Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: wallet.dat (hex code) in 2009
by
Shirase
on 31/01/2018, 23:31:39 UTC
Are you on Windows? Or Mac?
I'm going to assume Windows.
Download WinHex: https://www.x-ways.net/winhex/
Unzip it. (If you don't know how to do this, tell us which version of Windows you're running. It could be Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP... The process changes slightly depending.)
Right Click WinHex.exe. (It may just be called WinHex. The icon will look like this:
https://i.imgur.com/RdWDVSZ.png
Run it as administrator. (Needed to do a raw byte search of the disk.)
https://i.imgur.com/HuEkazY.png
You then may have to allow it which again will vary slightly depending on which Windows you're running.
Go to tools, open disk.
https://i.imgur.com/OPTT0mG.png
Select your recovered drive and click OK.
It will begin traversing the drive:
https://i.imgur.com/G1BZjLG.png
You can click the x. It will ask if you want to abort. Click yes.
Go to search, find hex values. You will get a window that looks like this:
https://i.imgur.com/xPhKBf9.png
Type 0420 into it exactly as shown.
Click OK. After some amount of time, the window should find an instance of it. There will be a blinking cursor highlighting it on the window.
https://i.imgur.com/bKMkS8N.png
This is (probably) not the start of your private key. It's just to make sure your hard drive isn't totally messed up. (It's pretty unlikely any given two bytes would not be found on a used hard drive. If it's really not found as you claim, you're probably out of luck.)
If it found something, go to search, find hex values again. Enter this value:
308201130201010420
https://i.imgur.com/nKojITh.png
Click OK. This search could take a LONG time depending on the size of the harddrive. Expect to wait at least a few hours.

If it finds a result, just as before, the cursor will be blinking at the start of the result. Your private key is (probably) after the 0420 after the cursor. Write down the 64 digits following 0420 (including the letters) and show no one anything related to these 64 digits. It will allow them to steal your money.

Edit: After you have written down the digits, go to search, continue search. If another result is found, once again, write down the 64 digits after the 0420 again. Then go to search, continue search again. (Unless the digits are identical.)

If you see this instead:
https://i.imgur.com/GNh1Xmd.png
You're probably out of luck. But I could write similar step by step instructions for PyWallet. (I probably should have done that in the first place that you mentioned searching for 0420 locked my mind into this hex search method.)