Skip to content

Decrypting and Dumping Wallet Files

Background

Some of the wallets types that BTCRecover supports are no longer maintained or safe to use (Eg: Multibit), can be difficult for some users to set up and use (eg: Bitcoin Core) or may have bugs in the wallet itself that prevent users who have the correct wallet and passwords from accessing their funds. (Eg: Some old Blockchain.com or blockchain.info wallets) Never mind that there might be some situations where the value of the funds are such that importing these recovered wallets back in to a hot wallet might be a really bad idea...

You may also just be interested in seeing what is in there or find this useful in terms of debugging...

As such, BTCRecover supports the ability to dump the raw decrypted wallet file or to dump the raw private keys in a format that can be imported directly in to wallets like Electrum which allows the funds to be securely moved through offline signing...

Support for dumping additional wallet types will be added over time...

Generally there are two commands used to dump wallet files.

--dump-wallet FILENAME

--dump-privkeys FILENAME

These above commands can be used as part of a standard recovery to automatically decrypt/dump the wallet if the password is found.

There are also some extra parameters that mean you can avoid using a passwordlist or tokenlist if you are only interested in dumping/decrypting a wallet file...

--correct-wallet-password
--correct-wallet-secondpassword

Blockchain.com Wallets (Previously known as blockchain.info)

Important Note Some older blockchain.com wallets (2014-2015 era at least, perhaps more) have a bug where some private keys were incorrectly encoded and saved to the wallet file... (Basically if the hex encoded private key included any leading zeroes, these were left off, leading to private keys that are less than 32 bytes... The current blockchain.com simply rejects these as invalid and assumes an incorrect password...) The symptoms of this are that your wallet may have correctly worked until about 2015/2016, BTCRecover will correctly match the wallet passwords (main password and/or second passwords) yet you will be unable to log in with your wallet at blockchain.com (Perhaps being prompted for a second password at login time, not just when sending funds) nor import old backups of your wallet file in to the platform. Blockchain support will simply dismiss your concerns and insist that you have the wrong password... (And given they are a non-custodial platform, don't actually have any visibility in to your specific wallet file file to be able to debug it...) The solution is to dump the private keys from these wallet files (or keys) and to import them in to something like Electrum.

Decrypting/Dumping with Main Password

Dumping Wallet File Without a Second Password

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main password for this wallet is "mypassword""...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/blockchain-github-v1-1 --dump-wallet blockchain-github-v1-1_main_dump.txt --correct-wallet-password mypassword

