Checking brainwallet - page 2. | Bitcointalksearch.org

PawGo

legendary

Activity: 952

Merit: 1386

Quote from: garlonicon on May 02, 2022, 12:05:18 PM

Quote

The main problem would be to compare generated hash160 against huge database of addresses

In this challenge, we all know that the brainwallet is on bc1qt2mdkehmphggajer3ur3g8l754scj4fdrmw3rn. I guess your software should also have an option to set destination address directly, without checking all funded wallets.

This is how it works now, just a check against around 15 addresses, it is not intended to hack the whole blockchain. Maybe in the future ;-)
As you said, testing against few thousands of possible addresses (or in fact against list of hash160), slows the process down a lot. Maybe some kind of trustful bloom filter could help, but for now it is not a real need for me.

garlonicon

copper member

Activity: 821

Merit: 1992

Quote

Currently I work on piece of software for someone who has lost access to his brainwallet.

I wonder if it could handle nullius brainwallet. I mean transaction 000000000fdf0c619cd8e0d512c7e2c0da5a5808e60f12f1e0d01522d2986a51. Because it is a brainwallet, I guess it could be just SHA-256("something"), then tweaked to get this low transaction hash. But I still don't know the answer.

Quote

The main problem would be to compare generated hash160 against huge database of addresses

In this challenge, we all know that the brainwallet is on bc1qt2mdkehmphggajer3ur3g8l754scj4fdrmw3rn. I guess your software should also have an option to set destination address directly, without checking all funded wallets.

PawGo

legendary

Activity: 952

Merit: 1386

Quote from: ABCbits on May 02, 2022, 06:57:31 AM

Quote from: LoyceV on May 02, 2022, 02:05:35 AM

Quote from: PrimeNumber7 on May 01, 2022, 03:34:16 PM

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

As @vjudeu said, you used un-optimized tool. You should use optimized tool such as hashcat. Even on single core VPS, i managed to get ~5000 kH/s.

Currently I work on piece of software for someone who has lost access to his brainwallet. He knows the way how to produce the phrase, but as it contains some (unknown) number, we must check many possible phrases. The list of potential addresses is very small (just a few), so it is not a factor which slows us down - it is rather priv->pub generation. Initial sha256 and later Hash160 are very fast. The main problem would be to compare generated hash160 against huge database of addresses (& of course generation for both compressed and uncompressed keys). At this stage of project we have speed 47Mkey on RTX 3060 and a little more than 100Mkeys on 3090 - but we are progressing every day Wink

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: LoyceV on May 02, 2022, 02:05:35 AM

Quote from: PrimeNumber7 on May 01, 2022, 03:34:16 PM

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

As @vjudeu said, you used un-optimized tool. You should use optimized tool such as hashcat. Even on single core VPS, i managed to get ~5000 kH/s.

vjudeu

copper member

Activity: 909

Merit: 2301

Quote

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

SHA256 is slow for you only because you probably used some unoptimized version. If you optimize it, you could reach 40-bit blocks on CPU. It is possible that even Satoshi had that power in 2009, because he started from 40 bits in pre-release version.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: MrFreeDragon on April 30, 2022, 03:41:31 PM

The only way to check your passphrases database is to compare the generated brain wallets with your local database (take it from daily blockchair dumps - https://gz.blockchair.com/bitcoin/addresses) or take from Loyce.

That assumes you'll find a funded Bitcoin address, which is unlikely. By checking against the full list of all Bitcoin addresses ever used, you may find brainwallets that have been used in the past.
I'm not sure if brainwallets were ever used for Segwit addresses.

Has anyone figured this out using bitcoin-tool? I've used it in the past, performance isn't bad, but the command line is quite complicated to get correct.

