2010 Wallet Delivery and Encryption Mystery

19 replies 453 views
tom2017Member
Posts: 17 · Reputation: 230
#1Jun 7, 2026, 03:08 PM
Anyone here dealt with wallets sent to customers as part of swf game files? So, I bought some btc from a miner back in May 2010, and he gave me a login for an online game to access the wallet/s. Instead of just getting a simple private key, I got a folder full of game files that seem to be encrypted. They've been sitting on my PC for 11 years now, and I thought it was a scam until I checked the blockchain, which says otherwise. The swf file just shows a basic image that doesn’t do anything maybe it used to connect to a server, but now it's just dead. The miner was based in the UK, and I've lost all contact info for him. One of the folders has a 32-bit key title, and the images look like they’re linked to a gozp.dat file, but I can't open that in either QT or Electrum, even when I rename it to wallet.dat. There’s also this strange .png file that seems to contain a long hash key... it's all pretty confusing. Has anyone encountered something like this? Any hints? Do you recognize this or could you help me with these files? I really want to access the wallet lol!
4 Reply Quote Share
HyperRavenFull Member
Posts: 175 · Reputation: 633
#2Jun 7, 2026, 09:19 PM
If you do not have sole control of the private keys, then it is reasonable to assume that you were never in control of any Bitcoins at any point in time. I don't see the point of the "miner" selling you the wallet without giving you any directions to retrieve it. What did you mean by Blockchain says otherwise? Did he give you an address or something?
4 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#3Jun 7, 2026, 10:50 PM
...Totally agree but this was May 2010 when lots of experimentation was taking place ...
5 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#4Jun 8, 2026, 03:11 AM
... a valid point, but I have reason to believe this wasn't the intention of the seller/ miner and evidence on the blockchain points me to a software issue in 2011 which caused the loss of access for the developer to a significant haul of unsold btc which our transaction leads directly back to..  I feel that I do have the keys , just can't identify them!
3 Reply Quote Share
Posts: 4 · Reputation: 105
#5Jun 8, 2026, 07:02 AM
Maybe try https://coreyphillips.github.io/ https://medium.com/@corey.lyle.phillips/part-1-3-turn-your-photos-into-bitcoin-private-keys-addresses-57669771cf7a (But i doubt)
2 Reply Quote Share
paul2017Senior Member
Posts: 218 · Reputation: 1426
#6Jun 8, 2026, 11:17 AM
Shockwave is an animation system that can be used to make simple interactive 2D games. A SWF contains the program. There is nothing in either of those two folders that look like they might even be remotely related to bitcoin. A bitcoin wallet is usually stored in a file called wallet.dat in a folder that typically contains the following files and folders: anchors.dat banlist.dat bitcoin.conf blocks chainstate db.log debug.log fee_estimates.dat mempool.dat peers.dat settings.json wallet.dat It looks like your folder has those along with other unrelated stuff.
6 Reply Quote Share
ben_yieldFull Member
Posts: 117 · Reputation: 720
#7Jun 8, 2026, 12:22 PM
back in the days, i remember playing around with those swf's... IIRC, there used to be tools to decompile them and look at the sourcecode? Maybe you can find a hint therein?
1 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#8Jun 8, 2026, 01:54 PM
There's a list of free and paid SWF decompilers nicely aggregated on a single page: http://bruce-lab.blogspot.com/2010/08/freeswfdecompilers.html?m=1 There's also a stack overflow question about it with more tools at https://stackoverflow.com/questions/97018/how-do-you-decompile-a-swf-file Some more stuff I found from a google search: https://www.flash-decompiler.com/ https://github.com/jindrapetrik/jpexs-decompiler But I think the bigger question here is what kind of wallet it is? All wallet softwares put a special sequence of bytes at the beginning of the wallet file that uniquely identifies its type (the so-called Magic Bytes). Install a hex editor such as HxD (and make a copy of the extracted wallet file because HxD allows you to unintentionally edit and save the file just by typing keys on the keyboard!) and open the wallet file with it, look at the first 10 or so bytes and see if they match any of the defined magic bytes.
1 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#9Jun 8, 2026, 05:36 PM
Thx ... we are on it like white on rice!
2 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#10Jun 8, 2026, 11:42 PM
...Appreciate that, will certainly take a deeper dive for the magic bytes, but feel we are looking for hidden private keys..
