Topic: Collection of 18.509 found and used Brainwallets - page 12. (Read 31239 times)

Seems like a waste of time to use random BIP words, as the seed word generation process involves checks, and many randomly generated combinations will be invalid.

Plus, even with a list of valid word combinations, it's a fools game in terms of odds.

It took something like 3 weeks, on a leased 4 core Xeon server. Sorting and removing duplicates from 1TB+ of raw data presented some challenges.

Note that this table is not indexed in any way, it's just a text file with hashes. I use a custom filter program to check which of those precomputed hashes appear in a given blockchain. To go further and build a database that can watch for known addresses in real time would be quite a bit more complex, and would need a lot more than 0.9TB of disk space.


I disagree, which is why I qualified my above statement with "so long as you're doing this for fun". Imagine how many things have to go right when someone sends funds to a weak SHA256 brainwallet:

- The thief needs a fast connection with multiple peers so that his bot (hopefully) sees the funding transaction first.
- The thief needs a fast database server that is able to check the outputs of each new transaction, and if any addresses are known, return a private key (or keys), within a very short period of time.
- The thief needs to decide how much of a fee to pay for the sweep transaction, bearing in mind that someone else's bot may choose a higher fee to override the transaction. (This could end up being a race to the bottom.)
- The thief then needs his sweep transaction to be the one that propagates out to the majority of nodes (and more specifically, mining nodes) first.

I've probably missed other factors. This is not the sort of thing you can run on a $5/mo VPS. I don't think it would be worth it, but as I've stated in this thread earlier, maybe it's an ego thing.

How long did it take you to generate a rainbow table of this size? I'm just curious about the timescale (so hardware specs for reference would also be nice).

Sorry in case you already mentioned it upthread and I overlooked it.



Stealing brainwallets is probably still profitable though, as I assume that the running costs are close to nil once you've set up the infrastructure.

Hmm... what's the point of throwing randomly selected word sets at your address checker? The chances of matching a 12 word passphrase are essentially zero.

I think your size calcs may be off a bit, too. I pre-calculated the RMD160 values for all ASCII 1 to 5 character words, and the output is about 0.9TB in size. To increase to 6 characters would result in a file size about 95 times that (about 80TB) and to go up to 7 characters would result in an output of over 7000TB. And consider the amount of time needed to check 135 trillion entries.

That's one of the interesting things about SHA256 brainwallets (so long as you're doing this for fun) : it can be easy to find them, but it's also very, very hard.

I don't think there's really been any great detail discussed in this thread. This is not a plug and play Docker image that any script kiddie can have running in 30 seconds. Although the basic premise is simple, building a system that can efficiently check trillions of potential passphrases against hundreds of millions of active addresses is not a trivial task, and it's become more difficult as the blockchain grows. I've spent many hours developing custom tools, a lot longer than I probably should have, but this is a hobby, not a criminal business.

If I was driven by something besides geeky curiosity I probably never would have bothered. This is unlikely to be profitable for a criminal. It's not 2015 any more.

Security liabilities need to be discussed publicly, otherwise you have no basis for public discourse, awareness and improvement.

Note that this thread is about monitoring and documenting cases of brainwallet thefts, rather than stealing them.

While these thefts are happening regardless of whether threads like this exist, it may prevent some people from generating weak brainwallets and becoming victims themselves.

I have been running some scans like this I grabbed about 2TB of word lists for brain wallet hunting.

At the moment it is currently syncing up with bitcoin-abe into mysql database (taking forever)

I wrote a small python script to create seeds that can be piped into a seed checker as such.


Still buggy welcome any adaptation 



I have also been piping in random text like such


No results yet from random data.

From text word lists I have found around 500+ empty brain wallets so far most of which have already been published in the list.

I have been collecting hash160 addresses from the blockchain and have them in a bloom filter searching against the word list but still no results with a small sample space of hash160 at the moment.

I have also been testing with random hex being pushed to the brain wallet.


instead of creating the lists I am piping the output of the scan direct to the scanner which save on the disk space some what.

I would like to hash some lists of words I have then pipe the input to the scanner what would be the best method of hashing large passwords lists to a specific hash output?

Thanks





 

Hmm, maybe not. I've just found another $100(ish) transaction, and given that it was sent to the "toy" key 23 hex, it seems to be deliberate.

https://www.blockchain.com/btc/address/82e2f248afe732a2e5973600ca97a61fe3d240fd

Private key: 0000000000000000000000000000000000000000000000000000000000000023

Swept immediately, of course.

