

Bitcoin Private Key Necromancy - sillysaurus2
http://www.pxdojo.net/2013/12/bitcoin-private-key-necromancy.html

======
sillysaurus2
I saw this post when the author submitted it to /r/bitcoin several hours ago:
[http://www.reddit.com/r/Bitcoin/comments/1t5fgr/i_wrote_a_to...](http://www.reddit.com/r/Bitcoin/comments/1t5fgr/i_wrote_a_tool_to_pull_private_bitcoin_keys_off/)

Frustratingly, the author titled his post "Bitcoin Private Key Necromancy" but
titled his Reddit submission "I wrote a tool to pull private bitcoin keys off
dead harddrives" which is a far better title.

He recovered about 46 coins.

~~~
kubiiii
If the hardrive wont power on but the filesystem is ok you can still send it
to a recovery company for something like a few hundred bucks. -Hi i've just
received the data you recovered from my hard disk, thanks, but I can't find my
wallet ... -Dont know what you are talking about.

~~~
johnchristopher
Last time I checked it was more in the thousands bucks range than in the
hundreds unless you are only talking about damage controller.

~~~
kubiiii
I had a quotation for a 500 GB HD recovery a few months back, it was 400 euros
(France). It was a flat rate, problem could be the controller or mechanical :
same price. But I guess it depends on the company, didn't try it anyway so I
dont know if it was reliable or not (no BTC on this drive!).

~~~
yardie
I've got 2 HDDs sitting in the bottom of my freezer (notorious, Seagate
7200.9s) waiting to be recovered. If you have that contact please send it to
me. I'm only finding 1500-2000euro quotes.

~~~
_rmp_
Many hard drive failures are caused by its PCB and can be easily solved just
by replacing it with a new one. Finding a Matching Hard Drive PCB:
[http://www.hddzone.com/conditions.html](http://www.hddzone.com/conditions.html)

For physical problems: [http://www.wikihow.com/Fix-a-Physically-Broken-Hard-
Drive](http://www.wikihow.com/Fix-a-Physically-Broken-Hard-Drive)

I assume you already knew this, as you keep them on your freezer... and that
this may not be applicable to your case, but this could be useful for other
people anyway.

~~~
yardie
I'll give it a shot. In this series Seagate changed the platter coating. So
after around 3 years the coating starts to flake off and get jammed between
the head and surface.

~~~
xtreme777
It is pointless to swap a PCB on Seagate drives these days. Most likely it
will not help. The odds are 1:50 that a compatible PCB will be a good match.
There is a procedure that is a procedure to perform the proper swap and that
requires tools, recovery equipment and knowledge of PCB architecture. On
certain drives (some Seagate models ver IV or V) you should never swap a PCB.
If you do, the drive will be toast. Same applies to some Hitachi / IBM drives.
If data is critical - do not experiment.

~~~
sounds
This. (@yardie: I tried to get in touch with you)

Do not replace the controller on a Seagate. You may have better luck with
other manufacturers.

If there is valuable data on there, and it sounds like there is, pay the price
to have it professionally recovered.

They have insurance.

~~~
xtreme777
...and before you pick a company, do your homework. There is a number of fly-
by-nighters who have no clue what data recovery is. Cute and fancy website is
an easy catch these days. Don't fall for its appeal, talk to the techs, see
how well the conversation goes. Don't settle for the cheapest quote. A good
engineer pays higher bills for his "better" equipment, so if data is
important, make sure it's done right by the reputable data recovery engineer.
Remember, sometimes there is only one attempt and it has to be done right.
Best of luck!

------
ge0rg
I wonder how long it takes for admins at VPS hosting providers to start
harvesting private keys from VPS instances, using this tool or, where
available, direct filesystem access...

~~~
yumcoin
If you set up your VPS with a hierarchical deterministic wallet[1] or a
passphrase-protected private key[2], your hosting provider will be unable to
determine your private key.

[1]:
[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki)

[2]:
[https://github.com/bitcoin/bips/blob/master/bip-0038.mediawi...](https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki)

~~~
lsc
There's really no getting around the evil maid attack[1], if someone can
attack your hardware directly. There's even evidence that a sufficiently
clever attack can persist through formatting and re-installing a drive[2] -
note, people have also found exploits in network firmware... remotely
exploitable exploits. If you can do it by accident[3], then most likely it can
be done with malice aforethought.

Edit: adding a strong pass-phrase /does/ give you a significant level of
protection; While it doesn't offer protection from an evil maid type attack
(where the attacker trojans your server, then you decrypt your key after said
server was compromised) it does offer quite a bit of protection, say, from an
attacker who has access to old backups but not your production system. So I
think a passphrase on all of your important private keys is a worthwhile thing
to have.

I just want to make it clear, once you decrypt that key from within a
compromised system? all bets are off.

[1][https://www.schneier.com/blog/archives/2009/10/evil_maid_att...](https://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html)

[2][https://news.ycombinator.com/item?id=6148347](https://news.ycombinator.com/item?id=6148347)
(of course, this specific attack wasn't as scary as it could have been, say if
the same sort of thing was remotely accessible)

[3][http://theinvisiblethings.blogspot.com/2010/04/remotely-
atta...](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-
network-cards-or-why.html)

------
KiwiCoder
I used to be cavalier about HDD disposal, and then one day I helped a friend
recover some files from their apparently dead HDD. We did not recover the
files but we did find unencrypted passwords to email accounts and other
sensitive information that he had forgotten about.

So while I trust device/disk wiping tools are effective, I'm much less
trusting of my own memory about the files on any given storage device.
Moreover, and perhaps more importantly it's rarely possible to guarantee that
software is consistently doing the right thing with your sensitive data.

Therefore my rule is now to donate unwanted hardware but never to donate or
dispose of storage devices without being certain the data is unrecoverable.
This is a harder problem than it might at first appear.

Secure disposal of hardware is a problem growing worse in proportion to the
number of devices we allow (or by inaction permit) to manage our personal
data.

~~~
sillysaurus2
_dispose of storage devices while being certain the data is unrecoverable_

I use Derek's Boot and Nuke bootdisc for this purpose.
[http://www.dban.org/](http://www.dban.org/)

It's straightforward to use, but it's also configurable if you want to be
extra certain the data is gone. I think the default is 3 passes of filling the
harddrive with random data generated via Mersenne Twister.

~~~
omh
Unless you're very paranoid then a single pass of zeroes should be sufficient.

The bigger problem is what to to with a dead hard disk. It's usually easier to
buy a new one rather than replace it, but an attacker could perhaps repair the
disk to steal the data. At work we send any non-wipable disk to be physically
shredded. At home I think I'd just hold on to all disks indefinitely.

~~~
x3c
Open it, take the disc out and microwave it.

~~~
gmac
Dangerous?

~~~
ihsw
"Is It A Good Idea To Microwave An XBOX 360?"

[http://www.youtube.com/watch?v=vzodemYzswQ](http://www.youtube.com/watch?v=vzodemYzswQ)

"Is It A Good Idea To Microwave A PlayStation 3?"

[http://www.youtube.com/watch?v=4rWyJXpezPs](http://www.youtube.com/watch?v=4rWyJXpezPs)

"Is It A Good Idea To Microwave A Nintendo Wii?"

