Topic: Message hash (Read 343 times)

I think you must have been wrong ... since 2013 there are many scripts, bots, tools, etc... monitoring transactions 24/7 trying to find reused r values and other possible vulnerabilities to drain wallets https://bitcointalk.org/index.php?topic=271486.0/

But if you want to learn how to calculate reused r values and with the same private key  ... I'll show you in the simplest way possible.

Modular calculation with this p:115792089237316195423570985008687907852837564279074904382605163141518161494337.

(z1-z2) / (s1-s2) = the result will be the k value.

Now calculate this:

(s * k) - h) / r) = Private key

With different private keys ... many people say it is not possible, but some say it is possible with a linear equation.

Here in this forum they say that it is probably not possible;
https://crypto.stackexchange.com/questions/71764/is-it-safe-to-reuse-a-ecdsa-nonce-for-two-signatures-if-the-public-keys-are-diff

But last week I found a blog that shows a linear equation that the author says is possible to calculate the same r value for a different private key. I cleaned the history of my pc and I don't remember the name of the blog, but I will search again

There are some old addresses with some coins am planning to sweep, They have the same r values but different addresses in different transactions, is it possible? And can you approve this formula I got from this guy?  https://bitcointalksearch.org/topic/m.56634846

I understand your difficulty in learning ... I have been through this too.

Follow the steps in this image to calculate the RIPEMD - 160.



This great blog will help you with opcodes, bytes and create raw transactions;
https://klmoney.wordpress.com/bitcoin-dissecting-transactions-part-2-building-a-transaction-by-hand/

If you have any other questions ... feel free to ask.

Thanks man. I haven't understood clearly where you get the " RipeMD-160 614bd7ef80e1105fc86895d339eff49a9c56bdad a few more bytes and opcode ''

I will choose this TESTNET transaction to show you: https://tbtc.bitaps.com/ff948290ff332aed8f0e5d767118a02e8671578c6775a333bb4ee4d6ccfcf639/mpPQhMr2CuRn1AQJgCmcMhH8PgrYaKknSa

Click on the raw transaction option;


You will see this:


0100000001b9c222461de38f9fcdc121a47e27c5a08932232b00adc1e2c3fbfb55041b942201000 0006a4730440220503434f27f0d5dc23c01a5d2b2b2abb902e2816987515dafa619ffded8fc2ec6 02204c30c0b82c9afd623e140bf2d6badfa2f02414ef3ffc603e83f2f65a264ce2b801210355d77 643f9bbccde7a1f05d8fa72c0b6c53075cdc299753242320ef9c6611233ffffffff01905f010000 0000001976a914b95bfe11c932408ae44da26872b3c8cd5d61691a88ac00000000

Remove the code and bytes from the signature and the public key

0100000001b9c222461de38f9fcdc121a47e27c5a08932232b00adc1e2c3fbfb55041b942201000 0006a4730440220503434f27f0d5dc23c01a5d2b2b2abb902e2816987515dafa619ffded8fc2ec6022 04c30c0b82c9afd623e140bf2d6badfa2f02414ef3ffc603e83f2f65a264ce2b801210355d77643 f9bbccde7a1f05d8fa72c0b6c53075cdc299753242320ef9c6611233 ffffffff01905f0100000000001976a914b95bfe11c932408ae44da26872b3c8cd5d61691a88ac0 0000000


Place the RipeMD-160 614bd7ef80e1105fc86895d339eff49a9c56bdad a few more bytes and opcode

0100000001b9c222461de38f9fcdc121a47e27c5a08932232b00adc1e2c3fbfb55041b942201000 0001976a914614bd7ef80e1105fc86895d339eff49a9c56bdad88ac ffffffff01905f0100000000001976a914b95bfe11c932408ae44da26872b3c8cd5d61691a88ac0 000000001000000


Now access this site https://emn178.github.io/online-tools/sha256.html




0100000001b9c222461de38f9fcdc121a47e27c5a08932232b00adc1e2c3fbfb55041b942201000 0001976a914614bd7ef80e1105fc86895d339eff49a9c56bdad88acffffffff01905f0100000000 001976a914b95bfe11c932408ae44da26872b3c8cd5d61691a88ac0000000001000000


Second hash


DONE!
c340c9ece755e54bf99c34386eb8e19befd76cb3ddd5b47a4d52be65fea05b6d

That's such a broad question because computing that hash is a complicated process and depends on the output script type of the UTXO being spent and its sighash type.

For example for a legacy standard P2PKH output you can find the steps in [1], however there are some additional steps if there are more than one input[2] and they would be entirely different if the sighash type was NONE or SINGLE or any of them were marked by ANYONECANPAY.

In P2SH outputs the redeem script is used in step 6 in [1] instead of the pubkey script[3] only if it is legacy type, SegWit ones are different.

This all gets more complicated for non-standard scripts that may also need FindAndDelete!

After all of the above for the SegWit script types the process is completely different and can be found in [4].

We will soon have Schnorr and Taproot which would make it even more complicated.
You can always check out the source code, most of it is found in interpreter.cpp[5].

For now, start by reading these links to get the general idea and if you need more help about a specific script in a specific transaction then you can ask it specifically so we can focus on explaining how that particular one works.

[1] https://bitcoin.stackexchange.com/questions/32628/redeeming-a-raw-transaction-step-by-step-example-required
[2] https://bitcoin.stackexchange.com/questions/41209/how-to-sign-a-transaction-with-multiple-inputs
[3] https://bitcoin.stackexchange.com/questions/66197/step-by-step-example-to-redeem-a-p2sh-output-required
[4] https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki
[5] https://github.com/bitcoin/bitcoin/blob/master/src/script/interpreter.cpp

How can one calculate message hash [h] of a raw transaction?