|
Everyone pays a price for a lesson, just gotta make the lesson worth it.
|
|
|
|
|
don't we use secp256k1 this is r1
|
|
|
|
but privkey has... so, pubkey has too Not at all. I told you: the private key is the relation between the base point and your point, so "basePoint*privKey=yourPoint". Your public key does not have a remainder, because the private key exists only for a given base point, for a different point it will have completely different value. So, you can have a "remainder" only for a pair of points, like (basePoint;yourPoint), but not for a single point. What you talk abour ? 1026 MOD 64 is : 2 minus mod - 2 1024 MOD 64 is : 0 so, if you substrack 2 from pubkey you down you range fro 1:1024 to 1: 16 !!! 2 is remainder !! not base point but no funtion for publick key ! how to find noone has idea how to calculate mod of pubkey ? i don't have time but play around with pycoin ku 035091541F5851647A93DF0C14152A4516169B5BD6ACF793DEE8C9DFA27710E4B0 --json
{
"BTC_address": "12bahMGWAnSEYS3PKURvhScm8GmZhejY7t",
"BTC_address_segwit": "bc1qzxpx2mkf25ungac3yfkm9k7nfde3ympzxk6sqj",
"BTC_address_uncompressed": "16PvA358rPPhyirFyko9zRptKWL69EinoN",
"address": "12bahMGWAnSEYS3PKURvhScm8GmZhejY7t",
"address_segwit": "bc1qzxpx2mkf25ungac3yfkm9k7nfde3ympzxk6sqj",
"address_uncompressed": "16PvA358rPPhyirFyko9zRptKWL69EinoN",
"hash160": "1182656ec95539347711226db2dbd34b73126c22",
"hash160_uncompressed": "3b2e26fcd8888c57d99652937ac9e975e9f64dd7",
"input": "035091541F5851647A93DF0C14152A4516169B5BD6ACF793DEE8C9DFA27710E4B0",
"key_pair_as_sec": "035091541f5851647a93df0c14152a4516169b5bd6acf793dee8c9dfa27710e4b0",
"key_pair_as_sec_uncompressed": "045091541f5851647a93df0c14152a4516169b5bd6acf793dee8c9dfa27710e4b0ec29eeaf3d880 023f13d2608200ec283c971081ee88ec05247bf6d65b57e8537",
"network": "Bitcoin mainnet",
"p2sh_segwit": "3EZXJeaZVsF1eFFXyLGHZ6CBn1ctwC9fHx",
"p2sh_segwit_script": "00141182656ec95539347711226db2dbd34b73126c22",
"public_pair_x": "36441801302806618484038906762766908306697395008217419414017649305421238822064",
"public_pair_x_hex": "5091541f5851647a93df0c14152a4516169b5bd6acf793dee8c9dfa27710e4b0",
"public_pair_y": "106819920335407981491505420347768958799539175113579525933191638145241450448183",
"public_pair_y_hex": "ec29eeaf3d880023f13d2608200ec283c971081ee88ec05247bf6d65b57e8537",
"symbol": "BTC",
"y_parity": "odd"
}
https://pycoin.readthedocs.io/en/latest/search.html?q=modulo&check_keywords=yes&area=defaultbit https://bit.dev/ is also good btw not sure if this helps but i ust got the x value (lttle endian) as int and did ku 36441801302806618484038906762766908306697395008217419414017649305421238822064/odd input : 364418013028066184840389067627669083066973950082174194140176493054\
21238822064/odd
network : Bitcoin mainnet
symbol : BTC
public pair x : 36441801302806618484038906762766908306697395008217419414017649305421238822064
public pair y : 106819920335407981491505420347768958799539175113579525933191638145241450448183
x as hex : 5091541f5851647a93df0c14152a4516169b5bd6acf793dee8c9dfa27710e4b0
y as hex : ec29eeaf3d880023f13d2608200ec283c971081ee88ec05247bf6d65b57e8537
y parity : odd
key pair as sec : 035091541f5851647a93df0c14152a4516169b5bd6acf793dee8c9dfa27710e4b0
uncompressed : 045091541f5851647a93df0c14152a4516169b5bd6acf793dee8c9dfa27710e4b0\
ec29eeaf3d880023f13d2608200ec283c971081ee88ec05247bf6d65b57e8537
hash160 : 1182656ec95539347711226db2dbd34b73126c22
uncompressed : 3b2e26fcd8888c57d99652937ac9e975e9f64dd7
Bitcoin address : 12bahMGWAnSEYS3PKURvhScm8GmZhejY7t
Bitcoin address uncompressed : 16PvA358rPPhyirFyko9zRptKWL69EinoN
Bitcoin segwit address : bc1qzxpx2mkf25ungac3yfkm9k7nfde3ympzxk6sqj
p2sh segwit : 3EZXJeaZVsF1eFFXyLGHZ6CBn1ctwC9fHx
corresponding p2sh script : 00141182656ec95539347711226db2dbd34b73126c22
it gave that |
|
|
|
i modified this to work with python3
its not perfect, just past bitcoin address after launching it (name it r.py )
on console do python3 r.py
and enter the bitcoin address, preferably one with nonce reuse known so you see if its vulnerable
--snip--
I skimmed the code and there are few things i'd like to mention, 1. blockchain.info now is blockchain.com 2. blockchain.com ask you to limit queries to 1 query/10 seconds. They might block if the script is too fast. Please limit your queries to a maximum of 1 every 10 seconds.
