edit: Found. nice. even supports GPUs, will test that now...
Nice! I blame myself for not keeping at least on GPU to play with opencl with. Just out of curiosity, could you post the speeds you get with a GPU cracking GPG? Just let me know if you need any help with building etc. Thanks! john supports OpenCL and CUDA, altough only some hashalgos/implementations, GPG not (as far ive read) yet. |
|
|
|
i didnt google to be honest as i asked for what solution hes using, well i guess its going to be the same. ty anyways  |
|
|
|
Naw - this invalidates the searches I made earlier. Not that it would have helped as it sounds like the salt mod is difficult to guess. Seems like we are all helping each other out (in true Christmas spirit!) so I reveal that I use JohnTheRipper to get 10k+ passwords/sec per core. You can't use it out of the box, but you will find a special modded version helpful for GPG  We're playing n equal grounds here so I'd say let out the 3rd hint at 100 verifications! We need it!  As the password was put onto the clipboard (at the end of the script) and then later "pasted" into the password prompt from GPG the LF is not actually *in* the actual hash that was used.
you misunderstood him. password=`echo $password | sha256sum` this pipes the password to sha256sum and adds \n at the end, so yes u have to put \n at the end when brute forcing. care to share jtr for GPG? |
|
|
|
you misunderstood him. password=`echo $password | sha256sum` this pipes the password to sha256sum and adds \n at the end, so yes u have to put \n at the end when brute forcing. Oh I see - sorry about that - that was an unintended extra complication. no problem, would be boring if its easy  |
|
|
|
i'm at 188 shares and 1 orphan now, after modifying source to allow more outgoing connections
u see i just improved ur mining alot |
|
|
|
As the password was put onto the clipboard (at the end of the script) and then later "pasted" into the password prompt from GPG the LF is not actually *in* the actual hash that was used.
you misunderstood him. password=`echo $password | sha256sum` this pipes the password to sha256sum and adds \n at the end, so yes u have to put \n at the end when brute forcing. |
|
|
|
Hello, everyone. Today I try joining to p2pool and I have some problems. My OS: Ubuntu 12.04.1 64 bit Bitcoind version: $./bitcoind getinfo
....
"version" : 70100,
"protocolversion" : 60002,
"walletversion" : 40000,
....
Python version: 2.7.3 Today I download the tgz-archive with p2pool v 9.4 for 64-bit Linux. Then I installed required packages: sudo apt-get install python-zope.interface python-twisted python-twisted-web After the bitcoind successfully running, and all of the blocks are downloaded, I run file "run_p2pool.py", and: $./run_p2pool.py
2012-12-26 07:36:45.305205 > Error while checking Bitcoin connection:
2012-12-26 07:36:45.305419 > Traceback (most recent call last):
2012-12-26 07:36:45.305524 > File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 545, in _runCallbacks
2012-12-26 07:36:45.305624 > current.result = callback(current.result, *args, **kw)
2012-12-26 07:36:45.305726 > File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1095, in gotResult
2012-12-26 07:36:45.305871 > _inlineCallbacks(r, g, deferred)
2012-12-26 07:36:45.305966 > File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1037, in _inlineCallbacks
2012-12-26 07:36:45.306088 > result = result.throwExceptionIntoGenerator(g)
2012-12-26 07:36:45.306208 > File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 382, in throwExceptionIntoGenerator
2012-12-26 07:36:45.306317 > return g.throw(self.type, self.value, self.tb)
2012-12-26 07:36:45.306418 > --- <exception caught here> ---
2012-12-26 07:36:45.306519 > File "~/forrestv-p2pool-6880123/p2pool/util/deferral.py", line 41, in f
2012-12-26 07:36:45.306623 > result = yield func(*args, **kwargs)
2012-12-26 07:36:45.306721 > File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1037, in _inlineCallbacks
2012-12-26 07:36:45.306828 > result = result.throwExceptionIntoGenerator(g)
2012-12-26 07:36:45.306930 > File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 382, in throwExceptionIntoGenerator
