Bitcoin Forum
June 24, 2024, 01:28:53 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 [2] 3 4 5 6 7 8 »
21  Bitcoin / Bitcoin Technical Support / Re: [HELP] Finding deleted 2009,2010 wallets from original early Bitcoin client on: December 24, 2017, 04:55:19 PM
Quote from: idelcoins on December 23, 2017, 04:33:14 PM
Quote from: SopaXT on December 23, 2017, 10:08:24 AM
Those 32 character groups (after the sequence) are your private keys.
You've probably found your wallet file.

They are 30 characters unfortunately and pywallet against the text file I created through grep does not get them out.  I tried db_recover, no good.  Also tried your dump keys program from here https://bitcointalk.org/index.php?topic=2619534.msg26661685#msg26661685

Is this the kind of thing you add two characters to the beginning like 08, gives you 32 and then you convert the keys to Bitcoin format and do something with converting the pair, or the other way around?

Any ideas?

edit: maybe they are 32 with the Berkerley DB masking the last two characters as ^@  or the first as   or ^]

They're probably unprintable.
But if you convert the output to hex (e.g. with hexdump or xxd), then after visually identifying the starting sequence, you can take the next 32 hex bytes, concatenate them to a string like "DECAFBAD0ABBCDE7F...", and convert them to WIF keys with a
 tool like bitaddress.org (It should always be used offline!)


Also, pywallet can recover the keys directly from a corrupted filesystem on a disk, see --recover, --recov_device and --recov_size.

e.g.
Code:
sudo pywallet.py --recover --recov_device /dev/sda1 --recov_size 20Go --recov_outputdir $HOME/bitcoin_recovery

"20Go" is the size required.
The output directory must exist.
You will need to set the password of the recovered wallet to something you'll not forget.
The list of passwords can be empty, just press enter on the "Possible passphrase" prompt.

It searches for keys in the way described by you (looking for data string above), but converts them automatically.
22  Bitcoin / Bitcoin Technical Support / Re: Normal symbols in my wallet.dat? on: December 24, 2017, 04:40:30 PM
Quote from: Reefdogg on December 24, 2017, 02:03:50 PM
About the wallet.dat file , there are keywords like "pool" , "name" , mkey,  key! , ckey! , keymeta! and after the keywords is encoded data ..... I have tried to cut and past keyword sections of the file into another and it does not work.  I would try to replace a "pool" section from one file to another and that basically just breaks your wallet.  I think the keyword sections are linked in a way I don't understand.  Maybe someone here can point to a page that explains that in detail.

The wallet file is actually a Berkeley database.
The keywords are the keys of the key-value pairs stored there, and some encoded data follows each key and value.

To decode them, a tool such as pywallet would be needed.
23  Bitcoin / Bitcoin Technical Support / Re: Getting private keys from a BIP 39 seed. on: December 24, 2017, 03:37:38 PM
Quote from: gentlemand on December 24, 2017, 02:22:26 PM
Thanks for trying and yes it's a junk seed for pure testing. And no password was added.

Evidently there is something slightly different about XEM. I've read elsewhere that it uses SHA3 + RIPEMD160 whereas most other coins use secp256k1+RIPEMD160. That's gibberish to me but it means that site might need to specifically adjust something for it to produce valid results.

I asked Trezor themselves and they sent me to the Ian Coleman thing so if even they don't know that it's a tad worrying, but then again the whole point of Trezor is not needing to do it.

Apparently, NEM uses a different curve for key derivation.
AFAIK, Ian Coleman's tool only supports BIP32 with secp256k1, which is not suitable for NEM.
NEM uses Ed25519, which is completely different.
24  Bitcoin / Bitcoin Technical Support / Re: Getting private keys from a BIP 39 seed. on: December 24, 2017, 02:17:20 PM
Well, I've kind of figured it out.
First of all, you have to set the derivation as m/44'/43'/0'/0' and check "Use hardened addresses" (since the last part is the account address and appended automatically).
Second, if you set the Coin to ETH, you'll get the raw hex private key (since Ethereum does not have an address encoding of its own).

The correct private key would be "0xe39f02b9a4c6a38d2082568dbfbea91c323a6a4da6f3cf0f876ade767d25ca33", but unfortunately, that does not produce a valid address.

Are you sure that you didn't use a password with your Trezor mnemonic?
25  Bitcoin / Bitcoin Technical Support / Re: Getting private keys from a BIP 39 seed. on: December 24, 2017, 01:13:34 PM
Don't forget to reset your Trezor afterwards, since you've exposed your seed!
26  Bitcoin / Bitcoin Technical Support / Re: [HELP] Finding deleted 2009,2010 wallets from original early Bitcoin client on: December 23, 2017, 10:08:24 AM
Those 32 character groups (after the sequence) are your private keys.
You've probably found your wallet file.
27  Bitcoin / Bitcoin Technical Support / Re: Getting private keys from a BIP 39 seed. on: December 21, 2017, 04:50:13 PM
Apparently, NEM private keys are in the conventional hexadecimal format.

You can use bitaddress.org (of course, you should be running it offline) -> Wallet Details, paste your bitcoin-format private key there, and scroll down to see the "Private Key Hexadecimal Format (64 characters [0-9A-F])" field.
These 64 hex digits should be the private key that can be used in NEM.
28  Bitcoin / Bitcoin Technical Support / Re: Corrupted old wallet help!! on: December 21, 2017, 04:26:55 PM
Quote from: Chipychop on December 20, 2017, 04:55:18 PM
Quote from: SopaXT on December 20, 2017, 03:37:59 PM
And the zope.interface-3.6.4-py2.7-win-amd64.egg?

nope Sad

Anyway, that was racquemis' method.
Mine is a little bit different.

Did you see the Python script I posted above?
Copy it into Notepad and save it in C:\Python27 as dumpwallet.py (make sure it's not .txt!), and then open the command prompt.

Enter the following:
Code:
cd C:\Python27
python.exe dumpwallet.py %AppData%\Bitcoin\wallet.dat > private_keys.txt

The private_keys.txt file in C:\Python27 will contain a list of WIF private keys extracted from your wallet.
You can import them into Electrum later, if you succeed.

Make sure that your PC is not connected to the internet while running the commands for extra security.
29  Bitcoin / Bitcoin Technical Support / Re: Finding deleted 2009,2010 wallets from Bitcoin-core on: December 20, 2017, 06:39:40 PM
Quote from: idelcoins on December 20, 2017, 06:16:17 PM
Quote from: SopaXT on December 19, 2017, 08:34:46 AM
Try searching for the hex string "fd1701308201130201010420".
In old wallet files, a 32 byte sequence following the above string will be your private key.

Does this look right?

grep -i -a -B10 -A100 --binary --text --perl-regexp 'fd1701308201130201010420' /dev/sda1

Doing some research I just read a blog that says wallet encryption was not until version 0.4.0 on September 23, 2011?

If that is correct does that mean the wallet.dat before that date are plain text or still Berkerely DB?  If it is in Berkerely DB would that mean I could retrieve the entire wallet including all keys by simply using db_dump.py on a found wallet.dat file?

thx

No, that doesn't seem correct.
I recommend dumping an image of the disk drive (you should keep a copy, NEVER do anything on the disk you're trying to recover the data from!)

Then you can use a hex editor such as Okteta to search for the hex string in the dump file.
30  Bitcoin / Bitcoin Technical Support / Re: Corrupted old wallet help!! on: December 20, 2017, 03:37:59 PM
And the zope.interface-3.6.4-py2.7-win-amd64.egg?
31  Bitcoin / Bitcoin Technical Support / Re: Corrupted old wallet help!! on: December 20, 2017, 01:05:41 PM
Quote from: Chipychop on December 20, 2017, 12:59:25 PM
thanks for your answer but I'm totally newbie on that... you will need to explain me a bit better :S

the first problem I see is that the links you posted above are both the same and why u call them egg files?? they are not egg files :S

the first one is: setuptools-38.2.4-py2.py3-none-any.whl, not ".egg"

and the second one is a zip file, which does not contains any "ez_setup.py"


Do you have easy_install.exe in the C:\Python27\Scripts folder?
32  Bitcoin / Bitcoin Technical Support / Re: Wallet AES on: December 20, 2017, 12:59:14 PM
This StackExchange question seems relevant: https://bitcoin.stackexchange.com/questions/39049/how-do-i-restore-a-multibit-hd-wallet-from-a-backup-using-only-a-password.

