I am trying to recover a few coins from a wallet on a hard drive with a corrupt filesystem.(Yeah I know backups and all, this is from a while ago and I had planned to spend the balance on this wallet) The standard bitcointools such as dbdump.py will not read any wallet.dat that I construct with found hex bytes from my old wallet. So I moved on to a recovery method described by John Tobey as follows:
https://bitcointalk.org/index.php?topic=8274.msg126698#msg126698Basically his Perl script searches for the regular expression: (/keyA(.{65})/sg) with the 65 characters representing public keys, and uses these public keys to find keypairs elsewhere in the file. If you know the address of your coins(which I do) you can use
http://blockexplorer.com/q/addresstohash and
http://blockexplorer.com/q/hashpubkey/ to determine which of the public keys you found correspond to the address. You can run your address through addresstohash, and then run hashpubkey on all the public keys you found in the file until a hashpubkey result matches the addresstohash result for your address.
My problem is that the file format has changed since John Tobey figured this stuff out. I don't see any instances of "keyA", instead I see "key!". Simple modifications didn't work and I started testing the methods with a fresh wallet.dat which seems to be in the same format as the wallet I need to recover. When I do this I can never find a public key that corresponds to my address. I have read that the public keys always start with "0x04" so I went as far as to make a python script that returns hashes for all instances of 65 bytes starting with 0x04. Not a single one of these hashes matches the result of addresstohash even for a fresh wallet.
This is where I realize I am stuck, it looks like either public keys are no longer 65 bytes starting with 0x04, the public key corresponding to my address is not even contained in the file, or I am missing something important.
Here is the python script I wrote to generate hashes for all possible public keys:
import hashlib
import array
import binascii
import re
f=open("C:\Users\user1\AppData\Roaming\Bitcoin\wallet.dat", "rb");
A=f.read()
hexstr=binascii.hexlify(A)
ms=re.findall('04.{128}',hexstr);
#ms=re.findall('key!(.{65})',A);
hlist=[];
pklist=[];
print len(ms)
for m in ms:
pklist.append(m)
mraw=binascii.unhexlify(m)
dSHA2=hashlib.sha256(mraw).digest()
h = hashlib.new('ripemd160')
h.update(dSHA2)
dR160=h.hexdigest()
hlist.append(dR160)
refhash='60c3ce5d7343f66d2fabea37dcf749828facc7ca'
for h in hlist:
print h
I have confirmed that instances of 65 bytes starting with 0x04 are returned and hashed correctly. Help would be appreciated, thanks!
