Bitcoin Forum
May 23, 2022, 11:36:22 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Check if your BTC-key is vulnerable  (Read 17843 times)
ca333
Hero Member
*****
Offline Offline

Activity: 518
Merit: 508


Developer - EthicHacker - BTC enthusiast


View Profile
March 05, 2015, 01:45:59 PM
Last edit: March 08, 2015, 11:27:44 PM by ca333
Merited by ETFbitcoin (1), Raja_MBZ (1)
 #1

Hi,

thought maybe someone can use the script below. I just wrote it to check couple of my public keys for reused R-signing values which allow generating of the private key of affected PKs. The script is very lightweight and uses urllib2 for loading the data from blockchain.info. So no local btc-node is needed. The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]). Also the script contains a lot of debug-output which you can just comment or remove.
This is OpenSource and BETA software - USE AT OWN RISK - released under GNU Public License.


Code:
#!/usr/bin/python


#################################################################################
#                                                                               #
#.______               _______.  ______     ___      .__   __.                  #
#|   _  \             /       | /      |   /   \     |  \ |  |                  #
#|  |_)  |    ______ |   (----`|  ,----'  /  ^  \    |   \|  |                  #
#|      /    |______| \   \    |  |      /  /_\  \   |  . `  |                  #
#|  |\  \----.    .----)   |   |  `----./  _____  \  |  |\   |                  #
#| _| `._____|    |_______/     \______/__/     \__\ |__| \__|  v0.1.2          #
#                                                                               #
#GNU PL - 2015 - ca333                                                          #
#                                                                               #        
#USE AT OWN RISK!                                                               #
#################################################################################

import json
import urllib2
import time
import sys

#for some reason blockchain.info api-chain is 59711 blocks short..
blockstart = 170399
blockstart += 59711
blockcount = urllib2.urlopen("https://blockchain.info/de/q/getblockcount").read()

print "WELCOME TO R-scan v0.1.2!"

print "ADDRESS-R-SCAN: "
addr = raw_input("type address:  ")
urladdr = "https://blockchain.info/de/rawaddr/" + str(addr)
#control api-url
print urladdr
addrdata = json.load(urllib2.urlopen(urladdr))
print "Data for pubkey: " + str(addr)
print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
y = 0
inputs = []
while y < addrdata['n_tx']:
print "#################################################################################"
print "TX nr :" + str(y+1)
print "hash: " + str(addrdata['txs'][y]['hash'])
print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1

y += 1

print "compare: "

xi = 0
zi = 1
lenx = len(inputs)
alert = 0

#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
print('\a')
                        print "Resued R-Value: "
print inputs[x+zi][10:74]
                        alert += 1

x += 1

zi += 1
xi += 1

#check duplicates
#alert when everything ok

if alert < 1:
print "Good pubKey. No problems."


sys.exit()

if you have question ask me.
thank you.

this space is available (free) for humanitarian nonprofit organizations - please contact me
1653305782
Hero Member
*
Offline Offline

Posts: 1653305782

View Profile Personal Message (Offline)

Ignore
1653305782
Reply with quote  #2

1653305782
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1653305782
Hero Member
*
Offline Offline

Posts: 1653305782

View Profile Personal Message (Offline)

Ignore
1653305782
Reply with quote  #2

1653305782
Report to moderator
1653305782
Hero Member
*
Offline Offline

Posts: 1653305782

View Profile Personal Message (Offline)

Ignore
1653305782
Reply with quote  #2

1653305782
Report to moderator
1653305782
Hero Member
*
Offline Offline

Posts: 1653305782

View Profile Personal Message (Offline)

Ignore
1653305782
Reply with quote  #2

1653305782
Report to moderator
coinableS
Legendary
*
Offline Offline

Activity: 1428
Merit: 1109



View Profile WWW
March 05, 2015, 02:03:20 PM
 #2

Hmm very interesting thanks for sharing. Can you explain further how a private key get's leaked through a tx hash? i remember people talking about this was a counter-party bug and other online wallets, but I never actually understood how someone can get the PK from a tx hash.

newIndia
Legendary
*
Offline Offline

Activity: 1988
Merit: 1046


View Profile
March 05, 2015, 02:06:31 PM
 #3

Great work. Can u please provide a step by step method to run this ?

ca333
Hero Member
*****
Offline Offline

Activity: 518
Merit: 508


Developer - EthicHacker - BTC enthusiast


View Profile
March 05, 2015, 03:47:52 PM
Merited by A-Bolt (1)
 #4

THIS IS ONLY FOR EDUCATIONAL PURPOSE. PLEASE DO NOT HARM OTHER!

