A tool to locate and extract Armory wallets on corrupted and deleted hard drives.
- Searches a drive image for deleted and corrupted armory wallet files, based on a checksum property within the file.
- Writes to a log file and ndjson.
- Supports raw disk images (
dd-style).
- 8 MiB/s - 1 TiB takes 1.5 days
- Armory wallets have a 32-byte private key, followed by a 4-byte sha256d hash of that key.
- By taking every group of 36 bytes on the drive image, performing the checksum validation (a sha256d hash) on the first 32 bytes, and seeing if they match the final 4 bytes, we can find all parts that are "probably private keys".
- After you find these keys, use a tool like
kuto convert them to usable keys. - Refer to the Armory documentation outlining the checksum format: https://www.bitcoinarmory.com/wallet-format/
Install from crates.io, and then run:
cargo install armory_wallet_checksum_searcher
armory_wallet_checksum_searcher -i input_file.img --log ./output_log.log --ndjson ./output_records.ndjsonOr, clone from source and run:
git clone https://github.com/RecRanger/armory-wallet-checksum-searcher
cargo run --release -- -i input_file.img --log ./output_log.log --ndjson ./output_records.ndjson
sudo cargo run --release -- -i /dev/sda --log ./output_log.log --ndjson ./output_records.ndjsonPlease Star this repo if it's helpful. Open Issues.
- WGPU Tutorial: https://sotrh.github.io/learn-wgpu/compute/introduction/
- SHA256 Python Reference: https://github.com/keanemind/Python-SHA-256