Wallet recovery (contains over 250 BTC), reward offered

[ribuck]

I have been asked to recover a corrupted wallet. The wallet is owned by an influential blogger, so I'd really like to help him get it sorted out, for the benefit of Bitcoin. The wallet has been used to receive over 250 BTC to two donation addresses. There are no outgoing transactions.

He has emailed me the wallet.dat file. Here's what I've tried so far:

1. Copied wallet.dat into a fresh install of bitcoin-qt 5.2
2. Tried to dump the wallet using Gavin's bitcointools
3. Tried to dump the wallet using joric's and jackjack's pywallet tool

None of those tools can open the database within the wallet file.

So I tried the "--recover" option of jackjack's pywallet. It finds zero keys.

When I look at wallet.dat in a hex editor, the start of the file looks like binary data, unlike a regular wallet.dat which has lots of NUL characters at the start of the file. Furthermore, the unix command "strings" doesn't  return anything recognisable, whereas there are lots of instances of the string "key" in an uncorrupted wallet file.

Can anything more be done with this file? If so, I'll send it to any trusted member of the forum who is willing to work on it.

Otherwise, it seems the only remaining possibility is to run the "--recover" option of jackjack's pywallet tool on the original hard disk. However, the guy who lost the wallet runs Windows, which I haven't used since about 1998, so I wouldn't know where to begin.

Is there a trusted member who is familiar with pywallet's "--recover" option AND is prepared to talk the wallet owner through the process of installing python and scanning his hard disk (probably by skype)?

I'm prepared to pay a reasonable reward for the successful recovery of the wallet, based on time taken.

And yes, before anyone asks, he does know he should have had a backup system in place. Everyone who has lost a wallet knows that. The trick, however, is to know it *before* you lose the wallet...

[1714177424]

1714177424

[1714177424]

1714177424

[ThomasV]

[...] an influential blogger [...] he does know he should have had a backup system in place

I hope that he will be able to recover his coins.
if he is an influential blogger, perhaps he could use his power to educate people about deterministic wallets?
you know, those wallets that can be recovered by a seed, and that you do not need to backup more than once.

[piuk]

Maybe he has enabled wallet encryption by mistake?

[joulesbeef]

send me a copy, i'll fix it.

[ribuck]

Maybe he has enabled wallet encryption by mistake?

My own encrypted wallet still has lots of NUL characters at the beginning. It's the database content that is encrypted, rather than the database file, so I don't think accidental wallet encryption would produce the observed symptoms (unless it works differently under Windows).

[ribuck]

send me a copy, i'll fix it.

Thanks for the offer joulesbeef, but I prefer to wait a little while to see if I get an offer from someone with a visible track record of wallet support or troubleshooting. If no-one responds, I'll take you up on it in a day or two.

[dayfall]

I don't know where I got this, but here is an explanation of the HEX data.  You should be able to get the private keys out easily.

"The 279-byte "private key" is a DER key which actually contains both the
private and public keys.
The private key on its own is 32 bytes. The public key is 65 bytes.

Both keys are contained in a fixed location in the DER key.
Let's break the DER key down:

Byte        Length  Data
0 - 8       9       Always the same (see CONST 1).
9 - 40      32      PEM private key
41 - 213    173     Always the same (see CONST 2).
214 - 279   65      Public key

CONST 1:
30 82 01 13 02 01 01 04 20

CONST 2:
a081a53081a2020101302c06072a8648ce3d0101022100ffffffffffffffffffffffffffffffff
fffffffffffffffffffffffefffffc2f300604010004010704410479be667ef9dcbbac55a06295
ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b4
48a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a0
3bbfd25e8cd0364141020101a144034200

Note that the first byte of the public key is always 04. This is apparently
followed by a 32-byte X coordinate and a 32-byte Y coordinate.

The above constants are also identical when simply calling EC_KEY_generate_key
without any configuration (so they must be the default values for OpenSSL)."

[dayfall]

214 - 279   65      Public key

Yes, I tried this and it works.  Input the 65 bytes into the second box on http://gobittest.appspot.com/Address and it should give you the corresponding public key hash (address).

I suppose there are python scripts to import those bytes into another wallet, but I remember having to modify them a while back so I could import the format I wanted.  I wanted to import the hex version and I think it only accepted base58 at the time.  What I have is really messy but you can have it if nothing else works.  Obviously you have to have the hex of the public key first.

[ribuck]

Byte        Length  Data
0 - 8       9       Always the same (see CONST 1).
...
CONST 1:
30 82 01 13 02 01 01 04 20

Thanks, but I searched with a hex editor, and that string (i.e. CONST 1) does not occur anywhere in the wallet file, nor does CONST 2. So it looks like wallet.dat is completely corrupt.

It seems the only remaining possibility is to run the "--recover" option of jackjack's pywallet tool on the original hard disk. However, the guy who lost the wallet runs Windows, which I haven't used since about 1998, so I wouldn't know where to begin.

Is there a trusted member who is familiar with pywallet's "--recover" option AND is prepared to talk the wallet owner through the process of installing python and scanning his hard disk (probably by skype)?

I'm prepared to pay a reasonable reward for the successful recovery of the wallet, based on time taken.

[dayfall]

It seems the only remaining possibility is to run the "--recover" option of jackjack's pywallet tool on the original hard disk.

I'd forget pywallet until you can find the 279 byte key.  Unless you don't actually have a copy of the wallet, I think the only hope is that the file size was truncated and the key is on unused space on the disk.  In which case he will have to run low level disk tools.

I say there needs to be a print wallet option in the client, that prints qrcodes of the private keys (encripted or not).  At least a "backup" menu option.  In your friend's defense, I can't find anywhere official that says "copy your wallet.dat to a usb key and store it securely.  The data in this file IS the access to your money!"

[ribuck]

What you need to do at this point is run pattern a finder directly on
his hard drive to look for private keys directly at the disk sector level.

Yes. This is what the "--recover" option of jackjack's version of pywallet does. It scans the disk at the sector level, looking for keys.

But the owner of the wallet runs Windows, which I haven't used since 1998. I have no idea how to install python on it, or even how to name the raw drive (as opposed to the formatted volume). Nor do I have physical access to the machine, or I'd just boot up a Linux rescue disk and scan from there.

If anyone does know how to do this on Windows, and is willing to patiently talk the guy through it by skype, I'll pay for their time in BTC whether successful or not.

Or maybe there's a simpler tool with fewer dependencies that will just scan the disk for a magic bitcoin pattern such as "30 82 01 13 02 01 01 04 20" (as posted by dayfall). If that's not present, I guess all hope of recovery is gone.

[Pieter Wuille]

The 279-byte pattern for private keys is not used when the wallet is encrypted, so that could cause the problem. However, you would still expect to find certain strings inside...

[mintymark]

Here is what I would do:

1)  Prepare
     a) A usb key containing a live unix instalation boot image, for example, ubuntu would do.
     b) A new harddrive of similar size or bigger to the ones in the machine.

2)  Boot the machine being sure to use the keydrive.

3) Format the new disk, making sure not to accidentally format the windows drive(s).
    and mount it.

4) Use dd or its ofspring to make an image of the old disk(s) on the newly formatted disk.
   
5) Search for the byte patterns as described on this or another computer.

6) If unsuccessful consider sending a compressed version of the disk images to selected people here
    to see if more can be done. It will take time but a disk image can be sent, or it can be mailed as a dvd image.

Alternative is to have him mail the harddisk to some one you both trust to try to perform this. Perhaps yourself.

[ribuck]

Thanks mintymark, that makes sense.

It's not going to be easy to talk him through this remotely, when he has never used unix, dd, format, etc but I think it's the best way forwards.

[mintymark]

No, its not (not simple, that is.) . And doing this type of thing there are in fact many traps for the unwary. This is why it actually could be more practical (though I HATE to say it) for him to take the disk out and mail it to someone. Its very important though that any normal activity on the computer is stopped right now, and it should be left in a corner switched off until this disk image has been made. A half-competant local computer shop could also probably do this, allowing him to use the computer *and* mail it off to someone. He could also take them the disk, since removing it is a purely mechanical thing.

[film2240]

Can you send me a copy? I want to see if simple tools in my client (non standard bitcoin client) can recover wallet.

[joulesbeef]

send me a copy, i'll fix it.

Thanks for the offer joulesbeef, but I prefer to wait a little while to see if I get an offer from someone with a visible track record of wallet support or troubleshooting. If no-one responds, I'll take you up on it in a day or two.

I actually do have such a record.. you might have to dig a bit in my comment history, but i have repaired several, including my own.

Anyways, I dont care either way.. right now it doesnt sound so good.

Even if you get it fixed and move the coin somewhere safe, i wouldnt mind a crack at the wallet. I enjoy fixing them and it is a good ability to have.

[John (John K.)]

Ask casacius. He has a long and proven track record of recovering stuff from a damaged wallet.
People trust him a lot as he sells those physical bitcoins, which he could screw people by keeping a copy of the private key.

[uuidman]

Did the keys get recovered, or whats the status ?

[ribuck]

Did the keys get recovered, or whats the status ?

There's nothing in the wallet.dat file that even remotely resembles the contents of a Bitcoin wallet. Presumably there has been filesystem corruption.

I told the owner I couldn't do any more with the wallet. I recommended to the owner that he uses low-level tools to scan his hard disk for the sequence of bytes that could indicate the presence of Bitcoin keys. I don't know whether this has been done. I didn't offer to do it myself because (a) I'm not in the same country, and (b) he uses Windows, with which I'm not familiar.