Have you tried hashcat yet?
Wish you find your coins, good luck.
I've spent close to 250k since 2014 on this, so, yes. Bruteforcing is no option. Dave succesfully recovered a wallet holding +- 1800 BTC around the same time (lost all passwords the same day), so i know he's a capable guy. If he tells me after almost ten years it's impossible using the bruteforce technique, then i trust him. I guess i'll wait it out until our technology evolves. Well, what I described has nothing to do with brute force, it's also not related to technology, it's a rather simple math equation. I have heard and read about Dave's work, seems legit and secure to give him wallet hash, best way to crack a wallet's password without giving him access to the wallet if he can crack it. But password recovery and elliptic curve operations are different, however a 256 bit key is not possible to solve currently. Just a friendly advice, never spend money on recovery before calculating everything scientifically, always ask experts for precise calculations of success, time, odds, probability etc.😉 |
|
|
|
hi members!
I have a multibit classic wallet that currently holds 17BTC
Somewhere in 2014/2015 i lost my wallet password.
Many attempts have been tried to bruteforce the wallet password, without any success.
KeychainX, dave bitcoin, everyone already tried to guess or break my password.
Would you asume there is a possibility to use software to try and recover my wallet using the Pollard approach?
Can someone point me in the right direction on what sofware and settings i should be using?
I still have access to the Multibit wallet, only the password is missing.
I have my wallet address and it's public key.
Maybe this could come in handy to extract certain transaction data?
Thank you
In here we are aliens with passwords, we only work with public keys, you could post it here so we could check it out ( not making any difference, because we are stuck with keys smaller than 160 bit ). Have you tried hashcat yet? Regarding pollard's method aka kangaroo, you could divide your public key by 2 but before that either add 1G or subtract 1G then you'll have 2 public keys, original and it's +1, you could divide them both by 2 four times in a row, then add 1G to each result and divide all of them by 2, at the end you will have millions of keys, which would be impossible to do the division and addition manually you'd need a program to do that which doesn't exist, but if you could do that then for example you could divide n of secpk1 by 2 as many times as you divided your public key and input those millions/ billions of offsets into kangaroo and then use n/2, n/4, n/8 etc as your start range, you could subtract an estimated number from your n/2 and use it as start and add that estimated number to n/2 and use it as end range, I'd imagine you'll have to try at least 200 start/end ranges one by one and spend at least 6 hours for each search. Wish you find your coins, good luck. |
|
|
|
because at first you made mention of something quote "you should find any relation between similar addresses and their public/ private keys with their sha256 hashes"... with that said, what kind of relationship are you talking about? besides that, I thought hashes are one way and cannot be calculated the other way unlike the EC curve that is based solely on the SECP256K1 implementations, one point linking to another point on the curve... I might be wrong though. Can you expatiate how we can successfully find the relation between addresses and their hashes...
Anything is always possible and I always keep a good faith...
Don't go after hashes and addresses, that is for tech giants not for puzzle solvers, anyone trying to find relations between addresses and hashes is lifting more than he could/ should, because after breaking 2 hash functions which is equal to breaking a 256 bit key, you will have to deal with the public key, you could however solve 66 up to 124 in a few month using kangaroo but breaking 2 hash functions is not something easy. A group effort is needed to partially break ECC and solve the keys 130, 135 etc, it doesn't matter if someone uses our ideas to solve the puzzles and keep the coins, what matters is us throwing as big as we can find at ECC's window to see when it cracks. And when we start seeing cracks on the glass, we could think of more protection before billions of dollars and millions of lives are ruined.😉 |
|
|
|
Here is a problem I'm facing, it seems really easy to figure out, but I can't. Because there is no solution. You can always divide by 5. In 20% cases, you will reach smaller key, in 80% some bigger one, just because every fifth number is divisible by 5. You can always divide by any number in range from 1 to n-1. Always. You can clearly see that when trying to reach 1/2. In real numbers, it is some value between zero and one. But in ECDSA world, it could be for example 7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1. You won't get any error, like "this division is impossible". It will never be rounded down to zero, or rounded up to one. Division, exactly in the same way as multiplication, is always possible for all numbers from 1 to n-1. If you explore it on some smaller values, for example n=67 from my avatar, then you can clearly see that. You will rotate like in a clock, always getting "some" result, and never getting to the point of "no answer". And this is the beauty of the finite field, this is what makes it strong, and when you understand it, you will see, why you cannot "just divide it". Here is what I found, I'm not a mathematician but this should work and it can bend elliptic curve or rather straighten it. 56900346571233247÷5 = 11380069314246649.4 + n/5 + n/4 = 11380069314246649, I just couldn't find any meaningful result before, but I have tried the above method and it works. It seems we can just divide it after all, but this won't help much if private key is unknown, these things are like fire for a child when they see it for the first time. I wanted to say a monkey when you perform a magic trick in front of him, have you seen how excited they get? Lol. |
|
|
|
Speaking of spamming the topic with unimportant content! When you guys realize that in order to find a key based on address alone, first you'd need to break rmd160, then sha256 to get the public key and then find the private key based on the public key, since only public key and private key are directly related mathematically. What you should do instead now that you are using your time, you should find any relation between similar addresses and their public/ private keys with their sha256 hashes, at least this way you are one step closer to solving 66 etc, because you won't have to face rmd160. However, trying to do that will require more power and time than solving the puzzle #160. So don't waste your time on something that difficult, try finding ways to go around the EC rules and break/ bend them either completely or partially. For example, this is a method to partially break EC : Divide a point by e.g, 5, then divide n by 5, and then add the result of p/5 to n/5, if your point is not divisible by 5 depending on the last digit of the private key, the division result differs. Demonstration : 823 / 5 = 164.6 Now all you need is to extract 0.6 of n in secp256k1 and keep it for next operation, then after dividing 823 by 5, you just divide n by 5 and add the result of 823/5 to n/5 + 6/10 of n = 164 But what happens if we divide 822 / 5 = 164.4, just follow the previous steps this time extract 4/10 of n to add to your second result. We just broke EC by simple math operations, though when your key is large and unknown, the fraction could be any percentage of n, but if you divide by 2 up to 9, since any key can only have 0 up to 9 on it's last digit, 1 out of 10 division + n/th + n/remainder will work.
I could never find these things out if I was still working on addresses and hashes.😉
what I need to know is, how to get the checkpoints for the puzzle 130 and how many checkpoints do i need their x coordinates in the checkpoints? Also will the code print the target public key's equivalent private key or will it save it to a file? Thanks as we all learning... You can use key subtracter by alberto, https://bitcointalk.org/index.php?topic=5360656.0You could use a known public key and use -a - s with -r 0:f -n 30 to have 15 + and -15 of your known public key, however use -z and -x to have only x coordinates, then you can convert them all to decimal. |
|
|
|
Really nice one, too bad I don't know how to run scripts, I'm just a windows person used to double click on exe files. 😅
Just copy the code and paste in notepad and save it as myscript.py (it would run on python), save in your folder, open folder, type CMD in address bar above and press ENTER, command prompt terminal will open, type there >python myscript.py and hit enter the script will run, you'll see step or jumps prints, chill! If I had merits I would give you many! Thank you for teaching me something new. I have some questions if you have the time, should I convert x, y coordinates of my target and paste in x,y.txt like x coordinate on first line and y on second line? Also for checkpoint.txt I just need to paste x coordinates on one line per key and save their private keys? What else do I need to change on the script? I appreciate it. Edit, I got it running, I just need to know what to change for addition and subtraction, should I put values in decimal? And why it won't show anything on screen? Lol it just blinks endlessly. |
|
|
|
just put in your mind something, there is a lot of professional users here, we did think of all possibilities, dont you think that we already think of your idea ? of course we did think of a lot
The quote above is a golden statement, I like the way you emphasize on "we".😅 You never know if an idea is possible to execute or not until either you or someone else puts it to test. Sorry if I offended your professional spirit. |
|
|
|
|
I am wondering, what is an insecure key, what does it look like, and were these compromised keys easier than our 1000 bitcoin puzzle keys? They had to know something, was there any hint in the code itself telling you what to look for?
