Author

Topic: Finding private key from torn QR and some characters? (Read 495 times)

newbie
Activity: 47
Merit: 0
This is not a valid QR code, a valid one has the position boxes at 3 corners (top left, top right and bottom left). You have one at bottom right corner which shouldn't be there.
So this is either invalid or it is rotated 90 degrees clockwise or maybe it is mirrored horizontally. That means we already have 3 different possibilities.

The second problem is that if it is rotated or invalid, the mask pattern is missing which means we can not begin to decode the data that we already have if we don't have the "key" needed to decode it.
We could decode using all patterns which adds another 8 possibilities.

You're already missing a lot of characters, this also adds more cases to check increasing the complexity even more.

If you look closely at the original file and the file shown as an example, we will see that it is rotated 90 degrees clockwise.
https://i.ibb.co/FXTF7sJ/Screenshot-7.jpg

The QR is just rotated, no mirror or anything like that.
full member
Activity: 1050
Merit: 103
BIB Exchange

This is not a valid QR code, a valid one has the position boxes at 3 corners (top left, top right and bottom left). You have one at bottom right corner which shouldn't be there.
So this is either invalid or it is rotated 90 degrees clockwise or maybe it is mirrored horizontally. That means we already have 3 different possibilities.

The second problem is that if it is rotated or invalid, the mask pattern is missing which means we can not begin to decode the data that we already have if we don't have the "key" needed to decode it.
We could decode using all patterns which adds another 8 possibilities.

You're already missing a lot of characters, this also adds more cases to check increasing the complexity even more.

If you look closely at the original file and the file shown as an example, we will see that it is rotated 90 degrees clockwise.
legendary
Activity: 3472
Merit: 10611

This is not a valid QR code, a valid one has the position boxes at 3 corners (top left, top right and bottom left). You have one at bottom right corner which shouldn't be there.
So this is either invalid or it is rotated 90 degrees clockwise or maybe it is mirrored horizontally. That means we already have 3 different possibilities.

The second problem is that if it is rotated or invalid, the mask pattern is missing which means we can not begin to decode the data that we already have if we don't have the "key" needed to decode it.
We could decode using all patterns which adds another 8 possibilities.

You're already missing a lot of characters, this also adds more cases to check increasing the complexity even more.
newbie
Activity: 47
Merit: 0
Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

Why need the code for the proof at all? Usually the only proof those kind of Piñatas require is that the coins have been successfully moved out of the target address, no?

The code is for educational purposes, If there's a way to make sure that the solver will get the 0.1BTC only if he shares the code, then I'll be happy to hear suggestions.
legendary
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

Why need the code for the proof at all? Usually the only proof those kind of Piñatas require is that the coins have been successfully moved out of the target address, no?
newbie
Activity: 47
Merit: 0
Quoting image for reference:

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you? Smiley That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

Well, it's a game, but I would like to see the code.
Any idea for a trusted escrow?

Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

A9 is black, no information about the squares near it.
And there's also the private key available char (see post).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Quoting image for reference:

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you? Smiley That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

Well, it's a game, but I would like to see the code.
Any idea for a trusted escrow?

Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.
newbie
Activity: 47
Merit: 0
Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you? Smiley That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

Well, it's a game, but I would like to see the code.
Any idea for a trusted escrow?
legendary
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you? Smiley That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.
newbie
Activity: 47
Merit: 0
Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?
newbie
Activity: 47
Merit: 0
I wrote to Michel Sassano (https://www.freecodecamp.org/news/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433/).
He says that there might be enough information to decode the private key.

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.
newbie
Activity: 47
Merit: 0
If you use different example where only half of the QR code is torn-off and it uses highest-level correction level (which is Level H where about 30% of data could be restored), there will be incentive to brute-force it if the private key holds lots Bitcoin.

You may be able to get some additional information from that broken qr code

From the visible-part of the QR code, only half is about the data/content itself, at least according to https://en.wikipedia.org/wiki/File:QRCode-2-Structure.png. Definitely not enough to combine with some character and perform brute-force.

Yep, you're right.
newbie
Activity: 47
Merit: 0
You may be able to get some additional information from that broken qr code



This was my thought, but looking at the QR code, I don't think I can get more than say 3-4 additional characters.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
You may be able to get some additional information from that broken qr code

newbie
Activity: 47
Merit: 0
Nice explanations, always fascinated by the power of cryptographic.
legendary
Activity: 3472
Merit: 10611
It is impossible, not just because of the high number of missing characters but because those that do exist, you don't know their position either. What I mean is that in your example you don't know if there are 5, 6,... 10,... 15,... characters before "rKNxs" and similarly you don't know how many are after it. This means even if the number of characters you had was much less than this, you still wouldn't be able to find it because of the huge number of variations.
legendary
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
With only 12 out of 51 characters known there's still slightly more than 192 bits left which in the case of ECDSA should still be more than enough.

Calculated based on the formula found here:
https://crypto.stackexchange.com/questions/80996/a-multi-target-attack-on-128-bit-ecdsa-private-keys

For n=192 we'd get roughly 2^(97 - 31 - 3 + 7) = 2^70 seconds of computing time with 8 cores @ 2.1 Ghz, which would be about 3 * 10^13 years which is a few orders of magnitudes longer than the age of the universe.

You could cut this down to a year by running about 3 * 10^13 machines of similar specs instead of just one tho
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
I also do not think that information is enough to reveal the entire private keys of the address.
Only 12 characters are visible out of the 51, of which, the first two are easily predictable as it's common to a lot of addresses. I would assume, it should be impossible to find a valid sequence to satisfy the requirements and checks for a private key from that image.
newbie
Activity: 47
Merit: 0
Edited: Offering 0.1BTC to whoever comes up with a decoding software for this, based on:
https://www.freecodecamp.org/news/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433/


For QR code module 33x33 like this example: https://i.imgur.com/t27ZO3f.png where the known characters of the example private key are:
5mLbK---------------------YAqS1---------------------8Q




Original post:

Is it possible to find out the private key from this example?
My thoughts are - not, because the QR doesn't provide enough information, but what do you think?


https://i.imgur.com/Qo1vWLw.png


Jump to: