BtcIO - Open source, cold, BTC wallet

[avadhuta]

A desktop app(console and with a GUI) for Windows and Linux, written in .NET CORE, designed to quickly generate privates and addresses by seed phrase, view balances and send transactions from your private accounts and wallets.

Github https://github.com/avadhuta/BtcIO/releases

screenshots:
https://i.imgur.com/ZxuXYuV.jpeg
https://i.imgur.com/6evZ7YW.jpeg
https://i.imgur.com/M8tslVi.jpg
https://i.imgur.com/kjvhsnS.jpg


The example of use with a test network (with a mainnet it works the same way):

For console https://youtu.be/Mnm2dWqRP8g

For GUI variant https://youtu.be/JiTr551-veE


The library used are NBitcoin and blockcypher.com API.

[1714969265]

1714969265

[1714969265]

1714969265

[1714969265]

1714969265

[avadhuta]

You might want to add README.md on your GitHub repository

Yes, you are right. Thank.

.zip Source Code    Do you think BtcIO is open source?

Sources: https://github.com/avadhuta/BtcIO

[pooya87]

You might want to warn people that you are using a very weak RNG (System.Random) to generate their keys[1] and it is not safe to use this method to get a true random bitcoin private key to be used for real bitcoins.
Also you are using your own defined word list to generate the "seed" which you end up computing its SHA256 only as a "secure" entropy[2]

https://github.com/avadhuta/BtcIO/blob/3f67b5657733370e99078c7345a1e46a27d993c5/BtcWalletTools/Tech.cs#L75-L82
https://github.com/avadhuta/BtcIO/blob/3f67b5657733370e99078c7345a1e46a27d993c5/BtcWalletTools/WalletTools.cs#L255

[NotATether]

You might want to warn people that you are using a very weak RNG (System.Random) to generate their keys[1] and it is not safe to use this method to get a true random bitcoin private key to be used for real bitcoins.
Also you are using your own defined word list to generate the "seed" which you end up computing its SHA256 only as a "secure" entropy[2]

https://github.com/avadhuta/BtcIO/blob/3f67b5657733370e99078c7345a1e46a27d993c5/BtcWalletTools/Tech.cs#L75-L82
https://github.com/avadhuta/BtcIO/blob/3f67b5657733370e99078c7345a1e46a27d993c5/BtcWalletTools/WalletTools.cs#L255

It is more secure, in that method, to use the System.Security.Cryptography.RNGCryptoServiceProvider class than Random and then use it's GetBytes method to get a byte value which OP then takes the modulus of words.Length. For example:

Code:

using System.Security.Cryptography;

# ...

public static String RandomSeed() {
    RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
    byte[] randomNumber = new byte[1];
    string res = "";
    for (int i = 0; i < 12; i++) {
        rngCsp.GetBytes(randomNumber);
        int r = (int) randomNumber[0] % words.Length;
        res += words[r].ToLower() + (i < 11 ? " " : "");
    }
    rngCsp.Dispose();
    return res;
}
# ...

Note: I did not test this code for syntax errors.

[pooya87]

RNGCryptoServiceProvider

It is safer but not safe, you should never use the bare RNG provided by the framework because if a vulnerability is found in it or if there is a backdoor everything built on top of it will become vulnerable. It should always be mixed with another source of entropy.
Your code is broken by the way, all the words in the string will be the same and only from 0 to 255 index is covered.

[avadhuta]

You might want to warn people that you are using a very weak RNG (System.Random) to generate their keys[1] and it is not safe to use this method to get a true random bitcoin private key to be used for real bitcoins.
Also you are using your own defined word list to generate the "seed" which you end up computing its SHA256 only as a "secure" entropy[2]

https://github.com/avadhuta/BtcIO/blob/3f67b5657733370e99078c7345a1e46a27d993c5/BtcWalletTools/Tech.cs#L75-L82
https://github.com/avadhuta/BtcIO/blob/3f67b5657733370e99078c7345a1e46a27d993c5/BtcWalletTools/WalletTools.cs#L255

You are absolutely right, my logic for generating the passphrase is made elementary, although it is dangerous to use any software RNG for this, especially in open source.

An intelligent user can create seed himself or add any of words and symbols as entropy.

As an option, I will add the ability to use any arbitrary file as a seed, and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. 

It is more secure, in that method, to use the System.Security.Cryptography.RNGCryptoServiceProvider class than Random and then use it's GetBytes method to get a byte value which OP then takes the modulus of words.Length. For example:

Code:

using System.Security.Cryptography;

# ...

public static String RandomSeed() {
    RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
    byte[] randomNumber = new byte[1];
    string res = "";
    for (int i = 0; i < 12; i++) {
        rngCsp.GetBytes(randomNumber);
        int r = (int) randomNumber[0] % words.Length;
        res += words[r].ToLower() + (i < 11 ? " " : "");
    }
    rngCsp.Dispose();
    return res;
}
# ...

Note: I did not test this code for syntax errors.

Thanks for the code, but I don't think that a more complex RNG will change anything in this case, especially in open source, manual entropy is needed.

[pooya87]

An intelligent user can create seed himself or add any of words and symbols as entropy.

