Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: p2sh Address Transactions (Read 92 times)

iceland2k14
jr. member
Activity: 37
Merit: 68
p2sh Address Transactions
January 09, 2025, 08:59:28 AM
#6
Quote from: NotATether on January 09, 2025, 04:28:51 AM
My question is how were how did their owners construct most of these transactions in the first place.

As you have guessed, i am sure most of these addresses must have been made through programming errors and testing purpose intentionally.

My take from this exercise is that script evaluation is keeping an extra layer of protection.

For example if you somehow collide with an address which was originally multisig maybe 11/19 thinking as super duper strong. But by brutefore and completely bypassing the entire slow EC maths and doing just HASH160 and base58 random bytes you can generate the required redeemscript and construct the Tx without even knowing privatkey. Much higher speed than Address bruteforce.

Although i know it's highly unlikely to get a 20 bytes collision but also even if we get collision, it's not sure whether the script evaluation will allow or discard such script.

BTW for P2[W]SH in my test i use very very simple, only with pubkey.
Code:
ice.pubkey_to_p2wsh_address(P)
'bc1qs4l2yq57cznm87ty22mmllscq08sqgsvf06ap9usaug0h0cxsuas9jzg6y'
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: p2sh Address Transactions
January 09, 2025, 04:28:51 AM
#5
My question is how were how did their owners construct most of these transactions in the first place.

As far as I know, there are still no good tools for constructing a P2[W]SH script, except for a handful of Python tools here and there, and I can't imagine the situation is any different from 10 years ago. So that means that they could have possibly be made by hand, which begs the question - have they thought to make a practical condition inside the scripts that would allow themselves to spend the funds later?
iceland2k14
jr. member
Activity: 37
Merit: 68
Re: p2sh Address Transactions
January 08, 2025, 01:15:04 AM
#4
Quote from: pooya87 on January 07, 2025, 10:53:15 PM
How did you find these?
I was experimenting purely from iterator side maths, as in the case of p2sh address the hash of the redeemscript is being matched with the script hash, so i started to check collision instead of the usual  Hash( privatekey -> pubkey -> Hash -> ), what if we randomly or sequentially generate a redeemscript which computes to the associated p2sh address. After your explanation it looks like script evaluation will invalidate this collision.

Quote
and moves on to popping the next value and interpret that as m which is 2 but m must be smaller than or equal to n which is not (2 > 0) so this script is also invalid and rejected.
Meaning these coins are also unspendable.

Thank you for your explanation. In simple terms, so it all depends on valid script evaluation and not just on on hash collision.
pooya87
legendary
Activity: 3472
Merit: 10611
Re: p2sh Address Transactions
January 07, 2025, 10:53:15 PM
#3
Quote from: iceland2k14 on January 07, 2025, 07:00:56 AM
There are many p2sh Addresses with non zero balance but they seems to be constructed via short weird RedeemScripts.
How did you find these?

Quote
So what is the way to make transactions from these Addresses. None of the usual tools seems to help.
You first have to understand what the redeem script is (evaluate it) and then if they were valid and possible to pass, you'd provide the rest of the signature script to complete the evaluation.

example:
Quote
Code:
Script=           0a    3EEBLnpqFMfq3cXVr1exShmWqPAG5oAyV8  Balance(sat):       10000
When interpreting 0a as a redeem script, we first read the first byte (0x0a == 10) that means a PushData10 operation which means there should be 10 more bytes in front of the 0x0a inside the redeem script but there are none. Meaning the interpreter fails here due to encountering an invalid script and that output becomes unspendable.

Quote
Code:
Script=       5200ae    3MiHYymaFeSj6B2oMQivWPgqhqHYmUyea3  Balance(sat):     1990000

For example I tried to Redeem from 3MiHYymaFeSj6B2oMQivWPgqhqHYmUyea3 to transfer to bc1q39meky2mn5qjq704zz0nnkl0v7kj4uz6r529at, but i don't understand how to build such a transaction manually.
Same situation here.
We first interpret the script 0x5200ae which is OP_2 OP_0 OP_CHECKMULTISIG and when this script is executed (push 2 to stack, then push 0 to the stack and then) the OP_CHECKMULTISIG pops first item to interpret as n which is 0 so it needs no public keys and moves on to popping the next value and interpret that as m which is 2 but m must be smaller than or equal to n which is not (2 > 0) so this script is also invalid and rejected.
Meaning these coins are also unspendable.

Quote
At this point i am not even sure if these address could be really redeemed or they are some burn address and lost permanently.
Well the address in the last quote section has received its first coins in 2015, if it were possible to steal them someone might have done it already Wink
mcdouglasx
member
Activity: 239
Merit: 53
New ideas will be criticized and then admired.
Re: p2sh Address Transactions
January 07, 2025, 12:01:29 PM
#2
This topic is a very good start both informative and interactive https://learnmeabitcoin.com/technical/script/p2sh/
iceland2k14
jr. member
Activity: 37
Merit: 68
Re: p2sh Address Transactions
January 07, 2025, 07:00:56 AM
#1
There are many p2sh Addresses with non zero balance but they seems to be constructed via short weird RedeemScripts. So what is the way to make transactions from these Addresses. None of the usual tools seems to help.

