Search content
Sort by
Showing 20 of 136 results by whanau
I have had that one in my collection for years. 
Why upload a 'free' zip file with a password?
Why upload a 'free' zip file with a password?
tweak your code to look like this
def sign(privkey, nonce, message):
known_bits = 6
kbi = int(2 ** known_bits)
kp = nonce % kbi # k nonce % kbi
z = message
nonceG = nonce * G
rx = nonceG.x()
ry = nonceG.y()
rx = int(rx)
s = (z + rx * privkey) * modinv(nonce, n) % n
return rx, s, z , kp
# Example usage
private = 0x12345678901234567890 # Example private key
public_key_point = private * G
public_key = (int(public_key_point.x()), int(public_key_point.y())) # Get x, y coordinates
print('public_key (x, y):', public_key)
for i in range(1, 5):
nonce = random.randrange(2 ** 256 - 1)
message = random.randrange(2 ** 256 - 1)
r, s, z ,kp = sign(private, nonce, message)
print("k =", nonce)
print("kp =", kp)
print("r =", r)
print("s =", s)
print("z =", z)
print()
I have not used sagemath and the answer was in the original gen_data.py script.
Code:
def sign(privkey, nonce, message):
known_bits = 6
kbi = int(2 ** known_bits)
kp = nonce % kbi # k nonce % kbi
z = message
nonceG = nonce * G
rx = nonceG.x()
ry = nonceG.y()
rx = int(rx)
s = (z + rx * privkey) * modinv(nonce, n) % n
return rx, s, z , kp
# Example usage
private = 0x12345678901234567890 # Example private key
public_key_point = private * G
public_key = (int(public_key_point.x()), int(public_key_point.y())) # Get x, y coordinates
print('public_key (x, y):', public_key)
for i in range(1, 5):
nonce = random.randrange(2 ** 256 - 1)
message = random.randrange(2 ** 256 - 1)
r, s, z ,kp = sign(private, nonce, message)
print("k =", nonce)
print("kp =", kp)
print("r =", r)
print("s =", s)
print("z =", z)
print()
I have not used sagemath and the answer was in the original gen_data.py script.
⭐ Merited by nc50lc (1)
Unless you have some idea of the password or it is a short password, you have little chance of recovering the coins.
The best bet is to examine the CDROM very carefully as has been suggested and check with your mother if possible, what passwords he may have used for other things such as email. There may be a pattern. If there is any paperwork, check that for passwords too.
I would not suggest you hand your wallet out as it is not corrupt and could have a simple password that others with powerful equipment may hack in minutes.
What is safe, is to make a 'hash string' using this btc2john software. https://github.com/openwall/john/blob/bleeding-jumbo/doc/README.bitcoin It looks daunting but isn't. the result, which will look something like this: $bitcoin$64$02eecf1f942b9c8cf7479a9a5f1055297fed799cac5a79c4635973c83cb6b938$16$15863bcede2eb336$343753$2$00$2$00 can safely be sent out to people. If that can be decrypted correctly, the password used is correct. That string,does not contain the key with the funds, that are in the wallet..
The best bet is to examine the CDROM very carefully as has been suggested and check with your mother if possible, what passwords he may have used for other things such as email. There may be a pattern. If there is any paperwork, check that for passwords too.
I would not suggest you hand your wallet out as it is not corrupt and could have a simple password that others with powerful equipment may hack in minutes.
What is safe, is to make a 'hash string' using this btc2john software. https://github.com/openwall/john/blob/bleeding-jumbo/doc/README.bitcoin It looks daunting but isn't. the result, which will look something like this: $bitcoin$64$02eecf1f942b9c8cf7479a9a5f1055297fed799cac5a79c4635973c83cb6b938$16$15863bcede2eb336$343753$2$00$2$00 can safely be sent out to people. If that can be decrypted correctly, the password used is correct. That string,does not contain the key with the funds, that are in the wallet..
I put this up a while back.
Have a look at the last post. OFFLINE you will be able to substitute and test your information.
You can also modify it to make it more useful to you
https://bitcointalk.org/index.php?topic=5331322.0
It will be a long process good luck.
Have a look at the last post. OFFLINE you will be able to substitute and test your information.
You can also modify it to make it more useful to you
https://bitcointalk.org/index.php?topic=5331322.0
It will be a long process good luck.
Re: Don't buy "wallet.dat" files with lost passwords. EXCHANGE THEM!
Quote
Please, if you're reading this and you have the actual 340 BTC wallet, contact me (pacossii105@gmail.com), because the three of us can be millionaires.
is this the address? 1JqPFnGPhHhy54zJKmC1MPiczzgFjCmzE9
The wallet I have, has the correct public key which resolves to the address and an encrypted private key but I am sure the wallet is fake..
The interesting thing is the real wallet associated with 1JqPFnGPhHhy54zJKmC1MPiczzgFjCmzE9 has not sent any coins so the public key has not been transmitted.
How did the faker get the public key?
For reference, here is the whole thing. It works for me and I will not be changing anything but bugs.
There are more elegant and slick ways of doing this, but this is the simplest way I could break it down
I Suggest you make your own wallet with a known password to experiment with.
There are more elegant and slick ways of doing this, but this is the simplest way I could break it down
I Suggest you make your own wallet with a known password to experiment with.
Code:
import hashlib
import binascii
import pyaes
import os
import random
# Wallet software generates a random 32 byte master key. (How this is done is well documented and is not
# explained here). The master key needs to be encrypted to protect your funds. The one below is made up.
# You can substitute your own key below to try the software but DO NOT publish your own key anywhere.
mkey = binascii.unhexlify("5c5692daff165d3d32e5c05a56dde3b2d0ebc05f133f8d0616941e9abe7e0fb0")
# Wallet software will ask you for a password to encrypt the master key.
# You can change the password below for your own, but don't lose the b in front.
pw_txt = "alberto" #Thank you AlbertoBSD for Keyhunt!
password = b'alberto'
# Also needed is some 'randomness' in the form of a salt and an iteration count. These are generated by the wallet.
# Use the # to comment out the salt and iteration count below if testing your own values.
# create a random 8 byte salt and iteration count.
# salt = os.urandom(8)
# iterationcount = random.randint(2500, 50000)
# Now if you run the program several times, you will see you get different wallet keys for the same password.
# The random salt and iterations help prevent duplicate wallet keys for the same password.
# These two values are saved in wallet.dat so that the wallet key can be recreated (not decrypted) if you know the password.
# here you can substitute your own salt and iteration count from a wallet. Remove the # in front
salt = binascii.unhexlify('a49e804e25740714')
iterationcount = 91705
# Hashing with SHA512. This process generates the wallet key and IV. It is one-way. You cannot go back from
# here to recover the password, which is why it is so important you remember it.
# It is also essential that the password is strong because this is where dictionary attacks can take place.
# Remember the salt & iterations are recoverable from the wallet.dat files!
hash512 = password + salt
i = 0
while i < iterationcount:
hash512 = hashlib.sha512(hash512).digest()
i = i + 1
# The wallet key is the first 32 bytes of the hash result.
wallet_key = hash512[0:32]
# The IV (initialization vector) is the next 16 bytes of the hash
iv = hash512[32:48]
# We now have all we need to encrypt the master key
# Encryption with AES-256-CBC
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(wallet_key, iv))
ciphertext = encrypter.feed(mkey)
ciphertext += encrypter.feed()
# The cipher text is what you see in the wallet.dat files as Mkey followed by 48 bytes
# There are also Ckey's which hold the private spend keys for each address.
#######################################################################################
# Your master private key is now encrypted!!
#######################################################################################
# Decryption is the reverse process using the same wallet key and IV to process the ciphertext (Mkey)
# Decryption with AES-256-CBC
decrypter = pyaes.Decrypter(pyaes.AESModeOfOperationCBC(wallet_key, iv))
decryptedData = decrypter.feed(ciphertext)
decryptedData += decrypter.feed()
# The master key is now decrypted for all the world to see.
# Before we can spend any funds we need to decrypt the Ckeys which hold the private spend keys to the addresses.
# As you can see with no Ckey's, wallet recovery services cannot access your funds. It is safe to send Mkey ciphertext
# iteration count and salt but not the wallet itself as this has ALL the keys.
# ======================================================================================================================
# Now to decrypt a Ckey which holds the private spend key to an address. Here's one I made earlier.
# public address: 18sGovZjm83NhxXQb1bsxogCqXiYE5nXn7
ckey = binascii.unhexlify("316787cf83a3c9caeca2a2b20f0879edc2a8c60ed127453c00330d1ac009402d78eff292b03e588a3b858410ea2628ed")
public_key = binascii.unhexlify("027a098dbada15a831c66491cb20dee174d4971fdd9766a3b6c3dc64562cbb6524")
# Hash the public key twice
hash1 = hashlib.sha256(public_key).digest()
hash2 = hashlib.sha256(hash1).digest()
# The IV to the private key is the first 16 bytes of the hash result.
pk_iv = hash2[0:16]
# Decrypt the ciphertext Ckey with the master key and IV
decrypter = pyaes.Decrypter(pyaes.AESModeOfOperationCBC(decryptedData, pk_iv))
decryptedckey = decrypter.feed(ckey)
# The plain text 32 byte raw key is now visible to the world!
# You can put the key into one of the online services and see the result is the compressed public address above.
# Display results
def printData(text, data):
print(text + "(hex) :" + data.hex())
print("Password ", pw_txt)
printData("SHA512 ", hash512)
printData("Wallet Key ", wallet_key)
printData("16 bytes IV ", iv)
printData("Encrypting ", mkey)
printData("Ciphertext ", ciphertext)
# Decrypted data
printData("Master key ", decryptedData)
# Ckey output
printData("\nCkey :", ckey)
printData("Public Double hash :", hash2)
printData("PK IV :", pk_iv)
printData("Private Key :", decryptedckey)
printData("to public Key :", public_key)
# If you have found this useful please consider a small BTC tip to bc1qg82720gvdyvnc3jycnun348fhs3qam44nsmeqm
import binascii
import pyaes
import os
import random
# Wallet software generates a random 32 byte master key. (How this is done is well documented and is not
# explained here). The master key needs to be encrypted to protect your funds. The one below is made up.
# You can substitute your own key below to try the software but DO NOT publish your own key anywhere.
mkey = binascii.unhexlify("5c5692daff165d3d32e5c05a56dde3b2d0ebc05f133f8d0616941e9abe7e0fb0")
# Wallet software will ask you for a password to encrypt the master key.
# You can change the password below for your own, but don't lose the b in front.
pw_txt = "alberto" #Thank you AlbertoBSD for Keyhunt!
