Bitcoin Forum
November 16, 2024, 07:49:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: [CLAIMED!] Bounty: 0.25 BTC. Find the Bitcoins hidden in plain sight.  (Read 10141 times)
mmdough
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile
July 14, 2011, 09:01:53 PM
 #41

And follow the instructions on bitbills to import.

THAT'S what I was trying to figure out.

To bad it doesn't seem to work Cry
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
July 14, 2011, 09:07:21 PM
 #42

How to convert 32 byte hex private key into Base58-key that can be imported into a wallet...

1. take your 32 bytes...
2. tack 0x80 on at the beginning as the first byte (so now you have 33 bytes)
3. take sha256(sha256(those 33 bytes))
4. tack the first 4 bytes of the result of step 3 onto the end (so now you have 37 bytes)
5. compute base58 of the resulting 37 bytes

Base58 key will always start with a '5' in part because of the constant 0x80 being the first byte.

Working Microsoft C# code that does it:

Code:
        private string ByteArrayToBase58Check(byte[] ba) {
            // it is assumed that ba is 33 bytes long and starts with 0x80
            byte[] bb = new byte[ba.Length + 4];
            Array.Copy(ba, bb, ba.Length);
            SHA256CryptoServiceProvider sha256 = new SHA256CryptoServiceProvider();
            byte[] thehash = sha256.ComputeHash(ba);
            thehash = sha256.ComputeHash(thehash);
            for (int i = 0; i < 4; i++) bb[ba.Length + i] = thehash[i];
            return ByteArrayToBase58(bb);
        }

        private string ByteArrayToBase58(byte[] ba) {
            Org.BouncyCastle.Math.BigInteger addrremain = new Org.BouncyCastle.Math.BigInteger(1,ba);
            Org.BouncyCastle.Math.BigInteger big0 = new Org.BouncyCastle.Math.BigInteger("0");
            Org.BouncyCastle.Math.BigInteger big58 = new Org.BouncyCastle.Math.BigInteger("58");

            string b58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
            string rv = "";

            while (addrremain.CompareTo(big0) > 0) {
                int d = Convert.ToInt32(addrremain.Mod(big58).ToString());
                addrremain = addrremain.Divide(big58);
                rv = b58.Substring(d, 1) + rv;
            }

            // handle leading zeroes
            foreach (byte b in ba) {
                if (b != 0) break;
                rv = "1" + rv;
            }
            return rv;
        }


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
gentakin
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
July 14, 2011, 09:21:13 PM
 #43

I studied the vanitygen code, and I probably figured it out. Just noticed your C# explanation now. (edit: Huh, if I remember correctly, I only used sha256 once... So this is maybe not going to work..?)

I did a -rescan and the 0.25 showed up. Then it took me another minute to figure out an amount where bitcoin wouldn't complain about transaction fees. Now waiting to see if my transaction goes through or if someone was faster than me. Grin

Anyway, it was fun! Thanks a lot for the challenge. Smiley

1HNjbHnpu7S3UUNMF6J9yWTD597LgtUCxb
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
July 14, 2011, 09:22:18 PM
 #44

lol.. well there goes my theory that casascius was throwing out this little puzzle to demonstrate how easy and convenient it is to import the keys from paper wallets!


@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
mmdough
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile
July 14, 2011, 09:25:06 PM
 #45

lol.. well there goes my theory that casascius was throwing out this little puzzle to demonstrate how easy and convenient it is to import the keys from paper wallets!



That's what I figured, too. I did a google search for "Plain Sight Bitcoin" and found http://sprucecodes.com/ who cross-promotes the paper wallets heavily. SO SURE I was on the right track!

Ah well, kept me from cleaning the house for a few hours :-P.

Congrats to the skillful winner!
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
July 14, 2011, 09:28:59 PM
 #46

I studied the vanitygen code, and I probably figured it out. Just noticed your C# explanation now. (edit: Huh, if I remember correctly, I only used sha256 once... So this is maybe not going to work..?)

I did a -rescan and the 0.25 showed up. Then it took me another minute to figure out an amount where bitcoin wouldn't complain about transaction fees. Now waiting to see if my transaction goes through or if someone was faster than me. Grin

Anyway, it was fun! Thanks a lot for the challenge. Smiley
Care to elaborate?  Once the transaction goes through, of course...
gentakin
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
July 14, 2011, 09:29:39 PM
 #47

There is no winner yet! Wink My transaction shows up at bitcoincharts.com/bitcoin, however it is listed as low priority. So.. if it works, I will be asleep by that time. Grin

The last block was found 30 minutes ago.. come on. I can't wait any longer.. I will check tomorrow, and if I see the BTC in my wallet, I will update here to explain how it worked.

1HNjbHnpu7S3UUNMF6J9yWTD597LgtUCxb
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
July 14, 2011, 09:38:16 PM
 #48

lol.. well there goes my theory that casascius was throwing out this little puzzle to demonstrate how easy and convenient it is to import the keys from paper wallets!



That's just it, it's not yet easy.

I was mainly trying to show that Bitcoins can be hidden in short amounts of plain text.  Any text will do, as long as it's not too short that it can be guessed by brute force.

An entire wallet could be generated from a short amount of plain text as well - simply by adding a counter onto the end of the string.  That's been proposed as a "deterministic wallet".  If done that way, one would never need to back it up, as long as they kept the original string safe and secure.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
randomguy7
Hero Member
*****
Offline Offline

Activity: 527
Merit: 500


View Profile
July 14, 2011, 09:41:20 PM
Last edit: July 14, 2011, 09:52:11 PM by randomguy7
 #49

Wild guess: the string is base58. Decode it, import resulting 32 bytes as private key, grab a cookie

edit: Are i and l allowed in base58? Afaik not, will this produce some result when trying to decode it or will it fail?
willphase
Hero Member
*****
Offline Offline

Activity: 767
Merit: 500


View Profile
July 14, 2011, 09:55:26 PM
 #50

Wild guess: the string is base58. Decode it, import resulting 32 bytes as private key, grab a cookie

edit: Are i and l allowed in base58? Afaik not, will this produce some result when trying to decode it or will it fail?

i (eye) is allowed by l (ell) isn't.   Annoying for someone with L's in my name... it's hard to keep up with the 1JonesesnUrF3mMFYmJbKHzRrvpdUP7Tke with an L in your name...

Will

EricJ2190
Full Member
***
Offline Offline

Activity: 134
Merit: 102


View Profile
July 14, 2011, 10:03:35 PM
Last edit: July 14, 2011, 10:46:10 PM by EricJ2190
 #51

It was claimed while I was trying to do so myself. Somebody beat me to it.  Sad

Anyway, the secret is that the SHA-256 hash of the string is the private key for that address.
spruce
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
July 14, 2011, 10:11:07 PM
 #52


I was mainly trying to show that Bitcoins can be hidden in short amounts of plain text.  Any text will do, as long as it's not too short that it can be guessed by brute force.


Yeah, that's actually pretty neat.

I've been doing it the other way round, i.e. starting with a specific address and key and then obfuscating the key somehow. It hadn't occurred to me to start with some convenient text and then generate a private key and public address from that.

Hey Casascius — you could include in your business creating public/private keys on paper based on a specific passphrase. I don't know how popular that would be, although there is no real difference in the trust involved.

I think I prefer my unbreakable one-time code. Apart from the slight problem that I don't know of a simple way for someone not a computer genius to get their bitcoins out again.
Bitcoin Swami
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
July 14, 2011, 10:27:34 PM
 #53

You guys are so smart.
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
July 14, 2011, 10:35:16 PM
 #54

Here is also why I became interested in hiding bitcoins in strings:

I have considered making some sort of physical bitcoins (like coins, or poker chips, or whatever) - who knows if I'll do it - but it occurred to me that hiding 51 legible characters in a small object might be difficult.  But I thought that if I could hide even 20 characters, and simply define the private key as SHA256 of those 20 characters, that it would be just as secure.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
July 14, 2011, 10:51:19 PM
 #55

Time to start SHA-256ing dictionary words to see if the bitcoin addresses that match have a balance.  Tongue
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
July 14, 2011, 10:59:25 PM
 #56

Time to start SHA-256ing dictionary words to see if the bitcoin addresses that match have a balance.  Tongue

A brute force attack on keys like this would be computationally intensive.  Getting the bitcoin address from the private key requires a slow EC point multiplication.  It would run as slowly as a vanity bitcoin address search, and would be difficult to port to a GPU due to recursion.

I could see a future bitcoin client allowing redemption of coins sitting on "passphrases", and the creation of those same passphrases, and suckers choosing poor passphrases as places to put their coins.



Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
sgravina
Sr. Member
****
Offline Offline

Activity: 451
Merit: 250



View Profile
July 15, 2011, 12:09:59 AM
 #57

"This string contains 0.25 BTC hiding in plain sight."

Whoever can first figure out how I have hidden the 0.25 BTC gets it.  The 0.25 BTC are waiting for you at 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 (just sent it now).

This is real cute but I don't think the puzzle as presented was accurate.  The string holds the private key.  But you need the private key and the address to spend the bitcoins.  The second sentence is necessary to find the bitcoins.

Sam
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
July 15, 2011, 12:15:09 AM
 #58

"This string contains 0.25 BTC hiding in plain sight."

Whoever can first figure out how I have hidden the 0.25 BTC gets it.  The 0.25 BTC are waiting for you at 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 (just sent it now).

This is real cute but I don't think the puzzle as presented was accurate.  The string holds the private key.  But you need the private key and the address to spend the bitcoins.  The second sentence is necessary to find the bitcoins.

Sam

It actually was not necessary. The address can be computed from the private key. I gave the address to prove the existence of the bounty and as a hint.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
sgravina
Sr. Member
****
Offline Offline

Activity: 451
Merit: 250



View Profile
July 15, 2011, 12:30:48 AM
 #59

Quote

It actually was not necessary. The address can be computed from the private key. I gave the address to prove the existence of the bounty and as a hint.

So every address has a unique private key.  The private key can generate the address but each address can't generate a private key?  Is that true?

Sam
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
July 15, 2011, 02:33:22 AM
 #60

Quote

It actually was not necessary. The address can be computed from the private key. I gave the address to prove the existence of the bounty and as a hint.

So every address has a unique private key.  The private key can generate the address but each address can't generate a private key?  Is that true?

Sam

That is exactly it. Bends the mind a little bit the first time you here of such one-way functions. But the math is solid.
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!