Author

Topic: BITCOIN Hacking University - Let's Begin (Read 414 times)

member
Activity: 182
Merit: 30
December 02, 2018, 10:53:32 PM
#8
By putting the bloom-filter on the GPU card, then you can check for millions of addresses on each cycle, and not just one specific address

When I say 'bloom-filter' I'm not talking of the simple python above, I'm talking about custom bloom filter C++ code that lives in the GPU-CORE, on 1060 you can have 512mb on 1070 1gb, on 1080 2gb,

512mb only supports a few 10's million before false positive goes astro
member
Activity: 182
Merit: 30
December 02, 2018, 10:51:36 PM
#7
i search for now with 5 GTX 1070 Cards with 600Mkey/s with Bitcrack the 58bit bounty.

My address list is 850k.

I have also a list with 42k addresses with a ffund of 50 BTC these are the addresses from 2009 and 2010 where the mining reward of 50 BTC goes to a wallet. The entry of the wallet means "NO TRANSAKTION NEW GENERATED Coins" so mabey when we have one pub key for that we can mine these blocks or something. There are 42k addresses and there are also 25 BTC addresses you know because The halfing after 4 years.

The deal is you have to run servers for all the bitcoin-clones as they're all using the same ECDSA sig algo so its possible to find 100's of millions of addresses that have been used to date,

It's important to have many huge > 32gb bloom filters that you can store info to show that you have the private-key for specific addresses, that have known to have value in the past,

It's important to run super-brain flayer so you can have a database of 10's of thousands of prior used brain-wallet keys, because this stuff does get used over&over
member
Activity: 182
Merit: 30
December 02, 2018, 10:47:36 PM
#6
Once an address database is built of all addresses, you also need to run a batch file ever 15 minutes to nab the current addresses from the current pool, this is where you can check against all new used addresses with value, and look back in your bloom filters to see if you already have the private-key for that address.

...

.sh shell script will follow for running this python, note it can also be ran by bitcoin, as they have a way to run batch scripts everytime there is a new block, but that is too late for hackers.


Here we use a bloom-filters for 'seen' addresses so we don't waste time on addresses that are already in our database, we're looking for new addresses, and we're looking for old addresses that we  have private-key that now have value.
...

cat get-mempool3.py

from bitcoinrpc.authproxy import AuthServiceProxy, JSONRPCException

from pybloom import BloomFilter

global sblf #make bloom filter globally available

from collections import Counter
#         dup = [k for k,v in Counter(sl).items() if v>1]

import base58

if __name__ == '__main__':

    rpc_user = "hacker"
    rpc_password = "system"
    #rpc_connection = AuthServiceProxy("http://%s:%[email protected]:8332" % (rpc_user, rpc_password), timeout=3000)
    rpc_connection = AuthServiceProxy("http://%s:%[email protected]:8332" % (rpc_user, rpc_password), timeout=3000)
    r = rpc_connection

    best_block_hash = rpc_connection.getbestblockhash()

    # dump current block count height

    blkcnt = rpc_connection.getblockcount()

    print("getblockcount = %s" % blkcnt)

    #    import pdb; pdb.set_trace()

    mplist=r.getrawmempool() # get list of all tx's in mempool

    mpe= r.getmempoolentry(mplist[0])

    BLMSIZ = 5120000

    # rblf  = BloomFilter(capacity=5120000, error_rate=0.001)
    import os.path
    if (os.path.exists('memorypool.blm')):
        with open("mempool.blm", "r") as myfile:
            sblf = BloomFilter.fromfile(myfile)
    else:
        sblf = BloomFilter(capacity=BLMSIZ, error_rate=0.001)

        with open("mempool.blm", "w") as myfile:
            sblf.add(mpe)  # mark memory pool entry in bloom filter
            sblf.tofile(myfile)

    # for all transactions in pool get the in/out address list
    alist=[]
    ie=iu=0
    i = 1
    for mpe in mplist:
       
        # may not be correct what if there is not yet a tx for this entry??
        seen = sblf.add(mpe) # mark as seen, if seen before skip work
        if seen and i > 1:
            print 'BLF SKIP', i, mpe
            continue

        if i%100==0:
            print "@ ", i,len(mplist)
        i = i +1
# sometimes the entry has already expired
        try:
            mptx= r.getmempoolentry(mpe)
        except:
            #print "MPTX Fail mpe", mpe
            ie = ie + 1
            pass

        if 'wtxid' in mptx  :
            txid = mptx['wtxid']
        else :
            continue

#        print 'MP txid,mptx', txid,mptx
#        print mptx.keys()

# sometimes the txid's in the memory pool are dead or bad, but study them all to learn
        try :
            tx = r.getrawtransaction(txid,True)
        except:
            iu = iu + 1
            #print "WTXID Fail txid/mptx", iu, txid, mptx

            #pass
            continue

        for o in tx['vout']:
            #for s in o['scriptPubKey']:
             if 'scriptPubKey' in o:
                s = o['scriptPubKey'] 
                if 'addresses' in s:
                    for a in s['addresses']:
                        alist.append(a)
                if 'depends' in s:
                    d = s['depends']
                    if len(d)>0:
                        print "DEPENDS", d

        with open('pending-mptx.txt', 'w' ) as fp:
            alist = set(alist) # get rid of duplicates
            #print len(a),a
            for a in alist:
                if len(a) == 34 or len(a) == 33: # a may already be a hash160 value
                    h = base58.b58decode(a).encode('hex')[2:42]
                    fp.write( "%s:%s\n" % ( a, h  ) )
                else :
                    print "ABNORMAL ADDR",len(a),a
                    h = a
                #fp.write( "%s:%s\n" % ( a, h  ) )
            alist=[] # clear list for next round

    print "ADDR Found", len(alist)
    print "Fail ie,iu,len(mplist)", ie, iu, len(mplist)
   

    # save current bloom filter to file

    with open("mempool.blm", "w") as myfile:
        sblf.tofile(myfile)  # close bloom-filter

'''        for i in tx['vin']:
            for s in i['scriptSig']:
                if 'addresses' in i:
                    for a in i['addresses']:
                        alist.append(a)
jr. member
Activity: 91
Merit: 3
December 03, 2018, 11:22:22 PM
#5
It's fairly clear here that BITCOIN needs people to hack BTC, to keep it strong, so its in the community interest to know what the hackers are doing, right?