password = b'alberto'
# Also needed is some 'randomness' in the form of a salt and an iteration count. These are generated by the wallet.
# Use the # to comment out the salt and iteration count below if testing your own values.
# create a random 8 byte salt and iteration count.
# salt = os.urandom(8)
# iterationcount = random.randint(2500, 50000)
# Now if you run the program several times, you will see you get different wallet keys for the same password.
# The random salt and iterations help prevent duplicate wallet keys for the same password.
# These two values are saved in wallet.dat so that the wallet key can be recreated (not decrypted) if you know the password.
# here you can substitute your own salt and iteration count from a wallet. Remove the # in front
salt = binascii.unhexlify('a49e804e25740714')
iterationcount = 91705
# Hashing with SHA512. This process generates the wallet key and IV. It is one-way. You cannot go back from
# here to recover the password, which is why it is so important you remember it.
# It is also essential that the password is strong because this is where dictionary attacks can take place.
# Remember the salt & iterations are recoverable from the wallet.dat files!
hash512 = password + salt
i = 0
while i < iterationcount:
hash512 = hashlib.sha512(hash512).digest()
i = i + 1
# The wallet key is the first 32 bytes of the hash result.
wallet_key = hash512[0:32]
# The IV (initialization vector) is the next 16 bytes of the hash
iv = hash512[32:48]
# We now have all we need to encrypt the master key
# Encryption with AES-256-CBC
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCBC(wallet_key, iv))
ciphertext = encrypter.feed(mkey)
ciphertext += encrypter.feed()
# The cipher text is what you see in the wallet.dat files as Mkey followed by 48 bytes
# There are also Ckey's which hold the private spend keys for each address.
#######################################################################################
# Your master private key is now encrypted!!
#######################################################################################
# Decryption is the reverse process using the same wallet key and IV to process the ciphertext (Mkey)
# Decryption with AES-256-CBC
decrypter = pyaes.Decrypter(pyaes.AESModeOfOperationCBC(wallet_key, iv))
decryptedData = decrypter.feed(ciphertext)
decryptedData += decrypter.feed()
# The master key is now decrypted for all the world to see.
# Before we can spend any funds we need to decrypt the Ckeys which hold the private spend keys to the addresses.
# As you can see with no Ckey's, wallet recovery services cannot access your funds. It is safe to send Mkey ciphertext
# iteration count and salt but not the wallet itself as this has ALL the keys.
# ======================================================================================================================
# Now to decrypt a Ckey which holds the private spend key to an address. Here's one I made earlier.
# public address: 18sGovZjm83NhxXQb1bsxogCqXiYE5nXn7
ckey = binascii.unhexlify("316787cf83a3c9caeca2a2b20f0879edc2a8c60ed127453c00330d1ac009402d78eff292b03e588a3b858410ea2628ed")
public_key = binascii.unhexlify("027a098dbada15a831c66491cb20dee174d4971fdd9766a3b6c3dc64562cbb6524")
# Hash the public key twice
hash1 = hashlib.sha256(public_key).digest()
hash2 = hashlib.sha256(hash1).digest()
# The IV to the private key is the first 16 bytes of the hash result.
pk_iv = hash2[0:16]
# Decrypt the ciphertext Ckey with the master key and IV
decrypter = pyaes.Decrypter(pyaes.AESModeOfOperationCBC(decryptedData, pk_iv))
decryptedckey = decrypter.feed(ckey)
# The plain text 32 byte raw key is now visible to the world!
# You can put the key into one of the online services and see the result is the compressed public address above.
# Display results
def printData(text, data):
print(text + "(hex) :" + data.hex())
print("Password ", pw_txt)
printData("SHA512 ", hash512)
printData("Wallet Key ", wallet_key)
printData("16 bytes IV ", iv)
printData("Encrypting ", mkey)
printData("Ciphertext ", ciphertext)
# Decrypted data
printData("Master key ", decryptedData)
# Ckey output
printData("\nCkey :", ckey)
printData("Public Double hash :", hash2)
printData("PK IV :", pk_iv)
printData("Private Key :", decryptedckey)
printData("to public Key :", public_key)
# If you have found this useful please consider a small BTC tip to bc1qg82720gvdyvnc3jycnun348fhs3qam44nsmeqm
I am trying to get the code to run on my humble GEFORCE 1060
I have made etar's modifications and get this.
CUDA devices: 1, CUDA driver/runtime: 12.2/12.0
GPU 0: NVIDIA GeForce GTX 1060 6GB, 5.93 GB, 10 CUs, cap 6.1, PCI 83, L2 size: 1536 KB
Total GPUs for work: 1
BENCHMARK MODE
Solving point: Range 78 bits, DP 16, start...
