armory_wallet_checksum_searcher
| Crates.io | armory_wallet_checksum_searcher |
| lib.rs | armory_wallet_checksum_searcher |
| version | 0.3.0 |
| source | src |
| created_at | 2024-05-03 04:55:48.884051 |
| updated_at | 2024-05-03 20:09:42.372768 |
| description | A tool to locate and extract Armory wallets on corrupted and deleted hard drives |
| homepage | https://github.com/RecRanger/armory-wallet-checksum-searcher |
| repository | https://github.com/RecRanger/armory-wallet-checksum-searcher.git |
| max_upload_size | |
| id | 1228378 |
| size | 38,037 |
Recovery Ranger (RecRanger)
documentation
README
armory-wallet-checksum-searcher
A tool to locate and extract Armory wallets on corrupted and deleted hard drives.
Features
- Searches a drive image for deleted and corrupted armory wallet files, based on a checksum property within the file.
- Writes to a log file.
- Supports both raw images (
dd-style) and lz4-compressed images (.img.lz4).- Open a feature request if you want support for more formats.
Benchmarks
- Rust (in
--releasemode): 8 MiB/s - 1 TiB takes 1.5 days.
Process
-
Armory wallets have a 32-byte private key, followed by a 4-byte sha256d hash of that key.
-
By taking every group of 36 bytes on the drive image, performing the checksum validation (a sha256d hash) on the first 32 bytes, and seeing if they match the final 4 bytes, we can find all parts that are "probably private keys".
-
After you find these keys, use a tool like
kuto convert them to usable keys. I'm not at that point yet.
Usage
Install from crates.io, and then run:
cargo install armory_wallet_checksum_searcher
armory_wallet_checksum_searcher -f input_file.img -o ./output_log.log
Or, clone from source and run:
git clone https://github.com/RecRanger/armory-wallet-checksum-searcher
cargo run --release -- -f input_file.img -o ./output_log.log
sudo cargo run --release -- -f /dev/sda -o ./output_log.log
Contributing
Please Star this repo if it's helpful. Open Issues.