Finding private key from torn QR and some characters?

eranglr

newbie

Activity: 47

Merit: 0

Quote from: MishaSER on January 29, 2021, 12:18:34 PM

Quote from: pooya87 on January 28, 2021, 01:36:23 AM

Quote from: eranglr on January 24, 2021, 02:31:09 PM

https://i.imgur.com/t27ZO3f.png

This is not a valid QR code, a valid one has the position boxes at 3 corners (top left, top right and bottom left). You have one at bottom right corner which shouldn't be there.
So this is either invalid or it is rotated 90 degrees clockwise or maybe it is mirrored horizontally. That means we already have 3 different possibilities.

The second problem is that if it is rotated or invalid, the mask pattern is missing which means we can not begin to decode the data that we already have if we don't have the "key" needed to decode it.
We could decode using all patterns which adds another 8 possibilities.

You're already missing a lot of characters, this also adds more cases to check increasing the complexity even more.

If you look closely at the original file and the file shown as an example, we will see that it is rotated 90 degrees clockwise.
https://i.ibb.co/FXTF7sJ/Screenshot-7.jpg

The QR is just rotated, no mirror or anything like that.

MishaSER

full member

Activity: 1050

Merit: 103

BIB Exchange

Quote from: pooya87 on January 28, 2021, 01:36:23 AM

Quote from: eranglr on January 24, 2021, 02:31:09 PM

This is not a valid QR code, a valid one has the position boxes at 3 corners (top left, top right and bottom left). You have one at bottom right corner which shouldn't be there.
So this is either invalid or it is rotated 90 degrees clockwise or maybe it is mirrored horizontally. That means we already have 3 different possibilities.

The second problem is that if it is rotated or invalid, the mask pattern is missing which means we can not begin to decode the data that we already have if we don't have the "key" needed to decode it.
We could decode using all patterns which adds another 8 possibilities.

You're already missing a lot of characters, this also adds more cases to check increasing the complexity even more.

If you look closely at the original file and the file shown as an example, we will see that it is rotated 90 degrees clockwise.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: eranglr on January 24, 2021, 02:31:09 PM

This is not a valid QR code, a valid one has the position boxes at 3 corners (top left, top right and bottom left). You have one at bottom right corner which shouldn't be there.
So this is either invalid or it is rotated 90 degrees clockwise or maybe it is mirrored horizontally. That means we already have 3 different possibilities.

The second problem is that if it is rotated or invalid, the mask pattern is missing which means we can not begin to decode the data that we already have if we don't have the "key" needed to decode it.
We could decode using all patterns which adds another 8 possibilities.

You're already missing a lot of characters, this also adds more cases to check increasing the complexity even more.

eranglr

newbie

Activity: 47

Merit: 0

Quote from: HeRetiK on January 27, 2021, 04:42:16 PM

Quote from: NotATether on January 27, 2021, 03:25:39 PM

Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

Why need the code for the proof at all? Usually the only proof those kind of Piñatas require is that the coins have been successfully moved out of the target address, no?

The code is for educational purposes, If there's a way to make sure that the solver will get the 0.1BTC only if he shares the code, then I'll be happy to hear suggestions.

HeRetiK

legendary

Activity: 3108

Merit: 2177

Playgram - The Telegram Casino

Quote from: NotATether on January 27, 2021, 03:25:39 PM

Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

Why need the code for the proof at all? Usually the only proof those kind of Piñatas require is that the coins have been successfully moved out of the target address, no?

eranglr

newbie

Activity: 47

Merit: 0

Quote from: NotATether on January 27, 2021, 03:25:39 PM

Quoting image for reference:

Quote from: eranglr on January 27, 2021, 08:17:48 AM

Quote from: HeRetiK on January 27, 2021, 07:48:21 AM

Quote from: eranglr on January 27, 2021, 07:23:31 AM

Quote from: ?? on ??

Quote from: eranglr on January 26, 2021, 07:20:55 PM

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you?

That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

Well, it's a game, but I would like to see the code.
Any idea for a trusted escrow?

Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

A9 is black, no information about the squares near it.
And there's also the private key available char (see post).

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quoting image for reference:

Quote from: eranglr on January 27, 2021, 08:17:48 AM

Quote from: HeRetiK on January 27, 2021, 07:48:21 AM

Quote from: eranglr on January 27, 2021, 07:23:31 AM

Quote from: ?? on ??

Quote from: eranglr on January 26, 2021, 07:20:55 PM

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you?

That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

Well, it's a game, but I would like to see the code.
Any idea for a trusted escrow?

Guys in this quote chain, why make it like we have to privately send the code to OP, when it can just be uploaded to Github as a public proof and so that future people can benefit from it?

