Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: How can I extract private keys from a compromised wallet.dat?
by
kodan50
on 19/12/2013, 08:16:12 UTC
 I appreciate the responses!

 I opened both the compromised and a working wallet in a hex editor. It looks like most of the data in the wallet is intact. I was sifting through the wallet and noticed a bunch of strings called Key, is this where the keys are? (It may seem like a silly question, but I don't want to just assume.) I tried to copy the hexadecimal values and import them as keys in both Bitcoin-Qt and Electrum, but neither saw them as valid keys. Are they compressed and need to be uncompressed before they can be used? Where do they start and where do they end? I extracted keys from working wallets to see if I can see a pattern, but the extracted keys aren't in hexadecimal, so they don't match. I thought I'd create a new wallet.dat and try to copy and paste the data between keys strings, but that didn't work, and somehow still shows the stock wallet's original receiving address. I feel like they are here, just waiting to be pulled out.

*Update

I might have posted a little too soon. I did some more copy pasting of the wallet and I think I found the private key. Waiting to test it, I just have to wait on Bitcoin-Qt...