Bitcoin Forum
November 11, 2024, 03:03:55 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Need help Extracting wallet.day keys with a HEX editor  (Read 4208 times)
TurboIan (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 10, 2011, 07:36:12 PM
 #1

Hello I need some pointers on how to rebuild a wallet.dat from raw hex data. My problem is a hard drive with a my wallet now has a corrupt filesystem and normal means of file recovery are failing me (such as Testdisk, Photorec, R-Studio, etc.). I can however see the file bits and peaces with a HEX editor.
So my question is, what part of the wallet file do you need  to rebuild a wallet file from scratch as I can only get to the hex data of my wallet? Sorry if this is answered elsewhere in the form or if I've been to vague in what I need help with!

Thanks in advance!  Smiley
leepfrog
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
June 10, 2011, 08:03:49 PM
 #2

You might give "Recuva" a try. It was always reliable in the past.
If you had a FS error it could also be that chkdsk/fschk has moved the file to the lost/found folders if the filename was corrupt or something.

Good luck recovering your wallet! this is how you learn to keep backups the hard way :/
joan
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1



View Profile
June 10, 2011, 08:33:30 PM
 #3

Hello I need some pointers on how to rebuild a wallet.dat from raw hex data. My problem is a hard drive with a my wallet now has a corrupt filesystem and normal means of file recovery are failing me (such as Testdisk, Photorec, R-Studio, etc.). I can however see the file bits and peaces with a HEX editor.
So my question is, what part of the wallet file do you need  to rebuild a wallet file from scratch as I can only get to the hex data of my wallet? Sorry if this is answered elsewhere in the form or if I've been to vague in what I need help with!

Thanks in advance!  Smiley
The wallet.dat is a BerkeleyDB database file. The exact place where the private keys are in the hex file will vary from file to file depending on the actual content.

Do you read python ?
You should download the bitcointools here.
There are utilities to navigate the wallet and dump the content. By exploring how it's done, you can understand the data format. (BerkeleyDB is not a relational DB).
Maybe running the script as is will allow you to retrieve the keys.

Check dbdump.py and wallet.py
TurboIan (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 10, 2011, 09:05:31 PM
 #4

Hello I need some pointers on how to rebuild a wallet.dat from raw hex data. My problem is a hard drive with a my wallet now has a corrupt filesystem and normal means of file recovery are failing me (such as Testdisk, Photorec, R-Studio, etc.). I can however see the file bits and peaces with a HEX editor.
So my question is, what part of the wallet file do you need  to rebuild a wallet file from scratch as I can only get to the hex data of my wallet? Sorry if this is answered elsewhere in the form or if I've been to vague in what I need help with!

Thanks in advance!  Smiley
The wallet.dat is a BerkeleyDB database file. The exact place where the private keys are in the hex file will vary from file to file depending on the actual content.

Do you read python ?
You should download the bitcointools here.
There are utilities to navigate the wallet and dump the content. By exploring how it's done, you can understand the data format. (BerkeleyDB is not a relational DB).
Maybe running the script as is will allow you to retrieve the keys.

Check dbdump.py and wallet.py


I don't think I will be able to use any of the normal tools because I don't have an actual file to work with. All i can access is the drive's raw data with a hex editor (I'm using the HxD hex editor if your wondering). I can see "most" of the file but I don't know if its all there, I can see things like the receive address and key pool data but i have no idea what is what. Huh I will continue to try recovery tools but so far all have failed...

You might give "Recuva" a try. It was always reliable in the past.
If you had a FS error it could also be that chkdsk/fschk has moved the file to the lost/found folders if the filename was corrupt or something.

Good luck recovering your wallet! this is how you learn to keep backups the hard way :/

Thanks leepfrog for the tip! I'll give it a shot if it can recover files off of an linux ext3 drive.
TurboIan (OP)
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 10, 2011, 09:12:41 PM
 #5

On a side note the drive was a 65Gb drive formatted to EXT3 under linux. I can't mount the drive and running fsck.ext3 dose not repair the filesystem to the point where i can mount it. And as i said in my earlier post the wallet.dat cant be recovered from the drive as the undlete tools don't even see it on there, but raw hex and text searches against the drive reveal components of the wallet.
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
June 10, 2011, 10:14:07 PM
 #6

You'll want to look back at these two threads, where this has been done in the past:
http://forum.bitcoin.org/index.php?topic=7116.0
http://forum.bitcoin.org/index.php?topic=8274.0

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!