Code:
Script=           0a    3EEBLnpqFMfq3cXVr1exShmWqPAG5oAyV8  Balance(sat):       10000
Script=           50    3PHahUrQuAA7DPdVCxjCRhyqZPPxvjVa35  Balance(sat):        5500
Script=           62    335vs7pWNr6Yosk8PvaoAkCWSmRGgvn72F  Balance(sat):        5500
Script=           63    3MpTk145zbm5odhRALfT9BnUs8DB5w4ydw  Balance(sat):        5500
Script=           64    3MYX3Z9fUJqMfm7bDwWNgGeMj312Q3kKZD  Balance(sat):        5500
Script=           65    3DKpEBjm4JCwyFXQMPZg9rczARZnMeRNiX  Balance(sat):        5500
Script=           66    3Fr7Y4xyxY6Fe8HvuDfAyEShefKGrByYvL  Balance(sat):        5500
Script=           67    3JoWbxas1LpDQ4EZPrxWBMfnYtRVHQa1Ww  Balance(sat):        5500
Script=           68    3FWS8GFtCsi6zidCqKVHArUrGkbXbksyf5  Balance(sat):        5500
Script=           6a    37gsHDLSG5TJvApGfiUZDaDo9mSr6rjLv6  Balance(sat):       28038
Script=           6c    39MaWUAwpzxcLs5YSaFSizDj3n8XmweKpE  Balance(sat):        5500
Script=           7e    3G7DFJmd8468dLLWzqZH5WJ1voV8jPZpAd  Balance(sat):        5500
Script=           7f    3GkGzg7CJZWwWW7xYQXwc4cdukbZhB2Dtr  Balance(sat):        5500
Script=           80    3CeduThC5fC4HdASqUoPuynxWKDn8wjBpU  Balance(sat):        5500
Script=           81    343xt7mMqYKQYyeAkUi1BP6qsu7FTTdkng  Balance(sat):        5500
Script=           83    3Haezb7DC1cB1JXecr835odhRhxsAKcJHZ  Balance(sat):        5500
Script=           84    349gxj1SBXUJWY3PWdiFiEj9UsoRsaRoBg  Balance(sat):        5500
Script=           85    32hQXKMvQgcowmDxJXfyEuffUV33mvTq7P  Balance(sat):        5500
Script=           86    3ArF6c5UkS3UgsS725mHMVp61GGZn4uWSF  Balance(sat):        5500
Script=           89    37HudYz2nUmW42oNozREcsLLK8HFCLnK86  Balance(sat):        5500
Script=           8a    3AvK42upCy5oEFcPyJfHGDSR2DHfk6xunD  Balance(sat):        5500
Script=           8d    3CAsRBfTmX2KsCiMH9FzShQKqCUpDi3raY  Balance(sat):        5500
Script=           8e    3DzLpSds9KEgGD6fz4kwPZpT2tizdAe6QN  Balance(sat):        5500
Script=           95    3PwUJQmVdAf4F78xMsPwps7vTm4mvJ22AG  Balance(sat):        5500
Script=           96    3GKZzRnfs8XkJkbPKZxgiQEE7hyJDVq57K  Balance(sat):        5500
Script=           97    3AQiiQukNT5ZBVqxAdSV51rsDw9ULL6Cm8  Balance(sat):        5500
Script=           98    32vtDtQSypMokygR5pCsT9SyLmdtCfjykG  Balance(sat):        5500
Script=           99    3FABWECWUDnGcGadtyeAm5wu9ebKex1MxK  Balance(sat):        5500
Script=           fa    321FmDsgjk8EkAuFXpezkEdJHwSuXg5Epd  Balance(sat):        5500
Script=           fb    35xxZ8NFjKmj6QK9Evv2WDARvs7ET1TWL8  Balance(sat):        5500
Script=           fd    362pjVAXXdaigEsVqXjqyvPDYgFkv74j5p  Balance(sat):        5500
Script=           fe    3EevyX3dj22aWRQwF7YDHzArvsqkDG6peX  Balance(sat):        5500
Script=         5357    37paP4uTjmA4Pi85LG6CF9huift3Dw1kFT  Balance(sat):        7572
Script=         5358    34AvS3FUFCTmPxdNGNGGTJM82hrZAtVe56  Balance(sat):       35134
Script=       0e0020    3Dnnf49MfH6yUntqY6SxPactLGP16mhTUq  Balance(sat):     5000000
Script=       494e46    3GVNBg3RYR6N7xhUAQnm7vWyvUY8eSninM  Balance(sat):      150000
Script=       4f50ae    32i7B2MX4UJ2seDVp697ZwbrDwr1U3JGjD  Balance(sat):    10000000
Script=       5050ae    36V6V1hAPrpUCYpXwZME4b1XvKdTZ2sJGW  Balance(sat):       10000
Script=       5151ae    37iy592iNBLTPyF4y2iyxpacHsbvV48ZyZ  Balance(sat):        2000
Script=       5200ae    3MiHYymaFeSj6B2oMQivWPgqhqHYmUyea3  Balance(sat):     1990000
Script=       535353    3MowqKDY6zyiFMLLG7TWXREdMTtLekEFAK  Balance(sat):        3000

For example I tried to Redeem from 3MiHYymaFeSj6B2oMQivWPgqhqHYmUyea3 to transfer to bc1q39meky2mn5qjq704zz0nnkl0v7kj4uz6r529at, but i don't understand how to build such a transaction manually. Tried using the online https://bitaps.com/constructor and https://nubits.com/cointoolkit/#newTransaction options didn't helped.

At this point i am not even sure if these address could be really redeemed or they are some burn address and lost permanently.
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: