Add >2012 magic search key

Author: RecRanger

README.md

@@ -7,16 +7,16 @@ A tool to recover lost bitcoin private keys from dead hard drives.
 
 ```bash
 python3 keyhunter.py /dev/sdX
-
+# --or--
 ./keyhunter.py /dev/sdX
 ```
 
 The output should list found private keys, in base58 key import format.
 
-To import into bitcoind, use the following command:
+To import into bitcoind, use the following command for each key:
 
 ```bash
-bitcoind importprivkey 5K????????????? yay
+bitcoind importprivkey 5KXXXXXXXXXXXX
 bitcoind getbalance
 ```
 

keyhunter.py

@@ -14,15 +14,19 @@
 # bytes to read at a time from file (10 MiB)
 READ_BLOCK_SIZE = 10 * 1024 * 1024
 
-MAGIC_BYTES = b"\x01\x30\x82\x01\x13\x02\x01\x01\x04\x20"
-MAGIC_BYTES_LEN = len(MAGIC_BYTES)
+MAGIC_BYTES_LIST = [
+    bytes.fromhex("01308201130201010420"),  # old, <2012
+    bytes.fromhex("01d63081d30201010420"),  # new, >2012
+]
+MAGIC_BYTES_LEN = 10  # length of each element in MAGIC_BYTES_LIST
+assert all(len(magic_bytes) == MAGIC_BYTES_LEN for magic_bytes in MAGIC_BYTES_LIST)
 
 
 B58_CHARS = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
 B58_BASE = len(B58_CHARS)  # literally 58
 
 
-def b58encode(v):
+def b58encode(v: bytes) -> str:
     """encode v, which is a string of bytes, to base58."""
 
     long_value = 0
@@ -47,50 +51,57 @@ def b58encode(v):
     return (B58_CHARS[0] * nPad) + result
 
 
-def Hash(data):
+def sha256d_hash(data: bytes) -> bytes:
     return hashlib.sha256(hashlib.sha256(data).digest()).digest()
 
 
-def EncodeBase58Check(secret):
-    hash = Hash(secret)
+def encode_base58_check(secret: bytes) -> str:
+    hash = sha256d_hash(secret)
     return b58encode(secret + hash[0:4])
 
 
 def find_keys(filename: str | Path) -> set[str]:
+    """Searches a file for Bitcoin private keys.
+    Returns a set of private keys as base58 WIF strings.
+    """
+
     keys = set()
     with open(filename, "rb") as f:
         logger.info(f"Opened file: {filename}")
 
         # read through target file one block at a time
-        while data := f.read(READ_BLOCK_SIZE):
-            # look in this block for keys
-            pos = 0  # index in the block
-            while (pos := data.find(MAGIC_BYTES, pos)) > -1:
-                # find the magic number
-                key_offset = pos + MAGIC_BYTES_LEN
-                key_data = "\x80" + data[key_offset : key_offset + 32]  # noqa: E203
-                priv_key_wif = EncodeBase58Check(key_data)
-                keys.add(priv_key_wif)
-                logger.info(
-                    f"Found key at offset {key_offset:,} = 0x{key_offset:02x}: {priv_key_wif}"
-                )
-                pos += 1
-
-            # are we at the end of the file?
-            if len(data) == READ_BLOCK_SIZE:
-                logger.info("At end of file. Seeking back 32 bytes.")
-                # make sure we didn't miss any keys at the end of the block
+        while block_bytes := f.read(READ_BLOCK_SIZE):
+            # look in this block for each key
+            for magic_bytes in MAGIC_BYTES_LIST:
+                pos = 0  # index in the block
+                while (pos := block_bytes.find(magic_bytes, pos)) > -1:
+                    # find the magic number
+                    key_offset = pos + MAGIC_BYTES_LEN
+                    key_data = b"\x80" + block_bytes[key_offset : key_offset + 32]  # noqa: E203
+                    priv_key_wif = encode_base58_check(key_data)
+                    keys.add(priv_key_wif)
+                    logger.info(
+                        f"Found key at offset {key_offset:,} = 0x{key_offset:02x} "
+                        f"(using magic bytes {magic_bytes.hex()}): {priv_key_wif}"
+                    )
+                    pos += 1
+
+            # Make sure we didn't miss any keys at the end of the block.
+            # After scanning the block, seek back so that the next block includes the overlap.
+            if len(block_bytes) == READ_BLOCK_SIZE:
                 f.seek(f.tell() - (32 + MAGIC_BYTES_LEN))
+
+    logger.info(f"Closed file: {filename}")
     return keys
 
 
-def setup_logging(log_filename: Optional[str | Path] = None):
+def setup_logging(log_filename: Optional[str | Path] = None) -> logging.Logger:
     # Create a logger object
     logger = logging.getLogger()
     logger.setLevel(logging.DEBUG)  # Set the logging level
 
     # Create a console handler and set level to debug
-    console_handler = logging.StreamHandler(sys.stdout)  # Using stdout instead of stderr
+    console_handler = logging.StreamHandler(sys.stderr)
     console_handler.setLevel(logging.DEBUG)
     console_formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
     console_handler.setFormatter(console_formatter)
@@ -116,11 +127,11 @@ def main_keyhunter(haystack_filename: str | Path, log_path: Optional[str | Path]
     logger.info(f"Found {len(keys)} keys: {keys}")
 
     if len(keys) > 0:
-        logger.info("Keys (as base58 WIF private keys):")
+        logger.info("Printing keys (as base58 WIF private keys) for easy copying:")
         for key in keys:
             print(key)
 
-    logger.info("Finished keyhunter")
+    logger.info(f"Finished keyhunter. Found {len(keys):,} keys.")
 
 
 def get_args():