Hmm very interesting thanks for sharing. Can you explain further how a private key get's leaked through a tx hash? i remember people talking about this was a counter-party bug and other online wallets, but I never actually understood how someone can get the PK from a tx hash.


We don't get private key from the hash. we get it from the scripts.
When a btc-tx is generated it must be signed. but many developers from btc-services code their
own "wallet-system" so they make it all from their software and when their signing procedure resuses
signing values, then it s easy to generate the private key from that. the input scripts of transaction contains
two signature values. i call s and r.  so when we have 2 inputs or more in a transaction or different inputs from different
transaction (of same publickey) and reused r values it s a huge problem for security. ECDSA then allows you recalculate with curve.

formula:
Code:
privatekey = (sop1*s2 - sop2*s1)/(r*(s1-s2))

now only sop1 and sop2 is missing! These are hashes of the outputs to be signed. Also this is calculated by OP_CHECKSIG.
so we have all data for calculating private-key.

so i make example now:

Public key: 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm (i take this example because this vulnerability is public already)
my script tell me we have duplicates in transaction: 9ec4bc49e828d924af1d1029cacf709431abbde46d59554b62bc270e3b29c4b1

input script 1:
30440220d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1022044e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e0104dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69 c21e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ff

input script 2:
30440220d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad102209a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab0104dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69c2 1e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ff

first i must explain you inputs script format header descr:

0x30 = header byte
0x44 = length descriptor (68 bytes)
0x02 = header byte
0x20 = r value length descriptor (32 bytes)
d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1 the r coordinate as a big endian integer
0x02 = header byte
0x20 = s value length descriptor (32 bytes)
44e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e the s1 coordinate and 9a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab the s2 coordinate as a big endian integer
0x01 = hashtype byte
and 04dbd0c61532279cf72981c3584fc32216e0127699635c2789f549e0730c059b81ae133016a69c2 1e23f1859a95f06d52b7bf149a8f2fe4e8535c8a829b449c5ff is the pubkeyhash


ok so now we know how inputs script is formated. now we calculated missing sop1 and sop2 by OP_CHECKSIG():
sop1: c0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
sop2: 17b0f41c8c337ac1e18c98759e83a8cccbc368dd9d89e5f03cb633c265fd0ddc

so we now have a ll data for calculation:

Code:
p    = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
r    = 0xd47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
s1   = 0x44e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
s2   = 0x9a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab
sop1 = 0xc0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
sop2 = 0x17b0f41c8c337ac1e18c98759e83a8cccbc368dd9d89e5f03cb633c265fd0ddc

now we can calculate with below formulas: mathcad or sagemath and we get privkey.
plese note p is the order for the field. p = parameter for secp256k1 curve order which bitcoin use.

now we create finite field for calculation:
Code:
K = GF(p)

and calculate decimal private key  inside this field with:
Code:
K((z1*s2 - z2*s1)/(r*(s1-s2)))

ouput: 88865298299719117682218467295833367085649033095698151055007620974294165995414

so when we encode we get priv-key hex-coded:
c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96

and when converted to WIF format:
5KJp7KEffR7HHFWSFYjiCUAntRSTY69LAQEX1AUzaSBHHFdKEpQ

i hope this help you understand.

also: here is implementation for calculating by software: https://gist.github.com/nlitsme/dda36eeef541de37d996
hope it's clear and helped.
thank you

this space is available (free) for humanitarian nonprofit organizations - please contact me
coinableS
Legendary
*
Offline Offline

Activity: 1428
Merit: 1109



View Profile WWW
March 05, 2015, 04:17:46 PM
 #5

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1144


The revolution will be monetized!


View Profile
March 05, 2015, 04:20:45 PM
 #6

Hey cool gadget man! Thanks for making it open source.  Kiss

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
zen2
Full Member
***
Offline Offline

Activity: 155
Merit: 100



View Profile
March 05, 2015, 04:23:24 PM
 #7

WOW!! thanks very much for sharing and for this detailed explanation. very interesting! i also always keep my coin in coldstorage or my bitcoinode which connected via armory.
najzenmajsen
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500


AMAZING F5 skills O_o


View Profile
March 05, 2015, 04:25:33 PM
 #8

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.
This is a really good tip , would reccomend it to anyone. Reading this post actually got me a lil bit scared , prolly gonna make some paper wallets brb
ca333
Hero Member
*****
Offline Offline

Activity: 518
Merit: 508


Developer - EthicHacker - BTC enthusiast


View Profile
March 05, 2015, 04:47:09 PM
 #9

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

this space is available (free) for humanitarian nonprofit organizations - please contact me
MakingMoneyHoney
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
March 05, 2015, 05:17:59 PM
 #10

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

Can you say which droid wallets use it? Thanks for posting this.

