Bitcoin Forum
November 13, 2024, 10:48:36 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: FindBTC TOOL help  (Read 219 times)
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 21, 2021, 01:35:08 PM
 #1

im a beginner pls explain to me how i make the tool "findbtc" from github work ? if it works on windows tell me the command if not, i have linux and go install but how do i install findbtc ? and make it work ?
BitMaxz
Legendary
*
Offline Offline

Activity: 3430
Merit: 3172


Playbet.io - Crypto Casino and Sportsbook


View Profile WWW
August 21, 2021, 03:02:14 PM
 #2

Are you talking about this tool from Github?

- https://github.com/jakewins/findbtc

If this is the tool you talking about then the guide is already on that page just scroll down and read.

Take note this is not a well-known tool I never heard of it and I couldn't find it here on the forum it seems no one posted it here.
Can you tell us what do you plan why you want to install that tool and maybe we have some alternative way to fix your issue?

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
UserU
Hero Member
*****
Offline Offline

Activity: 2212
Merit: 537


FREE passive income eBook @ tinyurl.com/PIA10


View Profile WWW
August 21, 2021, 03:05:33 PM
 #3

Are you talking about this tool from github?

- https://github.com/jakewins/findbtc

If this is the tool you talking about then the guide is already on that page just scroll down and read.

Take note this is not a well-known tool I never heard of it and I couldn't find it here on the forum it seems no one mentions it here.
Can you tell us what do you plan why you want to install that tool and maybe we have some other way to fix your issue?

Based on the GH description, it's to scan the device for any remnants of Bitcoin wallet(s):

Quote
The tool can find wallets even if;

The wallet was deleted, but not overwritten
The file system is corrupted and inaccessible
The device has been reformatted
The wallet has been partially overwritten
The wallet is inside a .zip or .tar.gz file, including nested in multiple levels of compressed files

Would be fun to do so on purchased laptops/ hard drives.

.
.500 CASINO.██

  ▄

.
THE HOTTEST CRYPTO
CASINO & SPORTSBOOK
         ▄▄▄███████████
 ▄▄▄████████████████

▐████████████████████
 ██████████████████
 ▐██████████████████
 ▐█████████████████
  ██████████████████
  ██████▀█████▀█████
  ▐████████████████
  ▐██████████████
   █████████████████
   ▐██████████████████
    ▀██████▀▀▀▀▀▀   ▀▀▀█

▄▄▄██████████▄▄▄
████████▀██▀▀██▄▄
 █
█████████████████▄
 █
████████████████████
  █
██▄████▄███████▄███
  █
████████████████████
  █
███▀████▀███████▀███
 █
████████████████████
 █
█████████████████▀
█████████▄██▄▄██▀▀
 ▀▀▀██████████▀▀▀

ORIGINALS

SLOTS

LIVE GAMES

SPORTSBOOK



.
██..PLAY NOW..
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 21, 2021, 03:36:26 PM
 #4

Are you talking about this tool from Github?

- https://github.com/jakewins/findbtc

If this is the tool you talking about then the guide is already on that page just scroll down and read.

Take note this is not a well-known tool I never heard of it and I couldn't find it here on the forum it seems no one posted it here.
Can you tell us what do you plan why you want to install that tool and maybe we have some alternative way to fix your issue?
to recover bitcoins from a formatted hdd the tool is also searching in zip and rar files or any compressed file so i would like to use this tool over pywallet

i dont get the description its not working on windows and i have no clue how to install it on linux the description is not enough for me
LittleBitFunny
Full Member
***
Offline Offline

Activity: 1414
Merit: 129


The first decentralized crypto betting platform


View Profile WWW
August 21, 2021, 03:57:17 PM
 #5

to recover bitcoins from a formatted hdd the tool is also searching in zip and rar files or any compressed file so i would like to use this tool over pywallet
i dont get the description its not working on windows and i have no clue how to install it on linux the description is not enough for me

Did you ever try any windows recovery tools?
Sometimes windows create restore points automatically when any changes occur.
If you delete any file mistakenly then at first make sure any restore point has been created or not, before the deletion. If you got any restore points then simply restore the windows hope you will get back to the previous state of your windows & HDD. Mistakenly I've deleted some of my important photos from my HDD and I could able to recover those photos successfully by following this process.

sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 21, 2021, 04:19:55 PM
 #6

yes no luck , can someone just tell me how i can use this tool ? i need to serach in zip and compressed files , pywallet didnt find anything cuz it doesnt serach compressed and zip files ...
vv181
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 21, 2021, 04:38:06 PM
 #7

if it works on windows tell me the command if not
Looking at the issue at Github, the tool has a problem when it ran on Windows. So you better run it on Linux.

