Bitcoin Forum
September 22, 2018, 10:21:29 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Recovering an old corrupted wallet  (Read 58 times)
chiller
Full Member
***
Offline Offline

Activity: 129
Merit: 100


View Profile
June 07, 2018, 02:49:31 AM
#1

So I managed to recover an old wallet.dat file from around year 2011 from an old hard drive (faulty but functioning one). The size of the file is 112KB witch seems normal for wallet files
Unfortunate but it won't load into any bitcoint-qt wallet (tried old ones too), it won't salvage either.

When I open the file it really looks corrupted (not like typical wallet.dat) with random characters all over the place - small snipet of few first bytes in the quote.

Quote
pNbF mTŢT#b:JE5Jf^:J".ܳ鵯ɽeu=wٓj}ld[JgwQlbyۨ[ ցr $
n5@%B6G$J1'jd8Ֆj dSR{ɢ:8   W*}NX73 š2Ý拾P@8M, %5V(ҦqAL}|A<=>̛.39Oi)3!wJI1nߎ   mYbu
7W'p)*ֻf@FJm\*+ ,A: 5&K5 Hi83 {Φ gP!e-"Rgm;F~Gkw^΋9ڐw} r#mG-y5ƘLD >jd{VNm5/_97Q"܄Ug ] ifif-c*`AŗitOM5{>#$L+m   v
7: ن ?|>Άs`Ɖ}i C|}}2s87i,4YO2Lb 9tNf/I-@qFfVF$|]pOCz3,t3aݑ"3ktrPlw}N66(MYщݵzΤk>FS2fcnWBBc IXiLTꍭҔ<@/Wq!YqƷm5 fg$Z'/t3SG_qbpte3?F4+$xfw)]/{-%}wy}$)ox+u6`{yݳ{EFhWog{3~$a ?}(XeMaVl.UCU)X
52ʔdL.$i
|=;ddJu EL

The system at the time was either win XP or win 7, and I'm not sure if the drive was encrypted (probably not because i saw all other files (portion of them was corrupted too) ). There's possibility it was encrypted somehow on top of the wallet encryption ( I was a real smart ass at that time ).
What I tired
  • Various tools to extract private like "python keyhunter" and similar
  • find some patterns or similarities in encoding with hex editor (manualy)
  • search for magic numbers
  • Maybe something else
  • Tracking the transactions to/from this wallet by full node IP of the broadcast address and date(8/28/2011 last modified) but most trackers have data from 2013

I mean I don't really know how much of the coins left on that address.
So that would be a good start.

If anyone figures out how I could recover rest of the wallet I would share the wallet balance generously

1537611689
Hero Member
*
Offline Offline

Posts: 1537611689

View Profile Personal Message (Offline)

Ignore
1537611689
Reply with quote  #2

1537611689
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Lakai01
Member
**
Offline Offline

Activity: 224
Merit: 69


View Profile WWW
June 07, 2018, 04:34:50 AM
#2

I think you are right, this wallet is either encrypted or corrupt, the first few bytes you posted are definitly not "normal". You could try some de-/encryption tools which were standard back in 2011:
https://en.m.wikipedia.org/wiki/Comparison_of_disk_encryption_software


NeuroticFish
Legendary
*
Offline Offline

Activity: 1610
Merit: 1063


The real one is http://bitcoin.ORG


View Profile WWW
June 07, 2018, 09:48:38 AM
#3

The only 2 things that come into my mind are
1. Maybe there was a cross-link and your real wallet data is somewhere else on the HDD - for this you'll have to search on all sectors - used or not - for the magic numbers.
2. The file is encrypted and then you'll have to think harder on what you've done back then. If you would have used Rar or 7zip for this I would have seen their signature, but I don't know what you could have been using...

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
Lakai01
Member
**
Offline Offline

Activity: 224
Merit: 69


View Profile WWW
June 07, 2018, 11:17:42 AM
#4

What came to my mind is that eg. Electrum let you specify a password to further encrypt your wallet. May it be that you encrypted it that way?

Jundax
Newbie
*
Offline Offline

Activity: 112
Merit: 0


View Profile
June 07, 2018, 02:02:54 PM
#5

So whats the wallet balance anyway? Is it worth wasting someones time?
Or you dont remember and there could be a zero on account?
chiller
Full Member
***
Offline Offline

Activity: 129
Merit: 100


View Profile
June 07, 2018, 04:33:08 PM
#6

I think you are right, this wallet is either encrypted or corrupt, the first few bytes you posted are definitly not "normal". You could try some de-/encryption tools which were standard back in 2011:
https://en.m.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Thanks, I will look into it.
The only 2 things that come into my mind are
1. Maybe there was a cross-link and your real wallet data is somewhere else on the HDD - for this you'll have to search on all sectors - used or not - for the magic numbers.
2. The file is encrypted and then you'll have to think harder on what you've done back then. If you would have used Rar or 7zip for this I would have seen their signature, but I don't know what you could have been using...
Yes i thought about that the file could be fragmented and stuff, but i don't have expertise for such kind of forensics.
Some image files that I recovered had this weird-glitchy vertical green lines almost as in VHS video tapes when you fast forward them but they open just fine.

What came to my mind is that eg. Electrum let you specify a password to further encrypt your wallet. May it be that you encrypted it that way?
Its possible but electrum wasn't around at that time, unfortunately.

So whats the wallet balance anyway? Is it worth wasting someones time?
Or you dont remember and there could be a zero on account?

Well I have tried to figure it out. Unsuccessfully.
There was >10btc at some point ( mining was easy, some foucets gave like 1 to 5 btc per claim etc).
If any one knows where i could look up data from 2011 and upwards by broadcast IP address it would help a lot to figure it out Smiley

Lakai01
Member
**
Offline Offline

Activity: 224
Merit: 69


View Profile WWW
June 08, 2018, 09:08:59 AM
#7

Do you remember the wallet software you used back then?
Regarding the IP address ... if you still have the same router as in 2011 the router logs may contain this info, but I doubt it. Your ISP has such infos, too, but I dont think they keep it for that many years.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!