SOTA method, estimated ops: 2^39.202, RAM for DPs: 0.547 GB. DP and GPU overheads not included!
Estimated DPs per kangaroo: 157.013.
GPU 0, cuSetGpuParams failed: invalid argument!
GPU 0 Prepare failed
GPUs started...
BENCH: Speed: 125829 MKeys/s, Err: 0, DPs: 0K/9646K, Time: 0d:00h:00m, Est: 0d:00h:00m
How can I fix the GPU 0, cuSetGpuParams failed: invalid argument! error?
Thank you.
I have made etar's modifications and get this.
CUDA devices: 1, CUDA driver/runtime: 12.2/12.0
GPU 0: NVIDIA GeForce GTX 1060 6GB, 5.93 GB, 10 CUs, cap 6.1, PCI 83, L2 size: 1536 KB
Total GPUs for work: 1
BENCHMARK MODE
Solving point: Range 78 bits, DP 16, start...
SOTA method, estimated ops: 2^39.202, RAM for DPs: 0.547 GB. DP and GPU overheads not included!
Estimated DPs per kangaroo: 157.013.
GPU 0, cuSetGpuParams failed: invalid argument!
GPU 0 Prepare failed
GPUs started...
BENCH: Speed: 125829 MKeys/s, Err: 0, DPs: 0K/9646K, Time: 0d:00h:00m, Est: 0d:00h:00m
How can I fix the GPU 0, cuSetGpuParams failed: invalid argument! error?
Thank you.
⭐ Merited by vapourminer (1)
Try this.
DO NOT USE YOUR WORDS ONLINE.
Download the web page and use it offline. See offline usage at the bottom of the file.
https://iancoleman.io/bip39/
Try all the derivation paths and enter the addresses (Only) in a blockchain explorer online
Given the age of your wallet it will start with a 1 e.g 1LqfqqrPp6pASY5kNbVseawXiEnZP8QfC9
If you find one with a balance, its yours.
Good luck
DO NOT USE YOUR WORDS ONLINE.
Download the web page and use it offline. See offline usage at the bottom of the file.
https://iancoleman.io/bip39/
Try all the derivation paths and enter the addresses (Only) in a blockchain explorer online
Given the age of your wallet it will start with a 1 e.g 1LqfqqrPp6pASY5kNbVseawXiEnZP8QfC9
If you find one with a balance, its yours.
Good luck
this is a good explanation with some code for you to play with
https://medium.com/@yashschandra/anatomy-of-a-pem-file-727f1690df18
https://medium.com/@yashschandra/anatomy-of-a-pem-file-727f1690df18
It might be from this..
https://login.blockchain.com/wallet/forgot-password
try entering your 8 words and see what happens.
https://login.blockchain.com/wallet/forgot-password
try entering your 8 words and see what happens.
Here are your options.
I am sure more mathematically minded people can offer alternate arrangements.
Code:
def extended_gcd(aa, bb):
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient*x, x
y, lasty = lasty - quotient*y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)
def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
# Control
# R = 0x00d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
# S = 0x0044e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
# Z = 0x00c0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
# X = 0x00c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96
# K = 0x007a1a7e52797fc8caaa435d2a4dace39158504bf204fbe19f14dbb427faee50ae
R = 0x007e6a9ba2cb33641246c5eb873d4ac35c6c9b0e24414789197e7ab7a1755c03e3
S = 0x00f5e5d215c56968f04f950044f89e056d8f7d637af698671d003e5be5f36c80c8
Z = 0x00a9327aba1cbc6180ef2ccd7263f9cccee589c6470c9bd0be27775e4339917daa
X = 0x00b468ebc8d97677f6fa98a2c5c1b55d5249632b655f1a9ac46736f4cfa7b7c12f
K = 0x0023f930da5ee9fd50a92fbb690803f799819647c800d173ffae062699fe59ae22
# proving R = (((S * K) - Z) / X) % N
print('R ' + hex((((S * K) - Z) * modinv(X, N)) % N))
# proving S = ((Z + (X * R)) / K) % N
print('S ' + hex(((Z + (X * R)) * modinv(K, N)) % N))
# proving Z = ((S * K) - (X * R)) % N
print('Z ' + hex(((S * K) - (X * R)) % N) + '\n')
# proving X = (((S * K) - Z) / R) % N
print('X ' + hex((((S * K) - Z) * modinv(R, N)) % N))
# proving K = ((Z + (X * R)) / S) % N
print('K ' + hex(((Z + (X * R)) * modinv(S, N)) % N) + '\n')
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient*x, x
y, lasty = lasty - quotient*y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)
def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