Quote from: PrimeNumber7 on May 01, 2022, 03:34:16 PM

you will need to use a hashing algorithm that can handle a sufficiently large number of items

I didn't expect SHA256 to be so slow. I just tested a simple bash loop, and get less than 1000 hashes per second. That won't scale well to 40 billion inputs.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

If all you need to do is check if a particular address has ever been used, you need to follow the following procedure:
*generate a set of all addresses that have ever received a transaction
*convert each brainwallet passphrase into a private key (which you will subsequently convert into an address)
*compare each tested address from the above step to the items in your set in step 1

The list of addresses that have ever received a transaction is very large, so you will need to use a hashing algorithm that can handle a sufficiently large number of items, or else your runtime will suffer.

Assuming there are no collisions in your above set, you should be able to compare each tested passphrase in O(1) time.

MrFreeDragon

sr. member

Activity: 443

Merit: 350

Quote from: zielar on April 26, 2022, 08:00:37 PM

-snip-

I was able to find https://github.com/j4rj4r/Bitcoin-Brainwallet-Bruteforce, but the checking speed is not entirely satisfactory (I know ... due to API limitations)

-snip-
Regards

You should not use API and check the wallets online. The only way to check your passphrases database is to compare the generated brain wallets with your local database (take it from daily blockchair dumps - https://gz.blockchair.com/bitcoin/addresses) or take from Loyce.

PawGo

legendary

Activity: 952

Merit: 1386

Ah, OK, so you want something really easy.
I did something like that for myself, just a reading lines from file and checking in local database of founded addresses.
If you want to check if it was founded any time in the past, it is just a matter of DB. Take from Loyce, whatever you want Wink

I may share the code or if you want I may modify it for you.
I have used postgresql local DB.

Code:

package wif;

import org.bitcoinj.core.Base58;
import org.bitcoinj.core.ECKey;
import org.bitcoinj.core.LegacyAddress;
import org.bitcoinj.core.NetworkParameters;
import org.bitcoinj.params.MainNetParams;
import java.io.*;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.*;
import java.util.Arrays;
import java.util.Date;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

public class Brain {

    static final NetworkParameters NETWORK_PARAMETERS = MainNetParams.get();
    static final int STATUS_PERIOD = 1000*60*1;
    static MessageDigest messageDigest;
    static Statement statement;

    static boolean RESULT = false;

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IOException, InterruptedException {

        db();

        messageDigest = MessageDigest.getInstance("SHA-256");
        String filename=args[0];
        int skip = 0;
        if (args.length>1){
            skip = Integer.valueOf(args[1]);
        }
        FileReader fileReader = null;
        try {
            fileReader = new FileReader(filename);
        } catch (FileNotFoundException e) {
            System.err.println("not found: " + filename);
            System.exit(-1);
        }
        long count = 0;
        long start = 0;
        System.out.println("Brain start");
        try {
            BufferedReader bufferReader = new BufferedReader(fileReader);
            String line;
            //test
            System.out.println(checkAddressDatabase("16jY7qLJnxb7CHZyqBP8qca9d51gAjyXQN"));
            while ((line = bufferReader.readLine()) != null) {
                if (line.trim().isEmpty()){
                    continue;
                }
                count++;
                if (skip>0){
                    if (count                        continue;
                    }
                    skip = 0;
                }
                test(line);
                test(line.toLowerCase());
                test(line.toUpperCase());
                if (line.endsWith(",")){
                    line=line.substring(0, line.length()-1);
                    test(line);
                    test(line.toLowerCase());
                    test(line.toUpperCase());
                }
                if (System.currentTimeMillis()-start > STATUS_PERIOD){
                    System.out.println("UP!"+count+" "+ line + " " + (new Date()));
                    start = System.currentTimeMillis();
                    count = 0;
                }
            }
        }catch (Exception e){
            System.err.println(e.getLocalizedMessage());
            System.exit(-1);
        }
        System.out.println("Brain end");
    }

    private static void db() {

        try{
            Connection connection = DriverManager.getConnection("jdbc:postgresql://localhost:5433/bitcoin", "postgres", "pass1234");
            System.out.println("Connected to PostgreSQL database!");
            statement = connection.createStatement();
        }catch (Exception e){
            System.out.println(e.getMessage());
            System.exit(-1);
        }
    }