Most of my bitcoins are already on paper wallets from a clean Ubunutu system (not connected to internet, old printer not connected to internet, etc). But I still have to use a hot wallet sometimes to pay people.
cr1776
Legendary
*
Offline Offline

Activity: 3346
Merit: 1220


View Profile
March 05, 2015, 05:23:56 PM
 #11

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

Can you say which droid wallets use it? Thanks for posting this.

Most of my bitcoins are already on paper wallets from a clean Ubunutu system (not connected to internet, old printer not connected to internet, etc). But I still have to use a hot wallet sometimes to pay people.

Perhaps referring to the bad rng on android from about 18 months ago:
https://bitcoin.org/en/alert/2013-08-11-android
MakingMoneyHoney
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
March 05, 2015, 05:39:29 PM
 #12

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

Can you say which droid wallets use it? Thanks for posting this.

Most of my bitcoins are already on paper wallets from a clean Ubunutu system (not connected to internet, old printer not connected to internet, etc). But I still have to use a hot wallet sometimes to pay people.


Perhaps referring to the bad rng on android from about 18 months ago:
https://bitcoin.org/en/alert/2013-08-11-android


But that page says it was fixed with the "current" updates as of 2013. And the OP is talking currently of 2015.
ca333
Hero Member
*****
Offline Offline

Activity: 518
Merit: 508


Developer - EthicHacker - BTC enthusiast


View Profile
March 05, 2015, 05:59:00 PM
 #13

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

Can you say which droid wallets use it? Thanks for posting this.

Most of my bitcoins are already on paper wallets from a clean Ubunutu system (not connected to internet, old printer not connected to internet, etc). But I still have to use a hot wallet sometimes to pay people.

Perhaps referring to the bad rng on android from about 18 months ago:
https://bitcoin.org/en/alert/2013-08-11-android


exactly. bad signing values issue like explained in the first post.



Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

Can you say which droid wallets use it? Thanks for posting this.

Most of my bitcoins are already on paper wallets from a clean Ubunutu system (not connected to internet, old printer not connected to internet, etc). But I still have to use a hot wallet sometimes to pay people.


Perhaps referring to the bad rng on android from about 18 months ago:
https://bitcoin.org/en/alert/2013-08-11-android


But that page says it was fixed with the "current" updates as of 2013. And the OP is talking currently of 2015.

not all forker adapted updates to their fork-branches and clones.

the BTC wallet for android is fixed and "secure" regarding rng issue.

this space is available (free) for humanitarian nonprofit organizations - please contact me
cr1776
Legendary
*
Offline Offline

Activity: 3346
Merit: 1220


View Profile
March 05, 2015, 06:02:45 PM
 #14

Thanks for that explanation and breaking it down so it's easy to understand.

At least only addresses with spent outputs through a web wallet are possibly at risk, so that's good for me as I keep very small amounts in those. Keep your cold storage cold and only keep a small amount in your hot/spending wallets.

yes mostly online wallets/service. but sadly not only online wallets. i saw many droid technologies with same issues. and most problematic is the clones of cryptocoins which use this old android wallet clones. i already warned developers but many don't understand whats not good.

i recommend sandbox system for handling BTC and/or cold-storage (paper & CLEAN usb flash). example I have computer with my bitcoins and only can connect with self writed IR-module for datatranser of signed transactions. so only can go out via IR to my internet-connected computer. and this have script which accept IR data and make rest. all started with little adruino experiment i made with friend Smiley

people often don't understand that enviroment must be secure. encryption and passwords is useless when enviroment is not secure. example you have super secured computer with sandbox (VM) and bitcoins safed here. but hacker goes in your computer with worm/expl/trojan and then waits for you type in password or keys and then all is stolen.. so most important thing is secure computer good or make it offline(no network communication i.e. rj45, wifi) when it s for bitcoin.

Can you say which droid wallets use it? Thanks for posting this.

Most of my bitcoins are already on paper wallets from a clean Ubunutu system (not connected to internet, old printer not connected to internet, etc). But I still have to use a hot wallet sometimes to pay people.


Perhaps referring to the bad rng on android from about 18 months ago:
https://bitcoin.org/en/alert/2013-08-11-android


But that page says it was fixed with the "current" updates as of 2013. And the OP is talking currently of 2015.

