Bitcoin Forum
March 06, 2021, 12:01:44 PM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 2010 Wallet delivery and encryption "Treasure Hunt"  (Read 213 times)
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 22, 2021, 11:23:43 AM
 #1

Anyone got experience with wallets supplied to the customer contained in swf game files?

I purchased btc from a miner in May 2010, he provided an online game login to retrieve the wallet/s.

Instead of getting a simple privkey I ended up with a folder of game files which appear to be encrypted. These have sat in a folder on my PC for 11 years, I thought it might have been a hoax except the blockchain suggests otherwise. The swf file runs a simple image which does nothing, perhaps it used to contact a server but now nought.

The miner was a UK developer, I have lost all contact details.

One folder has a 32bit key title, The images seem to linked to a gozp.dat file but this won't open in either QT nor Electrum when renamed to wallet.dat. A weird .png image exists which seems to have a long hash key inside it... it's confusing.

Anyone got any experience of this? can you offer any clues? do you recognise this or sell me these files?? I would now like to open the wallet lol!

https://www.dropbox.com/s/4pgfaa9gmnk2kn2/Screenshot%202021-02-22%2010.45.50.png?dl=0

https://www.dropbox.com/s/vickqz8f2kvtlj9/Screenshot%202021-02-22%2010.57.00.png?dl=0

1615032104
Hero Member
*
Offline Offline

Posts: 1615032104

View Profile Personal Message (Offline)

Ignore
1615032104
Reply with quote  #2

1615032104
Report to moderator
1615032104
Hero Member
*
Offline Offline

Posts: 1615032104

View Profile Personal Message (Offline)

Ignore
1615032104
Reply with quote  #2

1615032104
Report to moderator
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1615032104
Hero Member
*
Offline Offline

Posts: 1615032104

View Profile Personal Message (Offline)

Ignore
1615032104
Reply with quote  #2

1615032104
Report to moderator
1615032104
Hero Member
*
Offline Offline

Posts: 1615032104

View Profile Personal Message (Offline)

Ignore
1615032104
Reply with quote  #2

1615032104
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2680


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
February 22, 2021, 11:48:41 AM
 #2

It's first time i hear people actually obfuscate or/and encrypted wallet inside video game. Assuming it's not fake/hoax, i suspect it uses non-standard obsfucation, encryption or private key representation.

ranochigo
Legendary
*
Online Online

Activity: 2268
Merit: 1937

@ me if you need my response


View Profile
February 22, 2021, 12:02:37 PM
 #3

If you do not have sole control of the private keys, then it is reasonable to assume that you were never in control of any Bitcoins at any point in time.

I don't see the point of the "miner" selling you the wallet without giving you any directions to retrieve it. What did you mean by Blockchain says otherwise? Did he give you an address or something?

dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 22, 2021, 12:49:11 PM
 #4

It's first time i hear people actually obfuscate or/and encrypted wallet inside video game. Assuming it's not fake/hoax, i suspect it uses non-standard obsfucation, encryption or private key representation.

 ...Totally agree but this was May 2010 when lots of experimentation was taking place ...
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 22, 2021, 12:56:27 PM
Last edit: February 22, 2021, 03:06:21 PM by dr10101
 #5

If you do not have sole control of the private keys, then it is reasonable to assume that you were never in control of any Bitcoins at any point in time.

I don't see the point of the "miner" selling you the wallet without giving you any directions to retrieve it. What did you mean by Blockchain says otherwise? Did he give you an address or something?

