BitCrack - A tool for brute-forcing private keys

[NotATether]

Normally Bitcrack finds all the keys, it never skips any, but --stride option is not working for me. I put 20 keys randomly where there should be a collision, bitcrack finds the first ones but as it goes through the whole range it skips keys.
Also it finishes the scan way too fast, so I know it doesn't scan the whole range as instructed.


Example:
clBitCrack.exe -i addresses.txt -o keys.txt  --stride 4C4B40 --keyspace 0000000000000000000000000000000000000000000000008000000000000000:0000000000000000000000000000000000000000000000010000000000000000

Stride is 5mil and range is 2**63 - 2**64

What am I doing wrong?

Alright this means roughly every 2^22 keys or so are skipped. Do your input addresses have hex private keys that are exactly on a 0x4C4B40 interval between 2^63 and 2^64? I mean are your keys something like 2^63 + (0x4C4B40 * 1 2 3 4 5 6 etc)?

It may have something to do with the stride being multiplied by the number of points (pointsPerThread * Threads * Blocks) so the PointsPerThread (-p/--points) value is definitely something to look at.

[1715212075]

1715212075

[1715212075]

1715212075

[1715212075]

1715212075

[WanderingPhilospher]

Normally Bitcrack finds all the keys, it never skips any, but --stride option is not working for me. I put 20 keys randomly where there should be a collision, bitcrack finds the first ones but as it goes through the whole range it skips keys.
Also it finishes the scan way too fast, so I know it doesn't scan the whole range as instructed.


Example:
clBitCrack.exe -i addresses.txt -o keys.txt  --stride 4C4B40 --keyspace 0000000000000000000000000000000000000000000000008000000000000000:0000000000000000000000000000000000000000000000010000000000000000

Stride is 5mil and range is 2**63 - 2**64

What am I doing wrong?

If you are using the cl version, it is known to be riddled with bugs...who knows what it could be.

[BHWallet]

Normally Bitcrack finds all the keys, it never skips any, but --stride option is not working for me. I put 20 keys randomly where there should be a collision, bitcrack finds the first ones but as it goes through the whole range it skips keys.
Also it finishes the scan way too fast, so I know it doesn't scan the whole range as instructed.


Example:
clBitCrack.exe -i addresses.txt -o keys.txt  --stride 4C4B40 --keyspace 0000000000000000000000000000000000000000000000008000000000000000:0000000000000000000000000000000000000000000000010000000000000000

Stride is 5mil and range is 2**63 - 2**64

What am I doing wrong?

Alright this means roughly every 2^22 keys or so are skipped. Do your input addresses have hex private keys that are exactly on a 0x4C4B40 interval between 2^63 and 2^64? I mean are your keys something like 2^63 + (0x4C4B40 * 1 2 3 4 5 6 etc)?

It may have something to do with the stride being multiplied by the number of points (pointsPerThread * Threads * Blocks) so the PointsPerThread (-p/--points) value is definitely something to look at.

Thanks!
Of course, for example I start from 0, stride is 1000 I put addresses with pk 1000, 10000, 15000,150000,1000000 ... btcrack saves first few later it finds nothing.
Idk anything about points, how does it work exactly?

[BHWallet]

Normally Bitcrack finds all the keys, it never skips any, but --stride option is not working for me. I put 20 keys randomly where there should be a collision, bitcrack finds the first ones but as it goes through the whole range it skips keys.
Also it finishes the scan way too fast, so I know it doesn't scan the whole range as instructed.


Example:
clBitCrack.exe -i addresses.txt -o keys.txt  --stride 4C4B40 --keyspace 0000000000000000000000000000000000000000000000008000000000000000:0000000000000000000000000000000000000000000000010000000000000000

Stride is 5mil and range is 2**63 - 2**64

What am I doing wrong?

If you are using the cl version, it is known to be riddled with bugs...who knows what it could be.

idk buddy I never found a single bug, it never skipped a key without stride...

[WanderingPhilospher]

idk buddy I never found a single bug, it never skipped a key without stride...

You never found one bug with the newest CL (not CU) bitcrack version?  This thread is full of people reporting bugs.

[BHWallet]

It's working perfectly, 0 bugs for me, I see a lot of people in this thread never heard of command prompt or hex or binary before they heard about bitcrack so that might be the case.
It's relatively simple software I don't see how it could be so full of errors.

Stride error is also probably on my side, not btcrack, but I can't figure it out

[NotATether]

It's working perfectly, 0 bugs for me, I see a lot of people in this thread never heard of command prompt or hex or binary before they heard about bitcrack so that might be the case.
It's relatively simple software I don't see how it could be so full of errors.

What is your GPU model and driver version?

(The OpenCL version is still beta)

[coolindark]

Anyone can compile for latest CUDA? So we can use with new RTX cards. Thanks!

[NotATether]

Anyone can compile for latest CUDA? So we can use with new RTX cards. Thanks!

If you meant putting something like this in the Makefile:

Code:

-arch=sm_35 \
 -gencode=arch=compute_35,code=sm_35 \
 -gencode=arch=compute_50,code=sm_50 \
 -gencode=arch=compute_52,code=sm_52 \
 -gencode=arch=compute_60,code=sm_60 \
 -gencode=arch=compute_61,code=sm_61 \
 -gencode=arch=compute_70,code=sm_70 \
 -gencode=arch=compute_75,code=sm_75 \
 -gencode=arch=compute_80,code=sm_80 \
 -gencode=arch=compute_86,code=sm_86 \

Which compiles for all GPUs supported by CUDA 11.2, it turns out that it's taking a long time to build cuBitCrack - It's already been 20 minutes.

Edit: scratch that, the compile job finished the second I posted this   It stands at 7.5MB large, not bad for a fatbinary with nine different arch versions in it. However this also gives me the misaligned address error on my T4, but now that I have it here I can finally diagnose it.

[coolindark]

Anyone can compile for latest CUDA? So we can use with new RTX cards. Thanks!

If you meant putting something like this in the Makefile:

Code:

-arch=sm_35 \
 -gencode=arch=compute_35,code=sm_35 \
 -gencode=arch=compute_50,code=sm_50 \
 -gencode=arch=compute_52,code=sm_52 \
 -gencode=arch=compute_60,code=sm_60 \
 -gencode=arch=compute_61,code=sm_61 \
 -gencode=arch=compute_70,code=sm_70 \
 -gencode=arch=compute_75,code=sm_75 \
 -gencode=arch=compute_80,code=sm_80 \
 -gencode=arch=compute_86,code=sm_86 \

Which compiles for all GPUs supported by CUDA 11.2, it turns out that it's taking a long time to build cuBitCrack - It's already been 20 minutes.

Edit: scratch that, the compile job finished the second I posted this   It stands at 7.5MB large, not bad for a fatbinary with nine different arch versions in it. However this also gives me the misaligned address error on my T4, but now that I have it here I can finally diagnose it.

Great!  Waiting your results with excitement 

[NotATether]

Stack trace of the instructions before (or after?) the misaligned access error instruction:

Code:

