-version: software version
-list: list of bitcoin attacks
-tool: indicate the attack
-gpu: enable gpu
-time: work timeout
-server: server mode
-port: server port
-open: open file
-save: save file
-search: vulnerability search
-stop: stop at mode
-max: maximum quantity in mode
-min: minimum quantity per mode
-speed: boost speed for mode
-range: specific range
-crack: crack mode
-field: starting field
-point: starting point
-inject: injection regimen
-decode: decoding mode
"ATTACKSAFE SOFTWARE" includes all popular attacks on Bitcoin.
Let’s run a list of all attacks:
!./attacksafe -list
Let’s choose -tool: polynonce_attack
To get a specific HEXvalue R,S,Zfor the signature ECDSA, we previously added data RawTX through the utility echoto a text document and saved it as a file RawTX.txt
Thanks to the value on the secp256k1 curve from Hal Finney LAMBDA and BETA revealed to us the same initial bits 128 bits, since the initial bits of the private key to the Bitcoin Wallet begin withBinary number (4 digits): "1111" // Hex number: "F" //
Let’s check the HEX of the private key:
Install the modulebitcoin
!pip3 install bitcoin
Let’s run the code:
from bitcoin import *
with open("PrivateKey.txt","r") as f:
content = f.readlines()
content = [x.strip() for x in content]
f.close()
outfile = open("PrivateKeyAddr.txt","w")
for x in content:
outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")
outfile.close()
Thanks to the value on the secp256k1 curve from Hal Finney LAMBDA and BETA revealed to us the same initial bits 128 bits, since the initial bits of the private key to the Bitcoin Wallet begin withBinary number (4 digits): "1111" // Hex number: "F" //
Let’s check the HEX of the private key:
Let’s run the code:
from bitcoin import *
with open("PrivateKey.txt","r") as f:
content = f.readlines()
content = [x.strip() for x in content]
f.close()
outfile = open("PrivateKeyAddr.txt","w")
for x in content:
outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")
outfile.close()
Thanks to the value on the secp256k1 curve from Hal Finney LAMBDA and BETA revealed to us the same initial bits 128 bits, since the initial bits of the private key to the Bitcoin Wallet begin withBinary number (4 digits): "1111" // Hex number: "F" //
Let’s check the HEX of the private key:
Let’s run the code:
from bitcoin import *
with open("PrivateKey.txt","r") as f:
content = f.readlines()
content = [x.strip() for x in content]
f.close()
outfile = open("PrivateKeyAddr.txt","w")
for x in content:
outfile.write(x+":"+pubtoaddr(encode_pubkey(privtopub(x), "bin_compressed"))+"\n")
outfile.close()
A Novel Related Nonce Attack for ECDSA, Marco Macchetti[Kudelski Security, Switzerland] (2023)
Gallant, Robert P., Robert J. Lambert, and Scott A. Wanston. “Faster point multiplication on elliptic curves with efficient endomorphisms” . Annual International Conference on Cryptology, pp. 190–200. Springer, Berlin, Heidelberg, (2001)
Hankerson, Darrell, Alfred J. Menezes, and Scott Wanston. “A Guide to Elliptic Curve Cryptography” . Computer Reviews 46, no. 1 (2005)
On the web, you can find a lot of controversy regarding the hacking of Bitcoin Wallets. The result of the discussion is the selection of two main ways: by gaining access to the PC of cryptocurrency owners and through the selection of private keys (с помощью личных данных пользователя). Bitcoin and other cryptocurrencies traditionally attract increased attention хакеров of various calibers,…
In this article, we will talk about extracting signature values ECDSA R, S, Z from the Bitcoin blockchain, but first, let's remember the very first serious vulnerability in the blockchain transaction that was discovered by Niels Schneider ( Nils Schneider aka tcatm ) Bitcoin developer and owner of "BitcoinWatch" & "BitcoinCharts". 4.1 History of dangerous random attacks on Bitcoin Document [PDF]: Private Key Recovery Combination Attacks: On Extreme Fragility of Popular…
Background on Log4j Alibaba Cloud Security Team publicly disclosed a critical vulnerability (CVE-2021-44228) enabling unauthenticated remote code execution against multiple versions of Apache Log4j2 (Log4Shell). Vulnerable servers can be exploited by attackers connecting via any protocol such as HTTPS and sending a specially crafted string. Log4j crypto-mining campaign Darktrace detected crypto-mining on multiple customer deployments which occurred…