Topic: [CLAIMED!] Bounty: 0.25 BTC. Find the Bitcoins hidden in plain sight. (Read 10177 times)
December 06, 2011, 09:19:53 PM
The easiest safe way I've found so far is through the http://bitaddress.org script. You can save a local copy and run it to generate the private keys on a disconnected PC + whatever other security measures you deem necessary.
December 06, 2011, 07:15:49 AM
This is a bad idea, I've searched the sha256 hashes of a number of words on google and someones already done it and made it public.
December 02, 2011, 05:56:14 AM
Who's code is http://bitcointools.appspot.com?
Is it your's, casascius, or Joric's?
Where can I get the source code?
Is it your's, casascius, or Joric's?
Where can I get the source code?
July 24, 2011, 07:51:47 AM
relevant http://bitcointools.appspot.com
Is this trustworthy? How do I know the private keys aren't secretly stored on the server?
.
You can't. I wouldn't have assumed it was meant to secure your 25000 BTC long-term, it's not even using HTTPS. Looks more like proof of concept to me. The value is there though, in that once the utility is realized by many, hopefully the feature will make it into the bitcoin client itself, then trust won't be quite an issue.
July 24, 2011, 12:52:25 AM
relevant http://bitcointools.appspot.com
Is this trustworthy? How do I know the private keys aren't secretly stored on the server?
.
July 22, 2011, 04:53:55 AM
relevant http://bitcointools.appspot.com
Nice! Doesn't like the Chinese characters though.
July 22, 2011, 12:49:35 AM
relevant http://bitcointools.appspot.com
July 15, 2011, 01:15:13 PM
How can I get a valid address from this private key with openssl without loading the bitcoin client?
If you use Windows I have published a program that does this
No I don't use Windows, and I'm trying to do it with built in unix commands.
Being able to create a valid wallet and receive bitcoins entirely offline with tools you already have installed seems like a pretty big deal.
j
[Edit:]
P.S. Plus it seems that if this is true, then "over the phone" bitcoin transactions should be possible in the future.
Search on the forums for a shell script called "BOTG" ("Bitcoins Off The Grid"). Someone has already put together such a thing that uses OpenSSL to do the key work.
July 15, 2011, 12:12:08 PM
How can I get a valid address from this private key with openssl without loading the bitcoin client?
If you use Windows I have published a program that does this
No I don't use Windows, and I'm trying to do it with built in unix commands.
Being able to create a valid wallet and receive bitcoins entirely offline with tools you already have installed seems like a pretty big deal.
j
[Edit:]
P.S. Plus it seems that if this is true, then "over the phone" bitcoin transactions should be possible in the future.
July 15, 2011, 12:05:37 PM
How can I get a valid address from this private key with openssl without loading the bitcoin client?
If you use Windows I have published a program that does this
July 15, 2011, 11:58:41 AM
Is it possible to do step 3 with openssl on the command line?
You can use the bash script commands here:
http://forum.bitcoin.org/index.php?topic=2461.msg35749#msg35749
To encode the private key, add those functions and run:
privkey=58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe
EncodeBase58 "80$privkey$(checksum "80$privkey")" && echo
July 15, 2011, 11:39:23 AM
Step-by-step guide to claiming coins, easy mode:
Step 1: Create a new bitcoin wallet.
Start bitcoin with a fresh wallet to keep from polluting your current wallet with these addresses. You can do this by temporarily moving your wallet.dat out of your bitcoin data directory, or by making bitcoin use a new data directory. The step is optional but highly recommended.
Step 2: Hash the string using SHA-256 to get the hex private key.
Go to http://www.xorbin.com/tools/sha256-hash-calculator and enter the string. For example, "Damnesia" gives "58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe". This is your private key in hexadecimal form.
Step 3: Convert the hex to base58 bitcoin private key format.
Go to http://blockexplorer.com/q/hashtoaddress/x/80 replacing "x" with the hex private key. This tells BBE to encode a bitcoin address of version 80, which is used for private keys. For our example above, we'd go to http://blockexplorer.com/q/hashtoaddress/58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe/80 . This gives us the encoded private key of "5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs".
Step 4: Import the private key into your bitcoin wallet.
If you can build or obtain a copy of bitcoin with sipa's importwallet, start bitcoind (or bitcoin -server) and run "bitcoin importkey y" where y is the base58-encoded private we just created. Now just wait for it to finish scanning the block chain for transactions. If you can't get a patched client, get Python and pywallet. Stop bitcoin altogether and run "python pywallet.py --importprivkey=y" where y is the base58-encoded private key. Run bitcoin -rescan.
