[ANN] #takebobbysbitcoin Ballet REAL BITCOIN Wallets

YodasRedRocket

hero member

Activity: 687

Merit: 562

Nobody dies a virgin… Life fucks us all.

Quote from: Steeley on February 10, 2024, 09:58:15 PM

This challenge is great news. I personally love the Ballet Wallets and, in addition to storing some of my own stack on them, I use them to give Bitcoin to people (the cheaper ones). I think they should be mentioned more often in the public as "Best Wallets" on the market, but I never see them discussed in articles or on Reddit. I'm pulling for this to help with PR.

Also, the new coin wallet is cool. I am not buying it because it isn't really a collectible, but this is one of the items Ballet has put out that I have seen people mentioning in public. I'm hoping this new product will lead to some BTCC style limited versions in the future.

Agree! Ballet is next best after making your own keys ✊🏼

Steeley

sr. member

Activity: 1164

Merit: 268

Byzantine Generals' Problem solved,Prosperity Next

This challenge is great news. I personally love the Ballet Wallets and, in addition to storing some of my own stack on them, I use them to give Bitcoin to people (the cheaper ones). I think they should be mentioned more often in the public as "Best Wallets" on the market, but I never see them discussed in articles or on Reddit. I'm pulling for this to help with PR.

Also, the new coin wallet is cool. I am not buying it because it isn't really a collectible, but this is one of the items Ballet has put out that I have seen people mentioning in public. I'm hoping this new product will lead to some BTCC style limited versions in the future.

napros

newbie

Activity: 2

Merit: 0

I maybe a long way off or I could be very close, but some guidance would be fantastic.

I have been able to generate a few Intermediate Codes from the information provided for #2

The issue I am having is, do I continue along the same path or am I heading in the opposite direction to where I should be going.

From the BIP38 Passphrase I am able to get the Intermediate Code, from this I can generate a Bitcoin Address, Confirmation Code and Encrypted Private Key (but the Confirmation Code and the Bitcoin Address are not the same as what was given, do I spent days clicking "Generate" or am I doing something wrong and way off base.)

Thank you in advance for any help provided.

Gatorelf

sr. member

Activity: 845

Merit: 267

I believe you would need access to an AI infused Quantum computer running 24/7

Drawesome

full member

Activity: 224

Merit: 146

So we all agree that this isn't any puzzle or real challenge, but marketing. It's fun though, and I agree that these Ballet Wallets are a nice way to introduce a BTC paper money solution that's easy for people to use. A third party must be trusted, but I trust Bobby doesn't want to go to jail, and the system generating 2 entropies in different places is a fair enough security measure.

Just for fun, I'll share some calculations (let me know if I missed something):

About the first wallet (the second one is just as difficult as guessing any random wallet and makes no sense to be considered a game challenge at all):
He gives us for free the "-" characters, so we just need to guess 20 characters (uppercase and numbers) so we have 36^20 possible outcomes. In decimal, it is: 13367494538843734067838845976576 (1.34 * 10^31).
The nearest power of 2 is: 2^103 = 10141204801825835211973625643008 ("low" compared to the 2^256 of the second wallet)

Let's compute how many guesses per second we need to crack this wallet for sure in 10 years:

Code:

total_possibilities = 36**20
time_in_years = 10
time_in_seconds = time_in_years * 365 * 24 * 60 * 60
guesses_per_second = total_possibilities / time_in_seconds

print(f'Guesses per second needed: {guesses_per_second}')

Guesses per second needed: 4.2388047117084395e+22

Instead, to crack it on average within 10 years, we just divide by 2: 2.1194023558542198e+22 guesses per second.
I think Bobby can sleep well.

Quote from: krogothmanhattan on August 09, 2023, 03:14:35 PM

SO true it is indeed quite impossible to crack. I placed this stamp online in 2017 with an exposed public and private keys!

The private addy is BIP38 encrypted and the password must be over 100 characters as I just randomly punched the keyboard.

It was loaded with 0.02BTC and still is...nobody has every swept it!

In your case, the entropy from a human randomly punching keys might be easier to crack. I believe some methods could assist in guessing pseudo-random human keyboard punching, although 100 characters are quite a lot, haha. You can sleep well too!

krogothmanhattan

legendary

Activity: 2520

Merit: 3238

The Stone the masons rejected was the cornerstone.

Quote from: nomachine on August 09, 2023, 10:21:47 AM

To give you some perspective, with current technology, brute forcing a 20-character password with a mix of upper case letters, numbers, could take an incredibly long time, likely beyond the lifetime of the universe. No luck there at all. Grin

  SO true it is indeed quite impossible to crack. I placed this stamp online in 2017 with an exposed public and private keys!

   The private addy is BIP38 encrypted and the password must be over 100 characters as I just randomly punched the keyboard.

   It was loaded with 0.02BTC and still is...nobody has every swept it!

nomachine

member

Activity: 462

Merit: 24

To give you some perspective, with current technology, brute forcing a 20-character password with a mix of upper case letters, numbers, could take an incredibly long time, likely beyond the lifetime of the universe. No luck there at all. Grin

anonymousminer

legendary

Activity: 1456

Merit: 1242

be VERY careful... newbies posting code.... or anyone for that matter.... could be malicious.... i would not use it, but if you do... do it at your own risk.

STILL LIVE AFTER 3+ YEARS!! Just about $60k as i type this....

Good luck!

nomachine

member

Activity: 462

Merit: 24

rsincognito

copper member

Activity: 630

Merit: 113

Agree, im a big fan of Ballet, I hand them out loaded to my employees all the time , when a newbie holds a loaded ballet wallet during a bull run it creates and instant orange pill lol

Steeley

sr. member

Activity: 1164

Merit: 268

Byzantine Generals' Problem solved,Prosperity Next

Saying this for the first time. I have always thought Ballet is the best, easiest wallet to use and I give them to beginners because of this. However, I never mention this because of the fud I see anytime Ballet comes up (not here, but on other public places like Reddit, etc.). This hack challenge is a great idea and will give some concrete verification to the security when it comes up in the future.

crewchill

newbie

Activity: 5

Merit: 0

Code:

 import itertools
import sys
import string
import datetime
import scrypt
import threading
from binascii import unhexlify
from Crypto.Cipher import AES
from simplebitcoinfuncs import normalize_input, b58d, hexstrlify, dechex, privtopub, compress, pubtoaddress, b58e, multiplypriv
from simplebitcoinfuncs.ecmath import N
from simplebitcoinfuncs.hexhashes import hash256


def simple_aes_decrypt(msg, key):
    assert len(msg) == 16
    assert len(key) == 32
    cipher = AES.new(key, AES.MODE_ECB)
    msg = hexstrlify(cipher.decrypt(msg))
    while msg[-2:] == '7b':  # Can't use rstrip for multiple chars
        msg = msg[:-2]
    for i in range((32 - len(msg)) // 2):
        msg = msg + '7b'
    assert len(msg) == 32
    return unhexlify(msg)


