Those 32 character groups (after the sequence) are your private keys. You've probably found your wallet file.
They are 30 characters unfortunately and pywallet against the text file I created through grep does not get them out. I tried db_recover, no good. Also tried your dump keys program from here https://bitcointalk.org/index.php?topic=2619534.msg26661685#msg26661685Is this the kind of thing you add two characters to the beginning like 08, gives you 32 and then you convert the keys to Bitcoin format and do something with converting the pair, or the other way around? Any ideas? edit: maybe they are 32 with the Berkerley DB masking the last two characters as ^@ or the first as or ^] They're probably unprintable. But if you convert the output to hex (e.g. with hexdump or xxd), then after visually identifying the starting sequence, you can take the next 32 hex bytes, concatenate them to a string like "DECAFBAD0ABBCDE7F...", and convert them to WIF keys with a tool like bitaddress.org (It should always be used offline!) Also, pywallet can recover the keys directly from a corrupted filesystem on a disk, see --recover, --recov_device and --recov_size. e.g. sudo pywallet.py --recover --recov_device /dev/sda1 --recov_size 20Go --recov_outputdir $HOME/bitcoin_recovery "20Go" is the size required. The output directory must exist. You will need to set the password of the recovered wallet to something you'll not forget. The list of passwords can be empty, just press enter on the "Possible passphrase" prompt. It searches for keys in the way described by you (looking for data string above), but converts them automatically.
|
|
|
About the wallet.dat file , there are keywords like "pool" , "name" , mkey, key! , ckey! , keymeta! and after the keywords is encoded data ..... I have tried to cut and past keyword sections of the file into another and it does not work. I would try to replace a "pool" section from one file to another and that basically just breaks your wallet. I think the keyword sections are linked in a way I don't understand. Maybe someone here can point to a page that explains that in detail.
The wallet file is actually a Berkeley database. The keywords are the keys of the key-value pairs stored there, and some encoded data follows each key and value. To decode them, a tool such as pywallet would be needed.
|
|
|
Thanks for trying and yes it's a junk seed for pure testing. And no password was added.
Evidently there is something slightly different about XEM. I've read elsewhere that it uses SHA3 + RIPEMD160 whereas most other coins use secp256k1+RIPEMD160. That's gibberish to me but it means that site might need to specifically adjust something for it to produce valid results.
I asked Trezor themselves and they sent me to the Ian Coleman thing so if even they don't know that it's a tad worrying, but then again the whole point of Trezor is not needing to do it.
Apparently, NEM uses a different curve for key derivation. AFAIK, Ian Coleman's tool only supports BIP32 with secp256k1, which is not suitable for NEM. NEM uses Ed25519, which is completely different.
|
|
|
Well, I've kind of figured it out. First of all, you have to set the derivation as m/44'/43'/0'/0' and check "Use hardened addresses" (since the last part is the account address and appended automatically). Second, if you set the Coin to ETH, you'll get the raw hex private key (since Ethereum does not have an address encoding of its own).
The correct private key would be "0xe39f02b9a4c6a38d2082568dbfbea91c323a6a4da6f3cf0f876ade767d25ca33", but unfortunately, that does not produce a valid address.
Are you sure that you didn't use a password with your Trezor mnemonic?
|
|
|
Don't forget to reset your Trezor afterwards, since you've exposed your seed!
|
|
|
Those 32 character groups (after the sequence) are your private keys. You've probably found your wallet file.
|
|
|
Apparently, NEM private keys are in the conventional hexadecimal format.
You can use bitaddress.org (of course, you should be running it offline) -> Wallet Details, paste your bitcoin-format private key there, and scroll down to see the "Private Key Hexadecimal Format (64 characters [0-9A-F])" field. These 64 hex digits should be the private key that can be used in NEM.
|
|
|
And the zope.interface-3.6.4-py2.7-win-amd64.egg?
nope Anyway, that was racquemis' method. Mine is a little bit different. Did you see the Python script I posted above? Copy it into Notepad and save it in C:\Python27 as dumpwallet.py (make sure it's not .txt!), and then open the command prompt. Enter the following: cd C:\Python27 python.exe dumpwallet.py %AppData%\Bitcoin\wallet.dat > private_keys.txt
The private_keys.txt file in C:\Python27 will contain a list of WIF private keys extracted from your wallet. You can import them into Electrum later, if you succeed. Make sure that your PC is not connected to the internet while running the commands for extra security.
|
|
|
Try searching for the hex string "fd1701308201130201010420". In old wallet files, a 32 byte sequence following the above string will be your private key.
Does this look right? grep -i -a -B10 -A100 --binary --text --perl-regexp 'fd1701308201130201010420' /dev/sda1 Doing some research I just read a blog that says wallet encryption was not until version 0.4.0 on September 23, 2011? If that is correct does that mean the wallet.dat before that date are plain text or still Berkerely DB? If it is in Berkerely DB would that mean I could retrieve the entire wallet including all keys by simply using db_dump.py on a found wallet.dat file? thx No, that doesn't seem correct. I recommend dumping an image of the disk drive (you should keep a copy, NEVER do anything on the disk you're trying to recover the data from!) Then you can use a hex editor such as Okteta to search for the hex string in the dump file.
|
|
|
And the zope.interface-3.6.4-py2.7-win-amd64.egg?
|
|
|
thanks for your answer but I'm totally newbie on that... you will need to explain me a bit better :S
the first problem I see is that the links you posted above are both the same and why u call them egg files?? they are not egg files :S
the first one is: setuptools-38.2.4-py2.py3-none-any.whl, not ".egg"
and the second one is a zip file, which does not contains any "ez_setup.py"
Do you have easy_install.exe in the C:\Python27\Scripts folder?
