Bitcoin Forum
October 07, 2024, 02:40:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: Bitcoin private key/wallet.dat data recovery tool!  (Read 68903 times)
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
July 01, 2011, 03:56:07 PM
Last edit: July 06, 2012, 05:02:59 PM by makomk
Merited by ABCbits (60), vapourminer (3)
 #1

Edit: Updated to create a new wallet.dat with the recovered keys.
Edit 2: New v0.2 release, new instructions. Note that this still can't recover encrypted wallets!
Edit 3: v0.3 release to support the compressed public keys created by recent Bitcoin versions. Still can't recover encrypted wallets.

For some reason, people keep reformatting their drive or deleting their wallet.dat without taking proper backups. As casascius helpfully points out - and this is something I'd already suspected - it may be possible to recover the crucial wallet.dat private keys and the bitcoins secured with them by scanning the disk for certain markers, so long as you're lucky and the data you need isn't too fragmented and hasn't already been overwritten.

To that end, I've written a little experimental utility that tries to search for and validate those keys. It's not even close to being able to recover all keys that are recoverable - though it should work in a decent proportion of cases - and importing those keys back into a new wallet is left as an exercise for the user to figure out for now, but it might be useful to some people.

Instructions:
  • Stop using your computer until you've recovered your data, in case something overwrites it. Shut down the PC as soon as possible.
  • Obtain a suitable 32-bit Linux LiveCD, like the System Rescue CD, and boot your computer from it. You'll need working internet access (or some other way to download http://makomk.com/~aidan/wallet-recover and transfer it over)
  • Open a terminal.
  • Run these commands to download the utility and unpack it (2MB download - it contains largish crypto and database libraries):
Code:
wget http://www.makomk.com/~aidan/wallet-recover-0.3-linux.tar.gz
tar xzf wallet-recover-0.3-linux.tar.gz
Run the program on your drive:
Code:
sudo ./wallet-recover-0.3-linux/bin/32/wallet-recover <insert device name here> recovered-wallet.dat
For 99% of users, this will be:
Code:
sudo ./wallet-recover-0.3-linux/bin/32/wallet-recover /dev/sda recovered-wallet.dat
Hopefully it should find and print out a bunch of public keys and corresponding private keys, at least 100 of them, together with a file recovered-wallet.dat. Copy the recovered-wallet.dat to a USB drive and load it up in the Bitcoin client as usual (not forgetting to start it with -rescan) - with a bit of luck you should have access to your money again. I suggest not doing anything with the computer you lost the bitcoins on until you're 100% sure the recovery was successful - load up recovered-wallet.data on a different PC if at all possible.

WARNING: The recovered wallet does not contain a pool of spare keys to send change to (the old ones should get recovered but aren't marked as such). It also doesn't include any names for addresses, so the address you can copy-and-paste in the client is a NEW address created when you first started bitcoin using your recovered wallet, and any change from transactions also goes to a NEW address - none of these addresses are in the original recovered wallet. After first running Bitcoin with the recovered wallet, you MUST exit it and take backup copies of the wallet.dat in your .bitcoin directory to several locations BEFORE making or receiving any transactions - then be sure to use this version and NOT THE ORIGINAL recovered-wallet.dat from this point on. If you're using bitcoind rather than the GUI, you must also call "bitcoind getnewaddress" before shutting down and copying the wallet.dat. Also, be extremely careful about backing up your wallet on a regular basis after using this tool - Bitcoin's handling of the keypool is quirky and this may trigger bugs in it. (Added 9th July, amended 19th Sept.)

Disclaimer: This code comes with no warranty, not even an implied warranty of fitness for its intended purpose. I don't guarantee that it won't make things worse, or that the recovered keys are correct, and obviously I can't guarantee that it'll manage to recover the keys you need. Oh, and it may not be able to recover older wallets at all.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
July 01, 2011, 04:35:05 PM
 #2

http://forum.bitcoin.org/index.php?topic=11331.0

how does your tool differ from above?

i created a new wallet using Live CD Ubuntu, tx'd some btc to it, but then didn't save it properly.  would there be any traces left on my computer?
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
July 01, 2011, 04:45:15 PM
 #3

http://forum.bitcoin.org/index.php?topic=11331.0

how does your tool differ from above?
That tool's a lot easier to use, but relies on you having a filesystem and enough of wallet.dat left intact for BerkleyDB to be able to open it.

Quote
i created a new wallet using Live CD Ubuntu, tx'd some btc to it, but then didn't save it properly.  would there be any traces left on my computer?
Not a chance, sorry. Live CDs deliberately don't save anything to your computer unless you specifically tell them to - it's why I suggest using one for this, because that way you don't risk overwriting any more of the data you're trying to recover - so there's just nothing there to be recovered.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
July 01, 2011, 04:51:25 PM
 #4

sorry to bug you with an off topic question but when i transfer a wallet.dat from a usb stick to a cdrom or to another usb stick on same computer, are there any traces of it left on hard drive?
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
July 01, 2011, 05:53:29 PM
 #5

sorry to bug you with an off topic question but when i transfer a wallet.dat from a usb stick to a cdrom or to another usb stick on same computer, are there any traces of it left on hard drive?
Unless you know how the system works, you should assume that the answer is yes. Windows caches files on the disk before burning it to CD. When copying from USB -> USB you'd expect nothing to be written to the hard drive, but it goes through RAM and anything in there could potentially end up in your paging file and therefore written to disk.

The ideal solution would be USB -> USB using a Linux live CD, with either no hard drive plugged in, or by running "swapoff" to make sure no virtual memory is in use at the time of the copy.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
July 02, 2011, 02:42:53 AM
 #6

Excellent that this is out there as a resource now.
If I ever need to use it I'll definitely send some coin your way!

error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 02, 2011, 02:36:16 PM
 #7

Source code?

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
July 02, 2011, 03:17:44 PM
 #8

Source code?
Yep, follow the second link - it's in a git repository here (because I've set up so many of those by now I can almost do it in my sleep). A bit messy, but the code should be reasonably straighforward.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
July 02, 2011, 03:42:27 PM
 #9

Source code?
Yep, follow the second link - it's in a git repository here (because I've set up so many of those by now I can almost do it in my sleep). A bit messy, but the code should be reasonably straighforward.

Ah, your prose did not make it clear that that was a source code repository. Sorry.

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
jonathan
Member
**
Offline Offline

Activity: 84
Merit: 14


View Profile
July 09, 2011, 02:05:40 PM
 #10

debian squeeze amd64 users will need this:
aptitude install ia32-libs

i got my btc back, thanks again for speeding the process along makomk :-)
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
July 09, 2011, 02:36:17 PM
 #11

debian squeeze amd64 users will need this:
aptitude install ia32-libs
That's useful to know. Probably makes sense too... the canned instructions were mainly aimed at users running from random 32-bit LiveCDs.

i got my btc back, thanks again for speeding the process along makomk :-)
Was glad to hear it helped someone - and thank you for the donation, by the way!

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
Lolcust
Member
**
Offline Offline

Activity: 112
Merit: 11

Hillariously voracious


View Profile
August 17, 2011, 01:09:30 PM
 #12

Wow, good one.

Any chance of a windows build ?

Geist Geld, the experimental cryptocurrency, is ready for yet another SolidCoin collapse Wink

Feed the Lolcust!
NMC: N6YQFkH9Gn9CTm4mpGwuLB5zLzqWTWFw67
BTC: 15F8xbgRBA1XZ4hmtdFDUasroa2A5rYg8M
GEG: gK5Lx6ypWgr69Gw9yGzE6dsA7kcuCRZRK
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1010



View Profile
October 12, 2011, 12:59:31 AM
 #13

Any possibility that this recovery tool can be used to scan an Android phone for the keys of an android client that no longer will properly update?