This command will produce the following dump.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{
    "guid": "9ebb4d4f-f36e-40d6-9a3e-5a3cca5f83d6",
    "sharedKey": "41cf823f-2dcd-4967-88d1-ef9af8689fc6",
    "double_encryption": false,
    "options": {
        "fee_policy": 0,
        "html5_notifications": false,
        "logout_time": 600000,
        "tx_display": 0,
        "always_keep_local_backup": false
    },
    "keys": [
        {
            "addr": "1AN6WAdSrXATk7mcosqhK7vvPusC3fmw8p",
            "priv": "XxkpqJqs1449nLHX1WcCP5QbmyJhjrwTis9hyvqGKJc",
            "privkey_compressed": "KwV8RDmA2o9WXhiuEBkWAYh8y6cYp9UquXryaEPS1evXUSXJfg43",
            "privkey_uncompressed": "5HsnBUMsz3kch2ycrCxAnDAYiFsCHaBqgzk3PwEh73FPmLfVrsP"
        },
        {
            "addr": "1Cp1xPTVdjePVcRAJHxesiLkNZbASgbkL",
            "priv": "8uZW7qiz89NGtgwzdbqKZ9QDVPj1NeGV192RJUXdc946",
            "privkey_compressed": "L1A4Ty9VVY5oF5vTWCUvSKHiLJ6PNosSVcNzWB7PTFgj4v56CJsn",
            "privkey_uncompressed": "5Ji2EpAB5era8itzD449wDkfN8x9F1CRooz6KqxpgUoA5a3NY7c"
        },
        {
            "addr": "1MsA1JJhgNMkuke9uttaXQfFyNBvmCyeiR",
            "priv": "BH2MMphxoWQkynoo7HM8ukLSw8aNKFT9sWV2nu9QmNqe",
            "privkey_compressed": "L2LWiEUFSmZaJNeV2hEgnx4A4j3gHi9oQpyJq19kvwKNY21Pz1Nj",
            "privkey_uncompressed": "5JyXkKur3DMyUxCfXHpWQYxYWPffoqHwvRv5wq4oCmUj33X1DrZ"
        },
        {
            "addr": "13m3hC95Pp3ZWth6XCmhr9qUVNZGqMchia",
            "priv": "4TE4wCgz1fcjSPsxSUUig36a9JpNfPn9c2KFcT94hWtk",
            "privkey_compressed": "KxwR9qWWd3jXyJirSuKZrasdQ5aa7WJH1zi1dXvn5PUNxksoDzrK",
            "privkey_uncompressed": "5JCsnW7gnn2UruxFNjDN3AwWznu1htx7oSmBZkFuMUkMqTZ3n3G"
        },
        {
            "addr": "17thFxEzSsR3fn2CpQrAYrcsUve6VN8JuX",
            "priv": "2YARBSUuHrsuuvtEHoeTXiDXGdiDuHtfdLvvYCKkADCm",
            "privkey_compressed": "Kwz7Q6xJNTM9ooVmWwPfGairubgJF7ur8UphFCkMpn6fHFc1E4E3",
            "privkey_uncompressed": "5HzM2cLKtXth4MWB5yH1Wp4bR9mFL4Nwdawm1VwgcJ1q6aKqoHG"
        }
    ]
}

The file above shows the full contents of the wallet as well, the base58 encoded private keys as well as the private keys that have been converted for both compressed and uncompresssed formats. (One one of these corresponds to the actual wallet address, I could tweak this to only dump one but there is no harm in simply importing both...)

Dumping Private Keys for a wallet without a second password

You can use the following command to dump the private keys from one of the wallets included in this repository to a file... The main password for this wallet is "mypassword"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/blockchain-github-v1-1 --dump-privkeys blockchain-github-v1-1_main_privkeys.txt --correct-wallet-password mypassword

This command will produce the following dump.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
Private Keys (For copy/paste in to Electrum) are below...
KwV8RDmA2o9WXhiuEBkWAYh8y6cYp9UquXryaEPS1evXUSXJfg43
5HsnBUMsz3kch2ycrCxAnDAYiFsCHaBqgzk3PwEh73FPmLfVrsP
L1A4Ty9VVY5oF5vTWCUvSKHiLJ6PNosSVcNzWB7PTFgj4v56CJsn
5Ji2EpAB5era8itzD449wDkfN8x9F1CRooz6KqxpgUoA5a3NY7c
L2LWiEUFSmZaJNeV2hEgnx4A4j3gHi9oQpyJq19kvwKNY21Pz1Nj
5JyXkKur3DMyUxCfXHpWQYxYWPffoqHwvRv5wq4oCmUj33X1DrZ
KxwR9qWWd3jXyJirSuKZrasdQ5aa7WJH1zi1dXvn5PUNxksoDzrK
5JCsnW7gnn2UruxFNjDN3AwWznu1htx7oSmBZkFuMUkMqTZ3n3G
Kwz7Q6xJNTM9ooVmWwPfGairubgJF7ur8UphFCkMpn6fHFc1E4E3
5HzM2cLKtXth4MWB5yH1Wp4bR9mFL4Nwdawm1VwgcJ1q6aKqoHG

You can then copy/paste the contents of this file directly in to Electrum... (Like the examples above, this will include both compressed and uncompressed private keys)

Dumping Wallet File (Where there is a second password)

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main password for this wallet is "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/blockchain-v2.0-wallet.aes.json --dump-wallet blockchain-v2.0-wallet.aes.json_main_dump.txt --correct-wallet-password btcr-test-password

This command will produce the following dump.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
    "guid": "9bb4c672-563e-4806-9012-a3e8f86a0eca",
    "sharedKey": "728e769e-4c26-4301-a0b8-2db25c564c5a",
    "double_encryption": true,
    "dpasswordhash": "2de3fba5e1bce771e7425686b30970a70b6a5cac1aff5acbc9e1b3bca365f47a",
    "options": {
        "pbkdf2_iterations": 10000,
        "fee_policy": 0,
        "html5_notifications": false,
        "logout_time": 600000,
        "tx_display": 0,
        "always_keep_local_backup": false,
        "transactions_per_page": 30,
        "additional_seeds": []
    },
    "keys": [
        {
            "addr": "1BUoAfr3N6RcH3JArntzoFGfk9hrgU4i5a",
            "priv": "3BxRTG45Rf1v4V0zJLb1SdUULBIlAPPvTzo2lkMHbusI0MdaMO+wspiT7ZSorervEHq722+liMEu5azs6DUvsQ==",
            "created_time": 0,
            "created_device_name": "javascript_web",
            "created_device_version": "1.0"
        }
    ]
}

This example decrypts using the "main password only", meaning that the body of the file will be decrypted, including addresses, but the private keys will remain encrypted.

Decrypting/Dumping with Second Password

Dumping Wallet File with a Second Password

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main and second passwords for this wallet are "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/blockchain-v2.0-wallet.aes.json --dump-wallet blockchain-v2.0-wallet.aes.json_secondpass_dump.txt --correct-wallet-password btcr-test-password --blockchain-secondpass --correct-wallet-secondpassword btcr-test-password

This command will produce the following dump.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{
    "guid": "9bb4c672-563e-4806-9012-a3e8f86a0eca",
    "sharedKey": "728e769e-4c26-4301-a0b8-2db25c564c5a",
    "double_encryption": true,
    "dpasswordhash": "2de3fba5e1bce771e7425686b30970a70b6a5cac1aff5acbc9e1b3bca365f47a",
    "options": {
        "pbkdf2_iterations": 10000,
        "fee_policy": 0,
        "html5_notifications": false,
        "logout_time": 600000,
        "tx_display": 0,
        "always_keep_local_backup": false,
        "transactions_per_page": 30,
        "additional_seeds": []
    },
    "keys": [
        {
            "addr": "1BUoAfr3N6RcH3JArntzoFGfk9hrgU4i5a",
            "priv": "3BxRTG45Rf1v4V0zJLb1SdUULBIlAPPvTzo2lkMHbusI0MdaMO+wspiT7ZSorervEHq722+liMEu5azs6DUvsQ==",
            "created_time": 0,
            "created_device_name": "javascript_web",
            "created_device_version": "1.0",
            "priv_decrypted": "8V3qAkjVPsWgWASdvyXSSvkZ9A3obdEzwfMpavJ8MD5A",
            "privkey_compressed": "KzwrWpHpu5zyZXDDsV4MWkDhobhji46kk2YYpWr4vwDxYLHa3NXs",
            "privkey_uncompressed": "5JfFqtx1tDv1aef7YNmG52BaiNTSzLHFttZ53A2bsjeNeXKKkUc"
        }
    ]
}

Like the example above, this wallet dump will include the encrypted private keys, raw decrypted private keys (in base58) and private keys, both compressed and uncompressed, that can be imported directly in to wallets like Electrum.

Dumping Private Keys for a wallet with a second password

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main and second passwords for this wallet are "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/blockchain-v2.0-wallet.aes.json --dump-privkeys blockchain-v2.0-wallet.aes.json_secondpass_privkeys.txt --correct-wallet-password btcr-test-password --blockchain-secondpass --correct-wallet-secondpassword btcr-test-password

This command will produce the following dump.

1
2
3
Private Keys (For copy/paste in to Electrum) are below...
KzwrWpHpu5zyZXDDsV4MWkDhobhji46kk2YYpWr4vwDxYLHa3NXs
5JfFqtx1tDv1aef7YNmG52BaiNTSzLHFttZ53A2bsjeNeXKKkUc

These can then be copy/pasted directly in to a wallet like Electrum.