(cuda-gdb) x/10i $pc
=> 0x5555564d08e0 <_Z25keyFinderKernelWithDoubleii+58848>:������LD.E.SYS R0, [R22] 
   0x5555564d08f0 <_Z25keyFinderKernelWithDoubleii+58864>:
    SHF.L.W.U32.HI R2, R3.reuse, 0x1a, R3.reuse 
   0x5555564d0900 <_Z25keyFinderKernelWithDoubleii+58880>:
    ULOP3.LUT UR5, UR4, UR7, URZ, 0x3c, !UPT 
   0x5555564d0910 <_Z25keyFinderKernelWithDoubleii+58896>:
    SHF.L.W.U32.HI R5, R3.reuse, 0x15, R3.reuse 
   0x5555564d0920 <_Z25keyFinderKernelWithDoubleii+58912>:
    IMAD.MOV.U32 R28, RZ, RZ, c[0x3][0x35c] 
   0x5555564d0930 <_Z25keyFinderKernelWithDoubleii+58928>:
    SHF.L.W.U32.HI R4, R3.reuse, 0x7, R3 
   0x5555564d0940 <_Z25keyFinderKernelWithDoubleii+58944>:
    IMAD.MOV.U32 R14, RZ, RZ, c[0x3][0x3a4] 
   0x5555564d0950 <_Z25keyFinderKernelWithDoubleii+58960>:
    LOP3.LUT R6, R3, c[0x3][0x374], RZ, 0xc, !PT 
   0x5555564d0960 <_Z25keyFinderKernelWithDoubleii+58976>:
    ULOP3.LUT UR5, UR5, UR6, URZ, 0xc0, !UPT 
   0x5555564d0970 <_Z25keyFinderKernelWithDoubleii+58992>:
    LOP3.LUT R5, R4, R2, R5, 0x96, !PT

I have no idea what sense to make out of the resulting CUDA disassembly (the error cannot be reproduced in debug mode forcing me to rely on the instruction pointer $pc (program counter))


Ok here's a better disassembly:

Code:

(cuda-gdb) x/20i $pc-256
   0x5555567b75e0 <_Z25keyFinderKernelWithDoubleii+58592>:������STL [R1+0x5c], R10 
   0x5555567b75f0 <_Z25keyFinderKernelWithDoubleii+58608>:������STL [R1+0x60], R12 
   0x5555567b7600 <_Z25keyFinderKernelWithDoubleii+58624>:
    IMAD.MOV.U32 R4, RZ, RZ, R55 
   0x5555567b7610 <_Z25keyFinderKernelWithDoubleii+58640>:
    IMAD.MOV.U32 R5, RZ, RZ, R54 
   0x5555567b7620 <_Z25keyFinderKernelWithDoubleii+58656>:������CALL.ABS.NOINC 0x0 
   0x5555567b7630 <_Z25keyFinderKernelWithDoubleii+58672>:������BSYNC B6 
   0x5555567b7640 <_Z25keyFinderKernelWithDoubleii+58688>:
    IMAD.MOV.U32 R0, RZ, RZ, 0x2 
   0x5555567b7650 <_Z25keyFinderKernelWithDoubleii+58704>:
    LOP3.LUT R0, R0, c[0x0][0x164], RZ, 0xfc, !PT 
   0x5555567b7660 <_Z25keyFinderKernelWithDoubleii+58720>:
    ISETP.NE.AND P0, PT, R0, 0x2, PT 
   0x5555567b7670 <_Z25keyFinderKernelWithDoubleii+58736>:������@P0 BRA 0x17250 
   0x5555567b7680 <_Z25keyFinderKernelWithDoubleii+58752>:
    IMAD R23, R60, 0x7, R53 
   0x5555567b7690 <_Z25keyFinderKernelWithDoubleii+58768>:
    IMAD.MOV.U32 R3, RZ, RZ, c[0x3][0x36c] 
   0x5555567b76a0 <_Z25keyFinderKernelWithDoubleii+58784>:
    IMAD.MOV.U32 R9, RZ, RZ, c[0x3][0x3a0] 
   0x5555567b76b0 <_Z25keyFinderKernelWithDoubleii+58800>:
    ULDC UR4, c[0x3][0x364] 
   0x5555567b76c0 <_Z25keyFinderKernelWithDoubleii+58816>:
    IMAD.WIDE R22, R23, 0x4, R78 
   0x5555567b76d0 <_Z25keyFinderKernelWithDoubleii+58832>:
    ULDC.64 UR6, c[0x3][0x35c] 
=> 0x5555567b76e0 <_Z25keyFinderKernelWithDoubleii+58848>:������LD.E.SYS R0, [R22] 
   0x5555567b76f0 <_Z25keyFinderKernelWithDoubleii+58864>:
    SHF.L.W.U32.HI R2, R3.reuse, 0x1a, R3.reuse 
   0x5555567b7700 <_Z25keyFinderKernelWithDoubleii+58880>:
    ULOP3.LUT UR5, UR4, UR7, URZ, 0x3c, !UPT 
   0x5555567b7710 <_Z25keyFinderKernelWithDoubleii+58896>:
    SHF.L.W.U32.HI R5, R3.reuse, 0x15, R3.reuse

