EPIC fail

[casascius]

I haven't seen anything so far, and won't be at the computer for long.  mcaldwell at mc2cs.com.  Got some wine to pour soon.

EDIT: I'm offline.  Please don't send anything to my e-mail unless you PGP encrypt it first.

[1713903736]

1713903736

[trentzb]

If Mike finds nothing I'd be happy to take a glance and confirm what he found, or didn't find. Although I would suspect my findings would be identical.

[NINJA--]

How do I encrypt it?

[vuce]

http://www.gnupg.org/ (you will need to know casascius' public key in order to do this)

[payb.tc]

http://www.gnupg.org/ (you will need to know casascius' public key in order to do this)

casascius published his key in post #13: https://bitcointalk.org/index.php?topic=56023.msg667061#msg667061

as far as i know pgp and gpg are compatible... someone correct me if i'm wrong about that.

[vuce]

http://www.gnupg.org/ (you will need to know casascius' public key in order to do this)

casascius published his key in post #13: https://bitcointalk.org/index.php?topic=56023.msg667061#msg667061

as far as i know pgp and gpg are compatible... someone correct me if i'm wrong about that.

oops, missed that. Thanks for fixing it for me. (was searching his website, I was sure there had to be a pk somewhere

as far as i know pgp and gpg are compatible... someone correct me if i'm wrong about that.

They are, they both use the same standard (OpenPGP).

[NINJA--]

sent

[casascius]

 

I received a file... unfortunately, this is an empty file with no content.  Unless, of course, somebody else sent it to me as a joke (I have no way of knowing).

This file is 204,800 bytes long.  It is a file with 204,800 null bytes.  It contains absolutely nothing.

It has a sha256sum of 8eafc7bd411c1f02b9e972a83d2b0a4164eefc5ef51e6b63ad7acc78be4ad44f

You should compute the sha256sum of the file you have (linux: simply type sha256sum wallet.dat) to confirm we're talking about the same file.

The only other possible way to attempt recovery is to scan the disk.  This is a crapshoot if you've already installed a new operating system on it.  If you would like to attempt it, the first thing I would recommend is to stop using the disk immediately if you're using it now...

[casascius]

BTW is this the copy off your USB backup?  Didn't you say you had a physical hard drive failure?

If your hard drive has physically failed, For 600 BTC your drive might be worth sending to a recovery place that does this professionally.  Tell them you simply want all sectors containing a specific byte sequence (which I can give you, but also which I have detailed in another post).  If recovery is possible, this should be an EASY job for them, since they don't have to worry about trying to piece any of your files together.  They can either tell you, "yes we found those bytes" or "no we did not".

600 BTC seems to be approaching the $3000 mark... hard drive recovery typically costs much less than that, and if no recovery is possible, you're either out nothing, or one or two hundred bucks if you decide you want to let them try getting physically invasive with the drive.

[legolouman]

Before sending out the hard drive to a professional, put it in the freezer. Seriously, this is legit http://lifehacker.com/170257/macgyver-tip--save-your-hard-drive-in-the-freezer

[casascius]

Before sending out the hard drive to a professional, put it in the freezer. Seriously, this is legit http://lifehacker.com/170257/macgyver-tip--save-your-hard-drive-in-the-freezer

I would say best practice is to not run a drive that has experienced a physical failure.  So would any professional recovery outfit.  That's because if it's had a head crash, more motion equals more damage.

Any reputable one will give a FREE estimate and initial diagnosis, won't charge for non-recovery in most cases* and he clearly has what amounts to a $3000 budget to pay for any successful recovery, so why bother DIY'ing it any longer when doing so can only make things worse?

(*Most cases = They might call you and say, "OK, we got nothin, but we can try pulling parts from another drive and see if that works, and that's gonna cost you a couple hundred bucks regardless of the outcome."  If you say no, they don't charge.)  EDIT: Data can be recovered from MOST drives without needing this, especially so if you're just aiming for sectors, not full files.  Bitcoin recovery only needs sectors.

Tell the recovery company you want the drive searched for any sectors or files containing the following hex bytes: 01 03 6B 65 79 41 04, and all good sectors immediately surrounding any sector that contains this.

If they can find any sectors with those hex numbers and can dump all those sectors into a file (regardless of sequence - it's called a blob), that file can be used for bitcoin recovery.

And if you have any OTHER copies of this wallet.dat - new, old, USB, backup, whatever - don't hesitate to try those as well.

[legolouman]

Before sending out the hard drive to a professional, put it in the freezer. Seriously, this is legit http://lifehacker.com/170257/macgyver-tip--save-your-hard-drive-in-the-freezer

I would say best practice is to not run a drive that has experienced a physical failure.  So would any professional recovery outfit.  That's because if it's had a head crash, more motion equals more damage.

Any reputable one will give a FREE estimate and initial diagnosis, won't charge for non-recovery in most cases* and he clearly has what amounts to a $3000 budget to pay for any successful recovery, so why bother DIY'ing it any longer when doing so can only make things worse?

(*Most cases = They might call you and say, "OK, we got nothin, but we can try pulling parts from another drive and see if that works, and that's gonna cost you a couple hundred bucks regardless of the outcome."  If you say no, they don't charge.)  EDIT: Data can be recovered from MOST drives without needing this, especially so if you're just aiming for sectors, not full files.  Bitcoin recovery only needs sectors.

Tell the recovery company you want the drive searched for any sectors or files containing the following hex bytes: 01 03 6B 65 79 41 04, and all good sectors immediately surrounding any sector that contains this.

If they can find any sectors with those hex numbers and can dump all those sectors into a file (regardless of sequence - it's called a blob), that file can be used for bitcoin recovery.

And if you have any OTHER copies of this wallet.dat - new, old, USB, backup, whatever - don't hesitate to try those as well.

The freezer trick usually buys you about as much time on the drive as it spends in the freezer. Then it really dies forever. Drive recovery generally costs a ton of money, even more if they have to pull parts. While he might have a 3000 budget, I'm sure he doesn't want to spend 3k for the recovery, there would be no point. I understand what you are getting at casascius, I was just suggesting the easiest and most pain free way of doing this. A drive recovery would obviously be the way to go, but also the most counter intuitive, due the costs.

[casascius]

The freezer trick usually buys you about as much time on the drive as it spends in the freezer. Then it really dies forever. Drive recovery generally costs a ton of money, even more if they have to pull parts. While he might have a 3000 budget, I'm sure he doesn't want to spend 3k for the recovery, there would be no point. I understand what you are getting at casascius, I was just suggesting the easiest and most pain free way of doing this. A drive recovery would obviously be the way to go, but also the most counter intuitive, due the costs.

Have you ever outsourced a drive recovery?  I have.  It's far less than $3000.  Especially if the drive will spin up on its own and allows limited sector reads via diagnostic tools.

Only when you get into reconstructing RAID and servers does it get that high.  If recovery companies needed $3000 to recover family photos and excel spreadsheets, they wouldn't have much of a business, because most people will just say "aww screw it" before plunking that kind of cash down.

[jake262144]

Let's change our approach to the recovery a bit.

Ninja, have you had any success with your backup drive?
Does it spin up when powered up? Does it initialize? Is it at all visible to the OS or BIOS?
What exactly happened to that drive, did you drop it?
If the drive was indeed dropped, disregard my advice regarding software recovery - if the head got killed, it'll never pull any useful data off the platters.

Try connecting it to another machine (perhaps with a more patient disk controller).

If the BIOS sees it, there's a good chance you might be able to recover your data using data recovery software.
Spinrite might do the job, it's a very tenacious piece of software.
Be advised though, the recovery process has been known to stretch into weeks on some damaged drives, although for me it was never longer than a couple of days tops.
I'm in no way associated with the author, BTW, just a satisfied user.

[jake262144]

As to keeping backups, here's what I recommend:

(1) If you haven't already, download and install TrueCrypt. It's a great, free, and completely open-source piece of software with a great GUI.
(2) Encrypt your wallet file(s) into an encrypted archive ¹. Please use a VERY long passphrase. Make sure you don't forget the passphrase though ^^
(3) Propagate the encrypted archive. I send myself a copy as an e-mail attachment. I keep another copy on my smartphone. Yet another on my file server. There's a copy floating in the internet cloud... a myriad of options to choose from.

This way, whatever happens some copies will survive.
Should a third party obtain a copy of the encrypted archive, there's nothing they can do with it.

The last piece of advice is, never keep all your bitcoins in one wallet if you have a sizable amount of them.
Divide your bitcions into a number of wallet.dat files and encrypt them all.

Good luck with the recovery.



(1) A neat trick is not specifying any file extension for the encrypted archive. Mine exists as a file named something like b9e6c89a. There's nothing in the file structure which could identify it as a TrueCrypt archive, there's pure randomness inside. Have at it, you evil-doers

[NINJA--]

Nothing happened to the drive with my main backup. It just stopped working. I tried to restart my computer and it would not shut down. It was stuck in the shutting down process so I pressed the restart button. After that the computer never booted again it kept throwing up blue screens. I tried to restore and repair from windows disc but I couldnt even boot the disc without getting blue screens. I fucked with it for an hour before I decided windows was beyond repair and I loaded my backup image with acronis true image. After I loaded my backup I expected everything to be OK but I still could not boot in to windows. So I started pulling all the parts of my computer except for 1 stick or ram and 1 video card and I finally booted to my desktop. I started putting pieces back in one by one and as soon as I plugged in the secondary HD I got a blue screen. So at that point I knew it was the HD that was giving me problems. I have not played with the failed HD much. The bios does detect it but windows wont boot with it plugged in the sata port. When I plug it in an external USB enclosure it shows under disc management but I cant access the drive or give it a drive letter. I called western digital and they said they will attempt to recover my data for free.

[casascius]

...and I loaded my backup image with acronis true image. After I loaded my backup I expected everything to be OK but I still could not boot in to windows...

Is this backup image still intact?  Certainly it's got to have something better than a bunch of 0's for your wallet.dat.  Any way you could re-restore this somewhere else?  (into a folder on a working machine, not over top of a bootable OS)

[NINJA--]

Its funny that you should ask. The drive that failed is the drive that has the backup that I loaded acronis with. So even though the drive is failing I was still able to detect and load the image from it.

[casascius]

OK, the drive you reloaded your os BACK ON to (not the failing backup drive) is the one you need to sector-scan for private keys.  That's a drive that's not failing at the moment, right?

The private keys may still be recoverable from the unallocated space.

Got another drive you can work with?  The more you use this drive, the less likely it can be used to recover.

Does this drive have Windows on it?  You could use WinHex to attempt to search for the magic bytes.  (I would avoid installing anything onto the drive)

[NINJA--]

The drive with the OS is a SSD. I can yank it out and throw windows on another drive to avoid any further use.