Situation:
Version 1.6 Team Hunters running under Windows 10 with Python 3.17 install and requirements.txt installed per readme.md.
I asked in the telegram channel for TeamHunters to no avail. So does any kind of support or answers?
So I will ask here as a legit question on the output of the wallet dump tool included with TeamHunter 1.6.
I have a question about opening bitcoin-core wallets from 2021 or possibly corrupted ones in the past. I see the 1.6 Team Hunter app reports and error on an encrypted wallet and not sure which mkey or ckey is applicable between the two outputs.
for example, some dweeb has been seeding faked wallet.dats or old ones that were swept clean with false addresses claimed to be some large BTC address.
Well I get the same error message on a legit self made bitcoin core wallet that is encrypted with a password I lost. I know it's not a fake because it's mine.
Who made that module for the Hunter program and can I get the userid to discuss with him about possibly fixing some of the fuzzy errors it reports? namely this
"Warning: unexpected Bitcoin Core key derivation method 561603947
Mkey_encrypted: 00310001303459e824a9aeb6e83a9de9c3950e96c7c49c29c3781b17b9623a71e0ebcbd4c9c46c589087307f79a2ef3b9e
"
Is that a legit mkey for the entire wallet or one of the addresses listed in a wallet given that a wallet can have several addresses, ckeys, and at least one mkey.
But the program continues and reports another mkey for the wallet, so which is which? It was my understanding, correct me if I am wrong that a wallet file of either legacy addresses or HD(bech32) addresses should only have one mkey.
AlbertoBSD's crackBTCwallet which is aged only reports one mkey for legit, password ed wallet.
But then the Team Hunter 1.6 program submodule goes one to report the list of ckeys in the wallet.dat that have maybe correct or incorrect ckeys for a given address in the wallet depending on whether the wallet.dat is fake or real.
Regardless, I know I have a "real" wallet and cannot trust the mkey or multiple ckey output either?! Help.
@marssystems I got the IV and salt from one set if checking. Do you know if this tool was ever updated for bech32 HD wallets made in 2021? I think this tool was meant for only older wallets. Can you confirm since you are in the wallet recovery biz?
Or do you know who else to ask that wrote that tool? Please?
Well duh, that's why I am using this program to derive such mkey an ckeys, but then the secondary output spits out another mkey and 1-3900 discrete ckeys that might match to the pubkey of the given address of the wallet. But with a true and not fake wallet.dat you can derive the publickey for a given address by solving all the pubkeys to an address.
But that doesn't get you anywhere near the aes 256CBD decrypt of a mkey/ckey pair. But at least it's kangaroo solvable given enough time or using crackBTCwallet from albertobsd for an eternity using up to 64 threads.
So why even provide a tool to spew misleading info at the start and then possibly bad output for the address in question?
What steps does one take after a possibly "good" output?
The other tool I used can be found on github at: https://github.com/albertobsd/crackBTCwallet
Thanks for the attention. Tips will follow if I can get that wallet open.
Situation:
Version 1.6 Team Hunters running under Windows 10 with Python 3.17 install and requirements.txt installed per readme.md.
I asked in the telegram channel for TeamHunters to no avail. So does any kind of support or answers?
So I will ask here as a legit question on the output of the wallet dump tool included with TeamHunter 1.6.
I have a question about opening bitcoin-core wallets from 2021 or possibly corrupted ones in the past. I see the 1.6 Team Hunter app reports and error on an encrypted wallet and not sure which mkey or ckey is applicable between the two outputs.
for example, some dweeb has been seeding faked wallet.dats or old ones that were swept clean with false addresses claimed to be some large BTC address.
Well I get the same error message on a legit self made bitcoin core wallet that is encrypted with a password I lost. I know it's not a fake because it's mine.
Who made that module for the Hunter program and can I get the userid to discuss with him about possibly fixing some of the fuzzy errors it reports? namely this
"Warning: unexpected Bitcoin Core key derivation method 561603947
Mkey_encrypted: 00310001303459e824a9aeb6e83a9de9c3950e96c7c49c29c3781b17b9623a71e0ebcbd4c9c46c589087307f79a2ef3b9e
"
Is that a legit mkey for the entire wallet or one of the addresses listed in a wallet given that a wallet can have several addresses, ckeys, and at least one mkey.
But the program continues and reports another mkey for the wallet, so which is which? It was my understanding, correct me if I am wrong that a wallet file of either legacy addresses or HD(bech32) addresses should only have one mkey.
AlbertoBSD's crackBTCwallet which is aged only reports one mkey for legit, password ed wallet.
But then the Team Hunter 1.6 program submodule goes one to report the list of ckeys in the wallet.dat that have maybe correct or incorrect ckeys for a given address in the wallet depending on whether the wallet.dat is fake or real.
Regardless, I know I have a "real" wallet and cannot trust the mkey or multiple ckey output either?! Help.
@marssystems I got the IV and salt from one set if checking. Do you know if this tool was ever updated for bech32 HD wallets made in 2021? I think this tool was meant for only older wallets. Can you confirm since you are in the wallet recovery biz?
Or do you know who else to ask that wrote that tool? Please?
Well duh, that's why I am using this program to derive such mkey an ckeys, but then the secondary output spits out another mkey and 1-3900 discrete ckeys that might match to the pubkey of the given address of the wallet. But with a true and not fake wallet.dat you can derive the publickey for a given address by solving all the pubkeys to an address.
But that doesn't get you anywhere near the aes 256CBD decrypt of a mkey/ckey pair. But at least it's kangaroo solvable given enough time or using crackBTCwallet from albertobsd for an eternity using up to 64 threads.
So why even provide a tool to spew misleading info at the start and then possibly bad output for the address in question?
What steps does one take after a possibly "good" output?
The other tool I used can be found on github at: https://github.com/albertobsd/crackBTCwallet
Thanks for the attention. Tips will follow if I can get that wallet open.