    private static void test(String text) throws IOException, SQLException {
        messageDigest.update(text.getBytes("UTF-8"));
        ECKey ecKey = new ECKey(messageDigest.digest(), (byte[])null);
        String address = LegacyAddress.fromKey(NETWORK_PARAMETERS, ecKey).toString();
        System.out.println(address+":"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS));
        if (1==1){
            return;
        }
        if (checkAddressDatabase(address)){
            System.out.println(address);
            System.out.println(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            FileWriter myWriter = new FileWriter("brainResult.txt", true);
            myWriter.write(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            myWriter.close();
        }
        ecKey = PrivateKey.fromBase58(NETWORK_PARAMETERS, getCompressedWif(ecKey.getPrivateKeyAsHex())).getKey();
        address = LegacyAddress.fromKey(NETWORK_PARAMETERS, ecKey).toString();
        if (checkAddressDatabase(address)){
            System.out.println(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            FileWriter myWriter = new FileWriter("brainResult.txt", true);
            myWriter.write(text + "|" + ecKey.getPrivateKeyAsHex()+"|"+ecKey.getPrivateKeyAsWiF(NETWORK_PARAMETERS)+"|"+address);
            myWriter.write("\r\n");
            myWriter.close();
        }
    }

    private static String getCompressedWif(String hex){
        String string = "80"+hex+"01";
        byte[] digest = messageDigest.digest(hexStringToByteArray(string));
        String checksum  = bytesToHex(messageDigest.digest(digest)).substring(0,8);
        byte[] data = hexStringToByteArray(string + checksum);
        return Base58.encode(data);
    }

    private static boolean checkAddressDatabase(String address) throws SQLException {
        ResultSet resultSet = statement.executeQuery("SELECT balance FROM public.adress WHERE address='"+address+"'");
        while (resultSet.next()) {
            return true;
        }
        return false;
    }

    private static String bytesToHex(byte[] bytes) {
        StringBuffer result = new StringBuffer();
        for (byte b : bytes) result.append(Integer.toString((b & 0xff) + 0x100, 16).substring(1));
        return result.toString();
    }

    private static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                    + Character.digit(s.charAt(i+1), 16));
        }
        return data;
    }
}

COBRAS

member

Activity: 873

Merit: 22

$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk

Quote from: zielar on April 27, 2022, 09:21:10 PM

Quote from: PawGo on April 27, 2022, 12:59:13 PM

What performance do you expect to have?
Is it a big problem to launch program per gpu or you need something for many gpus at the same time?
How big address database do you expect to have?

I don't care that the GPU is necessarily involved. My point is simply to check my dictionary without my participation. I have 3GB of strings. I divided them into 3x 1GB each (I can even divide them into smaller ones) and I want each line to be ported as the brainwallet passphrase and to check if the addresses assigned to it (compressed, uncompressed, p2sh) were already in use. btcrecover is really efficient, but doesn't work as it should (ie points to empty addresses never used [don't know why?], stops when it finds the first valid line for it). This application gives 10 minutes to scan my 1GB file without the use of GPU, which is also not surprising, because the work I want to get is not a complicated calculation. Even if it were to take half a day - let it last ... as long as it works and after running the command -> for those half a day he created a file for me in which it will be
PHASE FROM MY GLOSSARY | WALLET WITH HISTORY | PRIVATEKEY

that's all... :-)

You find something ?

publick password list's reused in brutes many many times...

zielar

full member

Activity: 282

Merit: 114

Quote from: PawGo on April 27, 2022, 12:59:13 PM

What performance do you expect to have?
Is it a big problem to launch program per gpu or you need something for many gpus at the same time?
How big address database do you expect to have?

I don't care that the GPU is necessarily involved. My point is simply to check my dictionary without my participation. I have 3GB of strings. I divided them into 3x 1GB each (I can even divide them into smaller ones) and I want each line to be ported as the brainwallet passphrase and to check if the addresses assigned to it (compressed, uncompressed, p2sh) were already in use. btcrecover is really efficient, but doesn't work as it should (ie points to empty addresses never used [don't know why?], stops when it finds the first valid line for it). This application gives 10 minutes to scan my 1GB file without the use of GPU, which is also not surprising, because the work I want to get is not a complicated calculation. Even if it were to take half a day - let it last ... as long as it works and after running the command -> for those half a day he created a file for me in which it will be
PHASE FROM MY GLOSSARY | WALLET WITH HISTORY | PRIVATEKEY

that's all... :-)

PawGo

legendary

Activity: 952

Merit: 1386

What performance do you expect to have?
Is it a big problem to launch program per gpu or you need something for many gpus at the same time?
How big address database do you expect to have?

zielar

full member

Activity: 282

Merit: 114

Ultimately, btcrecover does not live up to expectations. The search ends when it finds the first address. Not only that - the first address found:

NOTE Brainwallet Found using UNCOMPRESSED address
Password found: 'yellowexcalib'

When I try to check the alleged phrase in the blockchain - both the uncompressed and compressed address NEVER had any transmission.
The --addr-limit option has no effect.
The --autosave option also doesn't work
Good concept, but I need credible results, and here both credibility comes out of nowhere? as well as talking about the results in the plural (and not just about the first result)

zielar

full member

Activity: 282

Merit: 114

Quote from: nc50lc on April 26, 2022, 11:24:59 PM

Try if BTCRecover is faster than that tool: github.com/3rdIteration/btcrecover

The command should look like this if you already have a list of possible passphrases:

Code:

btcrecover --brainwallet --addresses 18wASW... --passwordlist dictionary.txt

Thanks a lot.
Finally, I was able to use this tool and command

Code:

python btcrecover.py --brainwallet --passwordlist myfile.txt --addressdb addresses-BTC-2011-to-2021-03-31.db

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: pooya87 on April 26, 2022, 09:36:22 PM

Get bitcoin core's source code and modify the database part to create an additional index while saving each block where it stores any output that was used. It could be in form of a hash of the output script so that searching is simpler.
Fully sync by downloading and indexing the blockchain.
Run your code to hash each item in the dictionary to get the key then create the outputs and hash them to compare search within the database you created.

Grin

Alternatively run both Bitcoin Core and block explorer (such as mempool.space[1]) or Electrum server (such as Fulcrum[2]). After initial sync/indexing is done, you could write a script which read the dictionary, generate address and check address history on your own block explorer/Electrum server. If you decide to use Electrum server, you'll want to check Electrum protocol[3] to know how to get address history/balance.

[1] https://github.com/mempool/mempool
[2] https://github.com/cculianu/Fulcrum
[3] https://electrumx.readthedocs.io/en/latest/index.html

nc50lc

legendary

Activity: 2618

Merit: 6452

Self-proclaimed Genius

Try if BTCRecover is faster than that tool: github.com/3rdIteration/btcrecover

The command should look like this if you already have a list of possible passphrases:

Code:

btcrecover --brainwallet --addresses 18wASW... --passwordlist dictionary.txt

pooya87

legendary

Activity: 3472

Merit: 10611

Get bitcoin core's source code and modify the database part to create an additional index while saving each block where it stores any output that was used. It could be in form of a hash of the output script so that searching is simpler.
Fully sync by downloading and indexing the blockchain.
Run your code to hash each item in the dictionary to get the key then create the outputs and hash them to compare search within the database you created.

Grin

zielar

full member

Activity: 282

Merit: 114

Hello,

I am looking for an effective method to scan a large dictionary (about 1GB) in terms of checking the use of its phrases as a brainwallet. Of course, I don't think any of the phrases will contain anything else, but I am asking for statistical purposes on the basis of a private phrase database.
I was able to find https://github.com/j4rj4r/Bitcoin-Brainwallet-Bruteforce, but the checking speed is not entirely satisfactory (I know ... due to API limitations), but it also does not indicate any data on whether the phrase was used as a brainwallet at all times, and in general I have doubts as to whether the above script works.
It doesn't have to be in Python ... it could also be C, C ++

Regards

Topic: Checking brainwallet - page 2. (Read 875 times)