[http://www.youtube.com/watch?v=OydTZpbp0EE](http://www.youtube.com/watch?v=OydTZpbp0EE)

------
makomk
Yeah, it's kind of a neat trick. I wrote a similar tool a couple of years ago
though I'm not sure if it still works:
[https://bitcointalk.org/index.php?topic=25091.0](https://bitcointalk.org/index.php?topic=25091.0)

~~~
Shtirlic
Thank you, I recovered some of my bitcoins with your tool 1 year ago.

------
graemian
Doesn't work for Bitcoin Wallet on Android :-(

I lost some Bitcoins on an old phone that used Bitcoin Wallet
([https://github.com/schildbach/bitcoin-
wallet](https://github.com/schildbach/bitcoin-wallet)) by doing "Settings >
Reset".

I tried using this app to find them by dumping the /data partition, but no
luck. Apparently it uses a different wallet format:

The wallet file format is not compatible to wallet.dat (Satoshi client).
Rather, it uses a custom protobuf format which should be compatible between
clients using bitcoinj.

Any ideas on how to find such coins?

~~~
sillysaurus2
I like a good challenge. Would you send me a dump of the phone's harddrive?
The command to dump the harddrive is `dd if=/dev/hda1 of=./phone.image`

Then I'll examine the bitcoinj wallet format and write a tool to search for
the private key within the phone.image file.

My email's in my profile.

~~~
ge0rg
Haha, this is a nice try :D

------
MWil
I wish this could help me recover 3 btc I had in 2010 b/c I still have the
HDD. My problem is that my disk is extra dead - it stopped spinning
completely. I can't use hiren's boot tools with it like I could my other dead
drives. I've heard I would have to bring it into a clean room environment for
about a grand and have experts recreate the drive.

~~~
mctx
I've heard success stories of transplanting platters into the same model
working drive, maybe this is worth a shot?

~~~
paraxisi
I have also heard/read about a few people doing this.

If I remember correctly, you need a special tool to pick the platters up out
of the drive without rotating them, but aside from that just a new
controller/assy.

~~~
MWil
Thanks, I hadn't really heard about this. Although at current btc prices, it
might actually just be cheaper for me to claim them as "lost" on my taxes than
try and recover them

~~~
sillysaurus2
If you're considering tossing the drive, please consider mailing it to my
address instead so that I can try my hand at recovering the bitcoins. I can
cover shipping costs. I'll email you in case you're interested.

~~~
MWil
I emailed you back.

------
splitbrain
I guess this wouldn't work with an encrypted wallet.dat which was introduced
later than 2011.

~~~
1337biz
Is there any tool to brute force/run password lists against wallet.dats? I
have one around that I am adding coins to but just can't remember my own
password.

~~~
celticninja
why thye fuck would you keep adding coins to it if you dont know the password?

More likely you have obtained someone elses wallet.dat file that they have
encrypted and they do not know you have a copy of this wallet.dat so they are
still using it, and you do not know their key but would quite like to access
their coins.

~~~
1337biz
Nope, it is just that I still have some hope in my abilities to guess the
right password. I'm quite the optimist by nature ;)

~~~
celticninja
there is optimistic and there is stupid.

send any new coins to a new address, sure you may remember the password but
hedge against that possibility with another wallet, please. for my sake, for
my sanity, do it for me.

------
Sami_Lehtinen
Totally misleading post title, if you can read drive... It isn't dead... Got
it?

------
jrochkind1
Oh geez, have upworthy-style "this guy" headlines come to HN?

~~~
jheriko
i don't get it... what exactly is the criticism here?

~~~
nashashmi
I think 'this guy' makes it similar to a notorious outbrain paid
advertisement: "this guy made money sitting at home"

------
nullc
Why would they spend time trying all those things and reinventing the wheel
when a tool for doing exactly this has existed since time immortal (in bitcoin
terms):

[https://bitcointalk.org/index.php?topic=25091.0](https://bitcointalk.org/index.php?topic=25091.0)

------
jheriko
i'm pretty sure that once poor or greedy people can get 'day-to-day' value out
of bitcoin beyond its pure monetary value as an investment (you don't want to
hold onto your stolen goods in hope they appreciate in value) then we will
start having many much more serious problems with its thievery...

smart and driven criminals will solve a lot of problems in ingenious ways you
never thought of