Coinomi Wallets

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main and second passwords for this wallet are "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/coinomi.wallet.desktop --correct-wallet-password btcr-test-password --dump-privkeys coinomi.wallet.desktop.privkeys.txt

This command will produce the following dump.

1
2
3
4
Private Keys (BIP39 seed and BIP32 Root Key) are below...
BIP39 Mnemonic: refuse enrich brisk special hand display feed more stove elder bracket skin impact domain ready evolve age south idea suffer family retire pair kiwi (BIP39 Passphrase In Use, if you don't have it use BIP32 root key to recover wallet)

BIP32 Root Key: xprv9s21ZrQH143K486Bs1fmVBXA563h8yezak7YNmJqvDE7xwBVDnAdhK71CaAiVSjXqm7a1DmyPeJwrYP8g6Aj2TUzcDTu8WE9sW9Pqk76sSb

Metamask Wallets

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main and second passwords for this wallet are "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn --correct-wallet-password btcr-test-password --dump-privkeys metamask.privkeys.txt

This command will produce the following dump.

1
[{"type":"HD Key Tree","data":{"mnemonic":"ocean hidden kidney famous rich season gloom husband spring convince attitude boy","numberOfAccounts":1,"hdPath":"m/44'/60'/0'/0"}}]U2H*oP

Multibit Classic Wallets Backups (And MultiDoge)

You can dump either .wallet files or key-backup files.

You can use the following command to decrypt/dump one of the Multibit Classic wallet keyfiles that is included with the repository... The main password for this wallet is "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/multibit-wallet.key --correct-wallet-password btcr-test-password --dump-privkeys multibit-wallet.key.privkeys.txt

This command will produce the following dump.

1
L3BdsUEuHb15LgPp8ZpEhckMdRj4bPnrj352RgqgUUVKvngnBDph

You can also decrypt/dump a .wallet file with the same type of command.

python btcrecover.py --wallet ./btcrecover/test/test-wallets/multibit.wallet.bitcoinj.encrypted --correct-wallet-password btcr-test-password --dump-privkeys multibit.wallet.bitcoinj.encrypted.txt

Which will produce the following: 

1
KwYiuLdeNhZVHs4spw6b1aptpgyGQDeoh59paKVyG25F57qMzYZK

Likewise, you can decrypt/dump MultiDoge keyfiles with a command like:

python btcrecover.py --wallet ./btcrecover/test/test-wallets/multidoge-wallet.key --correct-wallet-password btcr-test-password --dump-privkeys multidoge-wallet.key.privkeys.txt

This command will produce the following dump.

1
2
3
4
5
6
QPHRxyb5yP8GvDtDpbPv8wyXgQr7UDKS4g6pWN9MWUW233WNYhPB
QQGSXDD4FAtVdUWvyEKni97JuCWCJZFZzLBR3rQUtxhfxnyV9pbL
QSTbM8e67a5cv2srq3NUVoaVni5gihg5tHmwshEAFfHV1xQsqKiq
QP2mZsM8jzwmPyRRBvAK2ZyJf6s2JE8hsfkMEW5E4wASdDPLQaYb
QTRwukQVa6oWTM64778Homu1pDmZ8K4u8VvezYXrrbYZvcr776js
QV9Y2UPYyhrpu7rtdHbK7kRVnA1hsiw8rB2sw8ovNqieicxNdjgP

Multibit HD Wallets

You can use the following command to decrypt/dump one of the wallets that is included with the repository... The main password for this wallet is "btcr-test-password"...

python btcrecover.py --wallet ./btcrecover/test/test-wallets/multibithd-v0.5.0/mbhd.wallet.aes --correct-wallet-password btcr-test-password --dump-privkeys mbhd.wallet.aes.privkeys.txt

This command will produce the following dump.

1
BIP39 Seed: laundry foil reform disagree cotton hope loud mix wheel snow real board