Bitcoin Forum
October 16, 2019, 05:57:20 AM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Testing encrypted private keys  (Read 136 times)
PC_M@niac
Jr. Member
*
Offline Offline

Activity: 52
Merit: 3



View Profile
May 26, 2019, 03:07:11 PM
Merited by bones261 (2), ETFbitcoin (1)
 #1

Hello. I'm have some broken wallet.dat, restored from raw drive image. Wallet made by Bitcoin core v0.15-0.16 (as I know).
Tested in different restore/brutforce software. All scripts stuck while opening file. Bitcoin Core says that file was broken and sweep isn't possible.
But if I open this file using basic text editor, it's contain addresses in plaintext and all other data looks like normal wallet.dat.

I'm tried to understand raw file structure, but only find some high level tools/libs.

I think it is possible to recover private keys from this file, but I need some tool to check/decrypt raw data from wallet.

Anyone know how in low level does private keys stored and encrypted in this file?

Maybe exist some tool that can test provided data (bitcoin address, encryption password, some raw string) by all encryption methods that used in different versions of Bitcoin Core software? So I can scan all this file, cut it on chunks length of encrypted private key, and test it by this tool.

Maybe not a ready to use tool, but some low level libs.
1571205440
Hero Member
*
Offline Offline

Posts: 1571205440

View Profile Personal Message (Offline)

Ignore
1571205440
Reply with quote  #2

1571205440
Report to moderator
1571205440
Hero Member
*
Offline Offline

Posts: 1571205440

View Profile Personal Message (Offline)

Ignore
1571205440
Reply with quote  #2

1571205440
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2051

Use SegWit and enjoy lower fees.


View Profile WWW
May 26, 2019, 04:42:31 PM
Merited by bones261 (2)
 #2

If the wallet really encrypted, you won't able to find private key/master private key (xprv) on the raw file.
There are several wallet.dat format, but the one i know use PBKDF2 where PBKDF2 private key used to encrypt master private key & PBKDF2 private key is encrypted with user's password.

There are few tools to brute-force Bitcoin core (such as https://github.com/glv2/bruteforce-wallet), but i've no idea if it's works with broken/corrupt wallet.
Personally i'd recommend professional recovery services (such as https://walletrecoveryservices.com/) in this case.

PC_M@niac
Jr. Member
*
Offline Offline

Activity: 52
Merit: 3



View Profile
May 26, 2019, 04:49:32 PM
 #3

If the wallet really encrypted, you won't able to find private key/master private key (xprv) on the raw file.
There are several wallet.dat format, but the one i know use PBKDF2 where PBKDF2 private key used to encrypt master private key & PBKDF2 private key is encrypted with user's password.

There are few tools to brute-force Bitcoin core (such as https://github.com/glv2/bruteforce-wallet), but i've no idea if it's works with broken/corrupt wallet.
Personally i'd recommend professional recovery services (such as https://walletrecoveryservices.com/) in this case.
It is not HD wallet. Addresses started with "1". Keys encrypted independently or in some big chunk? This PBKDF2 key stored in some fixed place? It is possible to find them manually?
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2051

Use SegWit and enjoy lower fees.


View Profile WWW
May 26, 2019, 04:58:51 PM
 #4

It is not HD wallet. Addresses started with "1". Keys encrypted independently or in some big chunk?

AFAIK it should be in one big chunk (located on similar byte location), but each private keys should be encrypted independently.

This PBKDF2 key stored in some fixed place? It is possible to find them manually?

Unfortunately, i only know high-level information about Bitcoin core wallet & i don't know if PBKDF2 was used on older version of Bitcoin Core wallet.

But there are 2 core developer who's active in this forum, your question should be answered few days later.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!