def bip38decrypt(password, encpriv, outputlotsequence=False):
    password = normalize_input(password, False, True)
    encpriv = b58d(encpriv)
    assert len(encpriv) == 78
    prefix = encpriv[:4]
    assert prefix == '0142' or prefix == '0143'
    flagbyte = encpriv[4:6]
    if prefix == '0142':
        salt = unhexlify(encpriv[6:14])
        msg1 = unhexlify(encpriv[14:46])
        msg2 = unhexlify(encpriv[46:])
        scrypthash = hexstrlify(scrypt.hash(password, salt, 16384, 8, 8, 64))
        key = unhexlify(scrypthash[64:])
        msg1 = hexstrlify(simple_aes_decrypt(msg1, key))
        msg2 = hexstrlify(simple_aes_decrypt(msg2, key))
        half1 = int(msg1, 16) ^ int(scrypthash[:32], 16)
        half2 = int(msg2, 16) ^ int(scrypthash[32:64], 16)
        priv = dechex(half1, 16) + dechex(half2, 16)
        if int(priv, 16) == 0 or int(priv, 16) >= N:
            if outputlotsequence:
                return False, False, False
            else:
                return False
        pub = privtopub(priv, False)
        if flagbyte in COMPRESSION_FLAGBYTES:
            privcompress = '01'
            pub = compress(pub)
        else:
            privcompress = ''
        address = pubtoaddress(pub, '00')
        try:
            addrhex = hexstrlify(address)
        except:
            addrhex = hexstrlify(bytearray(address, 'ascii'))
        addresshash = hash256(addrhex)[:8]
        if addresshash == encpriv[6:14]:
            priv = b58e('80' + priv + privcompress)
            if outputlotsequence:
                return priv, False, False
            else:
                return priv
        else:
            if outputlotsequence:
                return False, False, False
            else:
                return False
    else:
        owner_entropy = encpriv[14:30]
        enchalf1half1 = encpriv[30:46]
        enchalf2 = encpriv[46:]
        if flagbyte in LOTSEQUENCE_FLAGBYTES:
            lotsequence = owner_entropy[8:]
            owner_salt = owner_entropy[:8]
        else:
            lotsequence = False
            owner_salt = owner_entropy
        salt = unhexlify(owner_salt)
        prefactor = hexstrlify(scrypt.hash(password, salt, 16384, 8, 8, 32))
        if lotsequence is False:
            passfactor = prefactor
        else:
            passfactor = hash256(prefactor + owner_entropy)
        if int(passfactor, 16) == 0 or int(passfactor, 16) >= N:
            if outputlotsequence:
                return False, False, False
            else:
                return False
        passpoint = privtopub(passfactor, True)
        password = unhexlify(passpoint)
        salt = unhexlify(encpriv[6:14] + owner_entropy)
        encseedb = hexstrlify(scrypt.hash(password, salt, 1024, 1, 1, 64))
        key = unhexlify(encseedb[64:])
        tmp = hexstrlify(simple_aes_decrypt(unhexlify(enchalf2), key))
        enchalf1half2_seedblastthird = int(tmp, 16) ^ int(encseedb[32:64], 16)
        enchalf1half2_seedblastthird = dechex(enchalf1half2_seedblastthird, 16)
        enchalf1half2 = enchalf1half2_seedblastthird[:16]
        enchalf1 = enchalf1half1 + enchalf1half2
        seedb = hexstrlify(simple_aes_decrypt(unhexlify(enchalf1), key))
        seedb = int(seedb, 16) ^ int(encseedb[:32], 16)
        seedb = dechex(seedb, 16) + enchalf1half2_seedblastthird[16:]
        assert len(seedb) == 48  # I want to except for this and be alerted to it
        try:
            factorb = hash256(seedb)
            assert int(factorb, 16) != 0
            assert not int(factorb, 16) >= N
        except:
            if outputlotsequence:
                return False, False, False
            else:
                return False
        priv = multiplypriv(passfactor, factorb)
        pub = privtopub(priv, False)
        if flagbyte in COMPRESSION_FLAGBYTES:
            privcompress = '01'
            pub = compress(pub)
        else:
            privcompress = ''
        address = pubtoaddress(pub, '00')
        try:
            addrhex = hexstrlify(address)
        except:
            addrhex = hexstrlify(bytearray(address, 'ascii'))
        addresshash = hash256(addrhex)[:8]
        if addresshash == encpriv[6:14]:
            priv = b58e('80' + priv + privcompress)
            if outputlotsequence:
                if lotsequence is not False:
                    lotsequence = int(lotsequence, 16)
                    sequence = lotsequence % 4096
                    lot = (lotsequence - sequence) // 4096
                    return priv, lot, sequence
                else:
                    return priv, False, False
            else:
                return priv
        else:
            if outputlotsequence:
                return False, False, False
            else:
                return False


def testPassword(pwd):
    try:
        if bip38decrypt(pwd, encryptedSecret) != False:
            pwdLenth = 22 + len(pwd)
            print("\n\n" + "#" * pwdLenth + "\n## PASSWORD FOUND: {pwd} ##\n".format(pwd=pwd) + "#" * pwdLenth + "\n")
            global flag
            flag = 1
    except:
        pass
    finally:
        td.release()


if __name__ == '__main__':
    COMPRESSION_FLAGBYTES = ['20', '24', '28', '2c', '30', '34', '38', '3c', 'e0', 'e8', 'f0', 'f8']
    LOTSEQUENCE_FLAGBYTES = ['04', '0c', '14', '1c', '24', '2c', '34', '3c']

    encryptedSecret = "6PnQmAyBky9ZXJyZBv9QSGRUXkKh9HfnVsZWPn4YtcwoKy5vufUgfA3Ld7"
        

    threadNum = 32

    pwdCharacters = string.ascii_uppercase + string.digits
    maxCombination = 20  
    maxLength = 23  
    positions = [4, 9, 14, 19]

    td = threading.BoundedSemaphore(int(threadNum))
    threadlist = []

    print(datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'))

    num = 0
    flag = 0
    for pwd in itertools.product(pwdCharacters, repeat=maxCombination):
        if flag == 1:
            break

        password = "".join(pwd)
        if len(password) <= int(maxLength):
            formatted_pwd = list(password)
            for pos in positions:
                formatted_pwd.insert(pos, '-')
            formatted_pwd = ''.join(formatted_pwd)

            num += 1
            msg = 'Test Password {num} , {password}'.format(num=num, password=formatted_pwd)
            sys.stdout.write('\r' + msg)
            sys.stdout.flush()
            td.acquire()
            t = threading.Thread(target=testPassword, args=(formatted_pwd,))
            t.start()
            threadlist.append(t)
    for x in threadlist:
        x.join()

    print(datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'))

if you're interested in finding the password for challenge #1, I'll leave a simple code here.this code will search for 36^20 combinations sequentially. good luck.

