Bitcoin Forum
May 13, 2024, 07:11:00 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Technical Support > unknown wallet.dat format
Pages: « 1 [2]  All
« previous topic next topic »
  Print  
Author Topic: unknown wallet.dat format  (Read 533 times)
achow101
Moderator
Legendary
*
Offline Offline

Activity: 3388
Merit: 6635


Just writing some code


View Profile WWW
January 03, 2020, 04:26:48 PM
Merited by ABCbits (1), Heisenberg_Hunter (1)
 #21
Quote from: ewaspiro on January 03, 2020, 10:24:53 AM
Yes I know, I tried dumpwallet.py and pywallet.py. This is not about reading the file but rather recognize the coin inside the wallet which I have disclosed earlier.
Download and install Berkeley DB 4.8.3 from https://www.oracle.com/database/technologies/related/berkeleydb-release-history.html

Open up a command prompt in the directory containing your wallet.dat file and do
Code:
db_dump wallet.dat
You will want to copy (or redirect) that output into a text file/editor.

Search for the string 1262657374626c6f636b. Look at the next like, it should be fairly long. Starting at the 10th character, copy the next 64 characters. This is a block hash represented in hex. You will need to byte swap it because it is stored in internal byte order. This means that every two characters at the beginning are swapped with their symmetric two characters from the end. You can then search for that block hash in various block explorers until you find one for the coin that it belongs to.

For example, in my wallet, I have:
Code:
 1262657374626c6f636b5f6e6f6d65726b6c65
 bcbe02001f398d305048481ee6b096d2a96ab996ad380c6865e5521f000000000000000000aa01a3461474942498219b371a297489c8e98e0726ca2d00000000000000000009a41bd091b58a66c3086ee87dfffac82f56d8a9cc1520000000000000000000d99c9828fec374230d19c9ce041d18bb0abbd902a1821f00000000000000000036a5f285a97de07dd3a36e8002d284a918c2ac5095ee0000000000000000000010dcd433003dd70a97169db7a03d784cc4c1f9204aa71c00000000000000000047d5c32538d7240af5bc1fcd162c656f4cc0a41b28820800000000000000000056ecc938d227a0d85af190a9b34dac6a5d8fc374adcf0c0000000000000000002690eed687e53530066986945ae7df3d1694be411f320a000000000000000000af828b14fa61f57401754aa5625635c27c96bc93b8261800000000000000000088f53e4684d64ec75e2ace5e4e138effbf838a2d1a4e1200000000000000000041317742072dc3779ed50d11f8f0f81974db61f9f89503000000000000000000deeace08a82d82c12787bdd986b38673bcd37328b79813000000000000000000f75ec406dce3b6933bbb5dbfca0681befe63432b49452a00000000000000000024692509bdb166ae9edf0369763ffef5ed33764d9c0c220000000000000000007f33440c4c65647b2c79a9dcc05db931e81b14d929950800000000000000000020d876aaddb18d93414a0b41c651c0955230acd3cd9203000000000000000000460d02a06510794a5af955984530706dbdce386b6a8711000000000000000000b9944fae9baf038329f1d618d18de8589b1c724184842a000000000000000000aa33e53a7a77f9cb39aab9b9bf229e872633187ede4504000000000000000000f696c443c06a2552f8193b7dc93a3b62f48e6294bb1b1b00000000000000000014f1054a9fc8cdf8893f7634fc0a0afa0f8554cba0b62a000000000000000000f01cc261faa46dae158f5f4372af5e02d5a17c6994772b000000000000000000ae51a37bd455a1d6790d43e133c995988aabb163176a04000000000000000000867af3560bf4aab1cea599889b5830f702d2b9650a5f03000000000000000000d3b00067c837dcbdec5dd1fb5cda597fa03f8c90f12c29000000000000000000ca75b9384b21187013044c74585573b4e46fb9a71207480000000000000000004e504c2b55677b208da3867b4f628db2da6eace0ec834e040000000000000000d85b9f567ff6bbed506960c8b76498bae153c086d56d2e5f0000000000000000726e26f93314df0ed59c2af2c9f891f1f435f3dab0f8e534e336543f000000006fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000

Skipping the first 10 characters gives me:
Code:
398d305048481ee6b096d2a96ab996ad380c6865e5521f000000000000000000aa01a3461474942498219b371a297489c8e98e0726ca2d00000000000000000009a41bd091b58a66c3086ee87dfffac82f56d8a9cc1520000000000000000000d99c9828fec374230d19c9ce041d18bb0abbd902a1821f00000000000000000036a5f285a97de07dd3a36e8002d284a918c2ac5095ee0000000000000000000010dcd433003dd70a97169db7a03d784cc4c1f9204aa71c00000000000000000047d5c32538d7240af5bc1fcd162c656f4cc0a41b28820800000000000000000056ecc938d227a0d85af190a9b34dac6a5d8fc374adcf0c0000000000000000002690eed687e53530066986945ae7df3d1694be411f320a000000000000000000af828b14fa61f57401754aa5625635c27c96bc93b8261800000000000000000088f53e4684d64ec75e2ace5e4e138effbf838a2d1a4e1200000000000000000041317742072dc3779ed50d11f8f0f81974db61f9f89503000000000000000000deeace08a82d82c12787bdd986b38673bcd37328b79813000000000000000000f75ec406dce3b6933bbb5dbfca0681befe63432b49452a00000000000000000024692509bdb166ae9edf0369763ffef5ed33764d9c0c220000000000000000007f33440c4c65647b2c79a9dcc05db931e81b14d929950800000000000000000020d876aaddb18d93414a0b41c651c0955230acd3cd9203000000000000000000460d02a06510794a5af955984530706dbdce386b6a8711000000000000000000b9944fae9baf038329f1d618d18de8589b1c724184842a000000000000000000aa33e53a7a77f9cb39aab9b9bf229e872633187ede4504000000000000000000f696c443c06a2552f8193b7dc93a3b62f48e6294bb1b1b00000000000000000014f1054a9fc8cdf8893f7634fc0a0afa0f8554cba0b62a000000000000000000f01cc261faa46dae158f5f4372af5e02d5a17c6994772b000000000000000000ae51a37bd455a1d6790d43e133c995988aabb163176a04000000000000000000867af3560bf4aab1cea599889b5830f702d2b9650a5f03000000000000000000d3b00067c837dcbdec5dd1fb5cda597fa03f8c90f12c29000000000000000000ca75b9384b21187013044c74585573b4e46fb9a71207480000000000000000004e504c2b55677b208da3867b4f628db2da6eace0ec834e040000000000000000d85b9f567ff6bbed506960c8b76498bae153c086d56d2e5f0000000000000000726e26f93314df0ed59c2af2c9f891f1f435f3dab0f8e534e336543f000000006fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000

The 64 characters at the beginning are:
Code:
398d305048481ee6b096d2a96ab996ad380c6865e5521f000000000000000000

Byte swapping that results in the hash:
Code:
0000000000000000001f52e565680c38ad96b96aa9d296b0e61e484850308d39

When looking up that hash in a block explorer, you will see that it is block 564035 in the Bitcoin blockchain.


If you don't find that particular string, try searching for 0962657374626c6f636b instead.
Bitcoin Core contributor | Tip Me! | GitHub | GPG Key Fingerprint 0x17565732E08E5E41
1715584260
Hero Member
*
Offline Offline

Posts: 1715584260

View Profile Personal Message (Offline)

Ignore
1715584260
1715584260
Reply with quote  #2
1715584260
Report to moderator
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
butt_coin
Copper Member
Newbie
*
Offline Offline

Activity: 20
Merit: 4


View Profile
January 06, 2020, 12:30:42 AM
 #22
Hey there. I recently made an open source tool that will, among other things, automatically figure out the version prefix from metadata inside the wallet and dump out the contents. You can find it here: https://github.com/jimtje/walletlib

Although if you already know that your public key starts with a W, the version prefix byte is going to be either 72, 73, or 74. Just looking on Github, these may fit the bill, although not sure if they date back to 2014. Basically, the coins on these search results (there are quite a few):

https://github.com/search?o=asc&q=%22base58Prefixes%5BPUBKEY_ADDRESS%5D+%3D+std%3A%3Avector%3Cunsigned+char%3E%281%2C+73%29%3B%3B%22+filename%3Achainparams.cpp+fork%3Atrue&s=indexed&type=Code

https://github.com/search?q=%22base58Prefixes%5BPUBKEY_ADDRESS%5D+%3D+std%3A%3Avector%3Cunsigned+char%3E%281%2C+72%29%3B%3B%22+filename%3Achainparams.cpp+fork%3Atrue&type=Code

https://github.com/search?q=%22base58Prefixes%5BPUBKEY_ADDRESS%5D+%3D+std%3A%3Avector%3Cunsigned+char%3E%281%2C+74%29%3B%3B%22+filename%3Achainparams.cpp+fork%3Atrue&type=Code
Pages: « 1 [2]  All
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Technical Support > unknown wallet.dat format
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!