Step 5: Send the coins to your main wallet.
Send yourself the coins so nobody else can claim them. Once you get a confirmation or two, the coins are yours and you can close bitcoin and switch back to your primary wallet. Have fun!
Step 1: Create a new bitcoin wallet.
Start bitcoin with a fresh wallet to keep from polluting your current wallet with these addresses. You can do this by temporarily moving your wallet.dat out of your bitcoin data directory, or by making bitcoin use a new data directory. The step is optional but highly recommended.
Step 2: Hash the string using SHA-256 to get the hex private key.
Go to http://www.xorbin.com/tools/sha256-hash-calculator and enter the string. For example, "Damnesia" gives "58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe". This is your private key in hexadecimal form.
Step 3: Convert the hex to base58 bitcoin private key format.
Go to http://blockexplorer.com/q/hashtoaddress/x/80 replacing "x" with the hex private key. This tells BBE to encode a bitcoin address of version 80, which is used for private keys. For our example above, we'd go to http://blockexplorer.com/q/hashtoaddress/58c00ef49f161ac94e40cde5106227e09a6dc1840cf601c877b48d9ccc7ebdbe/80 . This gives us the encoded private key of "5JVNazqC4JucAHUeRLhcqrbGFAro2CySd2ptDaDnPe18G9tmuAs".
Step 4: Import the private key into your bitcoin wallet.
If you can build or obtain a copy of bitcoin with sipa's importwallet, start bitcoind (or bitcoin -server) and run "bitcoin importkey y" where y is the base58-encoded private we just created. Now just wait for it to finish scanning the block chain for transactions. If you can't get a patched client, get Python and pywallet. Stop bitcoin altogether and run "python pywallet.py --importprivkey=y" where y is the base58-encoded private key. Run bitcoin -rescan.
Step 5: Send the coins to your main wallet.
Send yourself the coins so nobody else can claim them. Once you get a confirmation or two, the coins are yours and you can close bitcoin and switch back to your primary wallet. Have fun!
Is it possible to do step 3 with openssl on the command line?
(step 2 is 'echo -n "Damnesia" | openssl dgst -sha256', fyi)
How can I get a valid address from this private key with openssl without loading the bitcoin client?
July 15, 2011, 09:42:44 AM
I thought I'd give back to the community for the free 0.0785 BTC I got mucking around in python and have uploaded the source from my python script to github:
https://github.com/brendio/convertphrase
Note, that I don't really know what I'm doing, so use with care. It took me a while to work out how to use github and I'm still not sure I understand it.
https://github.com/brendio/convertphrase
Note, that I don't really know what I'm doing, so use with care. It took me a while to work out how to use github and I'm still not sure I understand it.
July 15, 2011, 09:30:39 AM
store that on "the cloud" somewhere if you're worried about losing it.
While I appreciate your point, I'll have to disagee.
The idea of "storing your wallet in the cloud" relies heavily on assumptions about current and/or future bitcoin users, which might not be met.
First of all, your idea assumes that a user can access the "cloud" or the net at anytime, anywhere at their will. Besides that, it also assumes that the user lives in a place with established infrastructure and reliable net access. We can go a step further and also assume that a cloud remains stable and the provider doesn't go bankrupt etc.
Encrypting the wallet like you describe is certainly the right choice for a number of users however, it also introduces additional layers, complexity and potential points of failure.
Having a private key stored in "my brain" and nowhere else gives one peace of mind in a way no other option can.
.
July 15, 2011, 09:01:32 AM
Quote
That is exactly it. Bends the mind a little bit the first time you here of such one-way functions. But the math is solid.
It is cool. You need a function that is destructive. The private key to address function must lose information so that it is not reversible.
Real world examples are plentiful. You can generate a unique hand from every person, but you can't generate a unique person from any hand.
Sam
July 15, 2011, 07:45:43 AM
Agreed. We urgently need a user-friendly import/export function in the client!
I'm sure it's coming. I've learned a lot compiling Bitcoin myself, though. Bitcoin is still very young, and still needs a lot of work to be completely usable by the masses.This is the most secure "wallet" there could possibly be. No no copies of wallet.dat, no encryption, no USB stick/paper/printing which can be lost, no malware which secretly steals my coins, no storage or bank vault, no life CD, no nothing! Just a simple passphrase I can remember. Since nothing is stored or written down anywhere this wallet concept is basically impossible to compromise.
The only flaw is that I might forget my passphrase, but I can still write hints/clues which can make my help remember while still being 100% secure. We need this.
The only flaw is that I might forget my passphrase, but I can still write hints/clues which can make my help remember while still being 100% secure. We need this.
I'm pretty sure that it'd be much more secure to have a completely random number for your private key (as Bitcoin does by default), encrypt that number with your passphase (such as say encrypting your wallet.dat with TrueCrypt as some people do now anyway), and store that on "the cloud" somewhere if you're worried about losing it. With the amount of hashing/computing power already in the hands of bitcoin enthusiasts, trying to hash all dictionary words and passphrases up to a few words and seeing if they're the private key to money in the chain is going to be a lot easier than needing to find wallets and brute force each one separately. My sense of scale may be deceiving me, but that's my intuition at least.
July 15, 2011, 05:38:56 AM
I was good until Step 4.
Agreed. We urgently need a user-friendly import/export function in the client!
This is the most secure "wallet" there could possibly be. No no copies of wallet.dat, no encryption, no USB stick/paper/printing which can be lost, no malware which secretly steals my coins, no storage or bank vault, no life CD, no nothing! Just a simple passphrase I can remember. Since nothing is stored or written down anywhere this wallet concept is basically impossible to compromise.
The only flaw is that I might forget my passphrase, but I can still write hints/clues which can make my help remember while still being 100% secure. We need this.
.
July 15, 2011, 05:02:16 AM
Donations for sharing that http://www.xorbin.com/tools/sha256-hash-calculator link can be given to 1Eeya8PUji6kFVwQYwgwrKvv7gHkk6GAdg that is now part of the Official Step by Step Guide btw.
Come on, this is on the first google results page. I didn't use that link because you posted about it, I actually found it myself. So your link didn't help me (I only read your post after taking the bounty). And I guess EricJ knows how to google as well.
Also, python for windows exists, so you could get a bounty even with a less developer friendly OS like windows.
July 15, 2011, 04:40:08 AM
Wahoo! Didn't see EricJ's post until after I made a claim a muck harder way, but glad to have learnt a bit along the way, even if it was a bit trial and error.
I have not programmed in Python before, but I thought is easier than C# for trying to muck around in since it doesn't need to be compiled. I made a copy of Joric's pywallet.py script and renamed it muckaround.py. I then added an option in def main() to take a string input.
Then I canabalised the section where pywallet normally writes the wallet file and replaced it with:
It took quite a bit of mucking around with various functions to get it right. I made quite a few different functions and had them print out the base 58 hash until I saw one that looked right.
I then imported it into a blank wallet with the original pywallet.py script. Checked the output addresses in block explorer to see there was still some bitcoin there and then fired up bitcoin with the -rescan option.
My method doesn't work for the Chinese version, since it comes up as "? ? ? ?" in the cmd window.
I have not programmed in Python before, but I thought is easier than C# for trying to muck around in since it doesn't need to be compiled. I made a copy of Joric's pywallet.py script and renamed it muckaround.py. I then added an option in def main() to take a string input.
Code:
parser.add_option("--b58encodestr", dest="keystr",
help="convert string to b58 key")
Then I canabalised the section where pywallet normally writes the wallet file and replaced it with:
Code:
#Take sha256 hash of key string
priv_key = hashlib.sha256(options.keystr).digest()
#Convert hash to bitcoin address
priv_key = SecretToASecret(priv_key)
print priv_key
It took quite a bit of mucking around with various functions to get it right. I made quite a few different functions and had them print out the base 58 hash until I saw one that looked right.
I then imported it into a blank wallet with the original pywallet.py script. Checked the output addresses in block explorer to see there was still some bitcoin there and then fired up bitcoin with the -rescan option.
My method doesn't work for the Chinese version, since it comes up as "? ? ? ?" in the cmd window.
July 15, 2011, 03:48:46 AM
Donations for sharing that http://www.xorbin.com/tools/sha256-hash-calculator link can be given to 1Eeya8PUji6kFVwQYwgwrKvv7gHkk6GAdg that is now part of the Official Step by Step Guide btw.
I think that is as close as I'll come to this shit still, those easy instructions are still too much lol. I was good until Step 4.
I think that is as close as I'll come to this shit still, those easy instructions are still too much lol. I was good until Step 4.
Jump to: