I am going through this now. I mined coins in Feb 2009 and am either mourning or recovering them, not sure which.
I have confirmed this approach using a 2009 0.1.3 bitcoin client which I recently downloaded.
I ran the client in a windows VM, and deleted the VM.
this method found the private key.
stop using all media until you image them.
you can image the media from any system.
back up all media to a large external drive, you really want to do this
I use a western digital 6tb my book ($140) , its very fast for going through multiple images.
when you search images you don't have to worry about overwriting the file in deleted sectors when you are installing search tools..
do this to all your media, especially any thumb drives you have.
buy some thumb drives.
search your trash for things you might have thrown away ( I threw away a floppy disk containing my 2009 wallet.dat )
If media is broken, including hard drives, Kroll Ontrack is the best in the world, and can usually recover them, hard drives are about $1500
back up with the unix tools
dd or ddrescue
or install ddrescue with OS X homebrew
this program will image corrupt media, save the image to the external drive, I
brew install ddrescue
or make a disk image using OS X disk utility
or use a tool like "disk drill" on the Mac, which can create images as well.
bitcoin wallets do not show in traditional file recovery software, they don't have definite boundaries in the file, so the tools don't like them.
A signature based recover works best, signature meaning it searches for hex code immediately preceding the private key. some recovery software can retrieve them if they were JUST deleted.
my solution is to use the python program keyhunter.py
https://github.com/pierce403/keyhunterdownload the repo from GitHub, using either git or just download it.
make the keyhunter.py executable
install python
move the .py executable to the directory whose images you want to search.
run it.
if you're on a Mac,
diskutil list
to find the hard disk to attack
usually /dev/disk0
if it's file vault encrypted its
/dev/rdisk1
if your on linux
lsblk
copy the device path
run the program thusly
./keyhunter.py /dev/disk0
if is searching an image.
./keyhunter.py IMAGENAME
if your searching a whole directory of images
for x in *.img; do ./keyhunter.py $x;done;
then wait a really really long time, it searches the entire drive, 10 megs at a time for the offending hex keys. it searches deleted sections, it searches old vm's in deleted sections as well as current vm's, it's good. when it finds a match it returns the private key in base58 format.
if you find a key, GREAT.
if you don't find a key, maybe at some point you zipped the file to move from machine to machine. a zipped file will not have the same signature.
you can use recovery tools to find all old zip files ( this is really tedious, and a external drive will shine here ) unzip them, and search using keyhunter.py
now download an run the tool pycoin. Use the python program pip to install it.
https://github.com/richardkiss/pycoinpycoin installs the tool 'ku'
run
ku YOUR_PRIVATE_KEY
if the key starts with a 5 this indicates whether the base58 key is uncompressed , it will correspond only to a uncompressed address.
see
https://en.bitcoin.it/wiki/Private_keyit will return a bunch of info about it.
look for the compressed and uncompressed address.
each key corresponds to exactly one address, either uncompressed address or compressed address, but not both.
check blockchain.info for the address. DO NOT ENTER YOUR PRIVATE KEY IN THE SEARCH FIELD ON WEBPAGES.
if you find a hit, run ku again, get the either compressed or uncompressed wif key, import that to a modern electrum wallet.
If you want to see how many coins you might have.
https://www.reddit.com/r/Bitcoin/comments/2twrs7/all_42400_dormant_bitcoin_addresses_with_a/The minimum in 2009 was 50 coins. it initially took about 20 minutes on a fast machine to generate this many. Mine was 10 years old, and really slow.
Show Posts