|
|
|
You can also try using my Python 2 script for dumping the wallet (it's loosely based on pywallet, and might work better with some corrupted wallets) import sys import struct from bsddb.db import * from hashlib import sha256
# Dumps the private keys from a wallet.dat file. # Inspired by pywallet.
B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
if not len(sys.argv) == 2: print("Usage: %s <wallet_file>" % sys.argv[2]) sys.exit(1)
def read_size(buffer, offset): size = ord(buffer[offset]) offset += 1
if size == 0xfd: size = struct.unpack_from("<H", buffer, offset)[0] offset += 2 if size == 0xfe: size = struct.unpack_from("<I", buffer, offset)[0] offset += 4 if size == 0xff: size = struct.unpack_from("<Q", buffer, offset)[0] offset += 8
return offset, size
def read_string(buffer, offset): offset, string_len = read_size(buffer, offset) return offset + string_len, buffer[offset: offset + string_len]
def b58_encode(d): out = "" p = 0 x = 0
while ord(d[0]) == 0: out += "1" d = d[1:]
for i, v in enumerate(d[::-1]): x += ord(v)*(256**i)
while x > 58**(p+1): p += 1
while p >= 0: a, x = divmod(x, 58**p) out += B58[a] p -= 1
return out
def b58check_encode(d): checksum = sha256(sha256(d).digest()).digest()[:4] return b58_encode(d + checksum)
db = DB() db.open(sys.argv[1], "main", DB_BTREE, DB_RDONLY)
items = db.items()
for item in items: k, v = item koff, voff = 0, 0 koff, item_type = read_string(k, koff)
if item_type == "key": koff, pubkey = read_string(k, koff) voff, privkey = read_string(v, voff)
if len(privkey) == 279: secret = privkey[9:9+32] else: secret = privkey[8:8+32]
if pubkey[0] != "\x04": secret += "\x01"
print(b58check_encode("\x80" + secret)) print(secret.encode("hex")) db.close()
|
|
|
Yes. You'll have to make a transaction from your hardware wallet (Ledger) to one of those sites.
|
|
|
Try searching for the hex string "fd1701308201130201010420". In old wallet files, a 32 byte sequence following the above string will be your private key.
|
|
|
Well, AFAIK there are no tools to do this automatically. Your only bet is bruteforcing it manually, however I can also try writing a Python script for you to automatize that.
|
|
|
U2FsdGVkX1/kRvhM1xHooLU0JXNzmPMdfrhXm3s6yNsaFIePpHzDRahRCeVql5qM9N1tOciZmFmyV7KTQ4sAZ7PRcY5NgGJIoJCnqUTZPkM=
i modified the string a bit letters, what type of encryption is used, i know some letters of this encrypted private key
btw my previous post i lost my password of the dash file with 66 Dash in it, any help is welcome.
theres 1k in my paper wallet but i simply lost it
Looks like an encrypted private key from a StrongCoin paper wallet. Decryption tutorial: https://strongcoin.com/blog/decrypting_private_keys_generated_with_strongcoin.
|
|
|
How can a different curve type allow for bigger blocks?
If you're talking about the amount of transactions in a single block, I don't think that an ECDSA signature can be made smaller than about 64 bytes (two 256-bit integers, ~75 when DER-encoded), and the size of signatures is typically negligible (especially with SegWit).
|
|
|
I quickly wrote a small Python script for parsing a wallet and dumping the private keys from it (run with Python 2): import sys import struct from bsddb.db import * from hashlib import sha256
# Dumps the private keys from a wallet.dat file. # Inspired by pywallet. # Credits: https://bitcoin.stackexchange.com/questions/13681/opening-wallet-dat-in-python-using-bsddb3
B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
if not len(sys.argv) == 2: print("Usage: %s <wallet_file>" % sys.argv[2]) sys.exit(1)
def read_size(buffer, offset): size = ord(buffer[offset]) offset += 1
if size == 0xfd: size = struct.unpack_from("<H", buffer, offset)[0] offset += 2 if size == 0xfe: size = struct.unpack_from("<I", buffer, offset)[0] offset += 4 if size == 0xff: size = struct.unpack_from("<Q", buffer, offset)[0] offset += 8
return offset, size
def read_string(buffer, offset): offset, string_len = read_size(buffer, offset) return offset + string_len, buffer[offset: offset + string_len]
def b58_encode(d): out = "" p = 0 x = 0
while ord(d[0]) == 0: out += "1" d = d[1:]
for i, v in enumerate(d[::-1]): x += ord(v)*(256**i)
while x > 58**(p+1): p += 1
while p >= 0: a, x = divmod(x, 58**p) out += B58[a] p -= 1
return out
def b58check_encode(d): checksum = sha256(sha256(d).digest()).digest()[:4] return b58_encode(d + checksum)
db = DB() db.open(sys.argv[1], "main", DB_BTREE, DB_RDONLY)
items = db.items()
for item in items: k, v = item koff, voff = 0, 0 koff, item_type = read_string(k, koff)
if item_type == "key": koff, pubkey = read_string(k, koff) voff, privkey = read_string(v, voff)
if len(privkey) == 279: secret = privkey[9:9+32] else: secret = privkey[8:8+32]
if pubkey[0] != "\x04": secret += "\x01"
print(b58check_encode("\x80" + secret)) db.close()
It's very simple, and outputs a bunch of WIF private keys (you can paste them into Electrum's Sweep dialog for example, but if there's many of them, it's going to take a while to check their balances, so be patient. NOTE: the method of working with the database used here is different from pywallet's. It may work better on corrupted wallets. NOTE: may be required, as noted by jackg below.
|
|
|
|