Bitcoin Forum
November 23, 2017, 06:27:35 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Need help extracting keys from wallet.dat  (Read 2410 times)
moneygames
Newbie
*
Offline Offline

Activity: 8


View Profile
November 21, 2013, 07:39:57 PM
 #1

I am trying to recover a few coins from a wallet on a hard drive with a corrupt filesystem.(Yeah I know backups and all, this is from a while ago and I had planned to spend the balance on this wallet) The standard bitcointools such as dbdump.py will not read any wallet.dat that I construct with found hex bytes from my old wallet. So I moved on to a recovery method described by John Tobey as follows:

https://bitcointalk.org/index.php?topic=8274.msg126698#msg126698

Basically his Perl script searches for the regular expression: (/keyA(.{65})/sg) with the 65 characters representing public keys, and uses these public keys to find keypairs elsewhere in the file. If you know the address of your coins(which I do) you can use http://blockexplorer.com/q/addresstohash and http://blockexplorer.com/q/hashpubkey/ to determine which of the public keys you found correspond to the address. You can run your address through addresstohash, and then run hashpubkey on all the public keys you found in the file until a hashpubkey result matches the addresstohash result for your address.

My problem is that the file format has changed since John Tobey figured this stuff out. I don't see any instances of "keyA", instead I see "key!". Simple modifications didn't work and I started testing the methods with a fresh wallet.dat which seems to be in the same format as the wallet I need to recover. When I do this I can never find a public key that corresponds to my address. I have read that the public keys always start with "0x04" so I went as far as to make a python script that returns hashes for all instances of 65 bytes starting with 0x04. Not a single one of these hashes matches the result of addresstohash even for a fresh wallet.

This is where I realize I am stuck, it looks like either public keys are no longer 65 bytes starting with 0x04, the public key corresponding to my address is not even contained in the file, or I am missing something important.

Here is the python script I wrote to generate hashes for all possible public keys:

Quote
import hashlib
import array
import binascii
import re

f=open("C:\Users\user1\AppData\Roaming\Bitcoin\wallet.dat", "rb");
A=f.read()

hexstr=binascii.hexlify(A)

ms=re.findall('04.{128}',hexstr);
#ms=re.findall('key!(.{65})',A);

hlist=[];
pklist=[];

print len(ms)

for m in ms:

    pklist.append(m)
    mraw=binascii.unhexlify(m)
    dSHA2=hashlib.sha256(mraw).digest()
    h = hashlib.new('ripemd160')
    h.update(dSHA2)
    dR160=h.hexdigest()
    hlist.append(dR160)
        
refhash='60c3ce5d7343f66d2fabea37dcf749828facc7ca'
        
for h in hlist:
    print h

I have confirmed that instances of 65 bytes starting with 0x04 are returned and hashed correctly. Help would be appreciated, thanks!
1511418455
Hero Member
*
Offline Offline

Posts: 1511418455

View Profile Personal Message (Offline)

Ignore
1511418455
Reply with quote  #2

1511418455
Report to moderator
1511418455
Hero Member
*
Offline Offline

Posts: 1511418455

View Profile Personal Message (Offline)

Ignore
1511418455
Reply with quote  #2

1511418455
Report to moderator
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511418455
Hero Member
*
Offline Offline

Posts: 1511418455

View Profile Personal Message (Offline)

Ignore
1511418455
Reply with quote  #2

1511418455
Report to moderator
1511418455
Hero Member
*
Offline Offline

Posts: 1511418455

View Profile Personal Message (Offline)

Ignore
1511418455
Reply with quote  #2

1511418455
Report to moderator
1511418455
Hero Member
*
Offline Offline

Posts: 1511418455

View Profile Personal Message (Offline)

Ignore
1511418455
Reply with quote  #2

1511418455
Report to moderator
moneygames
Newbie
*
Offline Offline

Activity: 8


View Profile
November 21, 2013, 11:46:30 PM
 #2

Thanks to these two helpful articles:

https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses

https://en.bitcoin.it/wiki/ECDSA

I have determined that my public keys are compressed, and that uncompressed keys starting with 0x04 are a thing of the past.

These are my next possible steps:

1. Determine how to decompress my public keys and continue which what I was doing before using the decompressed keys.

2. Extract all possible 32 byte private keys and generate public keys and hashes of those public keys until one of these hashes matches the hash for my address.

It occurs to me that if the runtime for going from 32 byte private key to hash of public address is small, as long as someone has the correct address, they should be able to essentially brute force an entire hard drive to find the private key that is associated with the address. That would be a cool recovery tool to have, it would be slow but sure to work. Also if the runtime is too long, you could start with byte sequences that have higher entropy, because byte sequences with low entropy are unlikely to be private keys.

Any recommendations are appreciated.
moneygames
Newbie
*
Offline Offline

Activity: 8


View Profile
November 22, 2013, 09:42:35 PM
 #3

Got my private key using the following script:

https://gist.github.com/msm595/7595164

ctrl+f on the output to find my address and corresponding private key(unencrypted), then use the import/export function on blockchain.info to sweep my coins to a new address.
karmelle
Newbie
*
Offline Offline

Activity: 25


View Profile
September 16, 2014, 10:31:50 AM
 #4

How you did that? can you write me please at this email adresse karmelle.oana@yahoo.com . Please help
btchris
Hero Member
*****
Offline Offline

Activity: 672

a.k.a. gurnec on GitHub


View Profile WWW
September 16, 2014, 04:31:21 PM
 #5

How you did that? can you write me please at this email adresse karmelle.oana@yahoo.com . Please help

Unless there's a good reason to keep things private, discussing them publicly is preferred because it can help out people later on with the same problems.

Can you describe the problems you're having? Which wallet software are you using? Have you added a password to the wallet?
Schnudelu
Newbie
*
Offline Offline

Activity: 28

★☆★ Bitin.io - The Instant Altco


View Profile
September 16, 2014, 05:27:17 PM
 #6

Wait if you can get the private key from a wallet.dat where is the security then  Huh

★☆★ Bitin.io - The Instant Altcoin Exchange! ★☆★
cr1776
Legendary
*
Offline Offline

Activity: 1722


View Profile
September 16, 2014, 06:25:13 PM
 #7

Wait if you can get the private key from a wallet.dat where is the security then  Huh

Encrypted wallet, making sure your machine is not infected by malware - or better, not connected to the network.

See:
https://en.bitcoin.it/wiki/Wallet
Schnudelu
Newbie
*
Offline Offline

Activity: 28

★☆★ Bitin.io - The Instant Altco


View Profile
September 16, 2014, 06:57:03 PM
 #8

Thanks for the link now i understanding it better

★☆★ Bitin.io - The Instant Altcoin Exchange! ★☆★
cr1776
Legendary
*
Offline Offline

Activity: 1722


View Profile
September 16, 2014, 11:24:47 PM
 #9

Thanks for the link now i understanding it better

Sure.  There is a lot of information here and online, many times it is difficult to know where to start to find an answer.

:-)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!