Universal Bitcoin Wallet Reader
Advanced Forensic Tool for wallet.dat Files
Hi everyone,I am releasing a standalone C++ tool designed to perform deep forensic analysis on Bitcoin Core
wallet.dat files (Berkeley DB format).
While tools like Pywallet exist, they are often slow, require complex Python environments, or fail to correctly correlate metadata in older or corrupted wallets. This tool is written in native C++, uses OpenSSL and Berkeley DB directly, and focuses on extracting
every single bit of information available, including recovering timestamps for keys that appear to have "Unknown" creation dates.
🚀 Key Features- Full Decryption: Detects and decrypts the Master Key (mkey) and individual Private Keys (ckey) to WIF format.
- Smart Date Synchronization: Many old wallets have keys with missing timestamps. This tool scans the Key Pool (pool) in a first pass to recover creation dates and maps them back to the active keys. No more "Unknown" dates.
- Metadata Extraction:
- Extracts HD Derivation Paths (e.g., m/0'/0'/1).
- Decodes Bitcoin Core Client Versions (e.g., 60000 -> v0.6.0).
- Extracts Key Purpose (BIP43/44 metadata).
- Password Recovery Aid: Automatically extracts the Master Key hash in Hashcat format ($bitcoin$...) for brute-force auditing.
- Native Speed: Written in C++ using libdb4.8 and OpenSSL.
🔧 How It Works (The 2-Pass System)The tool uses a smart 2-pass approach to handle the non-linear structure of Berkeley DB:
Pass 1 (Gathering): Scans the entire database to collect metadata, derivation paths, and crucially, the
Key Pool timestamps. It builds a map of Public Keys to their creation dates.
Pass 2 (Decryption): Iterates through the encrypted keys. It pairs the keys with the metadata gathered in Pass 1, decrypts the secret (if password is provided), and outputs a synchronized, clean report.
📄 Output SampleENTRY #94 | Type: ckey
[ENCRYPTED KEY]
-> Address: 1PWLMxKaMXp8bXEtKgkFprKjahseemAJ75
-> Created: 2013-04-25 00:22:25 <-- Recovered from Pool!
-> Path: m/0'/0'/5
-> PubKey: 02da5783b7...
-> EncPriv: 3b8cca935b...
-> [WIF]: KxZd... (Displayed only if decrypted)
ENTRY #210 | Type: pool
[KEY POOL]
-> Index: 1
-> Date: 2013-04-25 00:22:25
-> Address: 1PWLMxKaMXp8bXEtKgkFprKjahseemAJ75
ENTRY #314 | Type: version
[VERSION]
-> Val: 150100 (Core v0.15.1)
💻 UsageWalletReader.exe <path_to_wallet.dat>
1. Run the tool in a terminal.
2. Enter the wallet password when prompted (or leave empty if unencrypted).
3. The tool generates two files:
- wallet.dat_dump.txt (Full forensic report)
- wallet.dat_hashcat.txt (Hash for password cracking)
📦 Source & BuildThis tool is open source. You are encouraged to compile it yourself for security.
Dependencies:- OpenSSL
- Berkeley DB 4.8 (Standard Bitcoin Core version)
- Visual Studio (MSVC) or G++
GitHub Link: Link to Source Code
Disclaimer: This tool is intended for educational purposes and legitimate recovery of your own wallet files. Always work on a backup copy of your wallet.dat.
