Yesterday i was searching through my email to try remember when i first heard about (and bought) bitcoin. The first reference in my email was a twitter notification of a conversation i had with my good friend Hoos. 📒 (btw buy his book, he’s smart)
I tweeted this, and was pretty much going to forget about it and move on until i read my message “I keep my bitcoins on and encrypted volume hosted on EC2 and only run the client on linux”… This got me pondering, 2012 was a long time ago, i couldn’t remember exactly what my setup was back then.
A bit of digging reminded me that i used to run syncthing, or bt-sync or something, with an amazon micro instance as the “persistent server” that i could always sync to. 🤔
I’ve long since shut that system down, but i remembered that my old mac laptop was also in that same sync group, and since i’ve done the Apple Migration Assistant dance a few times, all the old /Sync directories are right here on this machine as well.
A few minutes digging and i found this..
Both zip files were encrypted, and none of the passwords i could guess seemed to work. I thought maybe the zip file was the wrong type of encrypted but no other tools seemed to be able to open it either.
I put my laptop away and did a days work.
After work i picked up guessing my password again, and boom, guessed it.
Now i had an actual wallet.dat from 2011!
I installed the bitcoin.com osx wallet app and tried importing it. No luck, it wouldn’t let me import it without entering a passphrase and none of the ones i thought it could be would work.
By now i’d posted in our cryptocurrency channel at work. One of my colleagues (who’s much smarter than me) suggested that perhaps i could see what addresses were in the wallet even if i couldn’t decrypt the secret keys. A great idea.
Since the official app wouldn’t work, i went looking for a python library.
PyWallet was mentioned a few times.. There’s been multiple versions (that you can pip install, and what looks like a standalone version) and multiple forks of all of them.
The one that eventually worked for me was this one: https://github.com/jackjack-jj/pywallet/blob/master/pywallet.py
Getting it work involved a bunch of yak shaving, including upgrading xcode, fixing homebrew, installing bsddb3 from the homebrew formula and a bunch of other googling stackoverflow and took a few hours. 🤓
This pywallet has a web interface so i fired that up and took a look at my wallet.dat. 👀
It imported it just fine! no need for a password. Seems this old wallet doesn’t have a passphrase which is why the new tools refused to open it. 🎉
PyWallet showed that this wallet.dat had hundreds of addresses and private keys, i’ve no idea if this is normal anymore, but i checked the first and last addresses on blockchain.info and they had no balance. 😩
Dumping the entire wallet showed that there had been a few transactions including this one.
Helpfully Blockchain.info has tagged the recipient address as Wikileaks, then well known donations address.
That makes sense. I got my first ever shell account from Julian Assange back in the 90s on a server called Suburbia, and i’d met Julian at CCC before wikileaks got (in)famous. What was 1 btc worth in 2011? a few bucks?
I posted this in our slack, and once again was about move on with my life again..
The fact that there was so many addresses in the dump of the wallet made me think i should check all of them, not just the one labeled “Default” at the top.
I was about to start writing a program to call the blockchain.info api for each address when i noticed that PyWallet already had this functionality.
I ran it but was disappointed to see blockchain.info was rate limiting me.
So many things can be fixed with a lazy
sleep(1) strategically hacked in place.
A few minutes later i had a dump file with all the balances. At this point i was 99% that they were all going to be 0…
My heart stopped. What *exactly* does 23000000 mean?! Am i a billionaire?
less'd the file and found the address my heart rate noticeably quicker than it had been a few minutes before.
I grabbed the address and chucked it in.
I’m not a billionaire, but 0.23 bitcoins is better than a kick in the face.
At this point i still wasn’t sure if i actually had an unencrypted private key, or even how i could recover the BTC..
I tried a few tricks to import the secret key, eventually i got blockchain.info to add the address as a “watch only” address and then sent a transaction to my jaxx wallet, using the secret from the dump, which worked !
There it is, 0.22901 BTC found in an old wallet.
I also got the bitcoin cash, this time by making a QR code from the secret, and scanning it with the coinomi android wallet app. Too easy.
That’s pretty much the end of my digital archaeology, i know there’s 2 ether floating around on an old SSD from when i did some experiments with smart contracts.