# Control
# R = 0x00d47ce4c025c35ec440bc81d99834a624875161a26bf56ef7fdc0f5d52f843ad1
# S = 0x0044e1ff2dfd8102cf7a47c21d5c9fd5701610d04953c6836596b4fe9dd2f53e3e
# Z = 0x00c0e2d0a89a348de88fda08211c70d1d7e52ccef2eb9459911bf977d587784c6e
# X = 0x00c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96
# K = 0x007a1a7e52797fc8caaa435d2a4dace39158504bf204fbe19f14dbb427faee50ae
R = 0x007e6a9ba2cb33641246c5eb873d4ac35c6c9b0e24414789197e7ab7a1755c03e3
S = 0x00f5e5d215c56968f04f950044f89e056d8f7d637af698671d003e5be5f36c80c8
Z = 0x00a9327aba1cbc6180ef2ccd7263f9cccee589c6470c9bd0be27775e4339917daa
X = 0x00b468ebc8d97677f6fa98a2c5c1b55d5249632b655f1a9ac46736f4cfa7b7c12f
K = 0x0023f930da5ee9fd50a92fbb690803f799819647c800d173ffae062699fe59ae22
# proving R = (((S * K) - Z) / X) % N
print('R ' + hex((((S * K) - Z) * modinv(X, N)) % N))
# proving S = ((Z + (X * R)) / K) % N
print('S ' + hex(((Z + (X * R)) * modinv(K, N)) % N))
# proving Z = ((S * K) - (X * R)) % N
print('Z ' + hex(((S * K) - (X * R)) % N) + '\n')
# proving X = (((S * K) - Z) / R) % N
print('X ' + hex((((S * K) - Z) * modinv(R, N)) % N))
# proving K = ((Z + (X * R)) / S) % N
print('K ' + hex(((Z + (X * R)) * modinv(S, N)) % N) + '\n')
I am sure more mathematically minded people can offer alternate arrangements.
I think john the ripper is the right tool also. Have a look at this.
https://countuponsecurity.com/wp-content/uploads/2016/09/jtr-cheat-sheet.pdf
There are many sites you can download rule sets from.
https://countuponsecurity.com/wp-content/uploads/2016/09/jtr-cheat-sheet.pdf
There are many sites you can download rule sets from.
⭐ Merited by PowerGlove (1)
Thank you. 
That was the issue which is now resolved.
It compiled and ran first time.
That was the issue which is now resolved.
It compiled and ran first time.
I am trying to compile this code
https://github.com/iceland2k14/KeyHunt-Cuda
but it will only compile without cuda support the error message is
./KeyHunt -l
GPU code not compiled, use -DWITHGPU when compiling.
However I can see it happening. A lot of output ending with
g++ -DWITHGPU -m64 -mssse3 -Wno-write-strings -O2 -I. -I/usr/local/cuda/include -o obj/GmpUtil.o -c GmpUtil.cpp
g++ -DWITHGPU -m64 -mssse3 -Wno-write-strings -O2 -I. -I/usr/local/cuda/include -o obj/CmdParse.o -c CmdParse.cpp
Making KeyHunt...
It works in cpu mode.
VanitySearch and kangaroo from JLP both compile with gpu support.
Any ideas please??
https://github.com/iceland2k14/KeyHunt-Cuda
but it will only compile without cuda support the error message is
./KeyHunt -l
GPU code not compiled, use -DWITHGPU when compiling.
However I can see it happening. A lot of output ending with
g++ -DWITHGPU -m64 -mssse3 -Wno-write-strings -O2 -I. -I/usr/local/cuda/include -o obj/GmpUtil.o -c GmpUtil.cpp
g++ -DWITHGPU -m64 -mssse3 -Wno-write-strings -O2 -I. -I/usr/local/cuda/include -o obj/CmdParse.o -c CmdParse.cpp
Making KeyHunt...
It works in cpu mode.
VanitySearch and kangaroo from JLP both compile with gpu support.
Any ideas please??
⭐ Merited by hugeblack (1)
Pubkey = 02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
puzzle #120
---
k1 = 0x00000000000000000000000000000000025d46d0bccbc08eafa03912b3f2c206
r1 = 0x890895144c4a40cd18126d1ce6534e03ab909c8c3692f1cc108fec8e2e4dea97
s1 = 0x51bc4ff0a414d66113e354a7070f47eba8ab76035e776ed2123c7d5ee991b800
z1 = 0xf11d940943f16b4117aea030d0b0cf7f6781e99f2babe05daa574a10b072bc44
k2 = 0x00000000000000000000000000000000029c9ececdceab18cfba91146e5ded7e
r2 = 0x2e772d6ea8cd5dc0b4f06a5f4e5ea057cb65b27a820acb0df711e2855052193f
s2 = 0x83e65d972d090e8d975e5ed99f55c9bbc20fcf692344cf847f3639f4ff026d63
z2 = 0x625ed03aa7e42bb1f65e5546861807a0a52fc52cb20a6b4bdc32b2028e70904b
k3 = 0x000000000000000000000000000000000141bf2eb7b3d7b7b5bbf78d4f28bcda
r3 = 0xb32f2f28d07cd0a9cc139905e1875379b9349fd21ccb838e380215afa5f26eac
s3 = 0x15d30ec6841a4e59bbb87bfc11ebf7cab78b5eb2e5ce742ebe7d07a060ebfc5b
z3 = 0x3677c07287e8742faf74b964476405f1f153466b26234b3461b268ee00676ce8
121 bit : 3 r,s,z use LLL_nonce_leakage.py , you can found private key about 1~2 second
What are the modifications to the LLL_nonce_leakage.py necessary to do this?
My output was
Code:
Fixed Nonce bits = 120 Minimum Signature Required = 3
###############################################################################
Pubkey: 02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
###############################################################################
Original Matrix
[[115792089237316195423570985008687907852837564279074904382605163141518161494337, 0, 0, 0], [0, 115792089237316195423570985008687907852837564279074904382605163141518161494337, 0, 0], [2467487001254455993260094658069538855875427230575473380664872814242199500527890086092853464270371686385869184249816116248601700397690358585592398162412910, -751681887687496519376062645086290988269867503556637724056603560423474193255164232026755956106024417782854651835316585599337402346461143524154025671989707, 7.52316384526264e-37, 0], [6032443261600613981788543854259123836926830336971803094527945402644254025612712542413636299653573823792930177014767562523084773905042649848397762714980344, 514759699049319332434416455458880129761050389688502952714638126953158121130186708055060830078576096772207625800998356728332240331389528116349768135785841, 0, 87112285931760246646623899502532662132736]]
k= 0x25d46d0bccbc08eafa03912b3f2c206
Generated private key = 0x565ae23651bb5c3141870c7ed367bd270c644ba7227c9975096d16f18ce2f1cd
k= 0x25d46d0bccbc08eafa03912b3f2c206
Generated private key = 0x565ae23651bb5c3141870c7ed367bd270c644ba7227c9975096d16f18ce2f1cd
k= 0x29c9ececdceab18cfba91146e5ded7e
Generated private key = 0x8652756d2bbbf9c014964e0ab7b150fe0b629646426f1172ec2fa2f005ce454d
k= 0x141bf2eb7b3d7b7b5bbf78d4f28bcda
Generated private key = 0x63577c3c016a76d9f81df9606b745bc30be3831923e30ca771f7b25694f9c679
So keys are being generated but not the right one! what am I doing wrong please?###############################################################################
Pubkey: 02ceb6cbbcdbdf5ef7150682150f4ce2c6f4807b349827dcdbdd1f2efa885a2630
###############################################################################
Original Matrix
[[115792089237316195423570985008687907852837564279074904382605163141518161494337, 0, 0, 0], [0, 115792089237316195423570985008687907852837564279074904382605163141518161494337, 0, 0], [2467487001254455993260094658069538855875427230575473380664872814242199500527890086092853464270371686385869184249816116248601700397690358585592398162412910, -751681887687496519376062645086290988269867503556637724056603560423474193255164232026755956106024417782854651835316585599337402346461143524154025671989707, 7.52316384526264e-37, 0], [6032443261600613981788543854259123836926830336971803094527945402644254025612712542413636299653573823792930177014767562523084773905042649848397762714980344, 514759699049319332434416455458880129761050389688502952714638126953158121130186708055060830078576096772207625800998356728332240331389528116349768135785841, 0, 87112285931760246646623899502532662132736]]
k= 0x25d46d0bccbc08eafa03912b3f2c206
Generated private key = 0x565ae23651bb5c3141870c7ed367bd270c644ba7227c9975096d16f18ce2f1cd
k= 0x25d46d0bccbc08eafa03912b3f2c206
Generated private key = 0x565ae23651bb5c3141870c7ed367bd270c644ba7227c9975096d16f18ce2f1cd
k= 0x29c9ececdceab18cfba91146e5ded7e
Generated private key = 0x8652756d2bbbf9c014964e0ab7b150fe0b629646426f1172ec2fa2f005ce454d
k= 0x141bf2eb7b3d7b7b5bbf78d4f28bcda
Generated private key = 0x63577c3c016a76d9f81df9606b745bc30be3831923e30ca771f7b25694f9c679
Perhaps you could upload your output for comparison/debugging. Thank you
Re: lightweight database, for brute force using publickeys-32Mk =3.81MB(secp256k1)
I wrote the both scripts:
create_database_arulbero.py
search_key_arulbero.py
parameters:
private key interval: from 1 to 2^32
keys stored: 2^32 / 2^7 = 2^25 (1 each 128)
bits for each key = 64
size of database: 257 MB
time to create the database: 3 min 55 s
time to find the private key of a single random public key in the db: 0.1 - 0.3 s
create_database_arulbero.py
search_key_arulbero.py
create_database_arulbero.py
search_key_arulbero.py
parameters:
private key interval: from 1 to 2^32
keys stored: 2^32 / 2^7 = 2^25 (1 each 128)
bits for each key = 64
size of database: 257 MB
time to create the database: 3 min 55 s
time to find the private key of a single random public key in the db: 0.1 - 0.3 s
create_database_arulbero.py
Code:
#!/usr/bin/env python3
# 2023/Dec/03, create_database_arulbero.py
import secp256k1 as ice
import sys
#############################################################################
# Set the number of public keys to generate
#############################################################################
start_key = 1
num_public_keys = 2**32 #(about 4 billions of keys)
bits_to_store = 64
bytes_to_store = bits_to_store//8
rate_of_key_to_generate = 2**20
rate_of_key_to_store = rate_of_key_to_generate
interval_to_generate = range(start_key, start_key + num_public_keys, rate_of_key_to_store)
interval_to_store = range(start_key,start_key + num_public_keys,rate_of_key_to_store)
binary_mode = 1
#############################################################################
if (binary_mode == 1):
