Check if your BTC-key is vulnerable

[ca333]

there how to run this script online?

how you mean run online? you can run script in your computer.
only install dependcies: python5
and then run make script executable (chmod 755) and then must only:

Code:

./script.py

  OR

Code:

python script.py

[dsyahputera]

50 transactions? Is that just the out transactions or whole transactions?

[ca333]

50 transactions? Is that just the out transactions or whole transactions?

this is global value ("whole tx"). so 50 tx for one pubkey.

[FabioCarpi]

how you mean run online?

i dont want to download the python

[ca333]

how you mean run online?

i dont want to download the python

hmm. you can also run it on vps server no problem. but most online-python parsers have urllib2/curl deactivated because security reasons. so it s difficult to have online-run.

[FabioCarpi]

ok
i give up
I downloaded the python and ran the script
it shows the data about my transactions ...
and show "compare" (ln 51)
and stops ...

[frankenmint]

ok
i give up
I downloaded the python and ran the script
it shows the data about my transactions ...
and show "compare" (ln 51)
and stops ...

Same, is the idea that its good to go and compare would ONLY show vulnerabilities (reused keys to sign messages)

edit: okay yes, looking more closely at the code a 2nd time:

Code:

print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
			print('\a')
                        print "Resued R-Value: "

Should output like: 

In Input NR: 4
Reused R-Value:  XXXXXXXXXXXXXXXX


if you have a problem that is

[FabioCarpi]

i got it
but would be nice a message saying "all good" ^^

[ca333]

ok
i give up
I downloaded the python and ran the script
it shows the data about my transactions ...
and show "compare" (ln 51)
and stops ...

Same, is the idea that its good to go and compare would ONLY show vulnerabilities (reused keys to sign messages)

edit: okay yes, looking more closely at the code a 2nd time:

Code:

print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
			print('\a')
                        print "Resued R-Value: "

Should output like:  

In Input NR: 4
Reused R-Value:  XXXXXXXXXXXXXXXX


if you have a problem that is

oh sorry.
yes correct. it only make output when you have problem/vuln. i added other output so it say "Good pubkey. No problems" when no reused signing key detectet. (in IT when all good we don't hear/see, we know then.., only when problem it must make alert. ;-) )

[itod]

but i think this people who are able to do this, have a moral compass and do not do this... badguys most cases are not very inteligent.[/b]

I wouldn't rely on this assumption, proof being that all vulnerable services have already being cleaned up. As someone said any reused value that now appears on the blockchain is cleaned almost instantly.

[frankenmint]

interesting feedback from person on reddit when I shared this script (I wrote an article on my own site to archive this script and talk about it and share it with others who aren't on here)  and it goes like:

There's a problem with either the script or the blockchain.info api where the number of tx field doesn't match the actual number of tx sent.
In other words,

Code:

assert( len(addrdata['txs']) < addrdata['n_tx'] )

fails.

[ca333]

interesting feedback from person on reddit when I shared this script (I wrote an article on my own site to archive this script and talk about it and share it with others who aren't on here)  and it goes like:

There's a problem with either the script or the blockchain.info api where the number of tx field doesn't match the actual number of tx sent.
In other words,

Code:

assert( len(addrdata['txs']) < addrdata['n_tx'] )

fails.

The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]).

yes but i writed this in the first post (see above comment), so its only for max 50 tx. when it s more you must adapt the script because it takes the information from blockchain.info and example its more 50 tx, but only loading 50 tx data from bc.info API, then it parses outside range of loaded data. this is the error. i hope you understand. when you need adaption of script write me. i am happy to help you anytime.
thank you.

[mistercoin]

Hey cool gadget man! Thanks for making it open source. 

I second this. Very nice indeed.

[frankenmint]

interesting feedback from person on reddit when I shared this script (I wrote an article on my own site to archive this script and talk about it and share it with others who aren't on here)  and it goes like:

There's a problem with either the script or the blockchain.info api where the number of tx field doesn't match the actual number of tx sent.
In other words,

Code:

assert( len(addrdata['txs']) < addrdata['n_tx'] )

fails.

The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]).

yes but i writed this in the first post (see above comment), so its only for max 50 tx. when it s more you must adapt the script because it takes the information from blockchain.info and example its more 50 tx, but only loading 50 tx data from bc.info API, then it parses outside range of loaded data. this is the error. i hope you understand. when you need adaption of script write me. i am happy to help you anytime.
thank you.