This is true, but as below it was a reference to past issues.

viboracecata
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000


Varanida : Fair & Transparent Digital Ecosystem


View Profile
March 06, 2015, 04:02:23 AM
 #15

Very nice tool, thanks

iBuilding A Better Interneti
━━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━━

 
 █b
▐█=
║█
██                                         ¡▄▄▄▄▄▄▄▄┌
██M                                  ╒▄▄▄▄█▀    ▂▂ ╙▀▀▆▄
██▌                                ╓, ,██╨      ▀▀▀    ╜▀█▌
███                                ▀▀██╙     ▄▄▄▄▄      ╓█L
█ █▌                            ▄▄▄▄█▀          └▀▀▀▀█Φ█▀"
█▌ █▄                            ██▀           ▄█▀
▐▌  ▀▌                       ▀▄██▀            ▄▀
▐█     ▂▂▂                ▄  ▄█▀           ▄▄▀
 █▌  ╙▀▀▀▀▀█▄         ▄   ███▀     ▁▂▃▄▄▄█▀▀
  █▄        █▌    █▄  ██▄█▀        ▔▔╙▀▐█
   █▄       █▌ ▀▀████▀▀▀               ▐▌
    ▀█     █▀                          ▐▌
     ╙█▄  ▄▌                        ╓█ ▐█
       └▀██  ╓▄▄µ╓▄▄µ            ,▄█▀┘  █▌    ▄▄ ╓▄▄µ
         ██▄█▀▀███▀▀█▄       ╓▄▄█▀▀      ▀█▄█▀▀▀██▄╙▀█▄▄
          ▀╙    ▀▀▀  ▀▀▀  ▀▀▀▀╙           `      "▀▀  └╙
You Can See Me Now, Hi :}
VARANIDA

 
 
 
 
               ▄██   ▄███▄
              ▄███████  ██
              ██    ▀████▀
             ██
  ▄▄  ▄▄█████████████▄▄  ▄▄
▄███████████████████████████▄
█████████████████████████████
▀███████    █████    ███████▀
  ▀█████    █████    █████▀
   ███████████████████████
    █████▄  ▀▀▀▀▀  ▄█████
     ▀█████▄▄▄▄▄▄▄█████▀
        ▀▀█████████▀▀
|Hello Again
GWhitePaperG
GAnn ThreadG
Evil-Knievel
Legendary
*
Offline Offline

Activity: 1260
Merit: 1163



View Profile
March 06, 2015, 08:31:38 AM
Last edit: April 17, 2016, 07:51:06 PM by Evil-Knievel
 #16

This message was too old and has been purged
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1007

Reverse engineer from time to time


View Profile
March 06, 2015, 02:08:00 PM
 #17

This software is great, but does not provide any value to the users.
I am pretty sure, that reused R values will be detected within milliseconds and the private keys emptied immediately.
So if your funds are gone, you have reused a R value ;-)
This was what I was going to say. Any re-used R-value will be detected and exploited within 20 seconds.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
ca333
Hero Member
*****
Offline Offline

Activity: 518
Merit: 508


Developer - EthicHacker - BTC enthusiast


View Profile
March 06, 2015, 04:09:25 PM
 #18

This software is great, but does not provide any value to the users.
I am pretty sure, that reused R values will be detected within milliseconds and the private keys emptied immediately.
So if your funds are gone, you have reused a R value ;-)

not "any" because low balance keys are not interested for bad guys. i provided this for testing/educational purposes.
if i find out it makes harm to users/btc-community i will delete all. also the services i finded out have rng vuln i directly
imported balance and contacted developers. i think nobody with exsisting btc-service have rng issue anymore. also all pubkeys with more 50BTC or more balance are secured.

and i extra only provided a lightweight script. so with this technology (json request http) no chance to scan fast. if ported into ansic and used on highend server with own blockchain i can scan/compare all chain inputs in no time. but i think this people who are able to do this, have a moral compass and do not do this... badguys most cases are not very inteligent.


also if anybody interested in more things i start soon release my scriptbase and software on github. (ca333)
it s all for btc-security and some cryptocurrencies security.

thank you.


this space is available (free) for humanitarian nonprofit organizations - please contact me
ca333
Hero Member
*****
Offline Offline

Activity: 518
Merit: 508


Developer - EthicHacker - BTC enthusiast


View Profile
March 07, 2015, 01:09:14 PM
 #19

hi,

some asked me because of r-value is not display correct, but you have to watch on r value length descriptor in input script i descriped format of inputs in above posts. and then you only change: the char-array indexes for your correct length. for example this is for 64 chars = 32byte lenght of r-value.

Code:
if inputs[xi][10:74] == inputs[x+zi][10:74]:

when need help ask me. thank you

this space is available (free) for humanitarian nonprofit organizations - please contact me
FabioCarpi
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250



View Profile
March 08, 2015, 10:54:32 AM
 #20

there how to run this script online?
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!