Bitcoin Forum
March 28, 2024, 03:57:35 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: help with wallet.dat  (Read 6648 times)
zrataj (OP)
Newbie
*
Offline Offline

Activity: 20
Merit: 10


View Profile
May 14, 2011, 01:34:17 PM
 #1

Hello. Long word short, I had a system crash ( hdd died ), lost my wallet.dat ( i had a backup, but on the same hdd Angry ) and had to reinstall win. In the meantime my pool sent me an automatic payment to my bitcoin address. I recoveered the wallet.dat file from the hdd and tried to use it with fresh installed bitcoin, but I get 11ddb exception, so I think the file is somehow corrupted or damaged. When I open the file with hex editor or notepad I can still see the address to which the bitcoins were sent. So I want to ask if somebody can help me to recover my coins or help to extract priv. key from my wallet or any other suggestion.

Best regards
1711641455
Hero Member
*
Offline Offline

Posts: 1711641455

View Profile Personal Message (Offline)

Ignore
1711641455
Reply with quote  #2

1711641455
Report to moderator
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711641455
Hero Member
*
Offline Offline

Posts: 1711641455

View Profile Personal Message (Offline)

Ignore
1711641455
Reply with quote  #2

1711641455
Report to moderator
1711641455
Hero Member
*
Offline Offline

Posts: 1711641455

View Profile Personal Message (Offline)

Ignore
1711641455
Reply with quote  #2

1711641455
Report to moderator
1711641455
Hero Member
*
Offline Offline

Posts: 1711641455

View Profile Personal Message (Offline)

Ignore
1711641455
Reply with quote  #2

1711641455
Report to moderator
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
May 16, 2011, 05:11:53 AM
 #2

I get 11ddb exception, so I think the file is somehow corrupted or damaged. When I open the file with hex editor or notepad I can still see the address to which the bitcoins were sent.

Have you tried the Berkeley DB tools?  Does "db4.7_dump wallet.dat" give an error?  (db4.7_dump may be called "db_dump", depending on your installation, and you may have to install the "standalone utilities" separately from the main library.)  I have managed to fish a keypair out of db_dump output and paste it into another wallet (modifying its db dump and recreating it with db_load).

If db_dump can not handle the file, I suggest either googling Berkeley DB recovery or trying to find the key pair with your hex editor.  For example, in this partial dump of a wallet.dat file:
Code:
00003e80: 1a01 01fd 1701 3082 0113 0201 0104 2044  ......0....... D
00003e90: b158 5492 c83e 83fd 9177 83c1 b74e c25e  .XT..>...w...N.^
00003ea0: 3e6b 3ca8 722c c41e abe0 5249 a462 88a0  >k<.r,....RI.b..
00003eb0: 81a5 3081 a202 0101 302c 0607 2a86 48ce  ..0.....0,..*.H.
00003ec0: 3d01 0102 2100 ffff ffff ffff ffff ffff  =...!...........
00003ed0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00003ee0: fffe ffff fc2f 3006 0401 0004 0107 0441  ...../0........A
00003ef0: 0479 be66 7ef9 dcbb ac55 a062 95ce 870b  .y.f~....U.b....
00003f00: 0702 9bfc db2d ce28 d959 f281 5b16 f817  .....-.(.Y..[...
00003f10: 9848 3ada 7726 a3c4 655d a4fb fc0e 1108  .H:.w&..e]......
00003f20: a8fd 17b4 48a6 8554 199c 47d0 8ffb 10d4  ....H..T..G.....
00003f30: b802 2100 ffff ffff ffff ffff ffff ffff  ..!.............
00003f40: ffff fffe baae dce6 af48 a03b bfd2 5e8c  .........H.;..^.
00003f50: d036 4141 0201 01a1 4403 4200 04ff 5443  .6AA....D.B...TC
00003f60: fcd0 0b8f 3844 569d caa4 2662 d90e 0c8a  ....8DV...&b....
00003f70: fb1f e358 04c3 20e5 bb08 ea6d adc3 2317  ...X.. ....m..#.
00003f80: 67aa 13b9 dd6a bcb4 5a8c d049 7490 d5c2  g....j..Z..It...
00003f90: a78f f85e a617 1139 4b3b 08e5 c9bd ca00  ...^...9K;......
00003fa0: 4600 0103 6b65 7941 04ff 5443 fcd0 0b8f  F...keyA..TC....
00003fb0: 3844 569d caa4 2662 d90e 0c8a fb1f e358  8DV...&b.......X
00003fc0: 04c3 20e5 bb08 ea6d adc3 2317 67aa 13b9  .. ....m..#.g...
00003fd0: dd6a bcb4 5a8c d049 7490 d5c2 a78f f85e  .j..Z..It......^
00003fe0: a617 1139 4b3b 08e5 c9c2 57f9 0400 0102  ...9K;....W.....

You can see the 65-byte public key beginning at offset 0x3fa8 (04ff 5443..., right after the ASCII word "key" and a 65 byte that I guess is a length of what follows.)  The full key pair is in a sequence of 282 bytes that ends with those same 65 bytes, in this case starting at offset 0x3e83 (fd 1701...).  The lines for db_load here are:

 036b65794104ff5443fcd00b8f3844569dcaa42662d90e0c8afb1fe35804c320e5b\
b08ea6dadc3231767aa13b9dd6abcb45a8cd0497490d5c2a78ff85ea61711394b3b\
08e5c9
 fd170130820113020101042044b1585492c83e83fd917783c1b74ec25e3e6b3ca87\
22cc41eabe05249a46288a081a53081a2020101302c06072a8648ce3d0101022100\
fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f300604010004010 704410479be667\
ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a\
3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffff\
ffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020101a14403420004ff5443fcd0\
0b8f3844569dcaa42662d90e0c8afb1fe35804c320e5bb08ea6dadc3231767aa13b9\
dd6abcb45a8cd0497490d5c2a78ff85ea61711394b3b08e5c9

(Remove the backslash-newline sequences, which I added for formatting.)

A normal wallet.dat will contain over  100 such key entries.  You have to find the one(s) that match your coin-containing addresses.  The Block Explorer can convert a public key (in hex form) to an address using the hashpubkey and hashtoaddress functions in combination: http://blockexplorer.com/q

If the DB tools don't work, you are probably looking at a few hours' work for an expert, and you can't be sure the key pair itself isn't corrupt, so you'd have to consider the value of the coin relative to the work.  I think a tool could be written to help with this.

Good luck.

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
zrataj (OP)
Newbie
*
Offline Offline

Activity: 20
Merit: 10


View Profile
May 16, 2011, 07:59:53 PM
 #3

Hi. Big thanks for this info, very good reply. Seems file is corrupted as I've tried all the keys and can't get the right address from hash.  I will play a little bit more and tell the results.

best regards
couchinator
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
May 17, 2011, 08:15:13 PM
 #4

johntobey253; can you help me? I'm trying to do the same thing here. I think I've pulled my key pair from the file as you showed. How exactly do I use db_load to insert it into another wallet?
Thanks
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
May 18, 2011, 04:06:03 AM
Last edit: May 18, 2011, 04:27:52 AM by johntobey253
 #5

Are you running Linux or Cygwin, and do you know how to edit and run shell scripts?  This is the best I can offer at the moment.  Tested using testnet.

Code:
#! /bin/sh

# This script writes a file named recovered_wallet.dat.
# Make plenty of backups when manipulating wallet files.
# This software is offered freely without warranty of any kind.

# These instructions are for people who have a corrupt copy of a
# wallet.dat file with a nonempty balance and no other means to
# recover the coins.  The wallet.dat format currently (Original
# Bitcoin Client 0.3.x) is a Berkeley DB file.  You should search for
# and try the usual Berkeley DB recovery mechanisms before you attempt
# this method.

# Replace the values of PUBKEYHEX and KEYPAIRHEX below with a
# hex-encoded public key and full key pair, respectively, from your
# corrupt wallet.dat.  In a hex dump, the public key is 65 bytes
# following a sequence "03 6b 65 79 41".  The keypair consists of
# another copy of the public key (somewhere else in the file) preceded
# by 217 bytes, which presumably encode the private key.  The 217
# bytes always seem to begin with 0xfd (253).  These observations are
# a result of reverse-engineering the file format and may not always
# apply.  If you can confirm or correct this, please post!

# The following short Perl script may find the values in a file called
# CORRUPT_wallet.dat:

# #!/usr/bin/perl
# $_ = `cat CORRUPT_wallet.dat`;
# while (/keyA(.{65})/sg) { $k{$1}++ }
# for my $k (keys(%k)) {
#     while (/(\xfd.{216}\Q$k\E)/sg) {
#         print("PUBKEYHEX=", unpack("H*", $k), "\n");
#         print("KEYPAIRHEX=", unpack("H*", $1), "\n\n");
#     }
# }

# A typical wallet.dat contains 100 or more of these key pairs, which
# you would try one by one if you don't know which one contains your
# coins.  http://blockexplorer.com/q contains tools to convert from a
# public key to an address, and you can look up each address (with
# http://blockexplorer.com) to see if it has a balance.

# To convert the example public key below to an address:
# http://blockexplorer.com/q/hashpubkey/04ff5443fcd00b8f3844569dcaa42662d90e0c8afb1fe35804c320e5bb08ea6dadc3231767aa13b9dd6abcb45a8cd0497490d5c2a78ff85ea61711394b3b08e5c9
# returns the "hash" 37A85118AD7DBE78132CF13DCD90F35D701172C5, which,
# if given as the last component of
# http://blockexplorer.com/q/hashtoaddress/37A85118AD7DBE78132CF13DCD90F35D701172C5
# yields the address 165HoQXzxc26xxkECD95icTAscZW8TngFU.
# (In the testnet, this is mkbF6TcymdTMk5Dqun7TYXfVjcAD2g5cSj.)
# The bitcointools package contains Python code for doing the same.

# If this script succeeds for a given address, exit any running
# bitcoin process.  Back up any existing wallet.dat and install
# the new file (recovered_wallet.dat) as wallet.dat.  Run "bitcoind
# -rescan".  (Maybe the GUI will work, but I've tested only the
# daemon.)  After the program updates and scans the block chain,
# "bitcoind getblockcount" will show the current block count as shown
# by http://blockexplorer.com.  "bitcoind listaccounts" should show
# one account with an empty name and the coin's value, for example:

# {
#     "" : 123.456
# }

# Get a known good address and send the full balance to it using
# "bitcoind sendtoaddress {KNOWN_GOOD_ADDRESS} {BALANCE}".  If you
# send less than the full balance, the remainder will go to a change
# address in the recovered wallet, complicating matters.

# "bitcoind sendtoaddress ..." outputs a transaction hash.  Check the
# block explorer for confirmation.  Stop the program with "bitcoind
# stop" and restore your real wallet file.

#PUBKEYHEX={your public key}
#KEYPAIRHEX={your full key pair}
PUBKEYHEX=04ff5443fcd00b8f3844569dcaa42662d90e0c8afb1fe35804c320e5bb08ea6dadc3231767aa13b9dd6abcb45a8cd0497490d5c2a78ff85ea61711394b3b08e5c9
KEYPAIRHEX=fd170130820113020101042044b1585492c83e83fd917783c1b74ec25e3e6b3ca8722cc41eabe05249a46288a081a53081a2020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f300604010004010704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020101a144034200$PUBKEYHEX

# Replace "db4.7_load" with the name of the db_load utility installed on
# your system.
DB_LOAD=db4.7_load

# Output file name.
RECOVERED_WALLET=recovered_wallet.dat

# Refuse to modify a previously created file.
test -e "$RECOVERED_WALLET" && {
    echo "$0: exiting because $RECOVERED_WALLET exists" 2>&1
    exit 1
}

$DB_LOAD "$RECOVERED_WALLET" <<EOF
VERSION=3
format=bytevalue
database=main
type=btree
db_pagesize=4096
HEADER=END
 036b657941$PUBKEYHEX
 $KEYPAIRHEX
 0776657273696f6e
 027d0000
 0a64656661756c746b6579
 41$PUBKEYHEX
DATA=END
EOF

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
couchinator
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
May 18, 2011, 08:51:21 PM
 #6

IT WORKED! Thanks a ton!
indio007
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
June 23, 2011, 03:42:39 AM
 #7

I don't mean to reraise a dead thread. I can't find the keypair using this method.  0xfd doesn't exist in my wallet. Any tools to extract the key pair for a transaction?
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
June 23, 2011, 09:17:58 PM
 #8

I don't mean to reraise a dead thread. I can't find the keypair using this method.  0xfd doesn't exist in my wallet. Any tools to extract the key pair for a transaction?

Does any string of 65 bytes starting with 04 occur more than once?  Can you convert it to an address (e.g., with Block Explorer) and see a balance belonging to that address?  If you can get past these steps, you may have a chance.

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
indio007
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
June 24, 2011, 12:50:54 AM
 #9

Thnks for the response , I manage to find the public and key pair. In regards to the script you posted what is the significance of the numbers "0776657273696f6e
 027d00000a64656661756c746b657941" Is that the transaction hash?
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
June 24, 2011, 01:13:33 AM
 #10

Thnks for the response , I manage to find the public and key pair. In regards to the script you posted what is the significance of the numbers "0776657273696f6e
 027d00000a64656661756c746b657941" Is that the transaction hash?

I guess.. 07: length of string that follows; 76657273696f6e: ASCII for "version"; 027d0000: little-endian version number 32002 (0.3.20.2); 0a: length of string that follows; 64656661756c746b6579: ASCII for "defaultkey"; 41: length of public key that follows.

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
September 22, 2011, 05:02:51 PM
 #11

For reference, here's a script that operates on a raw disk partition.  It may recover bitcoins after wallet.dat is deleted.  You should try filesystem recovery tools in that case, too.  Avoid booting into or modifying the filesystem until you are through searching it.  Instructions are in the code comments.
Code:
#! /usr/bin/perl

# findkeys.pl Copyright (C) 2011 John Tobey, <John.Tobey@gmail.com>

#   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
# APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
# HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
# OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
# IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
# ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

#   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
# WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
# THE PROGRAM, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
# GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
# USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
# DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
# PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
# EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGES.

# This script searches for Bitcoin private keys in a disk partition
# containing a deleted wallet file.  You would do this after failing
# to recover the bitcoins from backups, filesystem recovery tools, and
# Berkeley DB recovery tools, if applicable.

# This program is not easy to use.  I don't personally need it, I
# wrote it as an experiment for someone who lost their wallet.

# These instructions assume you are running Linux and know the partition you
# want to search (example: /dev/sda2).  If you want to search a file instead
# of a partition, replace "sudo dd if=/dev/sda2" with "cat FILENAME" below.

# This script reads a file named pubkeys.dat containing possible public keys.
# To create pubkeys.dat prior to running this script, use a command like the
# following, with the partition name in place of "/dev/sda2":

# sudo dd if=/dev/sda2 |perl -e '$| = 1; $bufsize=4096; while(read(STDIN,$_,$bufsize,70)) { print $1 while /\03keyA(.{65})/sg; $_=substr($_,$bufsize); }' > pubkeys.dat

# Searching for many possible keys takes a long time.  findkeys.pl
# allows searching for only a range of the possible keys in
# pubkeys.dat.  Experiment to find the right number to search in one
# run.  You can interrupt a run (hit Ctrl-C) and restart it with
# different arguments if it is too slow.

# The script puts the most "interesting" possible keys first in the
# sequence.

# Run findkeys.pl with no arguments to show the number of keys in pubkeys.dat.
# To search partition /dev/sda2 for the first 10 keys:
# sudo dd if=/dev/sda2 | ./findkeys.pl 10 >> keys.txt
# To search for the next 20 keys:
# sudo dd if=/dev/sda2 | ./findkeys.pl 20 10 >> keys.txt

# If the output file (keys.txt) is not empty, it may contain private keys in
# hexadecimal format.

use strict;
use warnings;
$| = 1;

my $count = shift;
my $start = shift || 0;
my $pubkeys_file = "pubkeys.dat";
my (%seen, @interesting, @boring, @pubkeys);
my $bufsize_MB = 10;

open(PKD, "<", $pubkeys_file) || die("$pubkeys_file: $!");
while (read(PKD, my $pubkey, 65)) {
    next if $seen{$pubkey}++;
    if ($pubkey =~ /\A\x04/) {  # Bitcoin pubkeys tend to start with hex 04.
        push(@interesting, $pubkey);
    }
    else {
        push(@boring, $pubkey);
    }
}
@pubkeys = (@interesting, @boring);

if (!defined($count)) {
    if (scalar(@pubkeys) == 0) {
        print STDERR "No keys found in $pubkeys_file, sorry.\n";
        exit 1;
    }
    print STDERR "Keys to search for: " . scalar(@pubkeys) . "\n";
    print STDERR "Interesting keys: " . scalar(@interesting) . "\n";
    print STDERR "Run $0 COUNT to look for COUNT keys.\n";
    print STDERR "Run $0 COUNT START to skip the first START keys.\n";
    exit;
}

my @patterns;
for my $pubkey (@pubkeys[$start .. ($start + $count - 1)]) {
    push(@patterns, quotemeta($pubkey));
}
my $searcher = eval("sub { /(.{217}(" . join("|", @patterns) . "))/sg }");
my $bufsize = $bufsize_MB * 1024 * 1024;
my $MB_read = 0;
while(read(STDIN, $_, $bufsize, 288)) {
    for my $found (&$searcher()) {
        my $output = unpack("H*", $found);
        print "$output\n";
        if ($output =~ /^fd/ && $output !~ /036b657941/) {
            print STDERR "\rProbable key: $output\n";
        }
    }
    last if length($_) <= $bufsize;
    $_ = substr($_, $bufsize);
    $MB_read += $bufsize_MB;
    print STDERR "\r$MB_read MB scanned. ";
}

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
September 22, 2011, 06:40:19 PM
 #12

And here's a similar tool, which I haven't tested: https://bitcointalk.org/index.php?topic=25091.0

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
John Tobey
Hero Member
*****
Offline Offline

Activity: 481
Merit: 529



View Profile WWW
October 08, 2014, 03:30:31 PM
 #13

Here is a well written (in French) guide to wallet.dat recovery: http://www.radjaidjah.org/index.php?post/2014/09/07/Sauver-ses-bitcoins-de-la-corruption

Can a change to the best-chain criteria protect against 51% to 90+% attacks without a hard fork?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!