How to spot fake or forged wallet.dat?

[balonmd]

Hey everyone. Recently I found a unique method to spot fake wallet.dat files.
Wallets can be faked at least in 2 ways.

1. By changing the iteration number of the hash itself (I'm still looking how to spot fake iterations. The probability that a wallet have fake iteration inserted in wallet hash is kind of low).
2. By changing public key with a key that has amount. (My method will spot this type of fake)

The method is entirely created and developed by me. After  months of investigation, I can spot with a precise level : 99.9% fake wallets that does not have private key, or have a wrong one mapped to public key. Unfortunately there is a very big business with fake wallet.dat, that's why I am willing to help people that are looking for forgotten password of wallet.dat. Also I would like to discuss with more wallet crackers, in order to develop cracking knowledge and share our experience.

telegram: @btc_fan
email: ursunicolae89@gmail.com

[Timelord2067]

The very fact that a wallet.dat might be offered for sale, or, "help me unlock it and I'll pay you BTCBTCBTC" might in itself be a big neon light that the wallet.dat is either fake, or has been forged.

[mocacinno]

The very fact that a wallet.dat might be offered for sale, or, "help me unlock it and I'll pay you BTCBTCBTC" might in itself be a big neon light that the wallet.dat is either fake, or has been forged.

100% in agreement with Timelord2067... I was thinking about a slightly different defenition that boils down to exactly the same result:
"If you didn't create the wallet.dat yourself, or didn't receive it from the verified creator,  it's either fake or immoral to own"

[math09183]

Rule is simple:
Anything what comes from humerh3 (https://bitcointalk.org/index.php?action=profile;u=980573) or any other Russian seller is forged.

[balonmd]

Totally Agree. The fake wallet.dat had invaded the internet. This business is growing up, and a lot of new comers are scammed by all this sellers.

The very fact that a wallet.dat might be offered for sale, or, "help me unlock it and I'll pay you BTCBTCBTC" might in itself be a big neon light that the wallet.dat is either fake, or has been forged.

Agree. But still there is a extremely small chance to get a real wallet.dat. Or to help a person who forget the password.
Ex here:
https://bitcointalk.org/index.php?topic=5322325.msg56514279#msg56514279

[Timelord2067]

Rule is simple:
Anything what comes from humerh3 (https://bitcointalk.org/index.php?action=profile;u=980573) or any other Russian seller is forged.

Just on a portion of that name (and the fact they already have multiple negative trust feed-backs) reminds me of a serial scammer who is collectively know as humbertin and has used multiple variants of the first part "HUM" or "HUMBER" etc.

Not saying they are the same, just that one reminded me of the other.

[bL4nkcode]

Every single wallet.dat that is for sale in the internet are all fake and there's no way for it be recovered (if possible but for this time), no ifs and buts.

Why would someone buy this too good to be true offers if the seller/owner can't even recover it by his own?

[math09183]

I must say long time ago when I was really naive I bought one wallet from him. He sells also 'hints', which are purely imagined I assume.
On the other hand, recently I paid him 15$ for "damaged paper wallet", because I was bored and I wanted to test myself. Something like 13 characters at the end were lost and partially damaged qr code was visible. I was able to decode manually part of QR code and combining it with WIF I restored the full key - which was of course for different address. But I had a fun and it was really interesting training in recovery

[LoyceV]

When using wallet.dat files from untrusted sources, remember this:

As an aside, it is not safe to use potentially malicious wallet.dat files.  Anyone who gets sent a wallet.dat from a third party should take great care in using it. I would not be shocked if it were possible to get arbitrary code execution from a wallet.dat file.  If a bad guy found a way to do that the best way to exploit that discovery would be to pose as someone who corrupted their wallet and encourages people to try to 'scam' them by getting a copy of their wallet or help them with a promise of an outsized reward.

Take precautions, such as using a VM or dedicated system without any of your real data, and wipe it afterwards.

Rule is simple:
Anything what comes from humerh3 (https://bitcointalk.org/index.php?action=profile;u=980573) or any other Russian seller is forged.

Just on a portion of that name (and the fact they already have multiple negative trust feed-backs) reminds me of a serial scammer who is collectively know as humbertin and has used multiple variants of the first part "HUM" or "HUMBER" etc.

Humbertin doesn't speak Russian.

On the other hand, recently I paid him 15$ for "damaged paper wallet", because I was bored and I wanted to test myself. Something like 13 characters at the end were lost and partially damaged qr code was visible. I was able to decode manually part of QR code and combining it with WIF I restored the full key - which was of course for different address. But I had a fun and it was really interesting training in recovery

Too bad you financially supported a scammer
To get something good out of this: If I get you a partially damaged (empty) paper wallet: can you write a full howto on how to restore it?

[Timelord2067]

As I said:

Not saying they are the same, just that one reminded me of the other.

!!!

[thelema93]

Hey everyone. Recently I found a unique method to spot fake wallet.dat files.
Wallets can be faked at least in 2 ways.

1. By changing the iteration number of the hash itself (I'm still looking how to spot fake iterations. The probability that a wallet have fake iteration inserted in wallet hash is kind of low).
2. By changing public key with a key that has amount. (My method will spot this type of fake)

The method is entirely created and developed by me. After  months of investigation, I can spot with a precise level : 99.9% fake wallets that does not have private key, or have a wrong one mapped to public key. Unfortunately there is a very big business with fake wallet.dat, that's why I am willing to help people that are looking for forgotten password of wallet.dat. Also I would like to discuss with more wallet crackers, in order to develop cracking knowledge and share our experience.

telegram: @btc_fan
email: ursunicolae89@gmail.com

Are you saying that Bitcoin Core will open these fake wallets and they will show balance? Can you explain in more detail how that is possible?
How can we check to see if it's real or not?
Surely if someone changed the public key to one with balance, then that would be a real public key and therefore would show recent transactions?

[OgNasty]

It's been stated over and over again that nobody should be buying wallet.dat files because it's a clear scam.  Even if the wallet.dat holds satoshi's keys it's likely encrypted so strongly that you'd never be able to get ahold of the contents.  I hope that nobody is paying money for these wallet files thinking they'll get money from it.  Maybe it would be a nice story to have if you were looking to fabricate a tale about having a bunch of Bitcoin or something.  I really can't see much use beyond that.  Even then, having a "forged" wallet.dat would probably do the trick just as well as the real thing.  It is somewhat immoral I think to make money from this sort of thing.

[thelema93]

Hey everyone. Recently I found a unique method to spot fake wallet.dat files.
Wallets can be faked at least in 2 ways.

1. By changing the iteration number of the hash itself (I'm still looking how to spot fake iterations. The probability that a wallet have fake iteration inserted in wallet hash is kind of low).
2. By changing public key with a key that has amount. (My method will spot this type of fake)

The method is entirely created and developed by me. After  months of investigation, I can spot with a precise level : 99.9% fake wallets that does not have private key, or have a wrong one mapped to public key. Unfortunately there is a very big business with fake wallet.dat, that's why I am willing to help people that are looking for forgotten password of wallet.dat. Also I would like to discuss with more wallet crackers, in order to develop cracking knowledge and share our experience.

telegram: @btc_fan
email: ursunicolae89@gmail.com

Still no-one answered me.....
I would really like to understand what you mean: So you are saying in 2) that someone can change the public key inside the wallet to one that has a balance - so even if you crack the private key it won't open the wallet - as it not the correct key pair?
So when opening such a wallet in bitcoin core - would i see the correct public address? OR the fake public address or both?
if the public key showing a balance is fake, surely there would be recent transactions?
For example a wallet that only has transactions from 2015 would not be fake right?