sss555
Newbie
 Offline
Activity: 16
Merit: 1
|
 |
April 22, 2015, 05:55:50 AM |
|
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
r = 0xd47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
s1 = 0x44e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
s2 = 0x9a5f1c75e461d7ceb1cf3cab9013eb2dc85b6d0da8c3c6e27e3a5a5b3faa5bab
sop1 = 0xc0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
sop2 = 0x17b0f41c8c337ac1e18c98759e83a8cccbc368dd9d89e5f03cb633c265fd0ddc
how to get ( sop1 & sop2 ) these two value,
any formula or any script available...........
|
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
April 22, 2015, 08:06:19 AM |
|
how to get ( sop1 & sop2 ) these two value,
any formula or any script available...........
Not too easy. You should have good lib for bitcoin transactions to create "a template" and take a sha256d () of it. Here is a piece of my code. But it will be useless for you. Just a pseudo-code const MyKey32 Transaction::getRawHash ( const int n, const QByteArray& scr ) const
{
MyByteArray ret; // create empty array
Stream stream ( s );
ret.putInt32 ( stream.readU32 ( ) ); // version
ret.putVarInt ( stream.readVar ( ) ); // input count
for ( int i ( 0 ); i < inputs; i++ ) // copy all inputs
{
ret.append ( stream.readHash ( ) ); // copy 32 byte hash as is
ret.putInt32 ( stream.readU32 ( ) ); // copy 4 bytes index
stream.skipVarData ( ); // skip original script
ret.putPrefixedCond ( i ^ n, scr ); // script replacement
ret.putInt32 ( stream.readU32 ( ) );
}
ret.putVarInt ( stream.readVar ( ) ); // output count
for ( int i ( 0 ); i < outputs; i++ ) // copy all outputs byte-by-byte
{
ret.putInt64 ( stream.readU64 ( ) );
ret.putPrefixed ( stream.readVarData ( ) );
}
ret.putInt32 ( stream.readU32 ( ) ); // lock
ret.putInt32 ( SIGHASH_ALL ); // append hashcode
return MyKey32 ( ret.constData ( ), ret.size ( ) ); // create hash256 of array
}
|
|
|
|
|
sss555
Newbie
Offline
Activity: 16
Merit: 1
|
|
April 23, 2015, 02:07:46 AM |
|
how to get ( sop1 & sop2 ) these two value,
any formula or any script available...........
Not too easy. You should have good lib for bitcoin transactions to create "a template" and take a sha256d () of it. Here is a piece of my code. But it will be useless for you. Just a pseudo-code const MyKey32 Transaction::getRawHash ( const int n, const QByteArray& scr ) const
{
MyByteArray ret; // create empty array
Stream stream ( s );
ret.putInt32 ( stream.readU32 ( ) ); // version
ret.putVarInt ( stream.readVar ( ) ); // input count
for ( int i ( 0 ); i < inputs; i++ ) // copy all inputs
{
ret.append ( stream.readHash ( ) ); // copy 32 byte hash as is
ret.putInt32 ( stream.readU32 ( ) ); // copy 4 bytes index
stream.skipVarData ( ); // skip original script
ret.putPrefixedCond ( i ^ n, scr ); // script replacement
ret.putInt32 ( stream.readU32 ( ) );
}
ret.putVarInt ( stream.readVar ( ) ); // output count
for ( int i ( 0 ); i < outputs; i++ ) // copy all outputs byte-by-byte
{
ret.putInt64 ( stream.readU64 ( ) );
ret.putPrefixed ( stream.readVarData ( ) );
}
ret.putInt32 ( stream.readU32 ( ) ); // lock
ret.putInt32 ( SIGHASH_ALL ); // append hashcode
return MyKey32 ( ret.constData ( ), ret.size ( ) ); // create hash256 of array
}
Thank you http://bitcoin.stackexchange.com/questions/25387/how-to-get-the-z-value-aka-hash-of-the-outputs-to-be-signedhttp://bitcoin.stackexchange.com/questions/25814/ecdsa-signature-and-the-z-valuehttp://bitcoin.stackexchange.com/questions/3374/how-to-redeem-a-basic-txhere i get explanation, i almost understand but not clear, i need step by step explanation please... |
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
|
|
April 23, 2015, 06:44:30 AM |
|
how to get ( sop1 & sop2 ) these two value,
any formula or any script available...........