... a valid point, but I have reason to believe this wasn't the intention of the seller/ miner and evidence on the blockchain points me to a software issue in 2011 which caused the loss of access for the developer to a significant haul of unsold btc which our transaction leads directly back to..  I feel that I do have the keys , just can't identify them!
escobol
Member
**
Online Online

Activity: 141
Merit: 38


View Profile
February 22, 2021, 05:21:06 PM
 #6

Maybe try

https://coreyphillips.github.io/

https://medium.com/@corey.lyle.phillips/part-1-3-turn-your-photos-into-bitcoin-private-keys-addresses-57669771cf7a


(But i doubt)
odolvlobo
Legendary
*
Offline Offline

Activity: 3150
Merit: 1814



View Profile
February 23, 2021, 07:57:21 AM
 #7

Anyone got any experience of this? can you offer any clues? do you recognise this or sell me these files?? I would now like to open the wallet lol!
https://www.dropbox.com/s/4pgfaa9gmnk2kn2/Screenshot%202021-02-22%2010.45.50.png?dl=0
https://www.dropbox.com/s/vickqz8f2kvtlj9/Screenshot%202021-02-22%2010.57.00.png?dl=0

Shockwave is an animation system that can be used to make simple interactive 2D games. A SWF contains the program. There is nothing in either of those two folders that look like they might even be remotely related to bitcoin.

A bitcoin wallet is usually stored in a file called wallet.dat in a folder that typically contains the following files and folders:

anchors.dat
banlist.dat
bitcoin.conf
blocks
chainstate
db.log
debug.log
fee_estimates.dat
mempool.dat
peers.dat
settings.json
wallet.dat

It looks like your folder has those along with other unrelated stuff.

Buy stuff on Amazon with BTC or convert Amazon points to BTC here: Purse.io
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
mocacinno
Legendary
*
Offline Offline

Activity: 2240
Merit: 2949


https://merel.mobi => buy facemasks with BTC/LTC


View Profile WWW
February 23, 2021, 08:07:37 AM
 #8

back in the days, i remember playing around with those swf's... IIRC, there used to be tools to decompile them and look at the sourcecode? Maybe you can find a hint therein?

NotATether
Sr. Member
****
Online Online

Activity: 448
Merit: 1098


Legacy


View Profile WWW
February 23, 2021, 10:14:02 AM
 #9

back in the days, i remember playing around with those swf's... IIRC, there used to be tools to decompile them and look at the sourcecode? Maybe you can find a hint therein?

There's a list of free and paid SWF decompilers nicely aggregated on a single page: http://bruce-lab.blogspot.com/2010/08/freeswfdecompilers.html?m=1

There's also a stack overflow question about it with more tools at https://stackoverflow.com/questions/97018/how-do-you-decompile-a-swf-file

Some more stuff I found from a google search:

https://www.flash-decompiler.com/
https://github.com/jindrapetrik/jpexs-decompiler



But I think the bigger question here is what kind of wallet it is? All wallet softwares put a special sequence of bytes at the beginning of the wallet file that uniquely identifies its type (the so-called Magic Bytes).

Install a hex editor such as HxD (and make a copy of the extracted wallet file because HxD allows you to unintentionally edit and save the file just by typing keys on the keyboard!) and open the wallet file with it, look at the first 10 or so bytes and see if they match any of the defined magic bytes.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2680


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
February 23, 2021, 11:27:30 AM
 #10

It's first time i hear people actually obfuscate or/and encrypted wallet inside video game. Assuming it's not fake/hoax, i suspect it uses non-standard obsfucation, encryption or private key representation.

 ...Totally agree but this was May 2010 when lots of experimentation was taking place ...

I know there are few standard for wallet on early days of Bitcoin, but IMO hiding it on video game is still unusual.

But I think the bigger question here is what kind of wallet it is? All wallet softwares put a special sequence of bytes at the beginning of the wallet file that uniquely identifies its type (the so-called Magic Bytes).

Install a hex editor such as HxD (and make a copy of the extracted wallet file because HxD allows you to unintentionally edit and save the file just by typing keys on the keyboard!) and open the wallet file with it, look at the first 10 or so bytes and see if they match any of the defined magic bytes.

Shouldn't OP look for magic bytes used by bitcoin (such as 62 31 05 00 09 00 00 00) ?

Source : https://bitcoin.stackexchange.com/questions/41447/filesystem-is-corrupt-how-to-find-wallet-dat

dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 23, 2021, 11:40:06 PM
 #11


Thx ... we are on it like white on rice!
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 23, 2021, 11:46:22 PM
 #12

It's first time i hear people actually obfuscate or/and encrypted wallet inside video game. Assuming it's not fake/hoax, i suspect it uses non-standard obsfucation, encryption or private key representation.

 ...Totally agree but this was May 2010 when lots of experimentation was taking place ...

I know there are few standard for wallet on early days of Bitcoin, but IMO hiding it on video game is still unusual.

But I think the bigger question here is what kind of wallet it is? All wallet softwares put a special sequence of bytes at the beginning of the wallet file that uniquely identifies its type (the so-called Magic Bytes).

Install a hex editor such as HxD (and make a copy of the extracted wallet file because HxD allows you to unintentionally edit and save the file just by typing keys on the keyboard!) and open the wallet file with it, look at the first 10 or so bytes and see if they match any of the defined magic bytes.

Shouldn't OP look for magic bytes used by bitcoin (such as 62 31 05 00 09 00 00 00) ?

Source : https://bitcoin.stackexchange.com/questions/41447/filesystem-is-corrupt-how-to-find-wallet-dat

...Appreciate that, will certainly take a deeper dive for the magic bytes, but feel we are looking for hidden private keys..
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 25, 2021, 06:06:15 PM
 #13

Anyone got any experience of this? can you offer any clues? do you recognise this or sell me these files?? I would now like to open the wallet lol!
https://www.dropbox.com/s/4pgfaa9gmnk2kn2/Screenshot%202021-02-22%2010.45.50.png?dl=0
https://www.dropbox.com/s/vickqz8f2kvtlj9/Screenshot%202021-02-22%2010.57.00.png?dl=0

Shockwave is an animation system that can be used to make simple interactive 2D games. A SWF contains the program. There is nothing in either of those two folders that look like they might even be remotely related to bitcoin.

A bitcoin wallet is usually stored in a file called wallet.dat in a folder that typically contains the following files and folders:

anchors.dat
banlist.dat
bitcoin.conf
blocks
chainstate
db.log
debug.log
fee_estimates.dat
mempool.dat
peers.dat
settings.json
wallet.dat

It looks like your folder has those along with other unrelated stuff.



... this flash file was the interface to obtain the "files" from which I understood that I should have been able to obtain private keys. Researching this more I am certain that image24.png is used as  a hex checksum or is hashed SOMEHOW with a 32 bit key to derive the  privkey. I have been testing and get results! (opening two other users wallets!!) but not the private keys I am after. I just don't know exactly what standard was applied to the process here, Hash the image, passphrase as a salt, hash the passphrase, single hash, double hash whos to know...? thx for the comments, its a privkey I am after here... certain of it.
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 25, 2021, 06:12:42 PM
 #14

back in the days, i remember playing around with those swf's... IIRC, there used to be tools to decompile them and look at the sourcecode? Maybe you can find a hint therein?

We took the .swf apart and nothing to say about it. But would be very interested in any standard tools which may have been around in 2010?? tools to translate an imagefile and a 32bit hex word into a privkey Wink
odolvlobo
Legendary
*
Offline Offline

Activity: 3150
Merit: 1814



View Profile
February 25, 2021, 11:41:25 PM
Merited by LoyceV (2)
 #15

Are you saying that private keys are purposely hidden somewhere in the data, and them you paid for them knowing that you might not be able to find them or that they might not exist at all?

That makes little sense to me.

Buy stuff on Amazon with BTC or convert Amazon points to BTC here: Purse.io
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 26, 2021, 10:24:35 AM
 #16

Are you saying that private keys are purposely hidden somewhere in the data, and them you paid for them knowing that you might not be able to find them or that they might not exist at all?

That makes little sense to me.

...sure and I would agree with you now, however, back in 2010 I was trading stocks, bitcoin was little more than an idealistic story. I spoke with a guy in the UK who sounded extremely knowledgeable, a cryptographer, a Bitcoin Miner, the right person!. He said he was a software developer who mined coins and was creating a new bitcoin exchange business. I asked if he could sell me some bitcoin to introduce me to the technology and processes, he gave me a url and I followed his instructions. At the end of it I had data. one of which said DO_NOT_DELETE_72aXXXX a 32 bit hex key another an image of a playing card which I think was the image to remember from the game.

I was busy and forgot about it all for a year, came back to it in 2011 with more time and a greater understanding of privkeys but couldn't derive my privkey or a wallet from these files.

NO BIG DEAL IN 2010-11. But 2021 and it is many 1000's of btc,  so sense would dictate to look at it again .

I had a bad first experience as did many.. I paid money and took a risk, everyone holding bitcoin takes the same journey! keys or not, sense or not its now a fun challenge to solve .

I need cryptographers not agony aunts!
dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 26, 2021, 10:33:27 AM
 #17


Turns out that this is 98% of my challenge thanks but now to figure out which policy needs to be applied. In other words very close but no cigar!.
HCP
Legendary
*
Offline Offline

Activity: 1624
Merit: 3357

<insert witty quote here>


View Profile
February 26, 2021, 12:00:33 PM
 #18

...and this, ladies and gentlemen, is why "security through obscurity" and attempting to do "clever things"™ when trying to secure your private keys is simply a "bad idea"™ Undecided

As unfortunate as it is for OP, I hope that this might help persuade people who think that doing things like re-arranging 12/24 word seeds, or substituting words or using some other "clever" process to try an obfuscate their private keys/seeds etc is just not a great plan.

It should hopefully also act as a cautionary tale about leaving coins in wallets that you did not create yourself and/or have not "tested" the backup/recovery process.


At the end of it I had data. one of which said DO_NOT_DELETE_72aXXXX a 32 bit hex key another an image of a playing card which I think was the image to remember from the game.
when you say "32 bit hex key"... do you mean 32 characters?

dr10101
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
February 26, 2021, 02:33:58 PM
 #19

...and this, ladies and gentlemen, is why "security through obscurity" and attempting to do "clever things"™ when trying to secure your private keys is simply a "bad idea"™ Undecided

As unfortunate as it is for OP, I hope that this might help persuade people who think that doing things like re-arranging 12/24 word seeds, or substituting words or using some other "clever" process to try an obfuscate their private keys/seeds etc is just not a great plan.

It should hopefully also act as a cautionary tale about leaving coins in wallets that you did not create yourself and/or have not "tested" the backup/recovery process.


At the end of it I had data. one of which said DO_NOT_DELETE_72aXXXX a 32 bit hex key another an image of a playing card which I think was the image to remember from the game.
when you say "32 bit hex key"... do you mean 32 characters?


.... totally in agreement.... for what its worth, KISS! (keep it simple stupid), sorry yes 32 character hex!
HCP
Legendary
*
Offline Offline

Activity: 1624
Merit: 3357

<insert witty quote here>


View Profile
February 26, 2021, 09:45:10 PM
 #20

I assume you've tried basic things like just putting the 32char hex into something like BitAddress.org and seeing if it is a "brainwallet" password? Huh

But, as far as I'm aware, there have been no other wallets or systems that have used a similar method (SWF, images + hex values written as folder names etc) to "hide" private keys... in 2010, most people were playing with simple brainwallets and paper wallets... Undecided

I mean, the process could literally be almost anything at this point... like a SHA256 hash of the image file data... then flipped backwards etc.

Also, it could be some weird stenographic method hiding the actual key data in the image file bytes, as opposed to using the image data directly as the input to SHA256 etc... have you tried something like this: https://ctfs.github.io/resources/topics/steganography/file-in-image/README.html Huh

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!