Search content
Sort by
Showing 20 of 355 results by litecoin_messiah
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker
i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something.
go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something)
source: https://github.com/Sepero/SearchBin/blob/master/searchbin.py
is useful works out fo the box without dependencies,
might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills.
it probably will miss it, so try
it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file.
also a bonus,
i mean its not guaranteed to, but it should help you get closer to recovering it.
if you get rich please ask me for my wallet address. thanks
also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code]
i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something.
go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something)
Code:
#!/usr/bin/env python
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main()
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main()
source: https://github.com/Sepero/SearchBin/blob/master/searchbin.py
is useful works out fo the box without dependencies,
might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills.
Code:
searchbin -p 01010420 "path to disk image of .img" file,
Code:
searchbin -p 01010420 /dev/whicheverpath
its on might work too if you want to go cowboy mode.it probably will miss it, so try
Code:
searchbin -p 10141f
if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i thinkit will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file.
also a bonus,
Code:
searchbin.py -p 6231050009000000 "path to disk image"
will output offsets to wallet files.i mean its not guaranteed to, but it should help you get closer to recovering it.
if you get rich please ask me for my wallet address. thanks
also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code]If I find 6231050009000000 and 10141f while looking for a deleted wallet.... how do I get a private key from that? Fell free to message me
Code:
10141f
Is Usually
Code:
101420
20 is hexadecimal. If you go to https://www.rapidtables.com/convert/number/hex-to-decimal.html?x=20 you can see the number is 32.
32 sort of represents the amount of characters to read to to get the private key
now when it says 1f instead of 20 it if we go to https://www.rapidtables.com/convert/number/hex-to-decimal.html?x=1f you can see the number is 31
so we only read 31 characters after.
the private key is 31 characters long (in hex format).
it could even be 1e, that will be 30 characters long.
whatever the case, lets say you have a key that starts with 10141f, you read the 31 characters following for the private key. You can turn it into a private key with a tool such as https://brainwalletx.github.io/ and paste the hex into the "Secret Exponent" section, be sure to select compressed/uncompressed format or the right crypto network.
not sure if that answers. Also don't use https://brainwalletx.github.io/ without downloading it first/inspecting the code if possible from
Usually people just add padding with 0's on the key it all depends on how you use the key.
Can I offline with you on this? I want to make sure I am going in the right order.
Yes feel free to send me a PM
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker
i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something.
go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something)
source: https://github.com/Sepero/SearchBin/blob/master/searchbin.py
is useful works out fo the box without dependencies,
might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills.
it probably will miss it, so try
it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file.
also a bonus,
i mean its not guaranteed to, but it should help you get closer to recovering it.
if you get rich please ask me for my wallet address. thanks also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code]
i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something.
go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something)
Code:
#!/usr/bin/env python
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main()
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main()
source: https://github.com/Sepero/SearchBin/blob/master/searchbin.py
is useful works out fo the box without dependencies,
might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills.
Code:
searchbin -p 01010420 "path to disk image of .img" file,
Code:
searchbin -p 01010420 /dev/whicheverpath
its on might work too if you want to go cowboy mode.it probably will miss it, so try
Code:
searchbin -p 10141f
if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i thinkit will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file.
also a bonus,
Code:
searchbin.py -p 6231050009000000 "path to disk image"
will output offsets to wallet files.i mean its not guaranteed to, but it should help you get closer to recovering it.
if you get rich please ask me for my wallet address. thanks
also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code]If I find 6231050009000000 and 10141f while looking for a deleted wallet.... how do I get a private key from that? Fell free to message me
Code:
10141f
Is Usually
Code:
101420
20 is hexadecimal. If you go to https://www.rapidtables.com/convert/number/hex-to-decimal.html?x=20 you can see the number is 32.
32 sort of represents the amount of characters to read to to get the private key
now when it says 1f instead of 20 it if we go to https://www.rapidtables.com/convert/number/hex-to-decimal.html?x=1f you can see the number is 31
so we only read 31 characters after.
the private key is 31 characters long (in hex format).
it could even be 1e, that will be 30 characters long.
whatever the case, lets say you have a key that starts with 10141f, you read the 31 characters following for the private key. You can turn it into a private key with a tool such as https://brainwalletx.github.io/ and paste the hex into the "Secret Exponent" section, be sure to select compressed/uncompressed format or the right crypto network.
not sure if that answers. Also don't use https://brainwalletx.github.io/ without downloading it first/inspecting the code if possible from
Usually people just add padding with 0's on the key it all depends on how you use the key.
looks like you copied the wrong file using something like https://r2wiki.readthedocs.io/en/latest/tools/rafind2/ to search for the bytes
found this in my old notes,
i think it's supposed to be used in https://www.google.com/search?q=R-Studio
I can't vouch for it, but like i said before if you recover using photorec anything that resembles a wallet database (bdb) it will have a .db extension and be missing the first 8kb or less, that will probably be seperared, the wallet wont read correctly but you can fix it
Code:
<?xml version="1.0" encoding="UTF-8"?>
<FileTypeList version="2.0">
<FileType id="50001" group="Other files" description="bitcoin wallets" features="" extension="dat">
<Begin combine="OR">
<Signature>\x61\x15\x06\x00</Signature>
<Signature>\x00\x06\x15\x61</Signature>
<Signature>\x62\x31\x05\x00</Signature>
<Signature>\x00\x05\x31\x62</Signature>
<Signature offset="12">\x61\x15\x06\x00</Signature>
<Signature offset="12">\x00\x06\x15\x61</Signature>
<Signature offset="12">\x62\x31\x05\x00</Signature>
<Signature offset="12">\x00\x05\x31\x62</Signature>
<Signature offset="12">\x53\x22\x04\x00</Signature>
<Signature offset="12">\x00\x04\x22\x53</Signature>
<Signature offset="12">\x88\x09\x04\x00</Signature>
<Signature offset="12">\x00\x04\x09\x88</Signature>
</Begin>
<End combine="OR"/>
</FileType>
</FileTypeList>
<FileTypeList version="2.0">
<FileType id="50001" group="Other files" description="bitcoin wallets" features="" extension="dat">
<Begin combine="OR">
<Signature>\x61\x15\x06\x00</Signature>
<Signature>\x00\x06\x15\x61</Signature>
<Signature>\x62\x31\x05\x00</Signature>
<Signature>\x00\x05\x31\x62</Signature>
<Signature offset="12">\x61\x15\x06\x00</Signature>
<Signature offset="12">\x00\x06\x15\x61</Signature>
<Signature offset="12">\x62\x31\x05\x00</Signature>
<Signature offset="12">\x00\x05\x31\x62</Signature>
<Signature offset="12">\x53\x22\x04\x00</Signature>
<Signature offset="12">\x00\x04\x22\x53</Signature>
<Signature offset="12">\x88\x09\x04\x00</Signature>
<Signature offset="12">\x00\x04\x09\x88</Signature>
</Begin>
<End combine="OR"/>
</FileType>
</FileTypeList>
i think it's supposed to be used in https://www.google.com/search?q=R-Studio
I can't vouch for it, but like i said before if you recover using photorec anything that resembles a wallet database (bdb) it will have a .db extension and be missing the first 8kb or less, that will probably be seperared, the wallet wont read correctly but you can fix it
Re: Is it possible to recover overwritten wallet files?
https://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step
== How PhotoRec works ==
FAT, NTFS, ext2/ext3/ext4 file systems store files in data blocks (also called clusters under Windows). The cluster or block size remains at a constant number of sectors after being initialized during the formatting of the file system. In general, most operating systems try to store the data in a contiguous way so as to minimize data fragmentation. The seek time of mechanical drives is significant for writing and reading data to/from a hard disk, so that's why it's important to keep the fragmentation to a minimum level.
When a file is deleted, the meta-information about this file (file name, date/time, size, location of the first data block/cluster, etc.) is lost; for example, in an ext3/ext4 file system, the names of deleted files are still present, but the location of the first data block is removed. This means the data is still present on the file system, but only until some or all of it is overwritten by new file data.
To recover these lost files, PhotoRec first tries to find the data block (or cluster) size. If the file system is not corrupted, this value can be read from the superblock (ext2/ext3/ext4) or volume boot record (FAT, NTFS). Otherwise, PhotoRec reads the media, sector by sector, searching for the first ten files, from which it calculates the block/cluster size from their locations. Once this block size is known, PhotoRec reads the media block by block (or cluster by cluster). Each block is checked against a signature database which comes with the program and has grown in the type of files it can recover ever since PhotoRec's first version came out.
For example, PhotoRec identifies a JPEG file when a block begins with:
* 0xff, 0xd8, 0xff, 0xe0
* 0xff, 0xd8, 0xff, 0xe1
* or 0xff, 0xd8, 0xff, 0xfe
If PhotoRec has already started to recover a file, it stops its recovery, checks the consistency of the file when possible and starts to save the new file (which it determined from the signature it found).
If the data is not fragmented, the recovered file should be either identical to or larger than the original file in size. In some cases, PhotoRec can learn the original file size from the file header, so the recovered file is truncated to the correct size. If, however, the recovered file ends up being smaller than its header specifies, it is discarded. Some files, such as *.MP3 types, are data streams. In this case, PhotoRec parses the recovered data, then stops the recovery when the stream ends.
When a file is recovered successfully, PhotoRec checks the previous data blocks to see if a file signature was found but the file wasn't able to be successfully recovered (that is, the file was too small), and it tries again. This way, some fragmented files can be successfully recovered.
== How PhotoRec works ==
FAT, NTFS, ext2/ext3/ext4 file systems store files in data blocks (also called clusters under Windows). The cluster or block size remains at a constant number of sectors after being initialized during the formatting of the file system. In general, most operating systems try to store the data in a contiguous way so as to minimize data fragmentation. The seek time of mechanical drives is significant for writing and reading data to/from a hard disk, so that's why it's important to keep the fragmentation to a minimum level.
When a file is deleted, the meta-information about this file (file name, date/time, size, location of the first data block/cluster, etc.) is lost; for example, in an ext3/ext4 file system, the names of deleted files are still present, but the location of the first data block is removed. This means the data is still present on the file system, but only until some or all of it is overwritten by new file data.
To recover these lost files, PhotoRec first tries to find the data block (or cluster) size. If the file system is not corrupted, this value can be read from the superblock (ext2/ext3/ext4) or volume boot record (FAT, NTFS). Otherwise, PhotoRec reads the media, sector by sector, searching for the first ten files, from which it calculates the block/cluster size from their locations. Once this block size is known, PhotoRec reads the media block by block (or cluster by cluster). Each block is checked against a signature database which comes with the program and has grown in the type of files it can recover ever since PhotoRec's first version came out.
For example, PhotoRec identifies a JPEG file when a block begins with:
* 0xff, 0xd8, 0xff, 0xe0
* 0xff, 0xd8, 0xff, 0xe1
* or 0xff, 0xd8, 0xff, 0xfe
If PhotoRec has already started to recover a file, it stops its recovery, checks the consistency of the file when possible and starts to save the new file (which it determined from the signature it found).
If the data is not fragmented, the recovered file should be either identical to or larger than the original file in size. In some cases, PhotoRec can learn the original file size from the file header, so the recovered file is truncated to the correct size. If, however, the recovered file ends up being smaller than its header specifies, it is discarded. Some files, such as *.MP3 types, are data streams. In this case, PhotoRec parses the recovered data, then stops the recovery when the stream ends.
When a file is recovered successfully, PhotoRec checks the previous data blocks to see if a file signature was found but the file wasn't able to be successfully recovered (that is, the file was too small), and it tries again. This way, some fragmented files can be successfully recovered.
Re: LoyceV's Merit data analysis (full data since Jan. 24, 2018; not just 120 days)
is it possible to make torrents
Torrents for Merit data?for whatever has a snapshot with high value/demand and deserves archiving
Hey folks, yes, I'm still goofing with this wallet. I just went back and tried the "ismine" thing again and finally got a response: "false". Is it possible this opens the door to finally getting somewhere with this wallet?
If your in the uk hit me a pm.
Download Mentalist from https://github.com/sc0tfree/mentalist
It's an amazing tool, easy to use and helps you build a custom wordlist.
With btcrecover you can load the wordlist with the --passwordlist command (afaik),
with mentalist can use the GUI and have a better understanding of how large the wordlist will also be.
The mask options have been confusing for me in btcrecover, it does a good job at checking if the password is correct most of the time but the wordlist is better generated with mentalist.
You also mentioned macbook, best thing to do is export all the passwords from the keychain and create a wordlist with them.
You might also want to check the better branch of btcrecover it's over at https://github.com/3rdIteration and the maintainer has great videos at https://www.youtube.com/@CryptoGuide
It's an amazing tool, easy to use and helps you build a custom wordlist.
With btcrecover you can load the wordlist with the --passwordlist command (afaik),
with mentalist can use the GUI and have a better understanding of how large the wordlist will also be.
The mask options have been confusing for me in btcrecover, it does a good job at checking if the password is correct most of the time but the wordlist is better generated with mentalist.
You also mentioned macbook, best thing to do is export all the passwords from the keychain and create a wordlist with them.
You might also want to check the better branch of btcrecover it's over at https://github.com/3rdIteration and the maintainer has great videos at https://www.youtube.com/@CryptoGuide
Thank so much, Mentalist looks interesting. I hope I can run it offline!
I am using the latest version of Btcrecover as I only started this journey a few weeks ago. I hadn't used the Macbook at the time of creating the passphrase. Entering it on the Ledger Nano S was the only way. Nice tip though.
Yeah it runs offline mate just go to https://github.com/sc0tfree/mentalist/releases/tag/v1.0 and download Mentalist-v1.0-OSX.zip
Also running something offline doesn't always make it secure, this is a protip. If you want to be extra safe, Run this on a live usb or an old laptop with the network device removed &/or disabled from the bios.
Malware can aggregate data offline for posting it out later on, also crash reports, memory persistence happen too.
download python3 https://github.com/3rdIteration/btcrecover and run
Before you do this, learn how to use python or set this up ufcourse.
Code:
./btcrecover.py --wallet=/path/to/your/wallet.aes.json --correct-wallet-password=Y0urWa11etP@assword! --dump-wallet /path/to/where/you/want/your/decrypted_wallet.txt
Before you do this, learn how to use python or set this up ufcourse.
Download Mentalist from https://github.com/sc0tfree/mentalist
It's an amazing tool, easy to use and helps you build a custom wordlist.
With btcrecover you can load the wordlist with the --passwordlist command (afaik),
with mentalist can use the GUI and have a better understanding of how large the wordlist will also be.
It's an amazing tool, easy to use and helps you build a custom wordlist.
With btcrecover you can load the wordlist with the --passwordlist command (afaik),
with mentalist can use the GUI and have a better understanding of how large the wordlist will also be.
I opened 2 subsequent wallets from the original after all this started (electrum wallet 1 and electrum wallet 2 from the main wallet) but haven't been able to do anything with them either. I've done all the suggestions on those wallets and get the same results. They show all the same info as the main wallet.
The options are you have the right wallet but you need to extend the gap limit as per nc50lc's instructions, you have the right seed phrase but are recovering the wrong wallet either via the wrong derivation path or a missing passphrase, you have the wrong seed phrase altogether, or your coins have been moved/stolen. Can you try to answer each of the following questions to help us narrow this down:So am I correct in saying that your original wallet file, and the wallet file you recovered from your seed phrase, are identical, containing the same addresses? Do you have any other wallet files or seed phrases? Do you remember ever setting an additional passphrase or extending your seed phrase with custom words? Does your wallet show any transaction history - i.e. coins have come in and gone out, or is it just completely blank?
And what about the addresses which currently hold your coins? You are absolutely certain that your coins haven't been moved? You say these addresses which hold your coins came from an Electrum wallet - are you sure it was this wallet? And you are sure you saw them show up in your Electrum wallet whenever you initially received them? What character to these addresses start with?
When you restored your wallet from the seed phrase, on the screen where you type in you seed phrase but before you click next it should have said something like "Seed Type: XXX" or "BIP39". What does yours say?
1. Both wallets, original and restored, showing all the same addresses. I have a Trust wallet and a Blockchain wallet I opened at the advice of others on another forum. I have done no transactions on either wallet. I did not modify in any way the seed provided in the electrum wallet. There is no transaction history. The page is blank.
2. Since I opened the electrum wallet I have not conducted any transactions other than purchase coin. I don't know where these addresses came from. They appear when I click the "addresses" tab on the wallet. Honestly, it's been so long since I was in this wallet I don't remember if I ever saw a balance of more than "0". I think, early on, a balance did show but I'm not absolutely sure. I found it easier to check the blockchain site. All the addresses begin with bc1q.
3. When I did the restore the box said the seed type was "Electrum". I did not change it.
I just looked at my account history on the site where I bought all my coin. I've made 8 total transactions. The last was on 3/18/23 and the site had a note on this transaction saying the wallet needed verifying but the coins were delivered to my electrum address even though I did not verify the wallet. (This transaction is reflected on the blockchain site and Bitref as delivered to my Electrum address.) I will check with them to see if anything more needs to be done. Before that all my transactions were done between 4/21 and 8/21 and are checked off as completed.
Get the extended pubkey from "wallet" --> "information"
Make sure it starts with xpub/ypub/zpub
go to https://btc1.trezor.io/
enter the extended pubkey and it should show your transaction history there, if there are any.
Also click on "file", and then "open" and see if there are more than 1 files in the folder, if so, go up one directory and select all the files and make a archive of it and keep it safe.