I wouldn't trust any wallet, open source/ closed source, reviewed by all the experts or not, you just need to flip a coin to be safe. In general I consider deterministic wallets/ seeds a vulnerability, gmaxwell was the first dev coming up with this idea right? It's only good and safe if you know what you are doing. Bitcoin is only good to keep if you know what you are doing, that's the reason why masses don't rush into it, because it takes time and effort to learn how to do things.
|
|
|
|
what are the parameters to put in place and what codes or tools would be required to achieve that goal mentioned above?
I'm not a code/tool expert, and I'm pretty sure all the existing ones lack something, I don't know maybe BSGS can do what I said. If I had a perfect idea I could have used it myself, I only type what comes to my mind, whether it's possible or doable currently, I don't know. Hints is what I can provide the best.😉 Here is the code doing exactly what digaran explained earlier... I used on puzzle 125, chant it when someone else found it. I am not optimistic of it! you can have it if you've huge ram... it works on more more of a simple phenomenon rather then complex... In the script checkpoint.txt file has only public key x coordinates in decimal format. Why only x because, if you have public keys of private keys from 1 to 1 billion, they are actually two billion public keys, first billion from 1 to 1 billion and the last billion,, both billion have same x coordinate,, so kind of really big help there  ... The script first loads the file checkpoints.txt. so in this file I kept 80 million public keys from 2 - 80000000. The file size was 5.88 GB, been running on 8 GB RAM system. Here is how script works with a simple example you can modify relevant figures in script as per your needs... Suppose our public key has the private key of 87 (which we don't know obviously) we have checkpoints from 1-5 (which is really big if we compare 80 million with 125 puzzle key distance),, so what the script does it, is subtracts a set jump from pubkey and checks the resulting point within checkpoints, you can set your own jump.. suppose you want to set jump size as 20, here is how script works: 87-20=67 (not in checkpoints) 67-20=47 (not in checkpoints) 47-20=27(not in checkpoints) 27-20=7(not in checkpoints) 7-20=-13(not in checkpoints) As you know the range you can set the step size to suite the range, in our case, it is suitable to have 5 steps if we choose its size as 20... After finishing 5 stepts, the script subtracts 5 from 87 and saves the progress in j_value.txt file, after every iteration it changes the value in j_value.txt file. So if you shutdown or power goes off, next time script restarts from where it left... After first iteration script subtract 10 from 87-10=77 (10 because you have first 5 and last 5) next iteration is like 77-20=57 (not in checkpoints) 57-20=37 (not in checkpoints) 37-20=17(not in checkpoints) 17-20=-3(matched) -3 is matching because its inverse point is 3 and both have same x coordinate... If a match is found, the script save that point in results.txt file. I forget to mention xy.txt file has the decimal x and y coordinate of puzzle pub key. Here is whole script: Chill Pcurve = 2**256 - 2**32 - 2**9 - 2**8 - 2**7 - 2**6 - 2**4 -1 # The proven prime
N=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 # Number of points in the field
Acurve = 0; Bcurve = 7 # These two defines the elliptic curve. y^2 = x^3 + Acurve * x + Bcurve
Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240
Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424
GPoint = (Gx,Gy) # This is our generator point. Trillions of dif ones possible
def modinv(a, n=Pcurve):
lm, hm = 1, 0
low, high = a % n, n
while low > 1:
ratio = high // low
nm, new = hm - lm * ratio, high - low * ratio
lm, low, hm, high = nm, new, lm, low
return lm % n
def ECadd(a, b):
if a == 'O':
return b
if b == 'O':
return a
if a == b:
LamAdd = ((3 * a[0] * a[0] + Acurve) * modinv(2 * a[1], Pcurve)) % Pcurve
else:
LamAdd = ((b[1] - a[1]) * modinv(b[0] - a[0], Pcurve)) % Pcurve
x = (LamAdd * LamAdd - a[0] - b[0]) % Pcurve
y = (LamAdd * (a[0] - x) - a[1]) % Pcurve
return (x, y)
def ECsub(a, b):
if b == 'O':
return a
if isinstance(a, str):
a = tuple(map(int, a.split()))
if isinstance(b, str):
b = tuple(map(int, b.split()))
neg_b = (b[0], -b[1] % Pcurve)
return ECadd(a, neg_b)
def ECmul(a, b):
result = 'O'
while b > 0:
if b % 2 == 1:
result = ECadd(result, a)
a = ECadd(a, a)
b = b // 2
return result
# Read the x, y coordinates from xy.txt
with open("xy.txt", "r") as f:
x, y = map(int, f.read().strip().split())
point = (x, y)
# Read the checkpoint x-coordinates from checkpoints.txt
with open("checkpoints.txt", "r") as f:
checkpoints = set(map(int, f.read().strip().split()))
filename_out = "results.txt"
sub_count = 0
# read the last value of j from file
try:
with open("j_value.txt", "r") as f:
last_j_value = int(f.readline())
except:
last_j_value = 0
# loop for multiplication factor 0, 2, 4, 6, 8, 10, 12, 14, .......
found_match = False
for j in range(last_j_value, 10000001):
if found_match:
break
sub_count = 160000000 * j
for k in range(100001): # loop for 1lac subtract iterations
if k == 0: # first iteration
pass
else:
sub_count += 212676479325586539664609129644855
result = ECmul(GPoint, sub_count)
result = ECsub(point, result)
print(sub_count)
if result[0] in checkpoints:
with open(filename_out, "w") as f_out:
subtractions = sub_count // 212676479325586539664609129644855
f_out.write("{} {} {}".format(result[0], result[1], subtractions))
found_match = True
break
# save the value of j to file after each iteration
with open("j_value.txt", "w") as f:
f.write(str(j))
7-20=-13(not in checkpoints) Really nice one, too bad I don't know how to run scripts, I'm just a windows person used to double click on exe files. 😅 Here is another idea, lets see if it can be done or has any merits to it. If we know the exact start and end range of a public key, we could divide the end range by a number to reduce it down as much as possible, maybe making it a 6 digits number, now we only have to change our 6 digit number and multiply it by the number which we first divided our end range with, we need to change the numbers in a way that it never goes beyond our end range when multiplied. Now, before doing that, we need to add and subtract 1 G to our target and divide the results by 2, e.g. if our target is 256, we add 1, 2, 3, 4 etc and divide them all by 2 also we will add n/2 to all the results just to be safe and keep all of the keys to compare with our multiplication result. Eventually if we change our nonce, ( 6 digit number ) enough times and multiply it with powers of 2, 3 etc somewhere we should see a known key. A simple example : Start range 1, end range 512, our target is 95, now we divide 512 by 32 to get 16. But first lets generate some offsets for our target. Add 1 to 95 = 96/2 = 48 Add 3 to 95 = 98/2 = 49 Add 5 to 95 = 100/2 = 50 Sub 1 from 95 = 94/2 = 47 Sub 15 from 95 = 80/2 = 40 Now we have 48, 49, 50, 47 and 40, then we multiply 16 by 2, 3, 4, 5, 6, 7, etc until we see one of the keys above. Imagine if we generate different offsets, like billions of them, then we could simply keep multiplying to find one of our targets.
This just came to my mind today, it's not cooked well , yet!😉 |
|
|
|
what are the parameters to put in place and what codes or tools would be required to achieve that goal mentioned above?
