Bitcoin wallet recovery using Photorec
Ever cried over damaged disk holding your bitcoin wallet ? Ever formatted storage holding a perfectly valid and the only copy of your wallet.dat ? Yes, me too. Well, there's Photorec, opensource file recovery software. It just skips the partition and filesystem info and scans for plain file signatures on the disk. Unfortunately it does not recognize Bitcoin's Wallet as a file format. Bitcoin wiki states that wallet.dat is just a good old BerkeleyDB. Just let me check that with the famous file command:
[cyryl@uglybook ~]$ file .bitcoin/wallet.dat .bitcoin/wallet.dat: Berkeley DB (Btree, version 9, native byte-order)
That is right. Photorec however, has its own file-type detection magic, for the reason unknown to me. Let's see whether it works on the wallet.
Uhoh. Do not abandon hope for not all is lost ! Photorec provides a way for you to add custom signatures. The only missing ingredient appears to be the knowledge of file. Just check your linux installation for file's detection signatures. On my system these are to be found under /usr/share/misc/magic We need file extensions, offset and some magic number for Photorec to work. Well, extension is .dat, magics and offsets are stored in the file mentioned above. Translate offsets from decimal-based to hexs and take care of endianess et volia
[cyryl@uglybook ~]# cat .photorec.sig dat 0x0 0x00061561 dat 0x0 0x61150600 dat 0x0 0x00053162 dat 0x0 0x62310500 dat 0xc 0x00061561 dat 0xc 0x61150600 dat 0xc 0x00053162 dat 0xc 0x62310500 dat 0xc 0x00042253 dat 0xc 0x53220400 dat 0xc 0x00040988 dat 0xc 0x88090400
That is it. Happy wallet recovery.