I hate blockchain.com/info but do you think i would post something without checking? well i probably do as i forgot to mention it's for python27, i edited a line so it worked without breaking i forgot which one it was #!/usr/bin/python
#################################################################################
# #
#.______ _______. ______ ___ .__ __. #
#| _ \ / | / | / \ | \ | | #
#| |_) | ______ | (----`| ,----' / ^ \ | \| | #
#| / |______| \ \ | | / /_\ \ | . ` | #
#| |\ \----. .----) | | `----./ _____ \ | |\ | #
#| _| `._____| |_______/ \______/__/ \__\ |__| \__| v0.2.0 #
# #
#GNU PL - 2015 - ca333 (modified by simcity4242) #
# #
#USE AT OWN RISK! #
#################################################################################
import json
import urllib2
import time
import sys
#for some reason blockchain.info api-chain is 59711 blocks short..
#blockstart = 170399
#blockstart += 59711
#blockcount = urllib2.urlopen("https://blockchain.info/en/q/getblockcount").read()
def rscan(addr):
"""Check address for duplicated r values."""
# TODO: add BCI API check address
print "WELCOME TO R-scan v0.1.2!"
print "ADDRESS-R-SCAN: "
urladdr = 'https://blockchain.info/address/%s?format=json&offset=%s'
###control api-url
#print str(urladdr[:-22] % addr)
addrdata = json.load(urllib2.urlopen(urladdr % (addr, '0')))
ntx = addrdata['n_tx']
print "Data for pubkey: " + str(addr) + " has " + str(addrdata['n_tx']).center(6) + "Tx%s" % 's'[ntx==1:]
#print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
txs = []
for i in range(0, ntx//50 + 1):
sys.stderr.write("Fetching Txs from offset\t%s\n" % str(i*50))
jdata = json.load(urllib2.urlopen(urladdr % (addr, str(i*50))))
txs.extend(jdata['txs'])
#assert len(txs) == ntx
addrdata['txs'] = txs
y = 0
inputs = []
while y < ntx:
#print "#################################################################################"
#print "TX nr :" + str(y+1)
#print "hash: " + str(addrdata['txs'][y]['hash'])
#print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1
y += 1
xi = 0
zi = 1
lenx = len(inputs)
alert = 0
bad = []
#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
print('\a')
print "Resued R-Value: "
print inputs[x+zi]
bad.append((int(x), str(inputs[x+zi][10:74])))
alert += 1
x += 1
zi += 1
xi += 1
#check duplicates
#alert when everything ok
if alert < 1:
print "Good pubKey. No problems."
else:
print "Address %s has %d reused R value%s!" % (addr, len(bad), "s"[len(bad)==1:])
return bad
if __name__ == '__main__':
from sys import argv
print """python rscan.py 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm"""
if len(argv) == 1:
addr = raw_input("Enter Bitcoin address eg 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm")
elif len(argv) == 2 and isinstance(argv[1], basestring):
addr = str(argv[1])
rscan(addr)
# 9ec4bc49e828d924af1d1029cacf709431abbde46d59554b62bc270e3b29c4b1
Data for pubkey: 1C8x2hqqgE2b3TZPQcFgas73xYWNh6TK9W has 8 Txs
Fetching Txs from offset 0
Input-ScriptNR 1 :48304502200f18c2d1fe6513b90f44513e975e05cc498e7f5a565b46c65b1d448734392c6f02210 0f80dee18431a82bfbbede36fe455cbd63158bd2c118ed36772a18da213db51ec014104d0fe07ff 74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0158bf9 ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Input-ScriptNR 1 :48304502202b83d59c1d23c08efd82ee0662fec23309c3adbcbd1f0b8695378db4b14e736602210 0933bd8673a9ef8289a66305a5d86b11e93eace454220cdddd45ddfab4d6b27d4014104d0fe07ff 74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0158bf9 ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Input-ScriptNR 1 :4b3048022200002b83d59c1d23c08efd82ee0662fec23309c3adbcbd1f0b8695378db4b14e73660 2220000334a96676e58b1bb01784cb7c556dd8ce1c220171904da22e18fe1e7d1510db5014104d0 fe07ff74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0 158bf9ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Input-ScriptNR 1 :483045022100e9507a191ea86c8e689377130a1c775637d54184168a5b74cdb3c63018006be3022 062dba5c682e2413f2ae5461348dd7421b46f74e76d33ef0390fa7ec069dd8c07014104d0fe07ff 74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0158bf9 ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Input-ScriptNR 1 :483045022100e2f79235bd4ef09ee56737422ad6b2f224d9bbfd5654738946fa7721860a56b0022 00936e3dbe07340f74ebafd39e1166c1c4b777b5e48a234939050bc9bb9f10a0e014104d0fe07ff 74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0158bf9 ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Input-ScriptNR 1 :483045022100c81a4ec35697dfdf3fd21e6ed2a654d6d9a62ddc96494838f10f66c8c25f679e022 00e76db47b8463877971d1324f644c65c7ad5a44993db7b9e75a43d2978b6d045014104d0fe07ff 74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0158bf9 ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Input-ScriptNR 1 :48304502200f18c2d1fe6513b90f44513e975e05cc498e7f5a565b46c65b1d448734392c6f02210 0b29a06f2e30064542b298d711c315dca9ca99756180219699f776dd3d6a6bbc90141049ba39856 eec011b79f1acb997760ed9d3f90d477077d17df2571d94b2fa2137bf0976d786b6aabc903746e2 69628b2c28e4b5db753845e5713a48ee7d6b97aaf