Another toy key (0000000000000000000000000000000000000000000000000000000000000d56) with not insignificant amounts recently sent to it: https://www.blockchain.com/btc/address/da681e4e2cd40b6ba6b1f6b4844b10219c7204b5

I have specifically checked BIP39, but since they're so simple the words are also covered by other databases, such as dictionary (web words, wikipedia words) and also 5 letter combos.

I personally think that someone misunderstood the difference between (local) wallet passwords, and SHA256 passwords, but we'll probably never know. It's a pity we can only speculate.

This is the only dictionary word I can recall that's had an appreciable amount sent to it. Everything else is just dust.

Interesting that "turn" is one of the 2048 BIP39 words. Wonder if someone got hopelessly confused between passwords and mnemonic seeds? Or if it's just really bad security and purely a coincidence?

Have you checked all the other BIP39 words at any point? Is there a pattern at all?

Another odd one which was swept last month:

https://www.blockchain.com/btc/address/45990fb9a0434d35607320d7b501938ea70f01c4

The password is the ultra-simple dictionary word "turn", so it's not surprising that it was stolen within minutes, however, 0.02854667 BTC is not exactly an amount you'd send just for fun. Perhaps it was someone new to BTC, who bought $100 worth, then withdrew to a "password protected" wallet without understanding what that meant.

Local wallet protected with password "turn" -> Despite password being incredibly weak, funds are still fairly secure.

SHA256 brainwallet protected with password "turn" -> Gone in 60 seconds.

It's pretty much a miracle that a passphrase like this went untouched for nearly 4 years.

Looking at how both the BTC and the BCH transaction where made in parallel within minutes, forwarding the coins to identical addresses on both chains, I get a feeling that automation may have been in play though -- the kind of automation that scans for brainwallets and steals them, unfortunately.

I've come up with various methods to generate candidate passphrases. In this instance, it was prepending and/or appending common password substrings such as "qwerty", "1234", years etc to a set of common phrases. Basically building all possible phrases from the contents of two distinct dictionaries.

I'm curious about how you came up with that phrase. Are you going through permutations of dictionary words (and years) or do you have a database of phrases and quotes, or something else?

My system is still finding the occasional SHA256 brainwallet. This wallet stands out because it held 1.7 BTC for nearly 4 years, until being emptied in February 2018:

https://www.blockchain.com/btc/address/00790d4c5ec89c0e30e1343a2eafc901ee136e9b

The equivalent balance on the Bitcoin Cash chain was also transferred out.

A substantial amount to have sitting in a SHA256 brainwallet through the bubble of 2017/2018. Hopefully the transfer was done by the rightful owner. Maybe cashing out as the downward spiral started?

The passphrase is "Thats what she said 1974"

I did do some basic testing using the default hash suite available in a standard PHP install. From memory, I found a few hits for key = sha256(md5(string)) hashes.

The standard brain wallet is generated by hashing a passphrase with SHA-256, but I wonder if there are private keys generated by using other hashes. Running a your search-space through RIPEMD-160 followed by one or more SHA-256 passes might generate some hits. I have no doubts that running your search-space through scrypt will generate some hits on Litecoin and its derivatives.

If anything, this thread shows definitively that no brain wallet based on any kind of memorized passphrase is safe.

Doing some research on other networks, it turns out there are four SHA256 brainwallet passphrases (those that I know of) which are common to all 3 of the Bitcoin, Litecoin, and Dogecoin blockchains. The first two are no surprise:

1.
2. correct horse battery staple

But the remaining two are odd:

3. 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG
4. 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG11

16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG is a valid Bitcoin address that has been used, it appears in the "sending to sha256 of blockchain data" pastebin, and is tagged "xsimple" on blockchain: https://www.blockchain.com/btc/address/16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG

As a SHA256 brainwallet passphrase on the Bitcoin blockchain it's not that odd - it's one of many - but why is that passphrase also being used for Dogecoin and Litecoin? And what does xsimple mean?

I guess that's the best way to confirm your bot works. Wouldn't be surprised if some of the funds sent to those addresses (and maybe even their mainnet counterparts) originated from the wallets of the bot authors.

I had a quick look at a few of the destination addresses and did note that one transaction sends everything to an address which has been reused multiple times, whereas the others use newly created addresses. So just like mainnet, it's possible there's two or more bots competing in order to sweep the funds first.


I did some basic dictionary checks and only found a few results (on mainnet) :

hello (4 rounds)
sender (2 rounds)
receiver (2 rounds)
my property (2 rounds)
dupa (1000 rounds)