Hello I need some pointers on how to rebuild a wallet.dat from raw hex data. My problem is a hard drive with a my wallet now has a corrupt filesystem and normal means of file recovery are failing me (such as Testdisk, Photorec, R-Studio, etc.). I can however see the file bits and peaces with a HEX editor.
So my question is, what part of the wallet file do you need to rebuild a wallet file from scratch as I can only get to the hex data of my wallet? Sorry if this is answered elsewhere in the form or if I've been to vague in what I need help with!
Thanks in advance!
The wallet.dat is a BerkeleyDB database file. The exact place where the private keys are in the hex file will vary from file to file depending on the actual content.
Do you read python ?
You should download the bitcointools here
There are utilities to navigate the wallet and dump the content. By exploring how it's done, you can understand the data format. (BerkeleyDB is not a relational DB).
Maybe running the script as is will allow you to retrieve the keys.
Check dbdump.py and wallet.py
I don't think I will be able to use any of the normal tools because I don't have an actual file to work with. All i can access is the drive's raw data with a hex editor (I'm using the HxD hex editor if your wondering). I can see "most" of the file but I don't know if its all there, I can see things like the receive address and key pool data but i have no idea what is what.
I will continue to try recovery tools but so far all have failed...
You might give "Recuva" a try. It was always reliable in the past.
If you had a FS error it could also be that chkdsk/fschk has moved the file to the lost/found folders if the filename was corrupt or something.
Good luck recovering your wallet! this is how you learn to keep backups the hard way :/
Thanks leepfrog for the tip! I'll give it a shot if it can recover files off of an linux ext3 drive.