Input-ScriptNR 2 :48304502202b83d59c1d23c08efd82ee0662fec23309c3adbcbd1f0b8695378db4b14e736602210 0d66567fbfc4bb78520883d599bc51585f75393d2e6b227997410331e09fce5ae0141049ba39856 eec011b79f1acb997760ed9d3f90d477077d17df2571d94b2fa2137bf0976d786b6aabc903746e2 69628b2c28e4b5db753845e5713a48ee7d6b97aaf
Input-ScriptNR 1 :48304502200f18c2d1fe6513b90f44513e975e05cc498e7f5a565b46c65b1d448734392c6f02210 0917766d14f2e9933eb269c83b3ad440ed8432da8beb5733f34046509e48b1d850141049ba39856 eec011b79f1acb997760ed9d3f90d477077d17df2571d94b2fa2137bf0976d786b6aabc903746e2 69628b2c28e4b5db753845e5713a48ee7d6b97aaf
In Input NR: 1[global increment] 48304502202b83d59c1d23c08efd82ee0662fec23309c3adbcbd1f0b8695378db4b14e736602210 0933bd8673a9ef8289a66305a5d86b11e93eace454220cdddd45ddfab4d6b27d4014104d0fe07ff 74c9ef5b00fed1104fad43ecf72dbab9e60733e4f56eacf24b20cf3b8cd945bcabcc73ba0158bf9 ce769d43e94bd58c5c7e331a188922b3fe9ca1f5a
Resued R-Value:
48304502202b83d59c1d23c08efd82ee0662fec23309c3adbcbd1f0b8695378db4b14e736602210 0d66567fbfc4bb78520883d599bc51585f75393d2e6b227997410331e09fce5ae0141049ba39856 eec011b79f1acb997760ed9d3f90d477077d17df2571d94b2fa2137bf0976d786b6aabc903746e2 69628b2c28e4b5db753845e5713a48ee7d6b97aaf
Address 1C8x2hqqgE2b3TZPQcFgas73xYWNh6TK9W has 1 reused R value!
root@localhost:~/rsz#
anyway the real script i should have shared is https://github.com/tintinweb/ecdsa-private-key-recoveryedit: the script could run for half hour strait but maybe crash, bcinfo don't limit as they say nxt time plz don't skim but test |
|
|
|
|
guys don't listen to op dave just shut me down a few years ago he gets the wallet files from people who knows if he is selectively scamming. just do it yourself.
|
|
|
|
i modified this to work with python3 its not perfect, just past bitcoin address after launching it (name it r.py ) on console do python3 r.py and enter the bitcoin address, preferably one with nonce reuse known so you see if its vulnerable #!/usr/bin/python
#################################################################################
# #
#.______ _______. ______ ___ .__ __. #
#| _ \ / | / | / \ | \ | | #
#| |_) | ______ | (----`| ,----' / ^ \ | \| | #
#| / |______| \ \ | | / /_\ \ | . ` | #
#| |\ \----. .----) | | `----./ _____ \ | |\ | #
#| _| `._____| |_______/ \______/__/ \__\ |__| \__| v0.2.0 #
# #
#GNU PL - 2015 - ca333 (modified by simcity4242) #
# #
#USE AT OWN RISK! #
#################################################################################
import json
import urllib2
import time
import sys
#for some reason blockchain.info api-chain is 59711 blocks short..
#blockstart = 170399
#blockstart += 59711
#blockcount = urllib2.urlopen("https://blockchain.info/en/q/getblockcount").read()
def rscan(addr):
"""Check address for duplicated r values."""
# TODO: add BCI API check address
print "WELCOME TO R-scan v0.1.2!"
print "ADDRESS-R-SCAN: "
urladdr = 'https://blockchain.info/address/%s?format=json&offset=%s'
###control api-url
#print str(urladdr[:-22] % addr)
addrdata = json.load(urllib2.urlopen(urladdr % (addr, '0')))
ntx = addrdata['n_tx']
print "Data for pubkey: " + str(addr) + " has " + str(addrdata['n_tx']).center(6) + "Tx%s" % 's'[ntx==1:]
#print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
txs = []
for i in range(0, ntx//50 + 1):
sys.stderr.write("Fetching Txs from offset\t%s\n" % str(i*50))
jdata = json.load(urllib2.urlopen(urladdr % (addr, str(i*50))))
txs.extend(jdata['txs'])
#assert len(txs) == ntx
addrdata['txs'] = txs
y = 0
inputs = []
while y < ntx:
#print "#################################################################################"
#print "TX nr :" + str(y+1)
#print "hash: " + str(addrdata['txs'][y]['hash'])
#print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1
y += 1
xi = 0
zi = 1
lenx = len(inputs)
alert = 0
bad = []
#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
print('\a')
print "Resued R-Value: "
print inputs[x+zi]
bad.append((int(x), str(inputs[x+zi][10:74])))
alert += 1
x += 1
zi += 1
xi += 1
#check duplicates
#alert when everything ok
if alert < 1:
print "Good pubKey. No problems."
else:
print "Address %s has %d reused R value%s!" % (addr, len(bad), "s"[len(bad)==1:])
return bad
if __name__ == '__main__':
from sys import argv
print """python rscan.py 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm"""
if len(argv) == 1:
addr = raw_input("Enter Bitcoin address eg 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm")
elif len(argv) == 2 and isinstance(argv[1], basestring):
addr = str(argv[1])
rscan(addr)
# 9ec4bc49e828d924af1d1029cacf709431abbde46d59554b62bc270e3b29c4b1
|
|
|
|
|
this is pointless just make a new folder and put the wallet.dat file there right click the folder and open debug console in bitcoin-qt
type
loadwallet "path-to-the-folder-with-wallet.dat"
and then wait.
|
|
|
|
SO i found 130201010420 couple of times on my hard drive with winhex i hope its a good sign , but dont know what i do from here i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it . from bit import Key
from bit.format import bytes_to_wif
import re
import requests
import json
import sys, os.path, json, struct, base64, zlib
## created by litecoin_messiah for bitcointalk. 2022. (consider modifying matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())) to b'\x01\x01\x04\x1f(.{31})' and prepending 00
prog = os.path.basename(sys.argv[0])
if len(sys.argv) != 2 or sys.argv[1].startswith("-"):
print("usage:", prog, "wallet.dat", file=sys.stderr)
sys.exit(2)
wallet_file = sys.argv[1]
def salvage(priv):
key = Key.from_hex(priv)
wif = bytes_to_wif(key.to_bytes(), compressed=False)
key = Key(wif)
return wif
def salvageC(priv):
key = Key.from_hex(priv)
wif = bytes_to_wif(key.to_bytes(), compressed=True)
key = Key(wif)
return wif
with open(wallet_file, "rb") as f:
matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())
def processWIF(wif):
key = Key(wif)
return(key.address)
def getB(addr):
url = ('https://blockbook-bitcoin.binancechain.io/api/address/'+addr+"?details=basic")
r = requests.get(url)
return(r.text)
def processWIFB(wif):
try:
result = getB(processWIF(wif))
return(result['addrStr'],result['balance'],result['totalSent'],result['txApperances'],result['totalReceived'])
except:
return("fail")
for priv in matches:
v1 = json.loads(getB(processWIF(salvage(priv.hex()))))
v2 = json.loads(getB(processWIF(salvageC(priv.hex()))))
if (v2['txApperances'] != 0):
print(v2)
if (v1['txApperances'] != 0):
print(v1) |
|
|
|
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something. go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something) #!/usr/bin/env python
"""
searchbin.py -t PATTERN [FILE [FILE...]]
searchbin.py -p PATTERN [FILE [FILE...]]
searchbin.py -f FILE [FILE [FILE...]]
examples:
./searchbin.py -t "hello" myfile.exe
Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe
Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe
Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems
+Minimum Py2.7 required for argparse library
+keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero
license: http://www.opensource.org/licenses/BSD-2-Clause
"""
from __future__ import unicode_literals
import re
import signal
import sys
# Global variables.
CONTACT=("sepero 111 @ gmx . com\n"
"https://bitbucket.org/Sepero/searchbin/issues/new\n"
"http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00"
DEBUG = False
STDOUT = sys.stdout
try: # Python 3 modifications.
STDIN = sys.stdin.buffer
except: # Python 2 modifications.
STDIN = sys.stdin
range = xrange
def _exit_error(code, option="", err=None):
"""
Error information is kept here for the purposes of easier management and possibly language tranlation.
Returns nothing. All calls exit the program, error status 128.
"""
error_codes = {
"Xpatterns":
"Cannot search for multiple patterns. '-t -p -f'",
"0patterns":
"No pattern to search for was supplied. '-t -p -f'",
"decode":
"The pattern string is invalid.\n" + str(option),
"bsize":
"The buffer size must be at least %s bytes." % str(option),
"sizes":
"Size parameters (-b -s -e -m) must be in decimal format.",
"fpattern":
"No pattern file found named: %s" % option,
"startend":
"The start of search must come before the end.",
"openfile":
"Failed opening file: %s" % option,
"logwrite":
"Could not write to the log file: %s" % option,
"read":
"Failed reading from file: %s" % option,
}
import traceback
sys.stderr.write(traceback.format_exc() + "\n")
if not DEBUG:
sys.stderr.write("version: %s\n" % VERSION)
sys.stderr.write("Please Report issues to: %s\n" % CONTACT)
if err: sys.stderr.write("%s\n" % str(err))
sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code]))
if __name__ == "__main__":
sys.exit(128) # Exit under normal operation.
raise # Raise error on unittest or other execution.
def get_args():
"""
Parse all arguments from the command line using ArgumentParser.
Returns an args object with attributes representing all arguments.
"""
from argparse import ArgumentParser
description = CONTACT + """
An argument -t or -p or -f is required. The -p argument accepts a
hexidecimal pattern string and allows for missing characters,
such as 'FF??FF'. When using -f argument, the pattern file will
be read as a binary file (not hex strings). If no search files are
specified, %prog will read from standard input. The minimum memory
required is about 3 times the size of the pattern byte length.
Increasing buffer-size will increase program search speed for
large search files. All size arguments (-b -s -e) are read in decimal
format, for example: '-s 1024' will start searching after 1kilobyte.
format, for example: '-s 1024' will start searching after 1kilobyte.
