How to check wallet.dat for authenticity?

I think everyone has seen wallet.dat files on sale with lost passwords from Bitcoin-QT crypto wallets. They often even come with password suggestions or hints. With the necessary knowledge and sufficient computing power, you can try your luck in selecting a password for wallets and gain access to bitcoins and altcoins. However, most of these files are fake. How to determine the authenticity of a file? Let me tell you how to check.

The file itself is a Berkeley DB database that contains private keys, setting values, address book, and transactions.

To get started, just search the hex editor for the word “xingfeng” (these are the most popular fakes from China). Found the address of this site in the code – you can not continue further.

Next, put the file in the wallets folder and synchronize Bitcoin-QT. If there are balances and watch-only entries, then the address is only for viewing and private users will not be there. Such a wallet is not fake, but useless for us.

It happens that only the wallet address has been replaced with a hex editor. Then, after synchronization, old transactions and balance will appear. It looks like the wallet is real. However, if you send coins to this address (at least minimal dust), the transaction will not appear, because the address is different.

An important point is that the number of transactions in the list must match the data of blockchain explorers. And all incoming and outgoing addresses can be found by typing “name” into the search in a hex editor. If there are discrepancies in the number of transactions or in the notebook, then the wallet is 100% fake.

In old wallets, when generating a new address, several addresses are generated and all of them are stored in a file, while the file size changes during synchronization. After accepting BIP32 (HD wallet), a new bitcoin address is created for each payment, and the keys are stored in xpriv format, the file size does not change regardless of the number of generated addresses. This is also one of the ways to check. In addition, you can check the address types (segwit or p2pkh) according to the wallet version.

If the desired wallet.dat file is open in the default Bitcoin-QT application, then in the console we enter the command “dumpprivkey 1LfV1tSt3KNyHpFJnAzrqsLFdeD2EvU1MK” , which will return:

• code 10, then you need to enter passphrase (password)

• private key, if a password is entered or not set, or

• the error “Private key for address 1LfV1tSt3KNyHpFJnAzrqsLFdeD2EvU1MK is not known (code -4)” means the file is fake.

Here are some simple ways to authenticate wallet.dat files exist. Well, in general, beware of dubious sites. Here the rules are simple: buy only from sellers with a positive history, ask for a verification time, or take through escrow. Basically, scammers do not give time to check the file, they trade or sell several files for the price of one, but … as practice shows, as soon as they receive money, they disappear. So be careful and good luck!

Sources:
https://bitcointalk.org/index.php?topic=5242967.msg54284429#msg54284429
https://hashcat.net/forum/
https://allprivatekeys.com