Now the faulty instruction is the one with the arrow on the left, and the last 20 or so instructions are the ones accessing bad memory.

We already know that the problem function is "doIterationWithDouble" so all searching should be done there

We just need to see how this CUDA Pseudo-C code translates into PTX assembly  


Take three

Full disassembly of the CUDA function "_Z25keyFinderKernelWithDoubleii" (whatever that means! ) is available at https://files.notatether.com/public/temp/bitcrack/gdblog.txt for anyone who's interested. It stands at 685KB large.

Matching the statements to their disassembled instructions may be our only chance of identifying the problematic regions of memory (the faulty statement has already been found but we don't yet know where the misalignment is coming from).

This disassembly might also include functions other than doIterationWithDouble, because the entire kernel was dumped (so that means that anything compiled in the same nvcc command is potentially in there).


Most interesting is this line:

   0x00005555567b76d0 <+58832>: ULDC.64 UR6, c[0x3][0x35c] <-- Crash location

It seems to be doing some 64 bit operation on an array in memory located at... 0x35c (bingo: 0xc is not a multiple of 64 bits = 0x8: there is our misaligned access error).

Now the question is which array does this correspond to.

small edit: fix broken link

[Markzuberg64]

Hi guys ,

Can this tool or any modification of this be modified to write all private keys and respective uncompressed private keys and addresses) in range 1 to 56BC75E2D630FFFFF as a csv file . Since it generates 700 to xxxx million keys /s in some of its versions , so it will take many years on a single machine. But still looking for solutions. Writing regular outputs will consume too much time
So better it will save several millions or billions in some sort of memory operation and then write them once ,  till then next batch will find its space in memory to be written again.

[NotATether]

Hi guys ,

Can this tool or any modification of this be modified to write all private keys and respective uncompressed private keys and addresses) in range 1 to 56BC75E2D630FFFFF as a csv file . Since it generates 700 to xxxx million keys /s in some of its versions , so it will take many years on a single machine. But still looking for solutions. Writing regular outputs will consume too much time
So better it will save several millions or billions in some sort of memory operation and then write them once ,  till then next batch will find its space in memory to be written again.

If I understand you correctly, you are saying that Bitcrack should write the address of each private key it finds to a file?

How would that speed up key searching? Bitcrack doesn't even encode addresses anyway (it only decodes them to RIPEMD160 hash at the beginning of a search) so modifying it to make an address out of every address it finds will slow it down.

[fxsniper]

Hi guys ,

Can this tool or any modification of this be modified to write all private keys and respective uncompressed private keys and addresses) in range 1 to 56BC75E2D630FFFFF as a csv file . Since it generates 700 to xxxx million keys /s in some of its versions , so it will take many years on a single machine. But still looking for solutions. Writing regular outputs will consume too much time
So better it will save several millions or billions in some sort of memory operation and then write them once ,  till then next batch will find its space in memory to be written again.

If I understand you correctly, you are saying that Bitcrack should write the address of each private key it finds to a file?

How would that speed up key searching? Bitcrack doesn't even encode addresses anyway (it only decodes them to RIPEMD160 hash at the beginning of a search) so modifying it to make an address out of every address it finds will slow it down.

I agree with write to file make bitcrack slowly
both technic open file and write file each key or collector on memory and write one same work slow
(write to file use low memory and write one use large memory too)

if you need write to file on this case it no need to use bitcrack just use any python script write to file it fast same your want both random and running number
I try already like python write file private key 1 million per 4 minute (up to harddisk or SSD storage)

if you want to collect private key is use a log of storage to keep it too. plan text file is very small but when have billions trillion line use some space
64 billion private key data use 4TB disk, how many you need to keep

most decide to scan and let it go

[Markzuberg64]

Thanks for your comments.
 I understand that it goes upto hash160 function only but public keys are generated at very starting stages so writing private keys and public keys is possible.
Is there any implementation of same in python or c or any low level language like brainflayer had. So it can be modified accordingly. Brainflayer speed for incremental private keys is less than 500k/s . Or if anyone knows any such private key public key database already built for some keyspace .

Hi guys ,

Can this tool or any modification of this be modified to write all private keys and respective uncompressed private keys and addresses) in range 1 to 56BC75E2D630FFFFF as a csv file . Since it generates 700 to xxxx million keys /s in some of its versions , so it will take many years on a single machine. But still looking for solutions. Writing regular outputs will consume too much time
So better it will save several millions or billions in some sort of memory operation and then write them once ,  till then next batch will find its space in memory to be written again.

If I understand you correctly, you are saying that Bitcrack should write the address of each private key it finds to a file?

How would that speed up key searching? Bitcrack doesn't even encode addresses anyway (it only decodes them to RIPEMD160 hash at the beginning of a search) so modifying it to make an address out of every address it finds will slow it down.

I agree with write to file make bitcrack slowly
both technic open file and write file each key or collector on memory and write one same work slow
(write to file use low memory and write one use large memory too)

if you need write to file on this case it no need to use bitcrack just use any python script write to file it fast same your want both random and running number
I try already like python write file private key 1 million per 4 minute (up to harddisk or SSD storage)

if you want to collect private key is use a log of storage to keep it too. plan text file is very small but when have billions trillion line use some space
64 billion private key data use 4TB disk, how many you need to keep

most decide to scan and let it go

[fxsniper]

I feel  bitcrack work by scan all range very slow
https://github.com/brichard19/BitCrack

I am not follow from beginning
brichard19 is original bitcrack right



bitcrack this version have random mode right, I will try compare
https://github.com/djarumlights/BitCrack



compare bitcrack with kangaroo with same keyspace, kangaroo work very fast and kangaroo found key fast
and bitcrack can not found key
I test with address that have pubkey and bitcrack   by bitcrack use address and kangaroo use pubkey both same bitcoin
kangaroo can found key on 2 hour but bit crack 24 hour still not found  (clbitcrack OpenCL version)

[fxsniper]

help, can anybody help to code powershell script for random and run clBitCrack.exe

batch file work fine but limited about random command
powershell script may be work better, I try code but still error


batch file script

Code:

@echo on
:loop
echo  %date%-%time%
clBitCrack.exe -c -u -o out256-000.txt --keyspace %random%%random%%random%%random%:+10000000 -i in256-000.txt
echo  %date%-%time%
goto loop

powershell script (error)

Code:

Get-Date
DO{
"Starting Loop $a"
$a
$a++
$x = Get-Random -Minimum 20000000000000 -Maximum 1999999999999999
Start-Process "C:\bitcoin\clBitCrack.exe -c -u -o out.txt --keyspace $x:+10000000 -i in.txt"
} Until ($a -le 5)
Get-Date

actually I would like to create small utility but I can not code C++
may be look like ttdclient.exe from pool 64 bit

[WanderingPhilospher]

help, can anybody help to code powershell script for random and run clBitCrack.exe

batch file work fine but limited about random command
powershell script may be work better, I try code but still error


batch file script

Code:

@echo on
:loop
echo  %date%-%time%
clBitCrack.exe -c -u -o out256-000.txt --keyspace %random%%random%%random%%random%:+10000000 -i in256-000.txt
echo  %date%-%time%
goto loop

powershell script (error)

Code:

Get-Date
DO{
"Starting Loop $a"
$a
$a++
$x = Get-Random -Minimum 20000000000000 -Maximum 1999999999999999
Start-Process "C:\bitcoin\clBitCrack.exe -c -u -o out.txt --keyspace $x:+10000000 -i in.txt"
} Until ($a -le 5)
Get-Date

actually I would like to create small utility but I can not code C++
may be look like ttdclient.exe from pool 64 bit

Already exists...I'll go look for it for you
Works just like pool, but you can run it on your own PC/network. Works great
https://github.com/Etayson/BC_server-client

If that is not what you are looking for, look in thread, I posted a python script or look at the BSGS thread and use that script as example

Code:

import sys, time, random, os
from datetime import datetime
random.seed(datetime.now())
arq1 = open('randomrange.bat', 'w')
arq2 = open('randomrangeschecked.txt', 'a')

for x in range(1):
    low  = 0x800ffffff
    high = 0xfff000000
    randp = str(hex( random.randrange( low, high ) )).lstrip("0x")
    arq1.write("start /min /wait cuBitcrack -d 1 -b 64 -t 128 -p 256 --keyspace " + randp + "0000000:+FFFFFFF -i 64.txt -o YOUFOUNDTHEKEY.txt")
    arq2.write(randp + "0000000" '\n')
    arq2.write(randp + "FFFFFFF" '\n')
arq1.close()

So there is the python script; adjust ranges accordingly. Then setup a batch file to call the .py first and then call your created batch file from the .py execution; in the example above it would be randomrange.bat.

Batch file example:

Code:

:while1
start /wait /min abovepythonscript.py
start /wait /min randomrange.bat

goto :while1

[fxsniper]

Already exists...I'll go look for it for you
Works just like pool, but you can run it on your own PC/network. Works great
https://github.com/Etayson/BC_server-client

If that is not what you are looking for, look in thread, I posted a python script or look at the BSGS thread and use that script as example
 

Thank you WanderingPhilospher

I will try BC_server-client

[fxsniper]

I try create small utility myself using C# copy sample code to

Can anyone help to fix about random function can not using large number
problem  random.Next not work with 9223372036854775808 to 18446744073709551616

random.Next(9223372036854775808, 18446744073709551616)

I would like to keep it to use and modify to use with kangaroo by re-write in.txt file automatic before run next kangaroo and modify for BSGS too

Console App (.NETFramework)

Program.cs

Code:

using System;
using System.Diagnostics;
using System.ComponentModel;
using System.IO;

namespace MyProcessSample
{
    class MyProcess
    {
        public static void Main()
        {
            try
            {
                using (Process myProcess = new Process())
                {
                    for (int i = 1; i <= 10000000; i++)
                    {
                        //myProcess.StartInfo.UseShellExecute = false;
                        myProcess.StartInfo.UseShellExecute = true;
                        string filepath = '"' + Directory.GetCurrentDirectory() + "\\clBitCrack.exe" + '"';
                        Console.WriteLine("The current directory is {0}", filepath);
                        myProcess.StartInfo.FileName = filepath;

                        var random = new Random();
                        int start = random.Next(92368, 18446370);
                        //int stop = random.Next(9223372036854775808, 18446744073709551616)
                        //long start = random.Next(9223372036854775808, 18446744073709551616);
                        //int step = 10000000;
                        //int stop = start + step;
                        myProcess.StartInfo.Arguments = " -c -u -o out.txt --keyspace " + start + ":+10000000 -i in.txt";
                        myProcess.StartInfo.CreateNoWindow = true;
                        Console.WriteLine(DateTime.Now.ToString("yyyy-MM-ddTHH:mm:ss.ffffffK"));
                        myProcess.Start();
                        myProcess.WaitForExit();
                        if (i == 10000000)
                            {
                                break;
                            }

                     }
                        Console.WriteLine("Press any key to exit.");
                        Console.ReadLine();
                        //Console.ReadKey();
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
        }
    }
}