Reported finds are 0-based offset.
"""
p = ArgumentParser(description=description)
def add(s, **kwargs):
args = s.split(':')
value = args.pop(2) # Pop item at index 2 (argument type).
if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value).
value = args.pop(2) # Pop item at index 2 (argument metavar).
if value: kwargs['metavar'] = value
value = args.pop(2) # Pop item at index 2 (argument name/destination).
if value: kwargs['dest'] = value
p.add_argument(*args, **kwargs)
p.add_argument('-f', '--file', type=str,
metavar='FILE', dest='fpattern',
help='file to read search pattern from')
p.add_argument('-t', '--text', type=str,
metavar='PATTERN', dest='tpattern',
help='a (utf-8 case-sensitive) text string to search for')
p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output.
metavar='PATTERN', dest='ppattern',
help='a hexidecimal pattern to search for')
try: # Python 3.
p.add_argument('-b', '--buffer-size', type=int,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). 8MB default')
p.add_argument('-s', '--start', type=int,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=int,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=int,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
except: # Python 2.
p.add_argument('-b', '--buffer-size', type=long,
metavar='NUM', dest='bsize',
help='read buffer size (in bytes). default is 8388608 (8MB)')
p.add_argument('-s', '--start', type=long,
metavar='NUM', dest='start',
help='starting position in file to begin searching, as bytes')
p.add_argument('-e', '--end', type=long,
metavar='NUM', dest='end',
help='end search at this position, measuring from beginning of file')
p.add_argument('-m', '--max-matches', type=long,
metavar='NUM', dest='max_matches',
help='maximum number of matches to find (0=infinite)')
p.add_argument('-l', '--log', type=str,
metavar='FILE', dest='log',
help='write matched offsets to FILE, instead of standard output')
p.add_argument(type=str,
metavar='FILE', dest='fsearch', nargs='*',
help='files to search within')
p.add_argument('-v', '--verbose',
dest='verbose', action='store_true',
help='verbose, output the number of bytes searched after each buffer read')
p.add_argument('-V', '--version',
action='version', version='%(prog)s ' + VERSION)
p.add_argument('-d', '--debug',
dest='debug', action='store_true',
help='debugging (don\'t use this)')
return p.parse_args()
"""
=Patterns=
A pattern is a list. It represents the division between known and unknown
bytes to search for. All hex/text/file input is converted to a pattern.
Examples of conversions:
hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters.
text "A?C" becomes ['A', 'C']
text "A??C" becomes ['A', '', 'C']
"""
def hex_to_pattern(hex):
""" Converts a hex string into a pattern. """
ret = []
pattern = hex
if hex[:2] == "0x": # Remove "0x" from start if it exists.
pattern = hex[2:]
try:
ret = [ p for p in pattern.split("??") ]
try: # Python 3.
return [ bytes.fromhex(p) for p in ret ]
except AttributeError: # Python 2.
return [ p.decode("hex") for p in ret ]
except(TypeError, ValueError):
e = sys.exc_info()[1]
_exit_error("decode", hex, e)
def text_to_pattern(text):
""" Converts a text string into a pattern. """
try: # Python 3.
return [ t.encode('utf-8') for t in text.split("?") ]
except TypeError: # Python 2.
return [ t for t in text.split("?") ]
def file_to_pattern(fname):
""" Converts a file into a pattern. """
try: # If file specified, read it into memory.
with open(fname, "rb") as f:
return [f.read()]
except IOError:
e = sys.exc_info()[1]
_exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes!
def verify_args(ar):
"""
Verify that all the parsed args are correct and work well together.
Returns the modified args object.
"""
DEBUG = ar.debug
# Make sure that exactly 1 pattern argument was given.
all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern]))
if len(all_patterns) > 1:
_exit_error("Xpatterns")
if len(all_patterns) == 0:
_exit_error("0patterns")
# Create a new variable ar.pattern, and fill it with
# whichever pattern we have -t -f -p. ar.pattern will be a list.
if ar.fpattern:
ar.pattern = file_to_pattern(ar.fpattern)
elif ar.tpattern:
ar.pattern = text_to_pattern(ar.tpattern)
else:
ar.pattern = hex_to_pattern(ar.ppattern)
# Convert all number args from strings into long integers.
try:
for attr in [ "bsize", "max_matches", "start", "end" ]:
if getattr(ar, attr):
setattr(ar, attr, long(getattr(ar, attr)))
except ValueError:
e = sys.exc_info()[1]
_exit_error("sizes", err=e)
# Buffer size must be at least double maximum pattern size.
if ar.bsize:
if ar.bsize < len("?".join(ar.pattern)) * 2:
_exit_error("bsize", len("?".join(ar.pattern)) * 2)
else:
ar.bsize = len(b"".join(ar.pattern)) * 2
ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default.
# Set start and end values to 0 if not set.
ar.start = ar.start or 0
ar.end = ar.end or 0
# End must be after start. :)
if ar.end and ar.start >= ar.end:
_exit_error("startend")
# If log file is True, open it and replace ar.log with the file handler.
if ar.log:
try:
ar.log = open(ar.log, "w")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", ar.log, e)
return ar
def search(ar, fh):
"""
This function is simply a wrapper to forward needed variables in a way
to make them all local variables. Accessing local variables is faster than
accessing object.attribute variables.
Returns nothing.
"""
if not DEBUG:
_search_loop(ar.start, ar.end, ar.bsize, ar.pattern,
ar.max_matches, ar.log, ar.verbose, fh.name,
fh.read, fh.seek)
else:
_debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read):
"""
Slower, less functional, but less error prone simple search.
For debugging purposes.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern))
read_size = 2**24 - len_pattern # Amount to read each loop.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
regex = re.compile(pattern, re.DOTALL+re.MULTILINE)
try:
buffer = fh_read(len_pattern + read_size)
offset = 0
match = regex.search(buffer)
while True:
if not match:
offset += read_size
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size)
match = regex.search(buffer)
else:
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
offset+match.start(), offset+match.start(), fh_name))
match = regex.search(buffer, match.start()+1)
if len(buffer) <= len_pattern:
return
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches,
log, verbose, fh_name, fh_read, fh_seek):
"""
Primary search function.
Returns nothing.
"""
len_pattern = len(b"?".join(pattern)) # Byte length of pattern.
read_size = bsize - len_pattern # Amount to read each loop.
# Convert pattern into a regular expression for insane fast searching.
pattern = [ re.escape(p) for p in pattern ]
pattern = b".".join(pattern)
# Grab regex search function directly to speed up function calls.
regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search
offset = start or 0
# Set start reading position in file.
try:
if offset:
fh_seek(offset)
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, err=e)
try:
buffer = fh_read(len_pattern + read_size) # Get initial buffer amount.
match = regex_search(buffer) # Search for a match in the buffer.
# Set match to -1 if no match, else set it to the match position.
match = -1 if match == None else match.start()
while True: # Begin main loop for searching through a file.
if match == -1: # No match.
offset += read_size
# If end exists and we are beyond end, finish search.
if end and offset > end:
return
buffer = buffer[read_size:] # Erase front portion of buffer.
buffer += fh_read(read_size) # Read more into the buffer.
match = regex_search(buffer) # Search for next match in the buffer.
# If there is no match set match to -1, else the matching position.
match = -1 if match == None else match.start()
if verbose: # Print each loop offset if verbose is on.
STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset))
else: # Else- there was a match.
# If end exists and we are beyond end, finish search.
if match == -1 and offset + match > end:
return
# Print matched offset.
find_offset = offset + match
STDOUT.write("Match at offset: %14d %12X in %s\n" % (
find_offset, find_offset, fh_name))
if max_matches:
max_matches -= 1
if max_matches == 0: # If maximum matches are found, then end.
STDOUT.write("Found maximum number of matches.\n")
return
# Search for next match in the buffer.
match = regex_search(buffer, match+1)
match = -1 if match == None else match.start()
if len(buffer) <= len_pattern: # If finished reading input then end.
return
# Main loop closes here.
except IOError:
e = sys.exc_info()[1]
_exit_error("read", fh_name, e)
def main():
args = get_args() # Get commandline arguments.
args = verify_args(args) # Check arguments for sanity, and edit them a bit.
if args.fsearch: # If filenames were given on the commandline, process them.
while args.fsearch: # List of files to search inside.
try: # Open a filehandler for the filename.
filehandler = open(args.fsearch[0], "rb")
except IOError:
e = sys.exc_info()[1]
_exit_error("openfile", args.fsearch[0], e)
search(args, filehandler)
filehandler.close()
args.fsearch.pop(0) # Remove each file after search.
else: # If no files were given, search using stdin.
search(args, STDIN)
sys.exit(0)
if __name__ == "__main__":
# This allows the program to exit quickly when pressing ctrl+c.
signal.signal(signal.SIGINT, signal.SIG_DFL)
main() source: https://github.com/Sepero/SearchBin/blob/master/searchbin.pyis useful works out fo the box without dependencies, might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills. searchbin -p 01010420 "path to disk image of .img" file,
searchbin -p 01010420 /dev/whicheverpath its on might work too if you want to go cowboy mode. it probably will miss it, so try if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i think it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file. also a bonus, searchbin.py -p 6231050009000000 "path to disk image" will output offsets to wallet files. i mean its not guaranteed to, but it should help you get closer to recovering it. if you get rich please ask me for my wallet address. thanks  also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code] |
|
|
|
Can you load your wallet into Pywallet and manually count the number of "tx" entries inside? You can also use this tool to extract your private keys so you can sweep them into a new wallet. Yeah over the years i became too familiar with pywallet. had/still has some bugs now and then but it does the trick. I do have an issue with this wallet file. i have different occurances of a key in the key pool i can decode the data after reading it using pywallet or any other manual berkeley database access methods. I used which is stupid, i also tried db_dump -r | db_load -t btree wallet.dat also checked with i came to understanding some keys may be missing or misplaced, didnt know that my keypool data had timestamp it was created at, it was useful. also the version the wallet software used to create it. its useful because if i load the wallet file into another version and generate new keys it stands out still but it still doesn't find a key. so i need a wallet with the least amount of keys in the keypool right. i found one wallet with a consistent key pool however, the last oldest keys are a few hours and 200 counts off from the 2 keys that are missing the private keys. btw check this out https://kewde.github.io/corrupted-bitcoin-wallet its a really useful method. inspired me to look at other methods. i noticed today if i load the wallet file and use hxd.exe to read the memory, the private keys are stacked on top of each other (without the der or whatever you call it, just the ~64 char hex), if i view at 32 byte width. if one key starts with 022c9992019292290s8sshns and has private hex of 4292ff8f39393930222 and the pubkey i am looking for is for example 022c89383839u9ddffff i just need to search for 022c9992019292290s8sshns and find 4292ff8f39393930222 and then wherever 4292ff8f39393930222is located there will be keys stacked over and below it, without any other data just 32 byte keys concatenated. all priv hex keys surrounding the 4292ff8f39393930222 will have pubkeys with similiar prefix to 022c9992019292290s8sshns dunno why im sharing this finding its just useless for me because my key is stuck, and i have life savings stuck on this charge address.