TL;DR - look for a .wallet.aes file.

You'll need MultiBit HD to load your wallet, those backups are useless without the seed.
33  Bitcoin / Bitcoin Technical Support / Re: Corrupted old wallet help!! on: December 20, 2017, 12:46:46 PM
You can also try using my Python 2 script for dumping the wallet (it's loosely based on pywallet, and might work better with some corrupted wallets)

Code:
import sys
import struct
from bsddb.db import *
from hashlib import sha256

# Dumps the private keys from a wallet.dat file.
# Inspired by pywallet.

B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"

if not len(sys.argv) == 2:
    print("Usage: %s <wallet_file>" % sys.argv[2])
    sys.exit(1)

def read_size(buffer, offset):
    size = ord(buffer[offset])
    offset += 1

    if size == 0xfd:
        size = struct.unpack_from("<H", buffer, offset)[0]
        offset += 2
    if size == 0xfe:
        size = struct.unpack_from("<I", buffer, offset)[0]
        offset += 4
    if size == 0xff:
        size = struct.unpack_from("<Q", buffer, offset)[0]
        offset += 8

    return offset, size

def read_string(buffer, offset):
    offset, string_len = read_size(buffer, offset)
    return offset + string_len, buffer[offset: offset + string_len]

def b58_encode(d):
    out = ""
    p = 0
    x = 0

    while ord(d[0]) == 0:
        out += "1"
        d = d[1:]

    for i, v in enumerate(d[::-1]):
        x += ord(v)*(256**i)

    while x > 58**(p+1):
        p += 1

    while p >= 0:
        a, x = divmod(x, 58**p)
        out += B58[a]
        p -= 1

    return out

def b58check_encode(d):
    checksum = sha256(sha256(d).digest()).digest()[:4]
    return b58_encode(d + checksum)


db = DB()
db.open(sys.argv[1], "main", DB_BTREE, DB_RDONLY)

items = db.items()

for item in items:
    k, v = item
    koff, voff = 0, 0
    koff, item_type = read_string(k, koff)

    if item_type == "key":
        koff, pubkey = read_string(k, koff)
        voff, privkey = read_string(v, voff)

        if len(privkey) == 279:
            secret = privkey[9:9+32]
        else:
            secret = privkey[8:8+32]

        if pubkey[0] != "\x04":
            secret += "\x01"

        print(b58check_encode("\x80" + secret))
        print(secret.encode("hex"))
db.close()
34  Bitcoin / Bitcoin Technical Support / Re: Ledger Nano S & Sell Bitcoin Pages on: December 20, 2017, 07:00:32 AM
Yes.
You'll have to make a transaction from your hardware wallet (Ledger) to one of those sites.
35  Bitcoin / Bitcoin Technical Support / Re: Finding deleted 2009,2010 wallets from Bitcoin-core on: December 19, 2017, 08:34:46 AM
Try searching for the hex string "fd1701308201130201010420".
In old wallet files, a 32 byte sequence following the above string will be your private key.
36  Bitcoin / Bitcoin Technical Support / Re: i know parts of my password of this encrypted private key please help on: December 18, 2017, 08:32:06 PM
Well, AFAIK there are no tools to do this automatically.
Your only bet is bruteforcing it manually, however I can also try writing a Python script for you to automatize that.
37  Bitcoin / Bitcoin Technical Support / Re: i know parts of my password of this encrypted private key please help on: December 17, 2017, 07:58:08 PM
Quote from: gregory.krupa on December 17, 2017, 07:26:40 PM
U2FsdGVkX1/kRvhM1xHooLU0JXNzmPMdfrhXm3s6yNsaFIePpHzDRahRCeVql5qM9N1tOciZmFmyV7KTQ4sAZ7PRcY5NgGJIoJCnqUTZPkM=

i modified the string a bit letters, what type of encryption is used, i know some letters of this encrypted private key


btw my previous post i lost my password of the dash file with 66 Dash in it, any help is welcome.

theres 1k in my paper wallet but i simply lost it



Looks like an encrypted private key from a StrongCoin paper wallet.
Decryption tutorial: https://strongcoin.com/blog/decrypting_private_keys_generated_with_strongcoin.
38  Bitcoin / Bitcoin Technical Support / Re: BLOCK SIZE CORE< WHAT IS THE FAMILY OF CURVES TO MAKE BLOCKSIZE BIGGER> on: December 17, 2017, 07:24:47 AM
How can a different curve type allow for bigger blocks?

If you're talking about the amount of transactions in a single block, I don't think that an ECDSA signature can be made smaller than about 64 bytes (two 256-bit integers, ~75 when DER-encoded), and the size of signatures is typically negligible (especially with SegWit).
39  Bitcoin / Bitcoin Technical Support / Re: Help me to recover 33.54 BTC from a corrupt wallet.dat, I'll pay you a Reward! on: December 16, 2017, 09:07:22 PM
If reading the database using the script above doesn't succeed, you can also try searching your wallet file for the hex string: "0201010420'.
It's the common value of a private key data field, and a 32 byte (64 hex characters) private key will follow.

EDIT: According to this: http://www.radjaidjah.org/index.php?post/2014/09/07/Sauver-ses-bitcoins-de-la-corruption, the full hex prefix is "fd1701308201130201010420".
40  Bitcoin / Bitcoin Technical Support / Re: Help me to recover 33.54 BTC from a corrupt wallet.dat, I'll pay you a Reward! on: December 16, 2017, 02:50:28 PM
I quickly wrote a small Python script for parsing a wallet and dumping the private keys from it (run with Python 2):

Code:
import sys
import struct
from bsddb.db import *
from hashlib import sha256

# Dumps the private keys from a wallet.dat file.
# Inspired by pywallet.
# Credits: https://bitcoin.stackexchange.com/questions/13681/opening-wallet-dat-in-python-using-bsddb3

B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"

if not len(sys.argv) == 2:
    print("Usage: %s <wallet_file>" % sys.argv[2])
    sys.exit(1)

def read_size(buffer, offset):
    size = ord(buffer[offset])
    offset += 1

    if size == 0xfd:
        size = struct.unpack_from("<H", buffer, offset)[0]
        offset += 2
    if size == 0xfe:
        size = struct.unpack_from("<I", buffer, offset)[0]
        offset += 4
    if size == 0xff:
        size = struct.unpack_from("<Q", buffer, offset)[0]
        offset += 8

    return offset, size

def read_string(buffer, offset):
    offset, string_len = read_size(buffer, offset)
    return offset + string_len, buffer[offset: offset + string_len]

def b58_encode(d):
    out = ""
    p = 0
    x = 0

    while ord(d[0]) == 0:
        out += "1"
        d = d[1:]

    for i, v in enumerate(d[::-1]):
        x += ord(v)*(256**i)

    while x > 58**(p+1):
        p += 1

    while p >= 0:
        a, x = divmod(x, 58**p)
        out += B58[a]
        p -= 1

    return out

def b58check_encode(d):
    checksum = sha256(sha256(d).digest()).digest()[:4]
    return b58_encode(d + checksum)


db = DB()
db.open(sys.argv[1], "main", DB_BTREE, DB_RDONLY)

items = db.items()

for item in items:
    k, v = item
    koff, voff = 0, 0
    koff, item_type = read_string(k, koff)

    if item_type == "key":
        koff, pubkey = read_string(k, koff)
        voff, privkey = read_string(v, voff)

        if len(privkey) == 279:
            secret = privkey[9:9+32]
        else:
            secret = privkey[8:8+32]

        if pubkey[0] != "\x04":
            secret += "\x01"

        print(b58check_encode("\x80" + secret))
db.close()

It's very simple, and outputs a bunch of WIF private keys (you can paste them into Electrum's Sweep dialog for example, but if there's many of them, it's going to take a while to check their balances, so be patient.
NOTE: the method of working with the database used here is different from pywallet's. It may work better on corrupted wallets.

NOTE:
Code:
pip install bsddb
may be required, as noted by jackg below.
Pages: « 1 [2] 3 4 5 6 7 8 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!