f = open("public_keys_database.bin", "wb") #binary mode
########################################generation#############################################
public_keys=[]
public_keys_complete=list(map(ice.scalar_multiplication,interval_to_generate)) #generates the public keys complete
public_keys=list(map(lambda w: int(w[33-bytes_to_store:33].hex(),16),public_keys_complete)) #extract only the last bytes_to_store
########################################writing the db##########################################
for i in range(0,len(interval_to_store)):
f.write(public_keys[i].to_bytes(bytes_to_store,sys.byteorder)) #writes each key
f.close()
else:
f = open("public_keys_database.txt", "w")
#generation
public_keys=[]
for i in interval_to_generate:
P4 = ice.scalar_multiplication(i)
public_keys.append(P4[33-bytes_to_store:33].hex())
#writing the db
for i in range(0,len(interval_to_store)):
f.write(public_keys[i])
f.close()
# 2023/Dec/03, create_database_arulbero.py
import secp256k1 as ice
import sys
#############################################################################
# Set the number of public keys to generate
#############################################################################
start_key = 1
num_public_keys = 2**32 #(about 4 billions of keys)
bits_to_store = 64
bytes_to_store = bits_to_store//8
rate_of_key_to_generate = 2**20
rate_of_key_to_store = rate_of_key_to_generate
interval_to_generate = range(start_key, start_key + num_public_keys, rate_of_key_to_store)
interval_to_store = range(start_key,start_key + num_public_keys,rate_of_key_to_store)
binary_mode = 1
#############################################################################
if (binary_mode == 1):
f = open("public_keys_database.bin", "wb") #binary mode
########################################generation#############################################
public_keys=[]
public_keys_complete=list(map(ice.scalar_multiplication,interval_to_generate)) #generates the public keys complete
public_keys=list(map(lambda w: int(w[33-bytes_to_store:33].hex(),16),public_keys_complete)) #extract only the last bytes_to_store
########################################writing the db##########################################
for i in range(0,len(interval_to_store)):
f.write(public_keys[i].to_bytes(bytes_to_store,sys.byteorder)) #writes each key
f.close()
else:
f = open("public_keys_database.txt", "w")
#generation
public_keys=[]
for i in interval_to_generate:
P4 = ice.scalar_multiplication(i)
public_keys.append(P4[33-bytes_to_store:33].hex())
#writing the db
for i in range(0,len(interval_to_store)):
f.write(public_keys[i])
f.close()
search_key_arulbero.py
Code:
# 2023/Dec/03, arulbero_search_key.py
import secp256k1 as ice
import random
import sys
#############################################################################
# Set the number of public keys to generate
#############################################################################
start_key = 1
num_public_keys = 2**32
bits_to_store = 64
bytes_to_store = bits_to_store//8
rate_of_key_to_generate = 2**20
rate_of_key_to_store = rate_of_key_to_generate
split_database = 256 #read only a fraction of the database to speedup the finding of the string
interval_to_generate = range(start_key,start_key + num_public_keys, rate_of_key_to_store)
interval_to_store = range(start_key,start_key + num_public_keys,rate_of_key_to_store)
binary_mode = 1
#########################################################################################
#pk = 0x3243 = 12867
#P = ice.scalar_multiplication(12867)
#P="0x6800b#b8a9dffe1709ceac95d7d06646188c2cb656c09cd2e717ec67487ce1be3"
#############generates random private key and public key#################################
pk= random.randint(start_key, start_key + num_public_keys)
#pk=start_key + num_public_keys-1
P = ice.scalar_multiplication(pk)
print()
print("This is the public key: " + P[1:33].hex())
print("I need to find this private key: "+str(pk))
###################subtraction of : P - 1G, P - 2G, ..., P - rate_of_key*G################
substract_pub = ice.scalar_multiplication(1)
complete_pub= ice.point_loop_subtraction(rate_of_key_to_generate, P, substract_pub)
partial_pub=[] #need only the last bytes_to_store
P2=int(P[33-bytes_to_store:33].hex(),16).to_bytes(bytes_to_store,sys.byteorder)
partial_pub.append(P2)
for i in range(1,rate_of_key_to_store+1):
partial_pub.append(int(complete_pub[(i-1)*65+33-bytes_to_store:(i-1)*65+33].hex(),16).to_bytes(bytes_to_store,sys.byteorder))
################search in database##########################################################
num_bytes = num_public_keys*bytes_to_store//rate_of_key_to_store
size = num_bytes//split_database
s_partial_pub = set(partial_pub)
with open("public_keys_database.bin", 'r+b') as f:
#s=f.read()
for k in range(0, num_bytes, num_bytes//split_database):
f.seek(0,1)
partial_db = f.read(num_bytes//split_database)
l_partial_db = [partial_db[i:i + bytes_to_store] for i in range(0, size, bytes_to_store)]
s_partial_db = set(l_partial_db)
a = list(s_partial_db & s_partial_pub)
if (len(a)>0):
n = partial_db.find(a[0])
if n > -1:
print()
print("Private key found!!!")