anyway today i edited #!/usr/bin/env python
# This software is
# Copyright (c) 2012-2018 Dhiru Kholia <dhiru at openwall.com>
# Copyright (c) 2019 Solar Designer
# Copyright (c) 2019 exploide
# Redistribution and use in source and binary forms, with or without
# modification, are permitted. (This is a heavily cut-down "BSD license".)
#
# While the above applies to the stated copyright holders' contributions,
# this software is also dual-licensed under the MIT License, to be certain
# of license compatibility with that of the components listed below.
#
# This script (bitcoin2john.py) might still contain portions of jackjack's
# pywallet.py [1] which is forked from Joric's pywallet.py whose licensing
# information follows,
#
# [1] https://github.com/jackjack-jj/pywallet
#
# PyWallet 1.2.1 (Public Domain)
# http://github.com/joric/pywallet
# Most of the actual PyWallet code placed in the public domain.
# PyWallet includes portions of free software, listed below.
#
# BitcoinTools (wallet.dat handling code, MIT License)
# https://github.com/gavinandresen/bitcointools
# Copyright (c) 2010 Gavin Andresen
import binascii
import logging
import struct
import sys
try:
from bsddb.db import *
except:
try:
from bsddb3.db import *
except:
sys.stderr.write("Error: This script needs bsddb3 to be installed!\n")
sys.exit(1)
json_db = {}
def hexstr(bytestr):
return binascii.hexlify(bytestr).decode('ascii')
# bitcointools wallet.dat handling code
class SerializationError(Exception):
""" Thrown when there's a problem deserializing or serializing """
class BCDataStream(object):
def __init__(self):
self.input = None
self.read_cursor = 0
def clear(self):
self.input = None
self.read_cursor = 0
def write(self, bytes): # Initialize with string of bytes
if self.input is None:
self.input = bytes
else:
self.input += bytes
def read_string(self):
# Strings are encoded depending on length:
# 0 to 252 : 1-byte-length followed by bytes (if any)
# 253 to 65,535 : byte'253' 2-byte-length followed by bytes
# 65,536 to 4,294,967,295 : byte '254' 4-byte-length followed by bytes
# ... and the Bitcoin client is coded to understand:
# greater than 4,294,967,295 : byte '255' 8-byte-length followed by bytes of string
# ... but I don't think it actually handles any strings that big.
if self.input is None:
raise SerializationError("call write(bytes) before trying to deserialize")
try:
length = self.read_compact_size()
except IndexError:
raise SerializationError("attempt to read past end of buffer")
return self.read_bytes(length).decode('ascii')
def read_bytes(self, length):
try:
result = self.input[self.read_cursor:self.read_cursor + length]
self.read_cursor += length
return result
except IndexError:
raise SerializationError("attempt to read past end of buffer")
return ''
def read_uint32(self): return self._read_num('<I')
def read_compact_size(self):
size = self.input[self.read_cursor]
if isinstance(size, str):
size = ord(self.input[self.read_cursor])
self.read_cursor += 1
if size == 253:
size = self._read_num('<H')
elif size == 254:
size = self._read_num('<I')
elif size == 255:
size = self._read_num('<Q')
return size
def _read_num(self, format):
(i,) = struct.unpack_from(format, self.input, self.read_cursor)
self.read_cursor += struct.calcsize(format)
return i
def open_wallet(walletfile):
db = DB()
DB_TYPEOPEN = DB_RDONLY
flags = DB_THREAD | DB_TYPEOPEN
try:
r = db.open(walletfile, "main", DB_BTREE, flags)
except DBError as e:
logging.error(e)
r = True
if r is not None:
logging.error("Couldn't open wallet.dat/main. Try quitting Bitcoin and running this again.")
logging.error("See our doc/README.bitcoin for how to setup and use this script correctly.")