2012-12-26 07:36:45.307052 > return g.throw(self.type, self.value, self.tb)
2012-12-26 07:36:45.307158 > File "/mnt/1/exdeath/forrestv-p2pool-6880123/p2pool/bitcoin/helper.py", line 13, in check
2012-12-26 07:36:45.307267 > if not (yield net.PARENT.RPC_CHECK(bitcoind)):
2012-12-26 07:36:45.307366 > File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1037, in _inlineCallbacks
2012-12-26 07:36:45.307465 > result = result.throwExceptionIntoGenerator(g)
2012-12-26 07:36:45.307557 > File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 382, in throwExceptionIntoGenerator
2012-12-26 07:36:45.307661 > return g.throw(self.type, self.value, self.tb)
2012-12-26 07:36:45.307761 > File "~/forrestv-p2pool-6880123/p2pool/bitcoin/networks.py", line 16, in <lambda>
2012-12-26 07:36:45.307865 > 'bitcoinaddress' in (yield bitcoind.rpc_help()) and
2012-12-26 07:36:45.307963 > File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1037, in _inlineCallbacks
2012-12-26 07:36:45.308069 > result = result.throwExceptionIntoGenerator(g)
2012-12-26 07:36:45.308166 > File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 382, in throwExceptionIntoGenerator
2012-12-26 07:36:45.308313 > return g.throw(self.type, self.value, self.tb)
2012-12-26 07:36:45.308415 > File "~/forrestv-p2pool-6880123/p2pool/util/jsonrpc.py", line 64, in callRemote
2012-12-26 07:36:45.308519 > raise e
2012-12-26 07:36:45.308617 > twisted.web.error.Error: 401 Authorization Required
I will be very grateful to anyone who help me fix this. suply username and password, run p2pool with --help for a list of all parameters. |
|
|
|
Am very appreciative of the effort being put into this and am guessing that unless there is a hacker with a lot of free computing power it will be very much a case of luck with the "riddle" at this stage (and as promised then next hint won't really make much difference).
computing power isnt the problem atm, its the salt. |
|
|
|
Interesting puzzle. "(at least)" isn't giving me any great ideas tho.
Well the next hint (if it's still unclaimed after 100 confirmations) should make it dramatically easier (as I am not going to let this drag out for too long). Why not? You stated before you wouldn't empty the address until Jan 3rd. It takes time to figure out best ways to approach this and then implement. If you are attempting to evaluate the security model it seems counter-productive to cop out by reducing the difficulty too soon. I'm only able to check about 264 pwds/sec on my laptop but I'm still seeing if there is a better method than I've found. I've modified a "found" program to brute force gpg. If I can improve this sufficiently then I may start an EC2 instance to go at it faster. I'd hate to spend too much effort and then just have you void it all by giving it away or closing the challenge. Seems unsportsman-like. C code? I thought I was the one coming from behind as right now I'm on a measly Core2Duo laptop, and only using one thread. I wanted to adapt the code for sha256 and then add multi-threading, and then finally get it running on a faster computer. The salting algorithm can be "trial by hand" as a 4-char cycle is still about 15 hours for me. If I can get it to < 1 hour then I'd add reading a salt template from a file. I'll not give my own code mods but for starts: I'm nasty and google is your friend. You'll want to install the gpgme library, (sudo apt-get install libgpgme11-dev) and even after that do some reading before you can compile due to large file support. This way works but I'm by no means certain that there isn't some much faster method. BTW: A word of warning, don't pump gpg with pwds without disabling the gpg-agent first. I got into a real pickle when the agent popped up with a "safe pwd window" for each password attempt. Ouch. But fast fingers with exiting the terminal actually worked. You can set the env variable to prevent that... eg. GPG_AGENT_INFO='' myhackingprog <sigh>This is what happens when you're an amateur. i used "--no-use-agent --homedir" with homedir pointing to a special folder only for this. till date i dont have it implemented in C, gonna do that later. |
|
|
|
Interesting puzzle. "(at least)" isn't giving me any great ideas tho.