private_key = (n+k)//bytes_to_store*rate_of_key_to_generate + partial_pub.index(a[0])+1
if(pk == private_key):
print("It is correct!!!")
else:
print("Collision!")
print(private_key)
P3 = ice.scalar_multiplication(private_key)
pub_key=P3[1:33].hex()
print((pub_key)[:])
f.close()
sys.exit(0)
print("string not found")
import secp256k1 as ice
import random
import sys
#############################################################################
# Set the number of public keys to generate
#############################################################################
start_key = 1
num_public_keys = 2**32
bits_to_store = 64
bytes_to_store = bits_to_store//8
rate_of_key_to_generate = 2**20
rate_of_key_to_store = rate_of_key_to_generate
split_database = 256 #read only a fraction of the database to speedup the finding of the string
interval_to_generate = range(start_key,start_key + num_public_keys, rate_of_key_to_store)
interval_to_store = range(start_key,start_key + num_public_keys,rate_of_key_to_store)
binary_mode = 1
#########################################################################################
#pk = 0x3243 = 12867
#P = ice.scalar_multiplication(12867)
#P="0x6800b#b8a9dffe1709ceac95d7d06646188c2cb656c09cd2e717ec67487ce1be3"
#############generates random private key and public key#################################
pk= random.randint(start_key, start_key + num_public_keys)
#pk=start_key + num_public_keys-1
P = ice.scalar_multiplication(pk)
print()
print("This is the public key: " + P[1:33].hex())
print("I need to find this private key: "+str(pk))
###################subtraction of : P - 1G, P - 2G, ..., P - rate_of_key*G################
substract_pub = ice.scalar_multiplication(1)
complete_pub= ice.point_loop_subtraction(rate_of_key_to_generate, P, substract_pub)
partial_pub=[] #need only the last bytes_to_store
P2=int(P[33-bytes_to_store:33].hex(),16).to_bytes(bytes_to_store,sys.byteorder)
partial_pub.append(P2)
for i in range(1,rate_of_key_to_store+1):
partial_pub.append(int(complete_pub[(i-1)*65+33-bytes_to_store:(i-1)*65+33].hex(),16).to_bytes(bytes_to_store,sys.byteorder))
################search in database##########################################################
num_bytes = num_public_keys*bytes_to_store//rate_of_key_to_store
size = num_bytes//split_database
s_partial_pub = set(partial_pub)
with open("public_keys_database.bin", 'r+b') as f:
#s=f.read()
for k in range(0, num_bytes, num_bytes//split_database):
f.seek(0,1)
partial_db = f.read(num_bytes//split_database)
l_partial_db = [partial_db[i:i + bytes_to_store] for i in range(0, size, bytes_to_store)]
s_partial_db = set(l_partial_db)
a = list(s_partial_db & s_partial_pub)
if (len(a)>0):
n = partial_db.find(a[0])
if n > -1:
print()
print("Private key found!!!")
private_key = (n+k)//bytes_to_store*rate_of_key_to_generate + partial_pub.index(a[0])+1
if(pk == private_key):
print("It is correct!!!")
else:
print("Collision!")
print(private_key)
P3 = ice.scalar_multiplication(private_key)
pub_key=P3[1:33].hex()
print((pub_key)[:])
f.close()
sys.exit(0)
print("string not found")
This code works very well as does the code on the OP's Github page.
Code:
2024-04-08 00:29:34.901 [P2P1] WARN net.dns src/common/dns_utils.cpp:519 WARNING: no two valid X-CASHPulse DNS checkpoint records were received
2024-04-08 00:29:35.541 [P2P3] INFO global src/cryptonote_protocol/cryptonote_protocol_handler.inl:372 [192.xxx.xxx.xx:18280 OUT] Sync data returned a new top block candidate: 800000 -> 1056090 [Your node is 256090 blocks (889 days) behind]
SYNCHRONIZATION started
2024-04-08 00:30:50.098 [P2P4] INFO global src/cryptonote_core/blockchain.cpp:4108 Could not get the list of current block verifiers
2024-04-08 00:30:50.098 [P2P4] INFO global src/cryptonote_core/blockchain.cpp:4268 Could not receive the blocks database hashes from the block verifiers
2024-04-08 00:31:14.415 [P2P4] INFO global src/cryptonote_core/blockchain.cpp:4108 Could not get the list of current block verifiers
2024-04-08 00:31:14.415 [P2P4] INFO global src/cryptonote_core/blockchain.cpp:4268 Could not receive the blocks database hashes from the block verifiers
2024-04-08 00:31:23.359 [P2P4] INFO global src/cryptonote_core/blockchain.cpp:4108 Could not get the list of current block verifiers
This is what I get with IP altered. I think there is only 1 node running so perhaps someone else could run one until sync?
Any ideas??