Not too easy. You should have good lib for bitcoin transactions to create "a template" and take a sha256d () of it. Here is a piece of my code. But it will be useless for you. Just a pseudo-code const MyKey32 Transaction::getRawHash ( const int n, const QByteArray& scr ) const
{
MyByteArray ret; // create empty array
Stream stream ( s );
ret.putInt32 ( stream.readU32 ( ) ); // version
ret.putVarInt ( stream.readVar ( ) ); // input count
for ( int i ( 0 ); i < inputs; i++ ) // copy all inputs
{
ret.append ( stream.readHash ( ) ); // copy 32 byte hash as is
ret.putInt32 ( stream.readU32 ( ) ); // copy 4 bytes index
stream.skipVarData ( ); // skip original script
ret.putPrefixedCond ( i ^ n, scr ); // script replacement
ret.putInt32 ( stream.readU32 ( ) );
}
ret.putVarInt ( stream.readVar ( ) ); // output count
for ( int i ( 0 ); i < outputs; i++ ) // copy all outputs byte-by-byte
{
ret.putInt64 ( stream.readU64 ( ) );
ret.putPrefixed ( stream.readVarData ( ) );
}
ret.putInt32 ( stream.readU32 ( ) ); // lock
ret.putInt32 ( SIGHASH_ALL ); // append hashcode
return MyKey32 ( ret.constData ( ), ret.size ( ) ); // create hash256 of array
}
Thank you http://bitcoin.stackexchange.com/questions/25387/how-to-get-the-z-value-aka-hash-of-the-outputs-to-be-signedhttp://bitcoin.stackexchange.com/questions/25814/ecdsa-signature-and-the-z-valuehttp://bitcoin.stackexchange.com/questions/3374/how-to-redeem-a-basic-txhere i get explanation, i almost understand but not clear, i need step by step explanation please... After this things will be clearer: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/ |
|
|
|
|
sss555
Newbie
Offline
Activity: 16
Merit: 1
|
|
June 02, 2015, 11:24:53 AM |
|
|
|
|
|
|
mistercoin
Legendary
Offline
Activity: 1051
Merit: 1000
https://r.honeygain.me/XEDDM2B07C
|
|
June 03, 2015, 11:16:12 AM |
|
This software is great, but does not provide any value to the users.
I am pretty sure, that reused R values will be detected within milliseconds and the private keys emptied immediately.
So if your funds are gone, you have reused a R value ;-)
not "any" because low balance keys are not interested for bad guys. i provided this for testing/educational purposes. if i find out it makes harm to users/btc-community i will delete all. also the services i finded out have rng vuln i directly
imported balance and contacted developers. i think nobody with exsisting btc-service have rng issue anymore. also all pubkeys with more 50BTC or more balance are secured.
and i extra only provided a lightweight script. so with this technology (json request http) no chance to scan fast. if ported into ansic and used on highend server with own blockchain i can scan/compare all chain inputs in no time. but i think this people who are able to do this, have a moral compass and do not do this... badguys most cases are not very inteligent.also if anybody interested in more things i start soon release my scriptbase and software on github. (ca333) it s all for btc-security and some cryptocurrencies security. thank you. Hats off to you for not being like most others. Many others with your skillset would use their talent for malicious intentions, it takes a real human to use their talents for honesty. |
|
|
|
|
ca333 (OP)
|
|
June 04, 2015, 09:07:44 AM |
|
This software is great, but does not provide any value to the users.
I am pretty sure, that reused R values will be detected within milliseconds and the private keys emptied immediately.
So if your funds are gone, you have reused a R value ;-)
not "any" because low balance keys are not interested for bad guys. i provided this for testing/educational purposes. if i find out it makes harm to users/btc-community i will delete all. also the services i finded out have rng vuln i directly
imported balance and contacted developers. i think nobody with exsisting btc-service have rng issue anymore. also all pubkeys with more 50BTC or more balance are secured.
and i extra only provided a lightweight script. so with this technology (json request http) no chance to scan fast. if ported into ansic and used on highend server with own blockchain i can scan/compare all chain inputs in no time. but i think this people who are able to do this, have a moral compass and do not do this... badguys most cases are not very inteligent.also if anybody interested in more things i start soon release my scriptbase and software on github. (ca333) it s all for btc-security and some cryptocurrencies security. thank you. Hats off to you for not being like most others. Many others with your skillset would use their talent for malicious intentions, it takes a real human to use their talents for honesty. thank you for positive feedback. i think we, as human, and as technical skilled community, must try to make it better place, RL and virtual world. and only when "you behave like you want also other to behave" (= form of categorical imperative from Immanuel Kant) the society and community we living in, will move into good ("moral and ethical correct") direction... for my opinion we must fight bad malicious things and not make more harm for others.. karma is existent. thank you ca333 |
this space is available (free) for humanitarian nonprofit organizations - please contact me
|
|
|
|
virtualx
|
|
June 04, 2015, 09:15:07 AM |
|
Interesting script, going to have a closer look at this later. You probably want to do this line of code in two steps: addrdata = json.load(urllib2.urlopen(urladdr))
to verify that data is received. But as you said it's beta version  An improvement would be an auto checker, that simply extracts the bitcoin addresses from the wallet files at runtime and uses them as input. |
...loteo...
DIGITAL ERA LOTTERY | ║
║
║ | | r |
▄▄███████████▄▄
▄███████████████████▄
▄███████████████████████▄
▄██████████████████████████▄
▄██ ███████▌ ▐██████████████▄
▐██▌ ▐█▀ ▀█ ▐█▀ ▀██▀ ▀██▌
▐██ █▌ █▌ ██ ██▌ ██▌ █▌ █▌ ██▌
▐█▌ ▐█ ▐█ ▐█▌ ▐██ ▄▄▄██ ▐█ ▐██▌
▐█ ██▄ ▄██ █▄ ██▄ ▄███▌
▀████████████████████████████▀
▀██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀▀███████████▀▀
| r | | ║
║
║ | RPLAY NOWR
BE A MOON VISITOR! |
[/center] |
|
|
|
salek11
|
|
June 08, 2015, 11:02:56 AM |
|
thanks very much for sharing....
very interesting..
|
|
|
|
|
sss555
Newbie
Offline
Activity: 16
Merit: 1
|
|
June 12, 2015, 10:50:43 AM |
|
Hi, thought maybe someone can use the script below. I just wrote it to check couple of my public keys for reused R-signing values which allow generating of the private key of affected PKs. The script is very lightweight and uses urllib2 for loading the data from blockchain.info. So no local btc-node is needed. The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]). Also the script contains a lot of debug-output which you can just comment or remove. This is OpenSource and BETA software - USE AT OWN RISK - released under GNU Public License. #!/usr/bin/python
#################################################################################
# #
#.______ _______. ______ ___ .__ __. #
#| _ \ / | / | / \ | \ | | #
#| |_) | ______ | (----`| ,----' / ^ \ | \| | #
#| / |______| \ \ | | / /_\ \ | . ` | #
#| |\ \----. .----) | | `----./ _____ \ | |\ | #
#| _| `._____| |_______/ \______/__/ \__\ |__| \__| v0.1.2 #
# #
#GNU PL - 2015 - ca333 #
# #
#USE AT OWN RISK! #
#################################################################################
import json
import urllib2
import time
import sys
#for some reason blockchain.info api-chain is 59711 blocks short..
blockstart = 170399
blockstart += 59711
blockcount = urllib2.urlopen("https://blockchain.info/de/q/getblockcount").read()
print "WELCOME TO R-scan v0.1.2!"
