The only other explanation I can find for this is your target (7fffff0000000000000000000000000000000000000000000000000000000000) is greater than powLimit in chainparams (00000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff).
Again, this is RegTest not MainNet/TestNet. |
|
|
|
What were the previous difficulties before this block was mined,
Difficulty does not change on RegTest due to fPowNoRetargeting in chainparams being true. |
|
|
|
Using bitcoin core 0.21.0 on RegTest. Block #101 with the default RegTest target of 0x207fffff Full header is 00000020c21aa3b43d104b5db7eb46d90430308b668b4edebdd23d72ba6cfc685601f1666769ae0d507824c9b1220f02db880618240a6b5dff17c1319a443eadd4b218e7a76c3360ffff7f2000000000
Hash versus target: 6f295fbd976fd8dd1668bf4ba82b8e7b2089c3497cf3f9dc4a61beb519992958
7fffff0000000000000000000000000000000000000000000000000000000000
50279827699679515341806937817482573096355300064251967888806579886749916932440
57896037716911750921221705069588091649609539881711309849342236841432341020672
This block is being rejected by core with a short message only saying "high-hash". |
|
|
|
|
That doesn't answer my question.
|
|
|
|
I'm trying to figure out what validations are being performed on block size and so far found this line: https://github.com/bitcoin/bitcoin/blob/828bb776d29cbdfad3937ba100c428e3244c652f/src/validation.cpp#L3348if (block.vtx.empty() ||
block.vtx.size() * WITNESS_SCALE_FACTOR > MAX_BLOCK_WEIGHT ||
::GetSerializeSize(block, PROTOCOL_VERSION | SERIALIZE_TRANSACTION_NO_WITNESS) * WITNESS_SCALE_FACTOR > MAX_BLOCK_WEIGHT)
Google tells me that in c++ the size() method in std::vector (which is block.vtx type) returns item count which makes me wonder why is transaction count being multiplied by 4 and compared with max block weight? |
|
|
|
Maybe, I do something wrong on building.
Probably. This has nothing to do with the UI (Avalonia). Inside your Visual Studio place a break on the Find method line and then go to Debug > Start debugging (F5). After that enter your data in text boxes and click find, the execution should stop at that line where you placed the break.  Then continue pressing F11 to step into each method or F10 to step over until you figure out where the evaluation is failing. You can move your mouse over to any variable and see their value when in debug mode.  I can write something that is considered invalid inside a file, but it'll be normally built. It makes me curious. Do I change the program or not?
Did you open the solution file or the csproj file or did you just open the .cs file from your explorer? Because the only thing that I can think of is that when you open a .cs file you can't build it, it has to be inside a .csproj file. This file: https://github.com/Coding-Enthusiast/FinderOuter/blob/v0.6.0.0/Src/FinderOuter.sln or this https://github.com/Coding-Enthusiast/FinderOuter/blob/v0.6.0.0/Src/FinderOuter/FinderOuter.csproj |
|
|
|
but still I ge tthe same error
Try placing a break point where the error is being created and see what input is being checked. That should give you a good idea where the problem is. Here is the error message. See what the value of mnemonic is. My guess is that the input is not split into separate lines correctly. Why is it nvironment? Why not Environment? Based on your code, it doesn't seem you've used it as a variable.
That's a typo. |
|
|
|
I really think this should work, unless I made a mistake in my math. Did you double check all my algebra?
The problem is that with these specific values given in OP it is not possible to compute this particular case. Whether you use my equation in that other topic to directly compute the private key ( du) or first compute k with your equation here then compute private key from there, you'll get 0 which you can't compute its modular multiplicative inverse ( ax ≡ 1 (mod m) where a=0 doesn't have an answer). To be specific: s2-1r2 - s1-1r1 = 0Also r's - rs' = 0 |
|
|
|
I'll have to admit that your code is literally beautiful. Everything is organized and I can understand the functionalities of each file. Somehow, FinderOuter on Visual Studio 2019 goes really fast in contrast with my WinForms programs. Does it have to do with Avalonia? How did they manage to make it that light?
Thanks. I believe XAML is generally cleaner and faster for UI development but I'm not sure since I haven't really used WinForms myself. Anyway, I got off topic. What I wanted to say is that by changing line 149 on ViewModels/MissingMnemonicViewModel.cs and line 1483 on Services/MnemonicSevice.cs it's not possible. For example line 1425 on Services/MnemonicSevice.cs returns me "Invalid mnemonic length." when I try to add more than one mnemonics:
The FindMissing(..) in Service expects a single mnemonic, changing that is a lot of work so you should just change the ViewModel code to call it more than one time with each mnemonic instead of once VM code turns into: public async override void Find()
{
string[] mns = Mnemonic.Split(Environment.NewLine, StringSplitOptions.RemoveEmptyEntries);
foreach (var item in mns)
{
await MnService.FindMissing(item, MissingChar, PassPhrase, AdditionalInfo, SelectedInputType.Value,
KeyPath,
SelectedMnemonicType, SelectedWordListType,
SelectedElectrumMnType);
}
}
The FindMissing(..) method has to return a task to be awaitable: public async Task FindMissing(string mnemonic, char missChar, string pass, ....
And since IReport.Init() on each call clears the message you have to change that so that on each call to FindMissing() the new messages are added at the end. https://github.com/Coding-Enthusiast/FinderOuter/blob/681225416796a926479c8d246fb7afbf1e34484c/Src/FinderOuter/Models/Report.cs#L60Message += $"{Environment.NewLine}Finished checking first input. Moving on to next.{Environment.NewLine}";
Now you can enter multiple mnemonics in mnemonic textbox in mnemonic recovery option separating them with a new line and each will be checked one after the other. |
|
|
|
I'd also like to ask something else. Is it possible to brute force multiple mnemonics one after the other? One per line? If not, do you plan on doing something similar in the future? (Like adding some extra features on FinderOuter, not necessarily multiple mnemonics at once)
Normally people have one mnemonic that is damaged and want to recover it and if they have more they can just enter the second one after the first finished. I don't think there is any point in accepting more than one at a time. You can make minimal modification to the code to run it for yourself though. Change this line into a loop where it breaks each line into a single mnemonic and makes the call. And modify the Init() on report so that it doesn't clear the report on each call. |
|
|
|
4-bit checksum means 1 in 16. That's why you've written 261,774 (~ 20482 / 16) on the SetBip32() call count?
Essentially yes. I modified the code to add a simple counter that incremented on each call. I still don't understand why you wrote 00:02:44. There is no machine that can do so many operations in such little time. On my pc, brute forcing a 12-words mnemonic with 2 words missing takes me around 12 hours. (Given only the address)
It's not really that many operations. Each SetBip32() method consists of 2048 HMACSHA512 + (path depth * 1 HMACSHA512). That is 2050 HMACSHA512 for brute forcing m/0'/0'. The 2:44 min is to compute 536,636,700 HMACs in total (it's actually a lot less due to using "specialized" code). The specialized part is that FinderOuter isn't using the general HMAC functions, everything is specialized to compute only what it's supposed to. For example each HMAC consists of computing at least 2 SHA512 and each SHA512 has at least 2 blocks to compress. PBKDF2 (the 2048 round) repeats this in a loop where roughly 50% of it (4094 block compressions) is skipped on each call which greatly improves the speed. The only reason why it takes a much longer time (hours) to recover using an address is because of issue #9. ECC on its own is very slow and my implementation of it turns out to be terribly slow. Additionally when the path is something like m/0/0 the final round (after the PBKDF2) is to compute public keys (so there is an ECMultiply) which is a slow process itself. As a result the recovery process becomes a lot slower and the slowness of FinderOuter on top of it makes it take that long. |
|
|
|
Hi, I have a question. Let's assume that I've forgotten 1 word out of 12. This means that it'll have to try among 2048 combinations. Does it skip the checksum validation? Because if it checks for valid checksums it should not take that much time. For example, when I have 2 missing words, it has to check among 20482 different combinations. But if it counts the checksum, it should take less than an hour.
I explained last time: https://bitcointalk.org/index.php?topic=5214021.msg56129399#msg56129399Let me know if you have any additional questions. I remember a thread talking about mnemonic checksum, but I can't find it so I'll ask it here. How many are the valid mnemonics assuming that there is one word missing?
It is not possible to predict because it depends on how many collisions (purely by chance) we are going to get. It usually is somewhere between 120 and 130 for BIP39 and about 6 for Electrum. |
|
|
|
I believe that wallet recovery tools, especially the ones written in Python, should least have an introductory tutorials/documents/videos about the language.
My philosophy is that users shouldn't have to spend time learning anything in order to use a tool. For example nobody spends time learning how to use a web browser just to visit a website, while there is a lot going on in the background that user doesn't even see. This is why in FinderOuter I've focused on a user friendly UI where they have to fill boxes instead of a command line tool where they have to first learn the commands and then type in those commands. Because we keep telling people to brute-force passwords or a few characters of secret keys, but almost nobody here really knows how to write such a script (that's intuitive and easy to use by newbies, not some hacked-together spaghetti code like the kind I cook up).
It is really a tough to create a tool that is easy to use, sometimes you think you've made it easy but in fact it was the opposite. For instance I believed that separating the derivation path and the key index makes it more clear in mnemonic recovery but it turned out it was more confusing. The other issue is lack of feedback. My repository is getting about 50 visitors per day and about a dozen clones and yet over the past year I've only received only a handful of bug reports or suggestions. |
|
|
|
Who knows, maybe they went on a journey to learn C# or Python to be able to run the provided code!!! At least that question led me to add a new feature to FinderOuter to make it possible for users to recover their WIFs missing up to 11 characters at the end.  |
|
|
|
Is that because once redeemed the private key becomes public and anyone can then use it?
Your private key will always remain private unless you leak it by mistake. It doesn't matter if you used it create a signature (create a transaction and spend your coins). If your address doesn't show any forkcoin balance it is most probably because you spent your bitcoin before any of those forks took place. For example BCH fork was on height 478558 (2017-08-01) and you would only get BCH if you had spent your bitcoin in block 478559+. Subsequently if you didn't have BCH you can't have BSV either. |
|
|
|
@Coding Enthusiast is e1 and e2 the full message hash or so you take the leftmost L bits first?
In ECDSA we take leftmost log2n bits of the hash octet string only if the log 2n < 8*hashlen. In bitcoin with secp256k1 curve and SHA256 hash the two values are equal hence the entire octet string is converted to e. I couldn't figure out whether the (r,s) pairs are 32 hex characters and 256 hex chars respectively or the values OP separated with spaces in the OP are r and s.
The first values starting with 0x30 are DER encoded signatures. |
|
|
|
@Coding Enthusiast These calculations are confusing to me ... could you simplify these calculations, or if there is another easier method you could show me?
Only the last equation is needed. The rest are the "proof" of how to get there: dU = (1 - s2-1e2 + s1-1e1) * (s2-1r2 - s1-1r1)-1 (mod n)(There was a small mistake which is fixed now) dU is the private key. r and s are the two values in the signature. e is the message hash converted to an integer using big-endian notation. x-1 is modular multiplicative inverse of x mod n The only complication is the last one, the rest is simple multiplication, addition,... |
|
|
|
It appears to be possible, the private key used here is L2i3LvajQm9gpjHuYKhVgJ6sVYQECpEoaPzYQVtr637DWCLUPWQ6 We know the ECDSA equation is s = k−1(e + rdU) mod n. And we also know that k2 = k1 + 1. That means we have: k1 = s1-1(e1 + r1dU)
k1 + 1 = s2-1(e2 + r2dU)Subtracting these two gives: 1 = s2-1(e2 + r2dU) - s1-1(e1 + r1dU)
1 - s2-1e2 + s1-1e1 = s2-1r2dU - s1-1r1dU = (s2-1r2 - s1-1r1)dU
And finally the private key is dU = (1 - s2-1e2 + s1-1e1) * (s2-1r2 - s1-1r1)-1 (mod n)Note that under normal circumstances when k is chosen randomly the difference between two ks is not possible to calculate based on the 2 points we have (r 1 and r 2) hence making it impossible to compute the private key even when more than one ECDSA signature is created using the same private key. If it were any other way not just bitcoin but ECDSA would have became obsolete years ago when the first key reuse took place. |
|
|
|
~3secs for 10,000... or ~200,000/minute... just goes to show how "expensive" the "ENT to seed" process can be!   FWIW if I comment out the mnemonic to BIP32 seed part and just validate the checksums of each permutation in FinderOuter, it can perform ~7.2 million checks per second on my corei3 CPU.
I should point out that the reason why the overall mnemonic recovery option is slow is because the algorithm that comes after checksum validation is expensive (to derive the child keys), and also there is an issue with my implementation of Elliptic Curve Cryptography that puts a lot of pressure on GC slowing down the process. |
|
|
|
|
Show Posts
