In-depth Forensic Examination of Satoshi-era BDB Headers

1 reply 62 views
GigaStakeMember
Posts: 4 · Reputation: 63
#1Oct 16, 2020, 12:29 AM
Thorough Analysis of damaged wallet.dat headers (BDB 4.8.x) So I’ve been digging into some old Bitcoin Core wallets recently and noticed a common issue with Berkeley DB (BDB) setups, especially regarding the 0x00053162 magic bytes at position 12. It looks like when a wallet.dat gets logically corrupted, the mkey and ckey record-key pairs often end up out of sync with the master metadata. Standard tools like pywallet tend to crash during the db_dump if the nDerivationRounds integer is messed up. Right now, I’m trying to figure out a way to manually piece back together the mkey structure by pulling the salt and encrypted_key buffers straight from the hex stream and skipping the BDB driver’s integrity checks. Has anyone tried using custom Python scripts to fix the ckey metadata pointers when the nID field is broken? I think we could cut down on the entropy loss while salvaging headers by focusing on the raw BDB pages instead of the logical file structure.
4 Reply Quote Share
paul.ninjaFull Member
Posts: 152 · Reputation: 539
#2Oct 16, 2020, 05:54 AM
You're probably on the right track looking at raw pages instead of waiting for Berkeley DB to stop sulking and behave properly. Once wallet.dat gets even slightly scrambled, the logical structure starts lying to you, while the page-level artifacts are often still honest enough to work with. I've seen cases where the header damage looked dramatic, but the useful bits were still sitting in leaf or overflow pages just fine, and the real problem was the parser trusting broken metadata a little too much. If you go down the custom Python route, I'd focus less on rebuilding the database in the formal sense and more on carving records cleanly and validating page boundaries. Berkeley DB loves to reward optimism with garbage. The part that usually bites people is not the mkey blob itself, it's the temptation to assume one recovered structure means the surrounding fields are sane. They often aren't. If the nID or adjacent bookkeeping is rotten, you can end up with something that looks plausible enough to waste a whole weekend. I'd work from multiple read-only copies, compare page distributions, and treat every recovered ckey or mkey candidate like hostile input until it survives consistency checks. Pywallet and friends tend to tap out because they still want the DB to be a database. At this stage it's closer to digital paleontology with a hex editor and a bad attitude.
3 Reply Quote Share

Related topics