I'm not a code/tool expert, and I'm pretty sure all the existing ones lack something, I don't know maybe BSGS can do what I said. If I had a perfect idea I could have used it myself, I only type what comes to my mind, whether it's possible or doable currently, I don't know. Hints is what I can provide the best.😉 |
|
|
|
Interesting!! However, in this case, you're not skipping keys; you're transposing the range from 2000:6000 to 1000:3000, which results in the same number of keys.
you avoid keys if you use the pubkey corresponding to pk 2, you would omit the odd private keys. Why and how do you change the G? If you change the generator all the results will be incorrect for secp256k1 curve, maybe you mean to use a stride of 2, in order to skip 1 key between each jump, or skip 2, well if you try that you will see that you are just skipping for example 33% of the range as well as reducing the probability of finding your target by 33%. But there is a way to do the search for public key faster, first you need to subtract as many keys as you can to have a new and ideally small range key, then you could generate +1 billion offsets and -1 billion offsets to keep in a file for auto comparison, then you could use a stride in such a way that each stride never goes beyond 2 billion keys, that way you are certain each stride will definitely have a 100% chance of landing on one of the 2 billion saved public keys. Now for someone with serious RAM and speed, they can generate +10 & -10 billion keys to check and use a bigger stride to search faster.😉 |
|
|
|
|
So it is good for gambling and trading methods which are no different than gambling.
This could be useful in many ways, one coming to mind is escrow, one could send some altcoin to an altcoin address and the txid in that blockchain could be used as the data feed for the oracle to release the funds to the borrower.
Though maybe this is already a thing?
Anyways, if the data feed is going to be determined by humans, there will be ways to manipulate the outcome. So the data feed needs to come from a source difficult to manipulate like a blockchain.
|
|
|
|
Using this code below to find the private key for puzzle 30, which specifies that the first 4 bits are 1. Running it with 12 processes on my i7-12700kf, the private key was found in about 1 minute and 28 seconds. Of course, it's just trying my luck. But who isn't trying their luck for hunters who don't have a lot of gpu? I believe that any other tool used by each of us hunters with only a small amount of resources is using random mode to search for private keys, so why not rule out some combinations with lower probability to try some private keys with higher probability? More importantly, why do you guys wasting your time on keys with no exposed public key? While you depend on luck trying to find #66, you could use your skills to find a way to reduce the range of public keys.😉 |
|
|
|
for n = fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 print(toHex(round(n / 6)))
my result is 2aaaaaaaaaaaaa00000000000000000000000000000000000000000000000000   but what I meant is whether there is a way to divide a point on the curve x, y by another point on the curve x, y? Your result is not correct because you should do the math mod n to have the correct result. Anyways, point by point multiplication and division without knowing at least one point's private key is impossible, why else they call it crypto-graphy for? If it was possible directly, we all could break ECC easily. Ps, I'm not a mathematician, but I'll find a way to divide point by point or die trying! 🤣 |
|
|
|
But it seems to be something automated by the puzzle's creator itself, I looked at some transactions.
Be more specific, please If you look at the transactions in wallet 66, and a few others, you will see that it appears to be something automated, sending small transactions with numbers that I believe might provide some clues in decimal/hexadecimal or binary code as to where the private key could be located. However, this is just an assumption. If you mean numbers 66 and 99, they are mirrors of each other, also converting 66 and 99 to hex twice you will get 2a for 66 and 3f for 99. Converting 66 to decimal is 102, and 99 is 153. Note that 6 and 9 are represented by each other in hex format, since there are only 6 alphabet letters, the remaining 9 digits have no alphabet representatives. So here is how it works : 0= f 1= e 2= d 3= c 4= b 5= a 6= 9 7= 8 8= 7 9= 6 It's a world of wonders this hexadecimal world!
To mathematicians, there is a way to divide one point by another point on the elliptic curve.
Are you asking or telling? Of course there is a way, look at my personal text, e.g. dividing n by 6 will give you this : 2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa74727a26728c1ab49ff8651778090ae0 You can multiply any point by above key, and it will divide your key by 6 if it's divisible by 6 you will get a correct answer. Now if you divide a point by the key above, you will actually be multiplying your point by 6. Now if you divide a point by 4 and multiply the result by 2 you should naturally get half of your original point, if your point is divisible by 4 then your results are correct, otherwise you will have a much much bigger point than your original point. Essentially dividing a point by a number other than 2 will get you no where close if your key is not divisible by that number, you can try by dividing a number by 3, 4, 5, etc and if the fraction is something other than .5, then the result of point division will not be any where close, however as long as the fraction is .5, then you can always add n/your divisor to the result to get the correct result. For example, divide 23 by 2, you will get -n/2-12 as a result, and if you add n/2 to your result, you'll have -12. 101 on how to break cryptography by ~dig.😉 |
|
|
|
Suddenly, the older version of VanBitCrackenS1.exe, which is a compiled executable, stops functioning, and the 10-12 MB exe file suddenly becomes 0 MB. I download the new version from GitHub (compiled exe of VanBitCrackenS v1.1). Everything is the same as it was in the old version. After a few days, whenever addresses are found, a separate text file is created named keys.found.txt, even though I had already specified -o found.txt along with its path. So the question is, has this software been compiled in such a way that any feature can be added or removed at any time, as I have experienced, which is a terrifying experience.  What do you mean you downloaded the new version? did you see any changes in repository? Because that would make it "a new version" but if the file wasn't changed then it's not a new version looking the same, it's the same old one, besides how exactly an executable file is reduced to 0MB but still exist, I have never seen a file with a no size, it should at least show some size. Also I have never seen a file delete itself. Anyways, I don't even have the found keys command set but when it finds an address it creates the text file named keysfound.txt by default. My cracker is also untouched.😉 |
|
|
|
|
Are there any educational articles on the security of wallets/ tools and anything related to private keys on this forum?
For ordinary users, well they don't know how to review the code if the code is available.
One other thing is educating people to never use closed source tools to generate private keys.
Also, what are the most secure and properly reviewed tools good for cryptography use? They all should be listed and updated somewhere like in a book or a site, wait this bx was in a book which everyone kept using as a reference for newbies. What an irony!
|
|
|
|
First of all, if a trojan is in a program, you can't find it by scanning for trojans, it could be a simple function of the program. Secondly, what development? There is no code for others to check and suggest improvements. Before you were born, people around here passed these tricks and got an A+. 😉 |
|
|
|
I Will move the project interely to linux due to facility to run it using a vast.ai instance.
Running it against #40 bit this software is able to find it in about 10 minutes using a GTX 1650
The strategy on this software was build after many years following these topics about this puzzle and I will not share the source code because I'm sure that in some moment I will find it, so sorry but no source code.
but, I'll release a public linux version to other people try to find #66 too soon. cheers.
Yeah, only idiots download and run this! If you are afraid that people might find a puzzle by using your trojan, why are you sharing it anyways? You don't seem to be a generous person.
Irony here is, op is not sharing the source code because others might find it sooner, but he is sharing a trojan inside this tool so that other people can find it sooner, FOR HIM.😉 |
|
|
|
Can anyone explain the following? Lambda : 5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72
Beta : 7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee
a1 = 3086d221a7d46bcde86c90e49284eb15
b1 = e4437ed6010e88286f547fa90abfe4c3
a2 = 114ca50f7a8e2f3f657c1108d9d44cfd8 What is the use of the keys above? Edit, so far I figured if we multiply a point by lambda, it will add our key to it and there won't be any multiplication and it also steals our y coordinate. So what is the use of that? About beta, I can't find anything meaningful in my results, is there any? |
|
|
|
|
Show Posts