jl33213

newbie

Activity: 9

Merit: 0

Quote from: daburone on November 01, 2020, 04:25:13 AM

Quote from: MoparMiningLLC on October 31, 2020, 08:27:30 PM

no one is going to crack the passphrase for the one or the private key for the other - unless one of the workers has access but per Bobby all that data is deleted so that means no one is gonna get it.

But how do we know that one of the workers doesn't have it? Just because they didn't take it today or tomorrow.... It just confirms that they haven't gone rogue yet.

Nobody really knows. So far so good and let's hope it stays that way. But let's not put too much stock in these marketing gimmicks.

And 2BTC? Seriously? A reward for ants?

a reward for ants?? hell 1 btc would save my life rn lol :/

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Quote from: jl33213 on January 21, 2023, 06:37:48 PM

i sent u a email showing you where i tried the other passphrase u told me it was and it also didnt work. and i showed u how i got the intermediate code:)

I saw and that makes sense - however you still not use it to get the key.

jl33213

newbie

Activity: 9

Merit: 0

i sent u a email showing you where i tried the other passphrase u told me it was and it also didnt work. and i showed u how i got the intermediate code:)

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Quote from: jl33213 on January 21, 2023, 03:46:08 AM

i have found the confirmation code for the top one just dont know how to derive the bip38 passphrase from it with the privaye key. also i have scanned the qrs u posted and in app it lets me verify the wallet that u shared the passphrase on but it only works with the entropy of it if i try to vrify with whole passphrase it tells me its incorrect. can u follow up pls ty. could reallt use the btc rn have been trying hard as hell to crack both of these :/

based on the screen shot you sent me - you messed up part of the passphrase.

I would like to know how you came across the intermediate code.

jl33213

newbie

Activity: 9

Merit: 0

i have found the confirmation code for the top one just dont know how to derive the bip38 passphrase from it with the privaye key. also i have scanned the qrs u posted and in app it lets me verify the wallet that u shared the passphrase on but it only works with the entropy of it if i try to vrify with whole passphrase it tells me its incorrect. can u follow up pls ty. could reallt use the btc rn have been trying hard as hell to crack both of these :/

anonymousminer

legendary

Activity: 1456

Merit: 1242

Over 4.5 months and still going......

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Quote from: daburone on November 01, 2020, 04:25:13 AM

Quote from: MoparMiningLLC on October 31, 2020, 08:27:30 PM

no one is going to crack the passphrase for the one or the private key for the other - unless one of the workers has access but per Bobby all that data is deleted so that means no one is gonna get it.

But how do we know that one of the workers doesn't have it? Just because they didn't take it today or tomorrow.... It just confirms that they haven't gone rogue yet.

Nobody really knows. So far so good and let's hope it stays that way. But let's not put too much stock in these marketing gimmicks.

And 2BTC? Seriously? A reward for ants?

And for those with that concern there is the pro series - the real series are really just to get people started and should not be used as a permanent hodl location. I have heard Bobby say something similar.

Also worth noting no one has made a claim that their funds have been taking - this is same risk as a casa or lealana coin or any of the other prefunded or items with the private key already in place. You have to have trust for the maker

daburone

full member

Activity: 183

Merit: 111

Quote from: MoparMiningLLC on October 31, 2020, 08:27:30 PM

no one is going to crack the passphrase for the one or the private key for the other - unless one of the workers has access but per Bobby all that data is deleted so that means no one is gonna get it.

But how do we know that one of the workers doesn't have it? Just because they didn't take it today or tomorrow.... It just confirms that they haven't gone rogue yet.

Nobody really knows. So far so good and let's hope it stays that way. But let's not put too much stock in these marketing gimmicks.

And 2BTC? Seriously? A reward for ants?

Topic: [ANN] #takebobbysbitcoin Ballet REAL BITCOIN Wallets (Read 1505 times)