sys.exit(1)
return db
def parse_wallet(db, item_callback):
kds = BCDataStream()
vds = BCDataStream()
for (key, value) in db.items():
d = { }
kds.clear(); kds.write(key)
vds.clear(); vds.write(value)
type = kds.read_string()
d["__key__"] = key
d["__value__"] = value
d["__type__"] = type
try:
if type == "mkey":
#d['nID'] = kds.read_uint32()
d['encrypted_key'] = vds.read_bytes(vds.read_compact_size())
d['salt'] = vds.read_bytes(vds.read_compact_size())
d['nDerivationMethod'] = vds.read_uint32()
d['nDerivationIterations'] = vds.read_uint32()
#d['otherParams'] = vds.read_string()
item_callback(type, d)
except Exception:
sys.stderr.write("ERROR parsing wallet.dat, type %s\n" % type)
sys.stderr.write("key data in hex: %s\n" % hexstr(key))
sys.stderr.write("value data in hex: %s\n" % hexstr(value))
sys.exit(1)
# end of bitcointools wallet.dat handling code
# wallet.dat reader
def read_wallet(json_db, walletfile):
db = open_wallet(walletfile)
json_db['mkey'] = {}
def item_callback(type, d):
if type == "mkey":
#json_db['mkey']['nID'] = d['nID']
json_db['mkey']['encrypted_key'] = hexstr(d['encrypted_key'])
json_db['mkey']['salt'] = hexstr(d['salt'])
json_db['mkey']['nDerivationMethod'] = d['nDerivationMethod']
json_db['mkey']['nDerivationIterations'] = d['nDerivationIterations']
#json_db['mkey']['otherParams'] = d['otherParams']
parse_wallet(db, item_callback)
db.close()
crypted = 'salt' in json_db['mkey']
if not crypted:
sys.stderr.write("%s: this wallet is not encrypted\n" % walletfile)
return -1
return {'crypted':crypted}
if __name__ == '__main__':
if len(sys.argv) < 2:
sys.stderr.write("Usage: %s [Bitcoin/Litecoin/PRiVCY wallet (.dat) files]\n" % sys.argv[0])
sys.exit(1)
for i in range(1, len(sys.argv)):
filename = sys.argv[i]
if read_wallet(json_db, filename) == -1:
continue
cry_master = binascii.unhexlify(json_db['mkey']['encrypted_key'])
cry_salt = binascii.unhexlify(json_db['mkey']['salt'])
cry_rounds = json_db['mkey']['nDerivationIterations']
cry_method = json_db['mkey']['nDerivationMethod']
crypted = 'salt' in json_db['mkey']
if not crypted:
sys.stderr.write("%s: this wallet is not encrypted\n" % filename)
continue
if cry_method != 0:
sys.stderr.write("%s: this wallet uses unknown key derivation method\n" % filename)
continue
cry_salt = json_db['mkey']['salt']
if len(cry_salt) == 16:
expected_mkey_len = 96 # 32 bytes padded to 3 AES blocks (last block is padding-only)
elif len(cry_salt) == 36: # Nexus legacy wallet
expected_mkey_len = 160 # 72 bytes padded to whole AES blocks
else:
sys.stderr.write("%s: this wallet uses unsupported salt size\n" % filename)
continue
# When cracking we only use the last two AES blocks, and thus we could support
# any encrypted master key size of 32 bytes (64 hex) or more. However, there's
# no reliable way for us to infer what the unencrypted key size was before it
# got padded to whole AES blocks, and thus no way for us to confidently detect
# correct guesses by checking the last block's padding. We rely on that check
# for expected encrypted master key sizes (assuming that 48 was 32, and 80 was
# 72, like specific known wallets use), but we don't dare to do that for
# unexpected sizes where we'd very likely end up with 100% (false) negatives.
if len(json_db['mkey']['encrypted_key']) != expected_mkey_len:
sys.stderr.write("%s: this wallet uses unsupported master key size\n" % filename)
continue
cry_master = json_db['mkey']['encrypted_key'][-64:] # last two AES blocks are enough
sys.stdout.write("$bitcoin$%s$%s$%s$%s$%s$2$00$2$00\n" %
(len(cry_master), cry_master, len(cry_salt), cry_salt, cry_rounds)) from https://github.com/openwall/john/blob/bleeding-jumbo/run/bitcoin2john.pyit has the good parts from pywallet and bitcointools (i used bitcointools scripts too) managed to extract the data without issues.. it has the most refferences to the data my wallet has... https://github.com/openwall/john/blob/75667e266c2b9356504a86c6013b91a9a3e48c4e/run/bitcoin2john.py#L173 over here i added print(json_db) because the script was useless otherwise. from a 350mb wallet.dat file, it outputs about 1.5gb each transaction has a tx_v and tx_k like with pywallet. however in other wallet files i dump that contain similiar keys to this oldeest backup i found, each tx_v is usually the same size as the transaction in the blockchain but with "from account " metadata appended to it in hex.but with this wallet each transaction value is probably a few kb in size. they do contain data for previous outs in the same block though maybe thats why'?
i mean if my wallet sent 10 transactions in one block it has the same transaction in 1 tx_v i think. but the data is just large.i do remember loads of cves showing up and bug reports for old wallets, i think also in the debug log there are messages of orphans and stuff. but my question is, i dunno. is there any tricks that i can do in a low level way to find the private key. im coming up with tons of new techniques to extract new key values but none of them are correspnding to this pubkey. tx_v however is unlike the version 60000+ wallets, my ones 60400, i do have compressed keys. |
|
|
|
|
Db.log shows this and i cant load the wallet, if i dump the contents of the wallet the transaction data is extremely large
How do i fix this
|
|
|
|
|
Databases(Berkeley) have more than one database in it, I noticed with photo wreck usually calves them separately if so like they’ll be a small and large Output. The database wouldn’t also load properly and would need manual cleaning.
If you can find the correct headers and config feel free to share I think it’s on Google somewhere
Also dont share any screenshots if they include data from your wallet, especially ones with 01 01 04 20 hex str
|
|
|
|
|
Boot up kali linux and run photorec. Look for txt files and enable expert mode with keeping corrupt files. You should see many versions of the wallet file appear at different heights if lucky. Run scan on the whole disk.
If you need help using photorec, search online
|
|
|
|
|
Show Posts