You can and should not ever rely on the user to be the source of entropy, they will never create strong ones ever.

As an option, I will add the ability to use any arbitrary file as a seed, and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. 

This makes your program to be a brainwallet which are very unsafe and 100k hashes does not make brute forcing slow.

[NotATether]

...and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. 

I don't think that will be effective in the long run. An Nvidia V100 can theoretically do 10x as many hashes as a K520 and they were released just 3 years apart. So I imagine if not the current Ampere cards or next year's cards, one of these years someone's going to be able to pass 100K hashes/s at the same speed people pass 2000 hashes/s (number of PBKDF2 rounds of seed phrase) today.

[avadhuta]

An intelligent user can create seed himself or add any of words and symbols as entropy.

You can and should not ever rely on the user to be the source of entropy, they will never create strong ones ever.

As an option, I will add the ability to use any arbitrary file as a seed, and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe.  

This makes your program to be a brainwallet which are very unsafe and 100k hashes does not make brute forcing slow.

...and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe.  

I don't think that will be effective in the long run. An Nvidia V100 can theoretically do 10x as many hashes as a K520 and they were released just 3 years apart. So I imagine if not the current Ampere cards or next year's cards, one of these years someone's going to be able to pass 100K hashes/s at the same speed people pass 2000 hashes/s (number of PBKDF2 rounds of seed phrase) today.

I read more about RNGCryptoServiceProvider, it inspires trust, for now I limit myself to it and a 100k hashes.

Code:

        public static string[] words = ReadResource("words.txt").Split('\n');

        public static string RandomSeed()
        {
            string res = "";
            for (int i = 0; i < 12; i++) res += words[Rnd2()].ToLower() + (i < 11 ? " " : "");

            return res;
        }


        static RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        public static uint Rnd2()
        {
            var data = new byte[sizeof(uint)];
            rng.GetBytes(data);
            return (uint) (BitConverter.ToUInt32(data, 0) % (words.Length - 1));
        }


        public static byte[] Sha256(string seed, int itter = 1)
        {
            byte[] b = Encoding.UTF8.GetBytes(seed);
            for (int i = 0; i < itter; i++) b = SHA256.Create().ComputeHash(b);
            b = SHA256.Create().ComputeHash(b);

            return b;
        }

Code:

        public static (string address, string wif) newWifAddr(string seed, string net = "test3", int addrtype = 2)
        {
            var b = Tech.Sha256(seed, 1000000);
            var network = net == "test3" ? Network.TestNet : Network.Main;
            var privateKey = new Key(b);

            return (privateKey.PubKey.GetAddress((ScriptPubKeyType) addrtype, network).ToString(), privateKey.GetWif(network).ToString());

        }

[pooya87]

I read more about RNGCryptoServiceProvider, it inspires trust, for now I limit myself to it and a 100k hashes.

If the result provided by RNGCryptoServiceProvider were weak or flawed then hash of that result is no different than the original entropy and it too would be weak.
In other words by hashing it n times you aren't really making a meaningful difference. The correct way is to mix it with another source of entropy. For example some use Guid.NewGuid() and mix (eg. using a KDF) the returned 128 bit with the 256 bit entropy, you could use a user input, etc.

[Kirsting]

A desktop app(console and with a GUI) for Windows and Linux, written in .NET CORE, designed to quickly generate privates and addresses by seed phrase, view balances and send transactions from your private accounts and wallets.

Github https://github.com/avadhuta/BtcIO/releases

screenshots:
https://i.imgur.com/ZxuXYuV.jpeg
https://i.imgur.com/6evZ7YW.jpeg
https://i.imgur.com/M8tslVi.jpg
https://i.imgur.com/kjvhsnS.jpg


The example of use with a test network (with a mainnet it works the same way):

For console https://youtu.be/Mnm2dWqRP8g

For GUI variant https://youtu.be/JiTr551-veE


The libraries used are NBitcoin and QbitNinja, as well as the blockcypher.com API.

It is better to hide private keys, they cannot be entered from the keyboard or by copying, it is not safe.

The seed phrase generates an encrypted wallet with a password.

User entropy is also needed, one RNG is not reliable.

[avadhuta]

If the result provided by RNGCryptoServiceProvider were weak or flawed then hash of that result is no different than the original entropy and it too would be weak.
In other words by hashing it n times you aren't really making a meaningful difference. The correct way is to mix it with another source of entropy. For example some use Guid.NewGuid() and mix (eg. using a KDF) the returned 128 bit with the 256 bit entropy, you could use a user input, etc.

100k hashes will slow down brute-force by 100k times, even if the entropy was weak.

But you may be right, I will remove the multi hash and add custom entropy. Thank.

It is better to hide private keys, they cannot be entered from the keyboard or by copying, it is not safe.

The seed phrase generates an encrypted wallet with a password.

User entropy is also needed, one RNG is not reliable.

Yes, I'll think about it.

[avadhuta]

Added user entropy, functionality for opening and saving wallets, anonymous transactions via TOR, hiding WIF and seed.

https://www.youtube.com/watch?v=Oytmq7KVDPE