I have wallet.dat file when i run btcrecover.py then this error shows

[qasimilyas99]

I have wallet.dat file when i run btcrecover.py then this error shows >>

encrypted_master_key, self._salt, method, self._iter_count = struct.unpack_from(b"< 49p 9p I I", mkey) struct.error: unpack_from requires a buffer of at least 66 bytes

[gurnec]

Are you using Bitcoin Core, or an alternative? What's the full version (it's the first line from the Help -> About Bitcoin menu option)?

[qasimilyas99]

Q: Are you using Bitcoin Core
Ans: Yes.

[gurnec]

What about this question:

What's the full version (it's the first line from the Help -> About Bitcoin menu option)?

Also, do you receive a warning when you run btcrecover which looks like this?

warning: bsddb (Berkeley DB) module not found

[qasimilyas99]

I'm currently using
Bitcoin Core version 0.14.2
Qt version 5.7.1

[qasimilyas99]

Read additional options from tokenlist file: --wallet wallet.dat
Traceback (most recent call last):
  File "C:\Users\admin\Downloads\btcrecover-master\btcrecover.py", line 35, in <module>
    btcrpass.parse_arguments(sys.argv[1:])
  File "C:\Users\admin\Downloads\btcrecover-master\btcrecover\btcrpass.py", line 3362, in parse_arguments
    load_global_wallet(args.wallet)
  File "C:\Users\admin\Downloads\btcrecover-master\btcrecover\btcrpass.py", line 218, in load_global_wallet
    loaded_wallet = load_wallet(wallet_filename)
  File "C:\Users\admin\Downloads\btcrecover-master\btcrecover\btcrpass.py", line 199, in load_wallet
    return wallet_type.load_from_filename(wallet_filename)
  File "C:\Users\admin\Downloads\btcrecover-master\btcrecover\btcrpass.py", line 753, in load_from_filename
    encrypted_master_key, self._salt, method, self._iter_count = struct.unpack_from(b"< 49p 9p I I", mkey)
struct.error: unpack_from requires a buffer of at least 66 bytes

[qasimilyas99]

Q: Also, do you receive a warning when you run btcrecover which looks like this?
Ans: No.

[qasimilyas99]

My wallet.dat file is old.

[gurnec]

OK, so I can't be sure, but my best guess right now is that you have a corrupted wallet.dat file. If you have a different backup, please give it a try first.

If not, you can try to use Bitcoin Core's -salvagewallet feature. Run this from the command line:

"C:\Program Files\Bitcoin\bitcoin-qt.exe" -salvagewallet

(The location of your bitcoin-qt.exe may differ.) It will make a backup of your wallet.dat file under a different name (but in the same C:\Users\admin\AppData\Roaming\Bitcoin folder), and then it will try to fix the wallet.dat file.

If this doesn't work, you may want to look into Pywallet, specifically take a look at this post to attempt to scan a wallet.dat for keys and construct a new one.

Finally, if you'd like to, you can send me the output from a slightly modified btcrecover extract script, and I can try to make some sense out of it. First, install a decent text editor such as Notepad++ (this won't work with the built-in Notepad, although the built-in WordPad might work if you really don't want to download Notepad++). Next, using Notepad++, open the extract-bitcoincore-mkey.py file inside the extract-scripts folder, and change line number 52 (which is current blank) to this (make sure there are no spaces):

print(base64.b64encode(mkey))

Next, run extract-bitcoincore-mkey.py as described in the docs here, and send the results to me at chris@gurneeconsulting.net. (It's probably safe to post the results to this issue, but just to be safe email would be better.)

(No guarantees I'll be able to help, but I'll give it a try.)

[qasimilyas99]

How can i install Pywallet on windows 10.

[gurnec]

Download the ZIP file from its GitHub page here and extract it and run it pretty much the same way as btcrecover.

[qasimilyas99]

After using Bitcoin Core's -salvagewallet, Nothing helping.

[gurnec]

First off, if you have a lot of value in that wallet: since it appears to be a corrupted file, the safest thing to do would be to stop using your hard drive completely and look into hiring a data recovery specialist. If you continue tinkering, you will decrease the chances that a specialist can recover any corrupted data. This is all far beyond the scope of btcrecover (and my expertise) in that case...

If you'd like to keep tinkering anyways, could you try to sign a message in Bitcoin Core (it's in the File -> Sign message... menu, then choose any address of yours and then click Sign Message)? It should ask for your password.

Have you tried the other two options I suggested? Using Pywallet or running the modified version of extract-bitcoincore-mkey.py (on the version of your wallet.dat file before you tried -salvagewallet)?

I hate to be pessimistic, but it's not looking very hopeful if you have no backups and -salvagewallet has failed you...

[qasimilyas99]

Yes, I have tried above described method but I'm unable to proceed with Pywallet , I don't know that how to operate it.

Is it method work? If any python developer build GUI software for entering the passwords in bitcoin core where we can change password by entering old password & new password or in transfer tab where bitcoin core asked password for sending balance, Thank You.

[gurnec]

The link I posted above (this one) goes to a post with the pywallet command you'd need to run to attempt to scan for and recover keys in a corrupted wallet. You'd need to change those two parameters (the one which says where your wallet.dat currently is and the one which says the folder where the recovered wallet should go).

There's no way to know beforehand if your wallet can be recovered... as I said, since -salvagewallet failed, it's not promising...

If you're having trouble with it, I'd suggest you make a post in that same thread; the developer of that tool, "jackjack", still checks it on occasion and there are others there who may also be able to help.

[qasimilyas99]

I've run this command pywallet.py --dumpwallet > temp.txt
These are results:
"mkey": {
"encrypted_key": "cb2d26e335eea6619167eb0f1b82b37675adc45b3e112933d8fe4b471bff71ca",
"nDerivationIterations": 53761,
"nDerivationMethod": 0,
"nID": 1,
"otherParams": "",
"salt": "364bfe3d278014bd"

That method discussed here: https://walletrecoveryservices.com/limited/
Please tell me how can now i crack the password, Thank You.

[gurnec]

The "encrypted_key" you posted above is 64 letters (32 bytes) long. It should be 96 letters (48 bytes) long. Your wallet file is corrupted, or it was written by a buggy version of Bitcoin Core. I don't know of any buggy version of Bitcoin Core that does this, so it's probably corrupted. It might not be possible to recover.

How sure are you that you remember your password?

[qasimilyas99]

I have extracted $bitcoin$64$cb2, How much character is good for this?

[gurnec]

Sorry, but I don't understand your question....

[qasimilyas99]

I have extracted hash from wallet.dat for password cracking, I'm asking that how can i know that it is not corrupted, I'm pasted here uncompleted hash > $bitcoin$64$cb2d26e335eea661916

[qasimilyas99]

I have extracted the hash from wallet.dat with this command > JohnTheRipper/run/bitcoin2john.py Desktop/wallet.dat

[gurnec]

That's from JohnTheRipper's bitcoin2john, correct? It shows the same issue. In particular, that 64 should be a 96 if it came from a non-corrupted wallet.

Even if you had your password, your wallet may be too corrupted to recover any funds. It's hard to say... but could you answer this please?

How sure are you that you remember your password?

[qasimilyas99]

I'm not sure, I can provide you wallet.dat file for examine.

[qasimilyas99]

Wallet.dat file have 450+ bitcoins. I will send wallet.dat file to chris@gurneeconsulting.net ,Please can you help me for examine this wallet? Thank You.

[gurnec]

You can see all of the test hashes in JtR here. They all have a 96 after the $bitcoin$ part. For some reason, your wallet file only has the first 64 letters of the "mkey", the final 32 have been lost/corrupted. This is the real issue....

What are all 5 of the numbers in the $bitcoin$ hash? For example, the full hash looks like this:

$bitcoin$64$hexhexhex$##$hexhexhex$#####$##$hexhexhex$##$hexhexhex
         ^^           ^^           ^^^^^ ^^           ^^

There are 5 numbers that are between $ symbols. The first is 64, what are the other 4? (Don't post any of the other long hex strings).

If you'd rather send them by email, I'm at chris@gurneeconsulting.net.

[kost123]

@qasimilyas99 If you manage to salvage an encrypted key and get an extract and want help cracking it, add me on skype petr5476.

I have a slight suspicion he could be loading some altcoin wallet.dat and seeing +450 in the transaction logs.

[qasimilyas99]

I have sent wallet.dat file to chris@gurneeconsulting.net.

[gurnec]

For posterity:

I received the wallet.dat (to others reading this issue: please don't send me your wallet.dat files...) and responded back.

I'd rather not go into specifics in the interest of OP's privacy, however I suspect that OP is mistaken about what they think they have or need...

[kost123]

I think it might be worth closing then?

[gurnec]

I'm still waiting for a response back from OP...

[qasimilyas99]

I've sent you response via email, Thank You for your cooperation.

[shorena]

hi, it seems this wallet file got some history and was sold at least 4 times. I hope its alright for me to leave this link to bitcointalk here where the accusation is discussed.
https://bitcointalk.org/index.php?topic=2069077.0

[kost123]

Figured something was up, nobody sends a $1million wallet.dat to another person so easy.

[gurnec]

This issue seems to have run its course. Further discussion should probably happen over in the bitcointalk thread, so I'll go ahead and close this.