yes no luck , can someone just tell me how i can use this tool ? i need to serach in zip and compressed files , pywallet didnt find anything cuz it doesnt serach compressed and zip files ...
The tutorial on the readme Github file is crystal clear.
If you have installed Go, proceed by installing findbtc by running the below command on CLI
Code:
go get github.com/jakewins/findbtc

then run
Code:
findbtc /dev/sdX
Change X to your storage location. If you didn't know that, try to run "lsblk" on CLI, and you will be able to know which storage device you want to look upon using that tool.
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 21, 2021, 04:50:49 PM
 #8

if it works on windows tell me the command if not
Looking at the issue at Github, the tool has a problem when it ran on Windows. So you better run it on Linux.

yes no luck , can someone just tell me how i can use this tool ? i need to serach in zip and compressed files , pywallet didnt find anything cuz it doesnt serach compressed and zip files ...
The tutorial on the readme Github file is crystal clear.
If you have installed Go, proceed by installing findbtc by running the below command on CLI
Code:
go get github.com/jakewins/findbtc

then run
Code:
findbtc /dev/sdX
Change X to your storage location. If you didn't know that, try to run "lsblk" on CLI, and you will be able to know which storage device you want to look upon using that tool.

yes, i have installed it with go but after that in terminal it says findbtc is not a valid command
vv181
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 21, 2021, 05:16:53 PM
Last edit: August 21, 2021, 05:48:51 PM by vv181
Merited by ABCbits (1)
 #9

yes, i have installed it with go but after that in terminal it says findbtc is not a valid command
Well, probably it is because you haven't set up $GOPATH.

Try this way, download/clone the repository then unzip it. On CLI, go to that unzipped/cloned findbtc repository folder. Then run
Code:
go build .
After that you should be able to run findbtc by using the command "./findbtc".

Before you do it you should take into consideration about what @BitMaxz said, neither do I know this software well, so DWYOR. Also, just giving you a heads up, even if you are able to locate the wallet files, further work are needed to completely restore the wallet, reference: https://news.ycombinator.com/item?id=15862720.

EDIT:
When i enter go build, it says , go: go.mod file not found in current directory or any parent directory; see go help modules
Try run
Code:
go mod init github.com/jakewins/findbtc
then try the build command again.
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 21, 2021, 05:35:08 PM
 #10

yes, i have installed it with go but after that in terminal it says findbtc is not a valid command
Well, probably it is because you haven't set up $GOPATH.

Try this way, download/clone the repository then unzip it. On CLI, go to that unzipped/cloned findbtc repository folder. Then run
Code:
go build .
After that you should be able to run findbtc by using the command "./findbtc".

Before you do it you should take into consideration about what @BitMaxz said, neither do I know this software well, so DWYOR. Also, just giving you a heads up, even if you are able to locate the wallet files, further work are needed to completely restore the wallet, reference: https://news.ycombinator.com/item?id=15862720.

When i enter go build, it says , go: go.mod file not found in current directory or any parent directory; see go help modules
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 22, 2021, 07:57:31 AM
 #11

Still not working when i enter go build now, no required module provided package github.com/jakewins/findbtc/detector; to add it go get github.com/jakewins/findbtc/detector: no matching versions for query upgrade
vv181
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 22, 2021, 08:25:59 AM
 #12

Well, I'd just learn that Go has set up the GOPATH default automatically, you proly just haven't set up the path environment variable.

Since you already run the "go get ..." command, try to run:
Code:
cd ~/go/bin && ./findbtc
If that still doesn't work, run "go env" command then post the output here.
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 22, 2021, 08:35:57 AM
 #13

when i enter cd ~/go/bin && ./findbtc , i get data or path not found

when i enter go env:

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/knoppix/.cache/go-build"
GOENV="/home/knoppix/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/ROOT/go-workspace/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/ROOT/go-workspace"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/knoppix/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build845679585=/tmp/go-build -gno-record-gcc-switches"
vv181
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 22, 2021, 10:42:46 AM
 #14

Did you run the Linux on live USB? I don't know why your path env are mixed up with the non-root user and root user.

Anyway try these command, let's see if it works:
Code:
mkdir $HOME/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
go get github.com/jakewins/findbtc
findbtc

Also in my previous post when you run "go mod init github.com/jakewins/findbtc", did you run it on the correct downloaded/cloned repository folder?

sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 25, 2021, 09:55:42 AM
 #15

ye that worked i scanned the hdd and during the scan it shows me possible wallet.dat traces block offset bytes but when the scan is completed 100% i get this ,

[scan] Starting new target: Gzipfile @ byte 192377703233 in [/media/sda3/hdd.img]
[scan] Unable to scan target: flate: corrupt input before offset 27
[scan] Starting new target: Gzipfile @ byte 192441240032 in [/media/sda3/hdd.img]
[scan] Unable to scan target: flate: corrupt input before offset 10
[scan] Starting new target: Gzipfile @ byte 192545264231 in [/media/sda3/hdd.img]
[scan] Unable to scan target: flate: corrupt input before offset 5
[scan] Starting new target: Gzipfile @ byte 193059328092 in [/media/sda3/hdd.img]
[scan] Unable to scan target: flate: corrupt input before offset 5
[scan] Starting new target: Gzipfile @ byte 193062727804 in [/media/sda3/hdd.img]
[scan] Unable to scan target: flate: corrupt input before offset 6
[scan] Starting new target: Gzipfile @ byte 200152316738 in [/media/sda3/hdd.img]
[scan] Unable to scan target: gzip: invalid checksum
[scan] Starting new target: Gzipfile @ byte 200259212406 in [/media/sda3/hdd.img]
[scan] Unable to scan target: gzip: invalid checksum



what should i do now ?
vv181
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 25, 2021, 10:29:29 AM
 #16

Well, I can't help you further with that. I think you should move this topic to Bitcoin Technical Support board, so you will be able to get more exposure from experienced/knowledgeable members over there.

To see how to move the topic, refer to this:
[Lesson] How to Correct Move Topic


EDIT:
during the scan it shows me possible wallet.dat traces block offset bytes
You might want to look at this:
      
alinspired on Dec 7, 2017 [–]

I've tried your test wallet and got an offset for file location - any hints on how to get the wallet's content, with dd i presume?

   
   
jakewins on Dec 7, 2017 [–]

Yeah, the tool doesn't help much past this, it'll just tell you where the raw bytes are.

Basically, what is at that offset is (remnants of) a Berkeley DB file; you'll need manually do the forensic work to get the key out of it past that. Alternatively, there are services that will recover locked/corrupted wallet files I think, so you could extract a big blob around that byte offset and find someone that will do the forensic work for you.
sosa112 (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
August 25, 2021, 07:34:07 PM
 #17

how do i get a "big blob" like he says ? with dd ? if someone could explain that to me during the scan it looks like this

[7.11%] (644 additional targets)
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 18447876096
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 18483593216
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 18644004864
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 18715533312
[7.54%] (681 additional targets)
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 18887626752
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19017089024
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19047022592
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19100643328
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19100758016
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19144318976
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19145019392
[main] Found possible wallet trace:
  Found 'wallet.dat' at /media/sda3/hdd.img in 4kB block at byte offset 19158560768
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
August 25, 2021, 11:48:05 PM
Merited by ABCbits (4)
 #18

Those offsets are not contiguous... So, it seems like this tool is finding remnants of Berkeley DB files scattered across the disk image. Undecided

Also, note that just because it is a Berkeley DB file, doesn't mean that it's a wallet.dat file. There are other applications that also utilise this DB format.

Extracting a "big blob" should be relatively easy with dd:
Code:
dd if=input_file of=bigblob.bin skip=$start_offset count=$(($end_offset-$start_offset)) iflag=skip_bytes,count_bytes

In your case, you probably want $start_offset to be smaller than the lowest offset that the output shows... (ie. from your post: 18447876096)... and the $end_offset should greater than the highest offset + 4kb block size (ie. from your post: 19158560768 + 4096 = 19,158,564,864), so you can be sure that you're including all the fragments.

Actual Start = 18447876096
Actual End = 19158564864

Round the start offset down and the end offset up to nearest 10k (or 100k or whatever)...

Start = 18447870000
End = 19158570000

Count = 19158570000 - 18447870000 = 710700000

So... the end command (using values from your post) would be something like:
Code:
dd if=/media/sda3/hdd.img of=bigblob.bin skip=18447870000 count=710700000 iflag=skip_bytes,count_bytes

Of course, you'll need to adjust the start/end as per the actual output values from your full findbtc log.


I know your next question after you do this is going to be "what do I do with the 'big blog'?"... and I've honestly no idea. As the author of this app pointed out, this utility doesn't piece anything together, so you're going to need to do a bunch of "forensic" level work to be able to extract this data and then piece it all together... or try to find a trustworthy service to do it for you.

You would need to try and read all the individual chunks of Berkeley DB and try to piece them back together to try and rebuild the DB file... and then hope that you have enough of it to be able to extract the key data.

Honestly, if you're not trying to recover a very large sum of BTC, you might find that the costs involved outweigh the reward Undecided




ye that worked i scanned the hdd and during the scan it shows me possible wallet.dat traces block offset bytes but when the scan is completed 100% i get this ,

[scan] Starting new target: Gzipfile @ byte 192377703233 in [/media/sda3/hdd.img]
[scan] Unable to scan target: flate: corrupt input before offset 27
...
Those errors mean that a potential gzip file was too corrupt to be able to be decompressed and read. If your wallet.dat was in one of those gzip files, you likely won't be able to recover it.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!