Well the next hint (if it's still unclaimed after 100 confirmations) should make it dramatically easier (as I am not going to let this drag out for too long). Why not? You stated before you wouldn't empty the address until Jan 3rd. It takes time to figure out best ways to approach this and then implement. If you are attempting to evaluate the security model it seems counter-productive to cop out by reducing the difficulty too soon. I'm only able to check about 264 pwds/sec on my laptop but I'm still seeing if there is a better method than I've found. I've modified a "found" program to brute force gpg. If I can improve this sufficiently then I may start an EC2 instance to go at it faster. I'd hate to spend too much effort and then just have you void it all by giving it away or closing the challenge. Seems unsportsman-like. C code? |
|
|
|
Why not? You stated before you wouldn't empty the address until Jan 3rd. It takes time to figure out best ways to approach this and then implement. If you are attempting to evaluate the security model it seems counter-productive to cop out by reducing the difficulty too soon.
...I'd hate to spend too much effort and then just have you void it all by giving it away or closing the challenge....
Okay - if others feel the same then I won't make the next clue as revealing as I was going to (and any clue after that will not be released until the new year). perfect |
|
|
|
I used "vanitygen" to create the address so am pretty certain that the encrypted content would start with:
Privkey:5
so password is in the following format? if so u should have told us earlier, we'r all searching for a real privkey. I was answering a question about what the *decrypted content* of the GPG message looks like (not about the "salt" formatting - only the "hints" that I give out are directly about that). sry didnt read the full post (in a hurry). |
|
|
|
I used "vanitygen" to create the address so am pretty certain that the encrypted content would start with:
Privkey:5
so password is in the following format? if so u should have told us earlier, we'r all searching for a real privkey. |
|
|
|
|
will there be a 3rd hint?
|
|
|
|
I used a Puppy distro on an old IBM Thinkpad X40 (am hoping to get a SUSE Studio distro that will work on it so I can share it but no luck getting that to boot so far).
I also have tested the exact same script on an OpenSUSE 12.2 install (running on 64 bit hardware).
ty |
|
|
|
|
something i was wondering, did u run the bash script in real linux or cygwin/similiar?
|
|
|
|
Before you do anything else, search all your drives for any 'wallet.data' files. Save copies of every one you find.
search for wallet.dat not .data if u didnt wipe ur harddisk then theres a script (have to search) who scans the full HD for privkeys/wallets. |
|
|
|
I've brute forced all 62^4 combinations using the following "salt modifications":
password="${password}+${password}=${password}${password}@L3AsT" (yeah - I didn't understand that this line was modified at first...)
After the "at least" hint:
password="${password}+${password}=${password}${password}>"
password="${password}+${password}=${password}${password}>="
password="${password}+${password}>=${password}${password}"
password="${password}+${password}>${password}${password}"
password="${password}+${password}=${password}${password}atleast"
No hit so far and no idea what to try next. I test ~10200 passwords per second so the entire space take some 20 minutes. That's using one core only. If I had more ideas on the salt mod I guess I could fire off 4 runs at once...
how r u getting 10.2kH/s? |
|
|
|
"I will go mine LTC for 1 week while difficulty is 20 than drop out of mining for 2+ weeks while difficulty is 40. I will sell earned LTC
for as much as 40 didn't happened. I will make 2 times more money than if I mined BTC in that 1 week! I'm so smart, it's amazing!"
Unfortunately for you, retards, most buyers are obviously not retards.
hey, how u dare to tell others my mining tricks? |
|
|
|
(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related) VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems? no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)! OpenSSL doesn't "generate" entropy, it obtains it. The quality of the entropy depends on the provider and not on OpenSSL. For example, if two people (using the same vanity address generator) provide OpenSSL with the same entropy and ask for the same public key prefix, they will get the same private key. It is possible to build OpenSSL so that the value 0 is always provided as the entropy. This would not be an unusual bug. A developer might do this for testing or evaluating, and then forget to provide the real entropy in the released version. check out the source of vanitygen then u know what im talking about. |
|
|
|
|
Show Posts