print "ADDRESS-R-SCAN: "
addr = raw_input("type address: ")
urladdr = "https://blockchain.info/de/rawaddr/" + str(addr)
#control api-url
print urladdr
addrdata = json.load(urllib2.urlopen(urladdr))
print "Data for pubkey: " + str(addr)
print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
y = 0
inputs = []
while y < addrdata['n_tx']:
print "#################################################################################"
print "TX nr :" + str(y+1)
print "hash: " + str(addrdata['txs'][y]['hash'])
print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1
y += 1
print "compare: "
xi = 0
zi = 1
lenx = len(inputs)
alert = 0
#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
print('\a')
print "Resued R-Value: "
print inputs[x+zi][10:74]
alert += 1
x += 1
zi += 1
xi += 1
#check duplicates
#alert when everything ok
if alert < 1:
print "Good pubKey. No problems."
sys.exit() if you have question ask me. thank you. The script working good but some problem more then a 50 transaction it not process address: 1szVke6ThJtfdUTi6Y5AAMDMePM4Ha8vK outputResued R-Value: 262e481b6d8905b5adba67aff05eb8261501b0a9434c0b7f043d00cf8d23c91b ---------------------------------------------------------------------------------------------------------------------- if address: 1QCRoj5dPAsADvzd2o7NBy6kywBEkfC1Xh outputcompare: Good pubKey. No problems. ------------------------------------------------------------------------------------------------------------------------ if address: 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm outputTX nr :51 Traceback (most recent call last): File "C:\master\identical-r-check.py", line 61, in <module> print "hash: " + str(addrdata['txs'][y]['hash']) IndexError: list index out of range ------------------------------------------------------------------------------------------------------------------------ 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm -> this address reused r value but the script give error how to solve , if any solved script available |
|
|
|
|
|
eyeknock
|
|
June 12, 2015, 11:21:25 AM |
|
omg, this is really interesting and i didnt saw it before, ty so much for share it man!!
i will try it as soon as i come to my house.
|
|
|
|
|
|
virtualx
|
|
June 12, 2015, 11:22:21 AM |
|
Hi, thought maybe someone can use the script below. I just wrote it to check couple of my public keys for reused R-signing values which allow generating of the private key of affected PKs. The script is very lightweight and uses urllib2 for loading the data from blockchain.info. So no local btc-node is needed. The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]). Also the script contains a lot of debug-output which you can just comment or remove. This is OpenSource and BETA software - USE AT OWN RISK - released under GNU Public License. #!/usr/bin/python
#################################################################################
# #
#.______ _______. ______ ___ .__ __. #
#| _ \ / | / | / \ | \ | | #
#| |_) | ______ | (----`| ,----' / ^ \ | \| | #
#| / |______| \ \ | | / /_\ \ | . ` | #
#| |\ \----. .----) | | `----./ _____ \ | |\ | #
#| _| `._____| |_______/ \______/__/ \__\ |__| \__| v0.1.2 #
# #
#GNU PL - 2015 - ca333 #
# #
#USE AT OWN RISK! #
#################################################################################
import json
import urllib2
import time
import sys
#for some reason blockchain.info api-chain is 59711 blocks short..
blockstart = 170399
blockstart += 59711
blockcount = urllib2.urlopen("https://blockchain.info/de/q/getblockcount").read()
print "WELCOME TO R-scan v0.1.2!"
print "ADDRESS-R-SCAN: "
addr = raw_input("type address: ")
urladdr = "https://blockchain.info/de/rawaddr/" + str(addr)
#control api-url
print urladdr
addrdata = json.load(urllib2.urlopen(urladdr))
print "Data for pubkey: " + str(addr)
print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
y = 0
inputs = []
while y < addrdata['n_tx']:
print "#################################################################################"
print "TX nr :" + str(y+1)
print "hash: " + str(addrdata['txs'][y]['hash'])
print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1
y += 1
print "compare: "
xi = 0
zi = 1
lenx = len(inputs)
alert = 0
#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
print('\a')
print "Resued R-Value: "
print inputs[x+zi][10:74]
alert += 1
x += 1
zi += 1
xi += 1
#check duplicates
#alert when everything ok
if alert < 1:
print "Good pubKey. No problems."
sys.exit() if you have question ask me. thank you. The script working good but some problem more then a 50 transaction it not process address: 1szVke6ThJtfdUTi6Y5AAMDMePM4Ha8vK outputResued R-Value: 262e481b6d8905b5adba67aff05eb8261501b0a9434c0b7f043d00cf8d23c91b ---------------------------------------------------------------------------------------------------------------------- if address: 1QCRoj5dPAsADvzd2o7NBy6kywBEkfC1Xh outputcompare: Good pubKey. No problems. ------------------------------------------------------------------------------------------------------------------------ if address: 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm outputTX nr :51 Traceback (most recent call last): File "C:\master\identical-r-check.py", line 61, in <module> print "hash: " + str(addrdata['txs'][y]['hash']) IndexError: list index out of range ------------------------------------------------------------------------------------------------------------------------ 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm -> this address reused r value but the script give error how to solve , if any solved script available It looks like addrdata isn't large enough, simply a buffer overflow. Does print "number of txs: " + str(addrdata['n_tx']) output a value larger than 50? I suggest printing y, addrdata['n_tx'] and the other values. It's a multidimensional array and one of them is out of range, meaning the array is not large enough to store values there. |
...loteo...
DIGITAL ERA LOTTERY | ║
║
║ | | r |
▄▄███████████▄▄
▄███████████████████▄
▄███████████████████████▄
▄██████████████████████████▄
▄██ ███████▌ ▐██████████████▄
▐██▌ ▐█▀ ▀█ ▐█▀ ▀██▀ ▀██▌
▐██ █▌ █▌ ██ ██▌ ██▌ █▌ █▌ ██▌
▐█▌ ▐█ ▐█ ▐█▌ ▐██ ▄▄▄██ ▐█ ▐██▌
▐█ ██▄ ▄██ █▄ ██▄ ▄███▌
▀████████████████████████████▀
▀██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀▀███████████▀▀
| r | | ║
║
║ | RPLAY NOWR
BE A MOON VISITOR! |
[/center] |
|
|
|
ca333 (OP)
|
|
June 21, 2015, 08:10:22 AM |
|
[...]
The script working good but some problem more then a 50 transaction it not process address: 1szVke6ThJtfdUTi6Y5AAMDMePM4Ha8vK outputResued R-Value: 262e481b6d8905b5adba67aff05eb8261501b0a9434c0b7f043d00cf8d23c91b ---------------------------------------------------------------------------------------------------------------------- if address: 1QCRoj5dPAsADvzd2o7NBy6kywBEkfC1Xh outputcompare: Good pubKey. No problems. ------------------------------------------------------------------------------------------------------------------------ if address: 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm outputTX nr :51 Traceback (most recent call last): File "C:\master\identical-r-check.py", line 61, in <module> print "hash: " + str(addrdata['txs'][y]['hash']) IndexError: list index out of range ------------------------------------------------------------------------------------------------------------------------ 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm -> this address reused r value but the script give error how to solve , if any solved script available you must use offset to load ALL data. I posted on previous page: interesting feedback from person on reddit when I shared this script (I wrote an article on my own site to archive this script and talk about it and share it with others who aren't on here) and it goes like: There's a problem with either the script or the blockchain.info api where the number of tx field doesn't match the actual number of tx sent. In other words, assert( len(addrdata['txs']) < addrdata['n_tx'] ) fails. The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]).
yes but i writed this in the first post (see above comment), so its only for max 50 tx. when it s more you must adapt the script because it takes the information from blockchain.info and example its more 50 tx, but only loading 50 tx data from bc.info API, then it parses outside range of loaded data. this is the error. i hope you understand. when you need adaption of script write me. i am happy to help you anytime. thank you. Yea I'd like to see the for loop if possible to choose trx size hello sory i don't see yours reply so waited so long. excuse me. ok i post pseudocode hope you can add it with python in fact only little work: full script i write in coming weeks. #EDIT: overload with RL-work. will sit on extension soon. x=0
y=0
z = getTXnr(); //get total number of transactions
n = z%50 //modulo operater so we know the number of tx in last page [b]when its < 50 TX[/b]
m = (z-n)/50 //this is so we know HOW MANY TIMES we have A FULL PAGE (50 tx)
//also we need adapt the urladdr because now we take MORE THAN 50 txs. so we use offset parameter for going through pages.
for y < m:
compare(loadData("https://blockchain.info/de/rawaddr/" + str(addr) + "&offset="+ x)) //now it load the TX begining @x tx.
x+=50; //now we go to NEXT 50 tx.. offset=50 means we ingnore first 50 txs.. or we start @TX NR 51..
y+=1;
compare(loadData("https://blockchain.info/de/rawaddr/" + str(addr) + "&offset="+ x)); //now it take the LAST TXs from the LAST PAGE
//IMPORTANT: in the compare section of the script you MUST ONLY PARSE n transactions
//now REAL example with value: so we think for a [b]tx with 138 TXs[/b]
x = 0 //first offset we start @tx NR. 0
y = 0 //our counter for increment
z = 138 //number of total TX
n = 38 //138 modulo 50 = 38 rest
m = 2 //number of FULL pages with 50 TXs
//1st run of loop:
for 0 < 2:
compare(loadData(blockchain_data(offset=0))); //we start at TX 0 and get data until TX nr. 50
x=50
//2nd run of loop:
for 1 < 2:
compare(loadData(blockchain_data(offset=50))); //we start at TX 50 and get data until TX nr. 100
x=100
//now we leave foor-loop and compare the LAST txs (n)
compare(loadData(blockchain_data(offset=100))); // here its only important so you PARSE ONLY n transaction in the compare-part of the script.
//so for this is the n needed.
have a good sunday evening. thank you. ca333 I write again: THIS SCRIPT ONLY WORK FOR MAX 50tx. If you want more, you must use algorithm from above i published in previous page. Please read all posting in this thread. then its all clear. thank you, ca333 It looks like addrdata isn't large enough, simply a buffer overflow. Does print "number of txs: " + str(addrdata['n_tx']) output a value larger than 50? I suggest printing y, addrdata['n_tx'] and the other values. It's a multidimensional array and one of them is out of range, meaning the array is not large enough to store values there. yes because data is NOT LOADED from blockchain. so script parses out of range ==> "overflow" (from array) |
this space is available (free) for humanitarian nonprofit organizations - please contact me
|
|
|
|
XMRChina
|
|
June 25, 2015, 03:37:22 AM |
|
Hi, thought maybe someone can use the script below. I just wrote it to check couple of my public keys for reused R-signing values which allow generating of the private key of affected PKs. The script is very lightweight and uses urllib2 for loading the data from blockchain.info. So no local btc-node is needed. The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]). Also the script contains a lot of debug-output which you can just comment or remove. This is OpenSource and BETA software - USE AT OWN RISK - released under GNU Public License. #!/usr/bin/python
#################################################################################
# #
#.______ _______. ______ ___ .__ __. #
#| _ \ / | / | / \ | \ | | #
#| |_) | ______ | (----`| ,----' / ^ \ | \| | #
#| / |______| \ \ | | / /_\ \ | . ` | #
#| |\ \----. .----) | | `----./ _____ \ | |\ | #
#| _| `._____| |_______/ \______/__/ \__\ |__| \__| v0.1.2 #
# #
#GNU PL - 2015 - ca333 #
# #
#USE AT OWN RISK! #
#################################################################################
import json
import urllib2
import time
import sys
#for some reason blockchain.info api-chain is 59711 blocks short..
blockstart = 170399
blockstart += 59711
blockcount = urllib2.urlopen("https://blockchain.info/de/q/getblockcount").read()
print "WELCOME TO R-scan v0.1.2!"
print "ADDRESS-R-SCAN: "
addr = raw_input("type address: ")
urladdr = "https://blockchain.info/de/rawaddr/" + str(addr)
#control api-url
print urladdr
addrdata = json.load(urllib2.urlopen(urladdr))
print "Data for pubkey: " + str(addr)
print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
y = 0
inputs = []
while y < addrdata['n_tx']:
print "#################################################################################"
print "TX nr :" + str(y+1)
print "hash: " + str(addrdata['txs'][y]['hash'])
print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1
y += 1
print "compare: "
xi = 0
zi = 1
lenx = len(inputs)
alert = 0
#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
print('\a')
print "Resued R-Value: "
print inputs[x+zi][10:74]
alert += 1
x += 1
zi += 1
xi += 1
#check duplicates
#alert when everything ok
if alert < 1:
print "Good pubKey. No problems."