In the folder where "wallets" folder is located, there should be a file named "config"
it will have something like this in it:
Code:
{
"advanced_preview": true,
"amt_precision_post_satoshi": 3,
"auto_connect": true,
"backup_dir": "/home/satoshi/electrum/electrum/wallets",
"blockchain_preferred_block": {
"hash": "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f",
"height": 0
},
"check_updates": false,
"config_version": 3,
"decimal_point": 8,
"gui_last_wallet": "/Users/work/.electrum/wallets/default_wallet",
"is_maximized": false,
"num_zeros": 8,
"oneserver": false,
"recently_open": [
"/home/satoshi/electrum/wallets/default_wallet",
"/home/satoshi/electrum/wallets/wallet_2.backup",
"/home/satoshi/electrum/wallets/wallet_2",
"/home/satoshi/electrum/wallets/wallet_1"
],
"rpcpassword": "dGhpcyBpc24ndCBteSBwYXNzd29yZA==",
"rpcuser": "user",
"server": "s.someelectrum.server:19492:s",
"show_addresses_tab": true,
"show_channels_tab": true,
"show_console_tab": true,
"show_contacts_tab": true,
"show_utxo_tab": true
}
"advanced_preview": true,
"amt_precision_post_satoshi": 3,
"auto_connect": true,
"backup_dir": "/home/satoshi/electrum/electrum/wallets",
"blockchain_preferred_block": {
"hash": "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f",
"height": 0
},
"check_updates": false,
"config_version": 3,
"decimal_point": 8,
"gui_last_wallet": "/Users/work/.electrum/wallets/default_wallet",
"is_maximized": false,
"num_zeros": 8,
"oneserver": false,
"recently_open": [
"/home/satoshi/electrum/wallets/default_wallet",
"/home/satoshi/electrum/wallets/wallet_2.backup",
"/home/satoshi/electrum/wallets/wallet_2",
"/home/satoshi/electrum/wallets/wallet_1"
],
"rpcpassword": "dGhpcyBpc24ndCBteSBwYXNzd29yZA==",
"rpcuser": "user",
"server": "s.someelectrum.server:19492:s",
"show_addresses_tab": true,
"show_channels_tab": true,
"show_console_tab": true,
"show_contacts_tab": true,
"show_utxo_tab": true
}
Does the "recently_open" have more than one path?
the recently open in the above example config is:
Code:
"recently_open": [
"/home/satoshi/electrum/wallets/default_wallet",
"/home/satoshi/electrum/wallets/wallet_2.backup",
"/home/satoshi/electrum/wallets/wallet_2",
"/home/satoshi/electrum/wallets/wallet_1"
],
so if your one has more than one path look at these paths."/home/satoshi/electrum/wallets/default_wallet",
"/home/satoshi/electrum/wallets/wallet_2.backup",
"/home/satoshi/electrum/wallets/wallet_2",
"/home/satoshi/electrum/wallets/wallet_1"
],
Also, this might help, if you are using windows download recuva (or another file recovery software, on linux i had good success with photorec)
Scan for text files under 100kb (or however large your wallet file would possibly be), and recover from the whole disk, search the text files for "xpub" "xprv" "stored_height" or any other keywords you can find, it might be harder to locate encrypted wallets But you can still do so, This method found older versions of my wallet files, like at different states.
I hope this helps.
Re: [ANN] Messiahcoin - The Revolutionary Coin to end all this madness
bump http://:trollface:
In my experience with altcoins and living a life of mistakes i suggest not syncing any wallet on a network. Just download the blocks and process the history offline by rescanning.
I could name a dozen ways this can go wrong, hell why did the developers think resending wallet transactions on loading wallet was a good idea lol. Imagine loading a wallet with orphan tx and boom as soon as you want 1/100th of your prev balance from the value going up you end up sending it all away.
Also keys can be in your log files if the database for the wallet is not detached. Or has run into corruption issues from cves or bugs. Dont delete the database directory no matter what people say.
I could name a dozen ways this can go wrong, hell why did the developers think resending wallet transactions on loading wallet was a good idea lol. Imagine loading a wallet with orphan tx and boom as soon as you want 1/100th of your prev balance from the value going up you end up sending it all away.
Also keys can be in your log files if the database for the wallet is not detached. Or has run into corruption issues from cves or bugs. Dont delete the database directory no matter what people say.
Re: Bitcoin core initial sync estimates 2 YEARS until synced
You could be running a node on a super computer it doesnt matter if the config is broken. Try to setup on testnet first and then go for the big chain.
Re: Can you spend to a custom scriptPubKey with Bitcoin Core?
⭐ Merited by saxydev (1)
http://bitcoin-script-debugger.visvirial.com/?input=OP_1
Outputs can be… you know what i cant explain just check out the tool
.
Outputs can be… you know what i cant explain just check out the tool
.