Bitcoin Forum
June 19, 2018, 03:59:23 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Manually Finding Private Keys in Wallet.dat  (Read 146 times)
whohackedme
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
June 03, 2018, 04:33:48 PM
 #1

I have seen the tools that will pull address & keys directly off your hard drive.  I am trying to learn the details how to do this manually.

Can someone give me a step by step guide how to pull the address and key for the code below?

This is the binary from an empty wallet.dat.  I have a dump of the address and keys for this wallet.dat  Just looking for the instructions on how to manually pull the address and key from the hex.

I read the the address is before the 04 20 and key is after.

https://i.imgur.com/6Ym7BId.png


Sorry, as a newbie account (since my 500+ account was hacked) I can not embed images.
1529380763
Hero Member
*
Offline Offline

Posts: 1529380763

View Profile Personal Message (Offline)

Ignore
1529380763
Reply with quote  #2

1529380763
Report to moderator
1529380763
Hero Member
*
Offline Offline

Posts: 1529380763

View Profile Personal Message (Offline)

Ignore
1529380763
Reply with quote  #2

1529380763
Report to moderator
The World's Betting Exchange

Bet with play money. Win real Bitcoin. 5BTC Prize Fund for World Cup 2018.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1529380763
Hero Member
*
Offline Offline

Posts: 1529380763

View Profile Personal Message (Offline)

Ignore
1529380763
Reply with quote  #2

1529380763
Report to moderator
LoyceV
Legendary
*
Offline Offline

Activity: 1148
Merit: 1508


Howdy


View Profile WWW
June 03, 2018, 05:37:38 PM
Merited by Jet Cash (1)
 #2

Here you go:

Is pywallet what you're looking for?

whohackedme
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
June 03, 2018, 06:47:54 PM
 #3

Yes, thank you.  I have pywallet.  Just wanting to understand a little of the details.

So this is the private key, directly after 04 20:

8814396648a8c19b783e6e72b3e3896d51bfc5d5edc2ec88a2b298a8a3a38c19   (64 hex digits after 0420 - this is the priv key in hex)

Bitcoin Address: 1PAnFPbgkZE3WTyDH6zrhYXpJAPB8418j3
Bitcoin Address Compressed:  15JaZ8uoPiCgRz1fHrF9Svuq1ht4Bq5aZJ

I cant seem to find any correlation to the hex and the addresses.  I am trying to find the corresponding addresses in the hex? 

Can someone show me how to find the address in the hex of the wallet.dat?
Thanks!
NeuroticFish
Legendary
*
Offline Offline

Activity: 1512
Merit: 1037


WebSvc owners: pls update tx fees!


View Profile
June 03, 2018, 09:16:11 PM
Merited by pooya87 (2), Jet Cash (1)
 #4

Yes, thank you.  I have pywallet.  Just wanting to understand a little of the details.

So this is the private key, directly after 04 20:

8814396648a8c19b783e6e72b3e3896d51bfc5d5edc2ec88a2b298a8a3a38c19   (64 hex digits after 0420 - this is the priv key in hex)

Bitcoin Address: 1PAnFPbgkZE3WTyDH6zrhYXpJAPB8418j3
Bitcoin Address Compressed:  15JaZ8uoPiCgRz1fHrF9Svuq1ht4Bq5aZJ

I cant seem to find any correlation to the hex and the addresses.  I am trying to find the corresponding addresses in the hex?  

Can someone show me how to find the address in the hex of the wallet.dat?
Thanks!

I've done some research for you and:
1. If you go to https://gobittest.appspot.com/PrivateKey and paste 8814396648a8c19b783e6e72b3e3896d51bfc5d5edc2ec88a2b298a8a3a38c19 into the first editbox after "Private key to wallet import format" (and send)
2. You obtain below at #7: 5JrDY6YmGbGsSd5odJgFxLY5UATGaGkoPyLBoTNiisaPE3YPFS9 which is the private key.
3. If you use the private key in the first edit at https://iancoleman.io/bitcoin-key-compression/ you obtain 15JaZ8uoPiCgRz1fHrF9Svuq1ht4Bq5aZJ Ta-Dam!

PS. Obviously, don't use online tools for anything else than test wallets Wink


Edit: the story should be here: https://en.bitcoin.it/wiki/Private_key

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
whohackedme
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
June 03, 2018, 11:39:04 PM
 #5

Thanks everyone.

I can find the key in the wallet.dat and use your solution.  but:

I am trying to find the key for a specific address in the wallet.dat.  So I would like to find the address, then extract the key for that address.

(I have a wallet.dat with about 2000 keys, I dont want to run 2000 manual checks on every key to figure out what address they belong to)

I am starting to think that the addresses are NOT stored in the wallet.dat file, just the private keys.

Any ideas how to do this without checking every key?
HCP
Hero Member
*****
Offline Offline

Activity: 630
Merit: 814

<insert witty quote here>


View Profile
June 04, 2018, 01:04:19 AM
Merited by Jet Cash (1)
 #6

I am trying to find the key for a specific address in the wallet.dat.  So I would like to find the address, then extract the key for that address.

I am starting to think that the addresses are NOT stored in the wallet.dat file, just the private keys.
Exactly... As far as I'm aware, the wallet.dat only stores the keypairs (ie, Private + Public keys) so it doesn't actually store addresses. (Although, there is a chance that the wiki info is outdated).

However, the code for "dumpprivkey" decodes the address to a "destination" (aka pubkey) and then looks up the privkey... and looking at the "dumpwallet" code, you can see that it has to derive the addresses for a key by using the GetWalletAddressesForKey() function

All of which would tend to backup the theory that the addresses themselves are not stored.


One other point to note if you're reading the wallet.dat file directory... is that if you have a password on your wallet.dat, the private key section of your wallet will be encrypted. So the "bytes" that you see for a private key will likely be the "encrypted bytes". You need to decrypt those using the appropriate passphrase, then convert those bytes from "Private Key" -> "Public Key" -> "Address" using the appropriate algorithm.


sphinx666
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 04, 2018, 05:55:21 PM
 #7

Hey all, I'm a total noob here, what I have with me is a uncompressed bitcoin address and its private key, can I know how to do I compress it and confirm the private key?

It would be a great help.
Xynerise
Full Member
***
Offline Offline

Activity: 238
Merit: 268


39twH4PSYgDSzU7sLnRoDfthR6gWYrrPoD


View Profile
June 04, 2018, 06:48:32 PM
 #8

Hey all, I'm a total noob here, what I have with me is a uncompressed bitcoin address and its private key, can I know how to do I compress it and confirm the private key?

It would be a great help.
If you want to do it locally download the bitaddress website on your computer, go to wallet details, enter your private key, click, view details and it'll show you both compressed and uncompressed address.

A R B I T A O         THE NEW WAY OF ARBITRAGE TRADING     
█          [   PRE-SALE starts on   J u l y   1 s t   ]        ❱ ❱ ❱   WHITEPAPER          █
──────────     FACEBOOK     TWITTER     TELEGRAM     ──────────
sphinx666
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 04, 2018, 09:43:05 PM
 #9

hey thanks i tried it, apparently my private seems to have issues with it, but my public uncompressed key is correct, is there a way to get a confirmed private key?
bob123
Sr. Member
****
Offline Offline

Activity: 588
Merit: 440



View Profile
June 05, 2018, 07:57:05 AM
 #10

hey thanks i tried it, apparently my private seems to have issues with it, but my public uncompressed key is correct, is there a way to get a confirmed private key?

It doesn't work like that.
You can't get the private key out of an address.

What exactly are you trying to accomplish? Xynerise already gave you an answer.

You need to enter your private key (first download the site and run it offline).
Then you will get an compressed and uncompressed key.

What exactly isn't working properly?

sphinx666
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 05, 2018, 08:07:43 AM
 #11

I tried it at the bit address page online it says my private key is invalid. I really don't know what to do. I tried downloading the bitaddress page offline but I'm getting jscript error, by the way you're a mixer, interesting.
bob123
Sr. Member
****
Offline Offline

Activity: 588
Merit: 440



View Profile
June 05, 2018, 08:28:19 AM
 #12

I tried it at the bit address page online it says my private key is invalid. I really don't know what to do.

You should NEVER paste your private key into a website. You may have exposed your private key now.
After you have accessed your funds, consider this private key as compromised.

How much characters does your private key have? And what does it start with? 5.., L.., K.. ?



I tried downloading the bitaddress page offline but I'm getting jscript error, by the way you're a mixer, interesting.

Did you open it with the same browser as when accessing it online?  Huh
What kind of error do you get?  Huh

sphinx666
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 05, 2018, 08:42:21 AM
 #13

I have a whole list of private keys, i only tried one with a small balance, it tells me the private key is invalid. yes I used the same browser.
bob123
Sr. Member
****
Offline Offline

Activity: 588
Merit: 440



View Profile
June 05, 2018, 08:52:13 AM
 #14

I have a whole list of private keys, i only tried one with a small balance, it tells me the private key is invalid. yes I used the same browser.