I see no benefit in spending a lot of energy making something only to hide it from the public. Just look at how many threads that exist here offering bounties to decode/decrypt/unscramble/brute-force their private key and imagine how many less threads like those would be made if the existing problems were solved and the code made available.

eranglr

newbie

Activity: 47

Merit: 0

Quote from: HeRetiK on January 27, 2021, 07:48:21 AM

Quote from: eranglr on January 27, 2021, 07:23:31 AM

Quote from: ?? on ??

Quote from: eranglr on January 26, 2021, 07:20:55 PM

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you?

That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

Well, it's a game, but I would like to see the code.
Any idea for a trusted escrow?

HeRetiK

legendary

Activity: 3108

Merit: 2177

Playgram - The Telegram Casino

Quote from: eranglr on January 27, 2021, 07:23:31 AM

Quote from: ?? on ??

Quote from: eranglr on January 26, 2021, 07:20:55 PM

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

Oh, so you want to hire someone then to write this software for you?

That's quite different from "playing a game" because in that case you'd definitely need a trusted escrow.

eranglr

newbie

Activity: 47

Merit: 0

Quote from: ?? on ??

Quote from: eranglr on January 26, 2021, 07:20:55 PM

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

If you're serious about it, i would advice you to sign message with address which contain 0.1 BTC or use trusted escrow to attract people & edit title of this thread to attract of more people.

I agree, but how can I guarantee to also get the software?

eranglr

newbie

Activity: 47

Merit: 0

I wrote to Michel Sassano (https://www.freecodecamp.org/news/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433/).
He says that there might be enough information to decode the private key.

Let's play a game - I'm offering 0.1BTC to whoever comes up with decoding software for my attached photo.

eranglr

newbie

Activity: 47

Merit: 0

Quote from: ?? on ??

If you use different example where only half of the QR code is torn-off and it uses highest-level correction level (which is Level H where about 30% of data could be restored), there will be incentive to brute-force it if the private key holds lots Bitcoin.

Quote from: AGD on January 25, 2021, 02:29:56 AM

You may be able to get some additional information from that broken qr code

From the visible-part of the QR code, only half is about the data/content itself, at least according to https://en.wikipedia.org/wiki/File:QRCode-2-Structure.png. Definitely not enough to combine with some character and perform brute-force.

Yep, you're right.

eranglr

newbie

Activity: 47

Merit: 0

Quote from: AGD on January 25, 2021, 02:29:56 AM

You may be able to get some additional information from that broken qr code

This was my thought, but looking at the QR code, I don't think I can get more than say 3-4 additional characters.

AGD

legendary

Activity: 2070

Merit: 1164

Keeper of the Private Key

You may be able to get some additional information from that broken qr code

eranglr

newbie

Activity: 47

Merit: 0

Nice explanations, always fascinated by the power of cryptographic.

pooya87

legendary

Activity: 3472

Merit: 10611

It is impossible, not just because of the high number of missing characters but because those that do exist, you don't know their position either. What I mean is that in your example you don't know if there are 5, 6,... 10,... 15,... characters before "rKNxs" and similarly you don't know how many are after it. This means even if the number of characters you had was much less than this, you still wouldn't be able to find it because of the huge number of variations.

HeRetiK

legendary

Activity: 3108

Merit: 2177

Playgram - The Telegram Casino

With only 12 out of 51 characters known there's still slightly more than 192 bits left which in the case of ECDSA should still be more than enough.

Calculated based on the formula found here:
https://crypto.stackexchange.com/questions/80996/a-multi-target-attack-on-128-bit-ecdsa-private-keys

For n=192 we'd get roughly 2^(97 - 31 - 3 + 7) = 2^70 seconds of computing time with 8 cores @ 2.1 Ghz, which would be about 3 * 10^13 years which is a few orders of magnitudes longer than the age of the universe.

You could cut this down to a year by running about 3 * 10^13 machines of similar specs instead of just one tho

Upgrade00

legendary

Activity: 2114

Merit: 2248

Playgram - The Telegram Casino

I also do not think that information is enough to reveal the entire private keys of the address.
Only 12 characters are visible out of the 51, of which, the first two are easily predictable as it's common to a lot of addresses. I would assume, it should be impossible to find a valid sequence to satisfy the requirements and checks for a private key from that image.

eranglr

newbie

Activity: 47

Merit: 0

Edited: Offering 0.1BTC to whoever comes up with a decoding software for this, based on:
https://www.freecodecamp.org/news/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433/

For QR code module 33x33 like this example: https://i.imgur.com/t27ZO3f.png where the known characters of the example private key are:
5mLbK---------------------YAqS1---------------------8Q

Original post:

Is it possible to find out the private key from this example?
My thoughts are - not, because the QR doesn't provide enough information, but what do you think?

https://i.imgur.com/Qo1vWLw.png

Topic: Finding private key from torn QR and some characters? (Read 495 times)