sys.exit() if you have question ask me. thank you. Thank you for making this! Educating people by sharing this sort of thing will help make people more careful in the future. Hopefully people will stop making the same mistakes |
|
|
|
|
|
HeadsOrTails
|
|
June 29, 2015, 02:50:37 AM
Last edit: July 01, 2015, 07:03:43 PM by HeadsOrTails |
|
I've fixed the code to loop through the offset (ie get >50 Txs), but the code isn't flagging 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm as a bad key when it's the address IDd as being a bad address.any idea why? Code:
#!/usr/bin/python
#https://gist.github.com/a8fecbfc619e2c72893d
#################################################################################
# #
#.______ _______. ______ ___ .__ __. #
#| _ \ / | / | / \ | \ | | #
#| |_) | ______ | (----`| ,----' / ^ \ | \| | #
#| / |______| \ \ | | / /_\ \ | . ` | #
#| |\ \----. .----) | | `----./ _____ \ | |\ | #
#| _| `._____| |_______/ \______/__/ \__\ |__| \__| v0.2.0 #
# #
#GNU PL - 2015 - ca333 (modified by simcity4242) #
# #
#USE AT OWN RISK! #
#################################################################################
import json
import urllib2
import time
import sys
#for some reason blockchain.info api-chain is 59711 blocks short..
#blockstart = 170399
#blockstart += 59711
#blockcount = urllib2.urlopen("https://blockchain.info/en/q/getblockcount").read()
def rscan(addr):
"""Check address for duplicated r values."""
# TODO: add BCI API check address
print "WELCOME TO R-scan v0.1.2!"
print "ADDRESS-R-SCAN: "
urladdr = 'https://blockchain.info/address/%s?format=json&offset=%s'
###control api-url
#print str(urladdr[:-22] % addr)
addrdata = json.load(urllib2.urlopen(urladdr % (addr, '0')))
ntx = addrdata['n_tx']
print "Data for pubkey: " + str(addr) + " has " + str(addrdata['n_tx']).center(6) + "Tx%s" % 's'[ntx==1:]
#print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
txs = []
for i in range(0, ntx//50 + 1):
sys.stderr.write("Fetching Txs from offset\t%s\n" % str(i*50))
jdata = json.load(urllib2.urlopen(urladdr % (addr, str(i*50))))
txs.extend(jdata['txs'])
assert len(txs) == ntx
addrdata['txs'] = txs
y = 0
inputs = []
while y < ntx:
#print "#################################################################################"
#print "TX nr :" + str(y+1)
#print "hash: " + str(addrdata['txs'][y]['hash'])
#print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
#only if
#if addrdata['txs'][y]['vin_sz'] > 1:
zy = 0
while zy < addrdata['txs'][y]['vin_sz']:
#print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
zy += 1
y += 1
xi = 0
zi = 1
lenx = len(inputs)
alert = 0
bad = []
#compare the sig values in each input script
while xi < lenx-1:
x = 0
while x < lenx-zi:
if inputs[xi][10:74] == inputs[x+zi][10:74]:
#print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
#print('\a')
print "Resued R-Value: "
print inputs[x+zi][10:74]
bad.append((int(x), str(inputs[x+zi][10:74])))
alert += 1
x += 1
zi += 1
xi += 1
#check duplicates
#alert when everything ok
if alert < 1:
print "Good pubKey. No problems."
else:
print "Address %s has %d reused R value%s!" % (addr, len(bad), "s"[len(bad)==1:])
return bad
if __name__ == '__main__':
from sys import argv
print """python rscan.py 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm"""
if len(argv) == 1:
addr = raw_input("Enter Bitcoin address eg 1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm")
elif len(argv) == 2 and isinstance(argv[1], basestring):
addr = str(argv[1])
rscan(addr)
# 9ec4bc49e828d924af1d1029cacf709431abbde46d59554b62bc270e3b29c4b1
|
|
|
|
|
|