Please answer the questions. I do not ask them out of curiosity.


How much characters does your private key have? And what does it start with? 5.., L.., K.. ?

What kind of error do you get?  Huh

nc50lc
Full Member
***
Offline Offline

Activity: 252
Merit: 115


∙Self-proclaimed-Genius ㊙️


View Profile WWW
June 05, 2018, 08:53:49 AM
 #15

I have a whole list of private keys, i only tried one with a small balance, it tells me the private key is invalid. yes I used the same browser.
Do not paste your private keys in any online wallet that you didn't trust, in other words, all of them.
To try if those Private Keys are valid, use offline Electrum instead, you can paste them all in one go using the "restore/new wallet" using private key(s) option.

Answer Bob's question, it's pretty important:
How much characters does your private key have? And what does it start with? 5.., L.., K.. ?

sphinx666
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 05, 2018, 09:01:06 AM
 #16

Ok...

It has 51 characters, it begins with "5.."

The error message was..."The private key entered is not a valid private key".

But there is one thing weird though, the private key is a mixture of letters and numbers except the alphabets are all capital, that should not be the case right?
nc50lc
Full Member
***
Offline Offline

Activity: 252
Merit: 115


∙Self-proclaimed-Genius ㊙️


View Profile WWW
June 05, 2018, 09:13:47 AM
 #17

Right 51 characters that starts with 5, that must be a private key (uncompressed).
Almost all cases, private keys composed of lower case and upper case aside from numbers but there's a very very slim chance to have a full capital character in a private key.

If all of your private keys have all Caps, there must be something wrong with the file dump or the txt editor you've used.

HCP
Hero Member
*****
Offline Offline

Activity: 630
Merit: 814

<insert witty quote here>


View Profile
June 05, 2018, 09:16:24 AM
 #18

But there is one thing weird though, the private key is a mixture of letters and numbers except the alphabets are all capital, that should not be the case right?
It's probably not impossible, but it is highly unlikely that all the letters in a Base58check encoded private key would be in uppercase.

It sounds like whomever recorded these private keys did so without differentiating between upper and lower case properly Undecided

That's going to be a real hassle to fix! Not impossible, but could potentially take a long time trying all the various combinations to find the right one.

Will definitely need some scripting or coding... Doing it manually will take forever. Tongue


I have an old Python script somewhere that I used to bruteforce a Bitcoin puzzle private key that tried combinations of letters... It could probably be repurposed to generate a list of valid private keys starting with all capitals. I'll have a look for it when I get off shift and see if I can find it

bob123
Sr. Member
****
Offline Offline

Activity: 588
Merit: 440



View Profile
June 05, 2018, 10:19:41 AM
 #19

I tried it at the bit address page online it says my private key is invalid. I tried downloading the bitaddress page offline but I'm getting jscript error
The error message was..."The private key entered is not a valid private key".

Obviously this error is only due to the wrong private key.

I'd highly suggest you are going to use the downloaded version of the site. Preferably on an offline PC.
While it does not necessarly lead to a loss of your funds when you enter your private key on the online version, it makes it way more probable that it is going to happen.



But there is one thing weird though, the private key is a mixture of letters and numbers except the alphabets are all capital, that should not be the case right?

If only one of your private keys does have capitals only, it might be a coincidence. But if all do have capitals only, something weird happened.

A small bruteforce script (like suggested by HCP) would be the easiest/fastest way to access your funds.

LoyceV
Legendary
*
Offline Offline

Activity: 1148
Merit: 1508


Howdy


View Profile WWW
June 05, 2018, 10:31:10 AM
 #20

If only one of your private keys does have capitals only, it might be a coincidence.
It's very unlikely to be all upper case, unless they haven't been generated at random.

Quote
But if all do have capitals only, something weird happened.
Agreed. So sphinx666, start your story from the beginning: how did you create the private keys, what steps did you take in between, and how did you end up in the current situation. But you're hijacking this thread, so click Start new topic and post a complete description there.

Quote
A small bruteforce script (like suggested by HCP) would be the easiest/fastest way to access your funds.
With about 2^40 possibilities, that gives a trillion options per private key. I have no idea how fast this can be checked, if you reach a million per second it will take about a week.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!