There are people who are bored with the normal 'bitcoin' stuff, and want to take it to the next level, so I guess we move-along by question and answer stuff,

Probably should start with 'how do I collect my database of all addresses and their value', that should be done in python, and I will post the code.

The thing to remember is that everytime the  bitcoin source is updated, they modify the blockchain, which breaks parsers, so its important that your parser is hand-rolled, so that you always know that you can fix it, everytime btc is updated.

You run your parser once to get all the addresses, after you have another task that run's every 15 minutes that updates any new addresses.

Your going to need a 32gb system of ram, and at least one 4tb hard-disk preferrably many, I find its good to have a disk for each category, like

1.) private-key data base
2.) address database ( public-key hashed and not-hashed )
3.) password database - brainflayer text 2-4 tb of all known strings for all languages
4.) bloom-filter databases
5.) AI training database, containing 500 million or more priv/public-address pairs for training FFT, SVM, LSTM,...

You also need many or at least one GPU, for either breaking private keys ( super-gen ), using super-brainflayer, its preferrable to have 1060 or bigger, e.g. more than 3gb of ram, AMD is possible, but support seems to be better with CUDA

You need to be running FULL txindex servers for all the most common bitcoin-clones, including bitcoin, as your going to want at least 200 million or more public addresses for your search space

All the code is written in python, but common tasks are written in BASH, everything is LINUX ONLY, and the GPU stuff is all C++

Can you please post your code and description again?
jr. member
Activity: 91
Merit: 3
November 29, 2018, 05:06:08 PM
#4
i search for now with 5 GTX 1070 Cards with 600Mkey/s with Bitcrack the 58bit bounty.

My address list is 850k.

I have also a list with 42k addresses with a ffund of 50 BTC these are the addresses from 2009 and 2010 where the mining reward of 50 BTC goes to a wallet. The entry of the wallet means "NO TRANSAKTION NEW GENERATED Coins" so mabey when we have one pub key for that we can mine these blocks or something. There are 42k addresses and there are also 25 BTC addresses you know because The halfing after 4 years.
legendary
Activity: 1624
Merit: 2481
November 29, 2018, 03:23:32 AM
#3
1.) private-key data base
2.) address database ( public-key hashed and not-hashed )
3.) password database - brainflayer text 2-4 tb of all known strings for all languages
4.) bloom-filter databases
5.) AI training database, containing 500 million or more priv/public-address pairs for training FFT, SVM, LSTM,...

Point 1) to 4) are not related to 'hacking' at all.
You are basically relying on busted (publicly available) private keys OR bad RNG's to be used.

That's not an attack at all. That's exploiting bad software (used to generate private keys) / bad user habits.  This has NOTHING to do with the bitcoin network.


Point 5) is senseless. You can't train an AI (which is NOT some kind of magic machine) to 'crack' randomness.



You don't need university to achieve your goal

But if we were to find bitcoin vulnerability, IMO it's better to check other things (which more likely have vulnerability) such as :
1. CSPRNG used to generate seed
2. OP_CODES script
3. Value overflow/underflow
4. Transaction/script/block verification

This.

If you want to make BTC better (or steal BTC), search for vulnerabilities.

You probably got the best odds when searching for faulty implementation of clients which can be abused in any way.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 29, 2018, 03:16:49 AM
#2
You don't need university to achieve your goal

But if we were to find bitcoin vulnerability, IMO it's better to check other things (which more likely have vulnerability) such as :
1. CSPRNG used to generate seed
2. OP_CODES script
3. Value overflow/underflow
4. Transaction/script/block verification
member
Activity: 182
Merit: 30
November 29, 2018, 02:16:38 AM
#1
It's fairly clear here that BITCOIN needs people to hack BTC, to keep it strong, so its in the community interest to know what the hackers are doing, right?

There are people who are bored with the normal 'bitcoin' stuff, and want to take it to the next level, so I guess we move-along by question and answer stuff,

Probably should start with 'how do I collect my database of all addresses and their value', that should be done in python, and I will post the code.

The thing to remember is that everytime the  bitcoin source is updated, they modify the blockchain, which breaks parsers, so its important that your parser is hand-rolled, so that you always know that you can fix it, everytime btc is updated.

You run your parser once to get all the addresses, after you have another task that run's every 15 minutes that updates any new addresses.

Your going to need a 32gb system of ram, and at least one 4tb hard-disk preferrably many, I find its good to have a disk for each category, like

1.) private-key data base
2.) address database ( public-key hashed and not-hashed )
3.) password database - brainflayer text 2-4 tb of all known strings for all languages
4.) bloom-filter databases
5.) AI training database, containing 500 million or more priv/public-address pairs for training FFT, SVM, LSTM,...

You also need many or at least one GPU, for either breaking private keys ( super-gen ), using super-brainflayer, its preferrable to have 1060 or bigger, e.g. more than 3gb of ram, AMD is possible, but support seems to be better with CUDA

You need to be running FULL txindex servers for all the most common bitcoin-clones, including bitcoin, as your going to want at least 200 million or more public addresses for your search space

All the code is written in python, but common tasks are written in BASH, everything is LINUX ONLY, and the GPU stuff is all C++
Jump to: