or PK, if you didn't do that yet.

Anyways much more details will be needed from the OP's side if there is any chance for us to help you. A lot of information is lacking...

Thats right. Just downloading some program a random guy on the internet made for you to find your coins may be risky.

I would tey an alternative, as you could lose 100% of your BTC, not 10%>

Your problem looks not that hard to solve, and the amount of money is too big for the risk

What info's?

Looks like you had a great vacation.

If you didn't see it yet, I made an open-sourced software to help you out : https://bitcointalk.org/index.php?topic=5071775

If you still want to stick to your 10% offer I'd be happy, but now the software is open sourced so.. :)

Still, if you need any help just send me a PM.

I scanned it and it was absolutely no dice :(...

I really appreciate you writing this program for us.

You have no idea how much closure you've brought me.

Thank You!

Brian

Well I hope it helped you. If it displayed any errors while scanning or you feel like you might have done something wrong let me know.

Otherwise, if youre sure the wallet was there, the software skips files larger than 300mb, and wont find your wallet in archives. So try to check those manually

This goes for open source software too. Open source does not mean in any capacity that the code is safe. Do not rely on others to find and check the code for you. Look yourself or ask a friend that you trust to check it. Especially when it comes to dealing with wallet.dat files.

Still, if you need any help just send me a PM.
[/quote]

I scanned it and it was absolutely no dice :(...

I really appreciate you writing this program for us.

You have no idea how much closure you've brought me.

Thank You!

Brian
[/quote]

Hi Brian

You should consider the following

1) If you believe the file was inside a .rar or .zip , then collect all of them and unpack them (even though the file name is not wallet.dat) the info inside the file would be not compressed when scanning.

3) Make an image of your entire drive (that would also include deleted files), call it yourdatadump

3) search for the following string 'name"' , i'ts an old trick to find addys inside bitcoin wallets (work even with encrypted wallets), then a 34 character address
   would follow after this string, this is mostly for receiving addys.

4) Try this command to find any possible BTC addys starting with 1; (this is for linux/ubuntu)
    cat yourdatadump | grep -o -w '1[123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ]\{33,33\}'

5) If you believe you did write down the private key, you can search for this string
cat yourdatadump | grep -o -w '5[123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ]\{50,50\}'
which is find all strings starting with 5, followed by 50 base58 characters

Good luck
/KX