Silk Road forums
Discussion => Off topic => Topic started by: phubaiblues on July 05, 2011, 05:46 am
-
Last few days I'd been installing a dual-boot with debian linux distro. Had all my passwords and shit in online storage, finally figured why leave any traces, just reformatted installed linux all the way...clean slate, great, no problems...put keepassx in there, still got my tails for running on SR itself... will get gpg in there today or tomorrow...
This morning I remembered I had my bitcoin wallet with around 47 btc in it on my windows Desktop no backup...
Gone baby, gone...what a total fucking idiot thing that was to do...that's a lot of dope, gone into the ozone where all unclaimed btc go... :(
-
No external wallet.dat backup eh?
-
How much did you invest into that?
-
Oh god, that's terrible. I can feel the hot flush hit you as you realised. I find it helps to punch pillows whilst repeatedly shouting "fuck!"
I'm new, but give me time and I'll do something more stupid.
-
so sorry to hear it. we all do it. and it never stops sucking.
hopefullly, some good fortune will fall in your lap as
cosmic compensation.
-
wow that's a lot of btc, sorry to hear man.
so to learn the lesson... what's the best way to backup btc? store in your email encrypted?
-
I'm about to get my transfer from dwolla to mt gox. I'm sure something like that will happen to me. What is the best/safest "wallet" or is one necessary to have on desktop? Or just keep them in mt gox?
-
Yep: this is costliest 'no backup' I've ever experienced...and right before I did this, I started to put the btc here in SR, as that's bound to be where they get used (I"m not into speculation: to me they're just currency) and I paid around 17 btc on the dollar for them, so best guess is 750 or so bucks down the tubes...
And I'd spent some time going over the whole wiki article and was really 'close' to saving the wallet.dat, and had found a much more anonymous online spot to put them...main reason I was doing it was because all three purchases hadn't shown up and out of frustration, and long weekend, I decided I'd thru linux on here, give me something to do, so I wouldn't be thinking of the stupid dope all day :)
worse is that there was a ton of family and kids around, and I was trying to be a good sport about their picnic and *all* I'm thinking about is if I could claw thru all the bits and bites and find this stupid file, but it looks like debian took me at my word on that final 'click' when I wasn't paying attention, and reformatted the whole enchilada...live and learn...hopefully :)
-
Dude, don't count it as lost yet. If the drive wasn't encrypted you can probably still get the data back. All you're missing is the index. A grep search on the drive for a known Bitcoin string would probably find it, then you can copy the data to an external drive and recover it from there.
-
Dude, don't count it as lost yet. If the drive wasn't encrypted you can probably still get the data back. All you're missing is the index. A grep search on the drive for a known Bitcoin string would probably find it, then you can copy the data to an external drive and recover it from there.
No, it wasn't encrypted. Would my best bet to put some live linux distro, like say xpud on a flash drive, and then boot that up, and look from there: I mean, mostly I'd be looking for wallet.dat, correct? It was a windows7, 64 bit...if I ccould locate wallet.dat, I'd need to put together a grep search, and maybe if I could extract that, I could do something with it...how does that sound?
-
I'll probably get flamed for making technical errors here as I'm largely going by guesswork, but;
1. It doesn't matter what you use to boot, so you may as well use the installed linux you already have.
2. The filename is meaningless because it only really has context where there is an indexed address for it in the master file table (which you've irretrievably deleted).
3. If you're unfamilliar with linux, you can get instructions on a given command by using the 'man' command before the command in question. EG man grep will give you instructions on how to use the grep command.
4. You don't want to search inside a particular file using grep, you want to search a partition (presumably sda). If it's not partition a, then try sdb and so on. I can't remember what the format is, but the man grep function above should give you a clue. You'll want to search for a known string, and index.dat would probably be appropriate, but remember that you are searching for the string, not a file, it's not that simple. Also, because grep searches for 'regular expressions' you will need to escape the dot in the search function if you choose to search for index.dat. I think this is done with a \ (don't quote me). So my guess is that your command will look something like this;
grep index\.dat sda
But as I said, you'll probably need to play with it for a bit. Use a hex editor to grab the data around it and paste it into a safe file somewhere so you can play with it some more and resurrect it.
-
I did a little looking around, and have played with grep a little to try & remember how to use it. I now think that the dot doesn't need to be escaped (ie no need for the slash). Also that the partition is probably sda0 or sda1 (because sda is the drive as a whole, and the partitions are numbered).
I still haven't got it to work, but the best line I can put together so far is (case sensitive);
grep -D sda0 wallet.dat
A little more playing and I'll get it.
I also identified a program designed to retrieve lost files. Google PhotoRec. I think you can put it on linux and it'll work, but you'll need at some point to tell it that the file was originally on an NTFS file system (what win 7 uses). Dunno how good it is, haven't tried it but it looks like it's worth looking at.
-
I'd seen that photorec last when I first realized what had happened: it seems to be pretty popular...today I was just too discouraged to do anything, but I'm going to try that tomoorow...basically what I did was install a 32bit debian linux system on top of a windows 7 64 bit. I don't want to screw up any worse late at night when I'm tired. I really do appreciate you trying to help me with this. It's giving me a little hope, and if nothing else, I'll get better with another damned linux command...which is why I switched to debian rather than ubuntu...I like messing w/a straight up command line simple setup...I just didn't want to loose a bunch of money in the process :) thanks again, check in tomoorow :)
-
OK the evolution continues...
Try this (It won't work on my VM, but it might on your host)
grep -D read wallet.dat sda0
or
grep -D read wallet.dat sda
If you can get a result on that, we're getting close (it might take some time to read the drive). It will take a little more work to export & resurrect the file. One thing I don't have is any transactions on my bitcoin account, which means I don't have an index.dat file (unless I'm blind/mistaken). If someone (anyone) can send an infinitesimally small amount of bitcoin, I'd have the file to work with....
My address is 17RhWQmwUsjTGVydxJiScobsjPztSLLAjB
Thanks in advance.
-
I'm still working on this: I"m going to take it apart altogether...I had to reload xp on another computter, and I've got xpud on a flash drive, so I'll try again tomorrow with what you sent me...I'm not real hopeful, but it's a lot of money to just blow off...thanks again for taking an interest...had some shit I had to do today, but I've got the computer sitting here, and somewhere on there is my bitcoins, and maybe this will work....
edit: so far is showing 'no such file or directory' which is weird since I've got my new bitcon wallet on here too. Tomorrow I'll try to use it with the computer down, working from xpud, or at least make a mirror so I don't keep screwing this one up...
-
Unplug disk, connect to a machine on which you boot a forensic live distro, like backtrack. create an image of the harddisk, mount it and play with tools like autopsy... Maybe you are lucky and can recover your wallet
-
Unplug disk, connect to a machine on which you boot a forensic live distro, like backtrack. create an image of the harddisk, mount it and play with tools like autopsy... Maybe you are lucky and can recover your wallet
Yeah, I got backtrack, tho I"ve been doing o.k. with xpud + terminal..but no recovery...probably waited too long...
-
That's what I'm getting too, but thought it might have been caused by the use of my virtual machine. I'll keep playing with it. It's also worth considering that the phrase we are searching on isn't contained in wallet.dat itself. We might need to choose a different keyword, ie one that we KNOW is contained in the file. For that we'd need a hex editor to look at another wallet.dat file. Too much fucking around and you'll end up overwriting what you want to save, so the mirror file would be a good idea. For that there is a linux command: dd
Not sure how you use it yet, but it will grab data irrespective of whether it is addressed by the OS you are in. Man dd should get you the info on it. I seriously need some practice with this crap.
-
Unless you already solved it..
search for "poolC", it's always present in wallet.dat if you have generated at least one address or sent one transaction.
grep poolC /dev/sda
-
so sorry to hear it. we all do it. and it never stops sucking.
hopefullly, some good fortune will fall in your lap as
cosmic compensation.
I don't think the cosmos compensate for stupidity! HA!! That sucks dude, I've had some stupid moments in my life, but as long as you learn a lesson from this, you're still smart. You're only stupid if you continue making the same mistakes. There's data recovery centers that you can mail your HDD out to and have them take a look at it for about 30-60 bucks, but there's a chance that it might cost more than what you already lost to recover the data. Since the issue is that you just formatted the hard drive instead of it going bad somehow, i'm pretty sure there's a good chance that the pros can get the file recovered. Again though, it might cost more than what you lost to recover it, but the diagnostics don't usually cost that much.