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
October 12, 2011, 09:39:25 AM
 #14

Any possibility that this recovery tool can be used to scan an Android phone for the keys of an android client that no longer will properly update?
Not currently, no. It is/was on my TODO list to add this feature to it, but I haven't got around to it yet. (A lot of users of the Android client have been running into difficulties.) The Android client - and bitcoinj-based clients in general - store private keys in a more compact format than the official Bitcoin client does.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1010



View Profile
October 12, 2011, 01:34:53 PM
 #15

Any possibility that this recovery tool can be used to scan an Android phone for the keys of an android client that no longer will properly update?
Not currently, no. It is/was on my TODO list to add this feature to it, but I haven't got around to it yet. (A lot of users of the Android client have been running into difficulties.) The Android client - and bitcoinj-based clients in general - store private keys in a more compact format than the official Bitcoin client does.

Would a bounty help to encourage your efforts?

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
October 13, 2011, 03:21:43 PM
Merited by vapourminer (1)
 #16

Would a bounty help to encourage your efforts?
Dunno. The main obstacle is that Java is involved. In particular, the wallet file uses Java's own serialization support which seems to be both poorly-documented and a pain to deal with.

If you've got or can obtain a (non-corrupt) copy of the .wallet file from the phone in question, then it looks like bitcoinj already has a tool for opening it and printing the private keys, and that's probably the easiest option:

Code:
java -classpath bitcoinj-0.2.jar:bitcoinj-0.2-sources.jar:../lib/* com.google.bitcoin.examples.DumpWallet pingservice-prodnet.wallet

Wallet containing 0.00 BTC in:
  0 unspent transactions
  0 spent transactions
  0 pending transactions
  0 inactive transactions
  0 dead transactions

Keys:
  addr:1H6s7S2GS6DHDvZgQN5ufxMYj76bMMpHxh pub:044bec72bf6c0be93ffefb154ffce6622317527c8d0f78cd3c5b47f5c15af7f5750b2e1ccde5a827c83e89ef67ca1262bfa5427b732332c41104cc7483e756a0d6 priv:00fd6e40862973730e97be5b6ab08ef8ca02a3575f8c95858dcec51d88058a0839

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1010



View Profile
October 13, 2011, 04:33:40 PM
 #17

I don't know how to even get a copy of the wallet.dat off of the phone, I've left it untouched for two months taking up phone space.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
October 13, 2011, 10:31:09 PM
 #18

I don't know how to even get a copy of the wallet.dat off of the phone, I've left it untouched for two months taking up phone space.
I think the "easiest" solution is to install adb and use adb pull to copy it off. In fact, a quick google turns up these instructions. I'm not sure if this is the right Bitcoin app, but if it is then it appears it may have files with plain-text Base58 copies of the private keys you can copy off - that'd save a lot of hassle! Presumably you'd have to change the command to:

Code:
adb pull /data/data/de.schildbach.wallet/files/key-backup-base58

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
makomk (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 564


View Profile
October 20, 2011, 11:38:21 AM
 #19

Finally got around to rolling a new v0.2 release of this:
  • The binaries are now compiled with gitian-builder, which means it now comes with both 32-bit and 64-bit binaries
  • How the binary release is packaged has changed; it now comes as a tarball rather than a bare archive. The instructions have been updated to match.
  • Internal changes to make the code more portable and hopefully increase the chances of successful recovery slightly. No Windows release yet though.
  • May be able to recover wallet private keys from some versions of BitcoinJ, though it's rather hacky and they've changed their wallet format at least once

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
tlhonmey
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
January 19, 2012, 05:25:22 PM
Last edit: January 19, 2012, 06:00:22 PM by tlhonmey
 #20

I haven't looked at the details of how your code works, so I can't be sure, but there is a possibility that you could save yourself some maintenance effort on it if you put it together as a magicrescue recipe...  Magicrescue scans block devices looking for particular sigils to recover certain kinds of files, and then calls arbitrary scripts to extract them.  I don't know if it would make anything easier or not, but it might be worth a look.

Edit:  Also, This seems donation-worthy, but I'm not seeing an address listed...
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!