4 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#11Jun 9, 2026, 05:54 AM
... this flash file was the interface to obtain the "files" from which I understood that I should have been able to obtain private keys. Researching this more I am certain that image24.png is used as  a hex checksum or is hashed SOMEHOW with a 32 bit key to derive the  privkey. I have been testing and get results! (opening two other users wallets!!) but not the private keys I am after. I just don't know exactly what standard was applied to the process here, Hash the image, passphrase as a salt, hash the passphrase, single hash, double hash whos to know...? thx for the comments, its a privkey I am after here... certain of it.
0 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#12Jun 9, 2026, 08:07 AM
We took the .swf apart and nothing to say about it. But would be very interested in any standard tools which may have been around in 2010?? tools to translate an imagefile and a 32bit hex word into a privkey
1 Reply Quote Share
paul2017Senior Member
Posts: 218 · Reputation: 1426
#13Jun 10, 2026, 01:44 PM
Are you saying that private keys are purposely hidden somewhere in the data, and them you paid for them knowing that you might not be able to find them or that they might not exist at all? That makes little sense to me.
2 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#14Jun 10, 2026, 06:00 PM
...sure and I would agree with you now, however, back in 2010 I was trading stocks, bitcoin was little more than an idealistic story. I spoke with a guy in the UK who sounded extremely knowledgeable, a cryptographer, a Bitcoin Miner, the right person!. He said he was a software developer who mined coins and was creating a new bitcoin exchange business. I asked if he could sell me some bitcoin to introduce me to the technology and processes, he gave me a url and I followed his instructions. At the end of it I had data. one of which said DO_NOT_DELETE_72aXXXX a 32 bit hex key another an image of a playing card which I think was the image to remember from the game. I was busy and forgot about it all for a year, came back to it in 2011 with more time and a greater understanding of privkeys but couldn't derive my privkey or a wallet from these files. NO BIG DEAL IN 2010-11. But 2021 and it is many 1000's of btc,  so sense would dictate to look at it again . I had a bad first experience as did many.. I paid money and took a risk, everyone holding bitcoin takes the same journey! keys or not, sense or not its now a fun challenge to solve . I need cryptographers not agony aunts!
6 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#15Jun 10, 2026, 09:29 PM
Turns out that this is 98% of my challenge thanks but now to figure out which policy needs to be applied. In other words very close but no cigar!.
3 Reply Quote Share
nova_2019Senior Member
Posts: 239 · Reputation: 1068
#16Jun 11, 2026, 02:41 AM
...and this, ladies and gentlemen, is why "security through obscurity" and attempting to do "clever things"™ when trying to secure your private keys is simply a "bad idea"™ As unfortunate as it is for OP, I hope that this might help persuade people who think that doing things like re-arranging 12/24 word seeds, or substituting words or using some other "clever" process to try an obfuscate their private keys/seeds etc is just not a great plan. It should hopefully also act as a cautionary tale about leaving coins in wallets that you did not create yourself and/or have not "tested" the backup/recovery process. when you say "32 bit hex key"... do you mean 32 characters?
4 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#17Jun 11, 2026, 03:25 PM
.... totally in agreement.... for what its worth, KISS! (keep it simple stupid), sorry yes 32 character hex!
0 Reply Quote Share
nova_2019Senior Member
Posts: 239 · Reputation: 1068
#18Jun 14, 2026, 02:48 AM
I assume you've tried basic things like just putting the 32char hex into something like BitAddress.org and seeing if it is a "brainwallet" password? But, as far as I'm aware, there have been no other wallets or systems that have used a similar method (SWF, images + hex values written as folder names etc) to "hide" private keys... in 2010, most people were playing with simple brainwallets and paper wallets... I mean, the process could literally be almost anything at this point... like a SHA256 hash of the image file data... then flipped backwards etc. Also, it could be some weird stenographic method hiding the actual key data in the image file bytes, as opposed to using the image data directly as the input to SHA256 etc... have you tried something like this: https://ctfs.github.io/resources/topics/steganography/file-in-image/README.html
1 Reply Quote Share
tom2017Member
Posts: 17 · Reputation: 230
#19Jun 14, 2026, 08:15 AM
Tried the brain wallet, no outputs. don't believe that's the end of my story. I realise the complexity of the process, I was really hoping that an old miner would put up his hand and admit to doing this in 2010. Whilst playing his game, it inadvertently gave me 80+ similar but unique files... I am sure we will get there in the end, couple of coders taking a look, thanks to the forum, who knows really. Appreciate your interest. thx
3 Reply Quote Share
the_viperNewbie
Posts: 1 · Reputation: 21
#20Jun 14, 2026, 02:05 PM
Hi I have some of same things of yours ! you open the file in wrong way - try to open swf ( many tools do that ) if you found first 8 zeros thats mean this file belong to btc , what ealse in the folder ?
2 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics