BitCrack - A tool for brute-forcing private keys

[batareyka]

Hi to all.
  I have this question.
Suppose I knew private keys and their mirrors.
Example
Key
00000000000000000000000000000000000000000000000000001234567890
His address
18CmidJphhs7WYXR4jskcHaEF8sqHXbY2Q

And his twin brother
0000000000000000000000000000000000000000000000000000XXXXXXXXXX
His address
18CmidJphhs7WYXR4jskcHaEF8sqHXbY2Q
Can this help in some way in solving and finding the private key algorithm?
Could this be a relief in finding any other way to find a private key?

[itod]

Hi to all.
  I have this question.
Suppose I knew private keys and their mirrors.
Example
Key
00000000000000000000000000000000000000000000000000001234567890
His address
18CmidJphhs7WYXR4jskcHaEF8sqHXbY2Q

And his twin brother
0000000000000000000000000000000000000000000000000000XXXXXXXXXX
His address
18CmidJphhs7WYXR4jskcHaEF8sqHXbY2Q
Can this help in some way in solving and finding the private key algorithm?
Could this be a relief in finding any other way to find a private key?

You assumption is imposible, unless this would be first known collision known that two different private keys produce the same hash. So the question does not make sense, like you would asking what would be if you are at the same time at two different palces.

If this is the case, just publish this "twin brother" and you would become famous as a finder of the first collision of the Bitcoin hashes.

[batareyka]

Let's say I'm still in superposition and can be at two points at the same time.
I will return to my question.
Could it be easier to find a private key when you know the twin brothers?

I don't need glory.
One way or another, everything will become the property of mankind. (or it won't.)

[_Counselor]

Let's say I'm still in superposition and can be at two points at the same time.
I will return to my question.
Could it be easier to find a private key when you know the twin brothers?

I don't need glory.
One way or another, everything will become the property of mankind. (or it won't.)

No. Collisions still randomly distributed throughout whole keyspace. Some addresses may have no collisions at all.
If you find one collision, it will not help you find another collision or solve the ECDLP.

[batareyka]

I am very grateful to you for your answer

[mynonce]

Some addresses may have no collisions at all.

It is unbelievable, but each address exists approximately 2^96 times in the whole 2^256 bit space. (2^256 / 2^160 = 2^96)
So the chances that an address has no collisions at all are ~ 1 in 2^96, that means nearly zero.
We can be sure, that there are always collisions for an address.

[batareyka]

Some addresses may have no collisions at all.

It is unbelievable, but each address exists approximately 2^96 times in the whole 2^256 bit space. (2^256 / 2^160 = 2^96)
So the chances that an address has no collisions at all are ~ 1 to 2^96, that means nearly zero.
We can be sure, that there are always collisions for an address.

You are right they are and there are many of them.

[qiudaoyu]

Hi all,

I've been working on a tool for brute-forcing Bitcoin private keys.

.....

The performance is good, but can likely be improved. On my hardware (GeForce GT 640) it gets 9.4 million keys per second compressed, 7.3 million uncompressed.

....

Thoughts?


Thanks!

what I am going to say is purely theoretical, as I have never tried to brute force private keys.

I don´t think you will have any success doing this.
If you have enough hash power, you would probably make more money working as an honest node, mining.

Bitcoin protocol is secure enough. If it were brute force-able, bitcoin wouldn't be worth anything.

What i think you could do is to find a collision. If someone made an insecure private key, by just hashing some passphrase... maybe you could have some luck. I tried to do this once, but never found anything. I tried those terms like "wallet" "bitcoin". I found some addresses which used to have balances, but not anymore. But I was doing manually, like 1 address/3 minutes lol

If you could somehow at the same time check if any of those 9.4 million keys/sec have any balance in btc/bch/btg etc...

But I don't think any of that will work, and will be a waste of time and resources.

[soferox]

I have a question. Recently there was a flood and a notebook containing a offline wallet was damage and it destroyed part of a WIF private key, so now I basically have:

Kw**********(I have the next 40 characters, just not posting for obvious reasons), so I am missing 10 characters in all.

I also have the public key. Is it possible to use this software to start a search at Kw... and iterate over the missing 10 characters with the known 40 characters also in the key.

For example : 1GuqEWwH5iRZ89oo5xw26FqmyZFMWZrtPi - is the public address

and for the WIF private key I'd have Kw**********JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7

Any advice is appreciated and examples are even more appreciated

Thank you,
S.

[soferox]

searching for 58^10 on a binary level means I'd have to search 430,804,206,899,405,824 possible combos. With a CPU that would take centuries. I need to leverage GPUs to try and speed up the process.

[soferox]

no ,just 5 minutes:)

if you know Kw**********JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7, you can setup only for start "kw" with end "JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7"

Those 10 missing characters having a possible 58^10th power though. So it definitely won't take 5 minutes to brute force the 10 unknown characters. Unless what I am asking. can i set this software up to start at Kw and end with my 40 characters which would improve my chances by a lot using GPUs as using a CPU will not be possible in my lifetime.

If you can show an example of how I should configure the command to run this software I would greatly appreciate it, and happily tip once I recover the key.

[soferox]

no, propably you never tried this.

here example for find where start and stop is "5K" priate key:)

Code:

#wyszukiwanie v_1

import ecdsa
import hashlib
import base58
import time
import csv
import string
# base58 alphabet
alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

adres_balance={}


def sha256(arg) :
	''' Return a sha256 hash of a hex string '''
	byte_array = bytearray.fromhex(arg)
	m = hashlib.sha256()
	m.update(byte_array)
	return m.hexdigest()

def b58encode(hex_string) :
	''' Return a base58 encoded string from hex string '''
	num = int(hex_string, 16)
	encode = ""
	base_count = len(alphabet)
	while (num > 0) :
		num, res = divmod(num,base_count)
		encode = alphabet[res] + encode
	return encode

def b58decode(v):
	''' Decode a Base58 encoded string as an integer and return a hex string '''
	if not isinstance(v, str):
		v = v.decode('ascii')
	decimal = 0
	for char in v:
		decimal = decimal * 58 + alphabet.index(char)
	return hex(decimal)[2:] # (remove "0x" prefix)

def privToWif(priv, verbose=False) :
	''' Produce a WIF from a private key in the form of an hex string '''
	# 1 - Take a private key
	_priv = priv.lower() # just for aesthetics
	if verbose : print("Private key: "+_priv)
	# 2 - Add a 0x80 byte in front of it
	priv_add_x80 = "80" + _priv
	if verbose : print("Private with x80 at beginning: "+priv_add_x80)
	# 3 - Perform SHA-256 hash on the extended key 
	first_sha256 = sha256(priv_add_x80)
	if verbose : print("sha256: " + first_sha256.upper())
	# 4 - Perform SHA-256 hash on result of SHA-256 hash 
	seconf_sha256 = sha256(first_sha256)
	if verbose : print("sha256: " + seconf_sha256.upper())
	# 5 - Take the first 4 bytes of the second SHA-256 hash, this is the checksum 
	first_4_bytes = seconf_sha256[0:8]
	if verbose : print("First 4 bytes: " + first_4_bytes)
	# 6 - Add the 4 checksum bytes from point 5 at the end of the extended key from point 2 
	resulting_hex = priv_add_x80 + first_4_bytes
	if verbose : print("Resulting WIF in HEX: " + resulting_hex)
	# 7 - Convert the result from a byte string into a base58 string using Base58Check encoding. This is the Wallet Import Format 
	result_wif = b58encode(resulting_hex)
	if verbose : print("Resulting WIF: " + result_wif)
	return result_wif

 


def zamien_na_adres(klucz): 
    #start = time.time()
# WIF to private key by https://en.bitcoin.it/wiki/Wallet_import_format
    Private_key = base58.b58decode_check(klucz) 
    Private_key = Private_key[1:]

# Private key to public key (ecdsa transformation)
    signing_key = ecdsa.SigningKey.from_string(Private_key, curve = ecdsa.SECP256k1)
    verifying_key = signing_key.get_verifying_key()
    public_key = bytes.fromhex("04") + verifying_key.to_string()

# hash sha 256 of pubkey
    sha256_1 = hashlib.sha256(public_key)

# hash ripemd of sha of pubkey
    ripemd160 = hashlib.new("ripemd160")
    ripemd160.update(sha256_1.digest())

# checksum
    hashed_public_key = bytes.fromhex("00") + ripemd160.digest()
    checksum_full = hashlib.sha256(hashlib.sha256(hashed_public_key).digest()).digest()
    checksum = checksum_full[:4]
    bin_addr = hashed_public_key + checksum
    #print(time.time()-start)
# encode address to base58 and print
    return base58.b58encode(bin_addr) 

# zmienne do wyszukiwania

############################################
# wyszukiwanie min max
############################################

def string_to_ord(dana):
    x = []
    
    for character in dana:
        x.append(ord(character))
        
    return x
    
moje ={}    
def _binary_search(szukana,x,y, zakres_low, zakres_high):
    
    """Binary search that returns (index, low, high) of the final search step"""
    while zakres_low <= zakres_high:
        index = (zakres_low + zakres_high) // 2
        dane,war =generuj_dane(index)
        
        current_element = dane[war][x:y]
        #zmiana na int
        current_val=string_to_ord(current_element)
        szukana_val=string_to_ord(szukana)
        #print(current_element)
        #print(current_val)
        #print(szukana_val)
        if current_element[41:42]=="N": moje[dane]=war
        if current_element[x:y] == szukana[x:y]:
            return (index, zakres_low, zakres_high)
        elif current_val[x:y] < szukana_val[x:y]:
            zakres_low = index + 1
        elif current_val[x:y] > szukana_val[x:y]:
            zakres_high = index - 1

    return (-1, 0, 0)

def lower_bound(szukana,x,y,zakres_min,zakres_high):
    """Returns the index of the first occurrence of element in array"""
    index = -1
    first_index, low, high = _binary_search(szukana,x,y, zakres_min, zakres_high)
    index = first_index
    while first_index != -1:
        index = first_index
        first_index, low, high = _binary_search(szukana,x,y, low, first_index-1)
    index=hex(index)
    index = index.replace('0x','').replace('L','').zfill(64)
    return index
    
def upper_bound(szukana,x,y,zakres_min,zakres_high):
     """Returns the index of the last occurence of element in array"""
     index = -1
     first_index, low, high = _binary_search(szukana,x,y, zakres_min, zakres_high)
     index = first_index
     while first_index != -1:
         index = first_index
         first_index, low, high = _binary_search(szukana,x,y, first_index+1, high)
     index=hex(index)
     index = index.replace('0x','').replace('L','').zfill(64)
     return index    
     
def szukaj(szukana,x,y,low, max):
    """Basic binary search"""
    min_w=lower_bound(szukana,x,y,low,max)
    #print(min_w)
    max_w=upper_bound(szukana,x,y,int(min_w,16),max)
    #print(max_w)
    return min_w, max_w
    
    
####################################################################
def generuj_dane(wartosc):
    war = hex(wartosc)
    war = war.replace('0x','').replace('L','').zfill(64)
    return generuj(war), war
 
def search (target): 
    
    # Definiujmey zmienne, przechowujące zakres, który badamy
    
    left =  int("000000000000000000000000000000000000007777777eb4b4d68d49da3408a",16)
    right = int("fffffffffffffffffffffffffffffffffffffffffffffeb4b4d68d49da3408a",16) 
    index = 0 
    
    # Sprawdzamy czy zakres który jest badany, nie jest pusty
    
    while left < right: 
        
        # dzielimy listę na 2 zbiory
        
        index = (left + right) // 2 
        #print(index)
        # Jeżeli znaleźliśmy liczbę to kończymy
        # jeżeli lewa strona, jest mniejsza do ją odrzucamy
        # a jeżeli nie, to odrzucamy prawą stronę
         
        
        dane,war =generuj_dane(index)
        #print(dane[war])
        if dane[war][0:6]==target: 
            #print(dane[war])
            return war 
        else: 
            if dane[war][0:6]<target: 
                left = index+1 
            else: 
                right = index 
                
    return -1 



 
step=1

def generuj(start):
    dana={}
    set_a=[]
    i = 0
     
    while i < 1:
        wif = privToWif(start)
        adres = zamien_na_adres(wif)
        set_a.append(adres)
        for letter in set_a:
            #print("adres set "+str(letter,'utf-8'))
            adres = str(letter,'utf-8')
            set_a.remove(letter)
            dana[start]=wif
        if str(adres) in adres_balance:
            print(" adres : " + str(adres))
            print(" wif   : " + str(wif))
            print(" value : " + str(adres_balance[adres]))
            with open("/mnt/hgfs/Nowy/hack2.csv", "a") as duplikatf:
                duplikatf.write(str(adres) + "," +str(wif)+'\n')
        #with open("/mnt/hgfs/Nowy/dane.csv", "a") as duplikatf:
                #duplikatf.write(str(1) + "," +str(wif[0:6])+","+str(wif[6:42])+","+str(wif[42:51])+'\n') 
           
        i+=1
    return dana

adres_balance={}

 


min_w, max_w=szukaj("5K",0,2,int("1",16),int("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413b",16))
print(min_w + ' ' + max_w)
print((int(max_w,16) - int(min_w,16)))
 
print(moje)
 

I appreciate the help. What coding language is this, python? and how would I format my key into here? I am still a bit skeptical how it can solve 10 missing characters in 5 minutes as you say.

Thanks,
S.

[soferox]

I don't think this will help. I have already done something similar which is how I cam to determine it will take to long. But thank you for offering help. I appreciate it.

Thanks,
S.

[PawGo]

Hi,
1) you may check my program WifSolver to see if it helps.
https://github.com/PawelGorny/WifSolver

2) in your case I think it is possible to convert program into task for BitCrack. Using Gpu solution will be find much faster. Let me know if you need help with configuring bitcrack - how to configure range start/stop, stride etc

3) BUT! If you say that you know publickey, we may use even faster solution, Kangaroo. I have prepared a special version of it to work with custom stride, somewhere on the forum I post explanation how it works. If it works, for 10 missing characters result will be done in VERY reasonable time.

Check the post:
https://bitcointalk.org/index.php?topic=5315607.msg56298967#msg56298967

[mynonce]

3) BUT! If you say that you know publickey, we may use even faster solution, Kangaroo. I have prepared a special version of it to work with custom stride, somewhere on the forum I post explanation how it works. If it works, for 10 missing characters result will be done in VERY reasonable time.

If there is an outgoing transaction, then with the un/compressed public key and kangaroo or pollard, also possible.

Sadly this was an offline wallet, so it only ever had incoming transaction. It has never sent out.

@PawGo
New thread for that case
Missing 10 Characters in WIF Private Key - Can I recover them?
http://bitcointalk.org/index.php?topic=5379131.0

[itod]

I have a question. Recently there was a flood and a notebook containing a offline wallet was damage and it destroyed part of a WIF private key, so now I basically have:

Kw**********(I have the next 40 characters, just not posting for obvious reasons), so I am missing 10 characters in all.

I also have the public key. Is it possible to use this software to start a search at Kw... and iterate over the missing 10 characters with the known 40 characters also in the key.

For example : 1GuqEWwH5iRZ89oo5xw26FqmyZFMWZrtPi - is the public address

and for the WIF private key I'd have Kw**********JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7

Any advice is appreciated and examples are even more appreciated

Thank you,
S.

It's a good thing that you have end of WIF format data where the checksum is. You have to first Base58 decode the string (with corrupted part, or you can replace the corrupted part with zeros). Since you are doing it only once you can use this online tool:
https://www.browserling.com/tools/base58-decode

Once you have decoded number you can use the checksum to quickly check the possible missing values, if the checksum does not match you do not need the other calculations to get public key and check against it.
This is enormous speed-up, this is doable even on CPU, no need for GPU.

I doubt that you have some ready made tool for this second step, have to do some work yourself to code checking the missing values against the checksum. Good luck!


Edit:
Just tried it with some test values, you have to do Base58 Decode for all possible versions of missing values, not only once, string before corrupted characters stays the same but Base58 Encode changes all values after the corrupted place.

However, this is still much, much faster then generating Public key, doable on CPU for sure.

[batareyka]

Hello everybody. The question arose.
How to determine between the two public keys which is bigger? In addition to the subtraction function.
Example.
123456789 private key is not known to us.
His public key.
025004d7d9c2a3b2d675ada618d9ceda55d1f6a9fdf263e24daa8cbea586af2b2b

And accordingly his rival.
12345678a private key is not known to us
His public key.
02fde2347f83e21198fc48b918f5657c188ffcdd8611b39b987230addb91d05d80

Thanks for the answer.

[soferox]

I have a question. Recently there was a flood and a notebook containing a offline wallet was damage and it destroyed part of a WIF private key, so now I basically have:

Kw**********(I have the next 40 characters, just not posting for obvious reasons), so I am missing 10 characters in all.

I also have the public key. Is it possible to use this software to start a search at Kw... and iterate over the missing 10 characters with the known 40 characters also in the key.

For example : 1GuqEWwH5iRZ89oo5xw26FqmyZFMWZrtPi - is the public address

and for the WIF private key I'd have Kw**********JzXaqU2rcFSoaLaehAQHqoQX1cWCo92tAA3ihLJ7

Any advice is appreciated and examples are even more appreciated

Thank you,
S.

It's a good thing that you have end of WIF format data where the checksum is. You have to first Base58 decode the string (with corrupted part, or you can replace the corrupted part with zeros). Since you are doing it only once you can use this online tool:
https://www.browserling.com/tools/base58-decode

Once you have decoded number you can use the checksum to quickly check the possible missing values, if the checksum does not match you do not need the other calculations to get public key and check against it.
This is enormous speed-up, this is doable even on CPU, no need for GPU.

I doubt that you have some ready made tool for this second step, have to do some work yourself to code checking the missing values against the checksum. Good luck!


Edit:
Just tried it with some test values, you have to do Base58 Decode for all possible versions of missing values, not only once, string before corrupted characters stays the same but Base58 Encode changes all values after the corrupted place.

However, this is still much, much faster then generating Public key, doable on CPU for sure.

I believe I tried this with CPU and it was going to take a crazy amount of years to go through all combos. So perhaps I am doing something wrong. I am willing to pay a bounty for any help and code examples provided.

Thanks,
S.

[_Counselor]

Hello everybody. The question arose.
How to determine between the two public keys which is bigger? In addition to the subtraction function.
Example.
123456789 private key is not known to us.
His public key.
025004d7d9c2a3b2d675ada618d9ceda55d1f6a9fdf263e24daa8cbea586af2b2b

And accordingly his rival.
12345678a private key is not known to us
His public key.
02fde2347f83e21198fc48b918f5657c188ffcdd8611b39b987230addb91d05d80

Thanks for the answer.

There is no way to do this. If it were possible, the ecc would be completely broken.

[batareyka]

I am very grateful to you for your answer.