  Yea I'd like to see the for loop if possible to choose trx size

[ca333]

interesting feedback from person on reddit when I shared this script (I wrote an article on my own site to archive this script and talk about it and share it with others who aren't on here)  and it goes like:

There's a problem with either the script or the blockchain.info api where the number of tx field doesn't match the actual number of tx sent.
In other words,

Code:

assert( len(addrdata['txs']) < addrdata['n_tx'] )

fails.

The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]).

yes but i writed this in the first post (see above comment), so its only for max 50 tx. when it s more you must adapt the script because it takes the information from blockchain.info and example its more 50 tx, but only loading 50 tx data from bc.info API, then it parses outside range of loaded data. this is the error. i hope you understand. when you need adaption of script write me. i am happy to help you anytime.
thank you.

 Yea I'd like to see the for loop if possible to choose trx size

hello sory i don't see yours reply so waited so long. excuse me.
ok i post pseudocode hope you can add it with python in fact only little work:
full script i write in coming weeks. #EDIT: overload with RL-work. will sit on extension soon.

Code:

x=0
y=0
z = getTXnr(); //get total number of transactions
n = z%50 //modulo operater so we know the number of tx in last page [b]when its < 50 TX[/b]
m = (z-n)/50 //this is so we know HOW MANY TIMES we have A FULL PAGE (50 tx)

//also we need adapt the urladdr because now we take MORE THAN 50 txs. so we use offset parameter for going through pages.
for y < m:
      compare(loadData("https://blockchain.info/de/rawaddr/" + str(addr) + "&offset="+ x)) //now it load the TX begining @x tx.       
      x+=50; //now we go to NEXT 50 tx.. offset=50 means we ingnore first 50 txs.. or we start @TX NR 51.. 
      y+=1;

compare(loadData("https://blockchain.info/de/rawaddr/" + str(addr) + "&offset="+ x)); //now it take the LAST TXs from the LAST PAGE
//IMPORTANT: in the compare section of the script you MUST ONLY PARSE n transactions

This is the example of above pseudocode with REAL values in it. so you see every loops job and what is happening here exact:

Code:

//now REAL example with value: so we think for a [b]tx with 138 TXs[/b]
x = 0 //first offset we start @tx NR. 0
y = 0 //our counter for increment
z = 138 //number of total TX
n = 38  //138 modulo 50 = 38 rest
m = 2  //number of FULL pages with 50 TXs

//1st run of loop: 

for 0 < 2: 
     compare(loadData(blockchain_data(offset=0))); //we start at TX 0 and get data until TX nr. 50
     x=50

//2nd run of loop: 

for 1 < 2: 
     compare(loadData(blockchain_data(offset=50))); //we start at TX 50 and get data until TX nr. 100
     x=100

//now we leave foor-loop and compare the LAST txs (n)

compare(loadData(blockchain_data(offset=100))); // here its only important so you PARSE ONLY n transaction in the compare-part of the script. 
//so for this is the n needed. 

have a good sunday evening.
thank you.
ca333

[Snagglebone]

Thank you for providing this tool it is very useful.

[Jude Austin]

Does anyone have a version that can handle more than 50 transactions?

I am working on it now lol

[e1ghtSpace]

Wow, I didn't think it would be possible to calculate the private key just from a reused value. So when transactions are normally cast, is the r value recalculated?

[Coef]

Wow, I didn't think it would be possible to calculate the private key just from a reused value. So when transactions are normally cast, is the r value recalculated?

Yes.
CMIIW I believe the latest wallets (eg. core 0.10) are all using deterministic signatures to make sure the R values are unique for each transaction.

[ca333]

Wow, I didn't think it would be possible to calculate the private key just from a reused value. So when transactions are normally cast, is the r value recalculated?

Yes.
CMIIW I believe the latest wallets (eg. core 0.10) are all using deterministic signatures to make sure the R values are unique for each transaction.

yes it s possible when you use redundant signature values. but its new libsecp256k1 library from sipa (Pieter Wuille) use deterministic generation of k value. so its sure signing value is unique. this is updated 13 day ago: https://github.com/bitcoin/bitcoin/commit/223d8630b0bf1809d29660004255237ad9d15f86

you can read the details for the BIP 0032 here with full explanation: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
also must mention Gregory Maxwell gave advice for BIP extension: http://www.archivum.info/mailcatch/2013-08/00364/(Bitcoin-development)-BIP-32.5.html