Hacking Deterministic Bitcoin Addresses

[Applause]

[Music]

that I want one of the dreams about Bitcoin has been the secret identity of Satoshi Nakamoto I just want to tell you and I certainly wasn't speculating about the pasta is the most likely candidate in terms of who that made better the other thing I want to tell you is if I'm normal oil just because something is technically possible doesn't mean it isn't stealing even in the decentralized world just be aware of that so we need this thing for me well I stumbled across as preaching and to Google spreadsheet that someone has kindly cheered so I just stumbled across this is talking some person who created this and they maintain the student spreadsheet the public link is available and it's a

spreadsheet that contains a list of Bitcoin addresses that have at least a balance of at least twenty five twenty or more and it's sorted conveniently with the value added which is handy we can see that there's an address here this contains 79 thousand nine hundred and fifty-seven bitcoins so you know what mines ticking away and I'm thinking right there's all this money there right it's just waiting clearly and so you know one of the other motivations were happening as researchers actually genuinely tried to buy from people back in about 2013 I used its exchange called and I got I did all the due diligence I got comp on I knew into Australian companies $35,000 $619 23 cents to Bitcoin

thank you very much like an eight point seven nine - Bitcoin I need little bit important so don't you know the exchanges that dodgy airs that have custom at all so why not try and fun by the way the other the other thing is I have an eleven-year-old a time has a serious funding issue around the box as well so let's do a build a quick Bitcoin address one on one what does it address actually look like in the Bitcoin world well there's three different types of addresses and they start with either a 1 a 3 or a basic one now I'm not going to talk about the things others show on the bottom the 3

and the BC One they are slightly different type of address paid to script cache address and the BC One is related to people's segregated witness I don't have any time to go into any of that so I'm only covering off this top type of the dress the one starting at the one so the things when I first up looking bitcoin is addresses are generated offline

you only have to register an entrance thank you I'm truly in the fire of the deployment is some fun you know you crank the wallet it's a registration and then I think it's getting somehow registered on the network well it doesn't work like that at all it's completely cooked breakfast in nature you can do all of this offline so you can just generate as many Bitcoin addresses as you live you don't have to use them they're only gonna be gonna need to use them your sonic stains become to that address but just simply something for someone else and it effectively proven later on that you've built the private key as you generated it what's the product in this version

and so what I want to do free air just with the unpack from a Bitcoin address going right back to what is the security for Bitcoin you know what is it that separates anyone in this room problem that you know so we take the Bitcoin addresses we unpack it with base do two games which is a particular type of encoding that they created and you get this extra bits on Wall Street now that actually consists of two parts the green bill that left is what's called a net 160 M and X funded in a second that's the actual address and on the right hand side the bill is a checksum that an anonymous so basically this has been

engineered in a way that this address is something you can talk to telling you to friend over the phone you've read open your grips to make it convenient obviously and but they've done some nice stuff like that make sure that the characters 0 and to be a human transferable kind of address mechanism if you like but the real thing here is about hash one is between values actual thing

[Music] so essentially you've got a graph with the X&Y points that are plotted on the particular formula in the case of Bitcoin the type of the specification of the literature that's used is known as SEC P 256 K 1 which is documented in full might of these standards for efficient cryptography group this standard and outlines a couple of specifications so it outlines a couple of things before and then what's known as it as gene or the base point what is essentially the study somewhere on that line but at the state it's part of the specification says you always yeah and then this disabilities into something in is

basically there is a calculation point to finishing and when you finish the ending point is actually the publication it supposedly hard to work backwards from that so if I give you the public key you don't know how many times to get back to G it's not possible to work out apparently so it's focusing on him you can see kids talking there in hex that's a thirty to five representation and then start with what is now so it's turned into C's piece so so what you can basically do is your private key can be meaning from zero one right up to two you know almost all the intercept but the specification doesn't quite let you go right to the end or so pops off at

the end where you see if it be a a B so all we got to do is take a number between one and this and this is like the world's greatest watry and I can play this offline right the tickets are free and this buckets of money everywhere and it's only a serious teacher number right and from ultra the name to this number is 100 so it's just 256 so the only thing protecting anyone bitcoin is children 56 bits of random data Templi to me and of course if you know you probably that is pretty awesome lis secure but you know mathematicians they say this is impossible it's not going to do it because this key

space is like picking up a grain of sand somewhere and you know and putting it down somewhere you have to find that grain of sand again right you know on my planet like times the entire universe and it's like this number is huge right I'm not going to do it but you know impossible we're going to challenge and of course the large Bitcoin Collider so you can download this client you can participate in it but you know these guys they didn't actually say that I want to do that let's crack this case space let's see we can find some Bitcoin I think the resources and the trophy page and it actually nice right multiple times

you can see their point five forth of Bitcoin Australian and the coolest part is like you know like the city project that's a bit like you something right most in crime like machines and many years and the funding for it this is way cooler because if your machine actually finds the private key you get to spin first but you get to do it one minute and they provide advice which is really cool dictionary attacks okay well introducing brain wants the most idiotic I did anyone ever came up with why did never try to do six bits of keep stuff when you just remember password well let's let's have a look at his works you take a shower to five six of

the word password a private key what we need to do and you get a Bitcoin address how many times you think someone is using this new point address forty five thousand and ten times now in Italy they totally received through the dress it's only two and a half thousand dollars so it's not you know retire off this right but it's a starting point and that's what that's all I needed so time to build so I started to build a dance right I think it's just going to you know crank this up right yeah you know the rest of my ribs what's the point but I'm hoping I rather think all rusty what passages or brass builds what

train has the thing that just basically just read all these coronary death panels and spits out a bunch of CSV files and in addition to a sort you know very basic stuff just looking at all of those addresses that start with a one but it is being used on the blockchain give me one massive list and sort them up up to Monday this week three hundred and fifty million of them you know this and then on the other side of right-hand side takes the pass with some other stuff generate some addresses deterministically using sort of different input and then just do a mash-up profit right that's it we find so let's start off with some password

list so get a big password on this so I it was just the first one I found on my hard drive it was called ante public it was some the pre-chat happened about one hundred and ninety-three million passwords you know in a list so I ran now if I basically generated hundred ninety million Bitcoin addresses competitive against any interest News and it results 12,000 421 good promising results it turns out that 92% of it is junk and it was an experiment that someone think we've done an event meet 2013 with just all these dictionary words and then all have the same be quite a mountain it's like very very small amount of money and not only that

it was transferred into these addresses that use these extremists but it was within a second or almost instantly later it was taken straight back out again so this is nothing big then there's a thousand nineteen other ones so if you've highlighted a couple of these again all of these have been drying Drive and they're started to lead me to believe that other people already doing this this is happening for a long time

cake a cake and a lot to carry some of that ditched it has over its lifetime had fourteen point two or three Bitcoin go through it and it's another one nasty it easy to spread your finger from the a they'll go up to the yarn back to the queue on you keyboard and then that could have eighteen point to let me click on one of these I'll show you so let's stop over to Bob Kane got info and you can see he last time this is in 2014 and you get an idea of what had happened he right so a point to be quite went in on the thirteenth of February at sixteen forty three and two seconds two seconds

later it came out cut with that great keyboard patent password great wallet for the win and someone's come along and they've already got the digitally but a better version of my desk very clearly well they were you so then I thought what about number that's right so we've got things like pings I just make like a generator that's going to just count upwards and see how we go time so all you eat is all right okay let's bet okay so on github if you search for BTC stop button you will be able to look at the first couple of dozen lines of rust code I've ever written in my life you know how easy and

what I've basically done here we go okay just pick up number 5,000 let's count up to 6,000 and this thing just generating speed coin addresses it's just an in common too limited format but the big point to do is on the left and on the right I've got sort of a reference m1 I have whole sort of different versions of this chart Sharan catalyst and etc but this sort of format and it's all using this is my processing to do the comparison work and of course that Bitcoin address if we look at one of these that coin address there can be you know regenerated if the private key is simply a sharp two five six of that number that's it

so did some so that's the process for doing numbers so I just did pretty honest renders fifteen million of those but it don't war but one I was doing wordlist amount of time but I cannot 37 was interesting so there are the numbers interested a few numbers if I recognize nothing substantial in terms of results instead of looking at you know even though the BTC amount corresponds with the private key about three and then you get ones like this so that's had a decent six and a half through and again looking at this waiting at sixteen thirty five forty five seconds in two seconds binaries came out sorry that's a possibility also yeah but but it's straight through yeah

a transaction like that where it's not one so kids have little you see multi-party transactions so I'm not sure what's what's going on there sure right so what if I generate some good data from you know and like actually using it like strings right something like a brainwallet parts were using a birthday so I've tried four different formats and I've gone from the boosters for this 1900 right up to 2020 yeah but anyway results seventy thousand four hundred addresses are generally found three all right let's see who the lucky birthday people are 28th of August 1967 point double iPod Bitcoin and that to be tried again what's that one there 2nd of January 1980 or maybe the wrong way round it's

us and then 20th of 1991 let's look at

within 0.1 became a little bit of a transaction fees probably come off there but again one second later so clearly it's sort of activity happening epoch I thought come on IOT surely some Deb has decided to time stand transaction they'll do something like this what if I generates an epoch time stamps you know take that sort of number that were there quite to you know a time stamp give a date range so I think through nine million of these I know nothing all right what else so in November last year there was an anonymous pasty post from someone who was revealing or an interesting story about Bitcoin that have been sort of startled across this this type of method

and he was proposing also to other things we've done in his experience taking even the block hashes from the blocks and using them as inputs for private case so and what in the Bitcoin blockchain so I went through just talked to hashes as they are turned them into in sir private keys right through but in five hundred thousand of them the lot part now I'm just at 5:17 method 1 just so this is a string and you like there's a frame or password nothing binary nothing and then double shout to positive because as well still nothing a little bit lackluster there I think this should be expanded in a lot of other areas you know hopefully you sort of see

the possibility of this I think that if you look to different encodings but maybe you could amend if you were taking like a sha-512 and like cutting off the left-hand or outside or something like that maybe people are doing that there are examples where if someone has what is an address that was created someone had she done the shout to five six of the wooded parts word that they've done it 1975 times and that actually was an address that have been used on the blockchain so you know maybe there's an iteration thing as well but they've offered done previous transaction IDs there was that paste in one that I saw where that guy was talking talking about his ten

examples of making the fairest party sort of training transactions together maybe trying to move it through in a predictable way and then you see the deterministic addresses so they don't sort of have to rely on storing random keys and potentially losing them to using sort of a giftable way of doing it you know there's also the possibility of looking at opportunities where developers make mistakes you know here's a classic example and this this particular address has had four hundred and sixty five thousand dollars go through it and it is literally the results of showering structured 516 nothing so just just just about the base where the sha-256 gives you to start with and using that as a product King so

you know maybe this was a software error maybe someone's done something games you know the null value that's come through in the key generation process and in there and address down in the end other weaknesses public key collision so this is so this is moving away from the deterministic stuff just for a second because we take a sharp two five six of the public key and we do a right ending when 60lb going from turning 56 bits of stuff even 106 down to 100 it's possible there are multiple private keys or sorry public cases that when they hatch may result in the same hashed 160 so you know I think it's in people today Greg tweet popped up in January

thanks to elder for passing this one along to me I've learned at least this one is some static interesting use of some static variables in in Java around Java util random taking an aesthetic value multiplying it with owning the system nano time something like this so I did a whole bunch of testing and try and see if I could replicate like nano time depending on hell up with someone headed a machine powered on x the studies to seem like a crime keen that may have been generated previously having really doing touches of service on that but I think there's there's possibilities there there is a thing around each seed inside it so when you do when you spend Bitcoin there's a

random values used in the process and if it turns out spin bitcoin of the same address more than once and you haven't used the same random bombs in the signature algorithm and I can get your private key like that right so really I mean if the purists will say you should never use a Bitcoin address more than once like to spin you can receive as many times as you like but as soon as you spin from it you really shouldn't unless you can be absolutely certain that the random nonce in the signature process is always different every time and there's a good story the guy talks about that as well he just to show you what that looks like

he talks about about locating a number of transactions and then there shortly as well so definitely something there so what are the take away team well I think the problem applies to all the other intercounty so I sit at the beginning this is only about midpoint right you shouldn't be talking you've got so don't is totally not what was it's totally not serious when it started up so I think it is entirely possible there are a bunch of don't own wallets out there and addresses that were generated using you know brain warts or this method right I'll even touch don't if you don't know at that dose members credit is literally a fork of Bitcoin and I think maybe a

dozen lines of code athina changed the address to start with and it's the same method right so so all of this could apply to that could apply magnet in other books and other different currencies the other takeaway thing here is that you know clearly managing keys is hard right grandma still doesn't use PGP it's too much grandma window am I going to have a Bitcoin right then were the hard way once we've got things when you look at their so which path you take you go to the black pepper and you build the killer death ray and you build a massive rainbow light table and I reckon this is really possible you just invest heaps and heaps

and heaps of maybe some riders get pissed off in kind of mind and they just take to all that computing power to building a massive cracking ready for life table

rainbow table and and injustice what you get to do is sit on the Bitcoin p2p Network wait for the transaction and do what other people do just go do it quicker or you go the white hat makes it may wind up with something like have I been something Phipps going to tell people about these lame addresses right reaching the gap between what's technically possible and what we know humans are going to do to cryptography when it's implemented right there's a big gap between them each cases sometimes you'll find things like this when you're looking to crazy stuff that's happened in Bitcoin the hash 160 value the the thing here is that maybe the next one you can just generate a

hedge funds if you just generate something do the check some of the intimate encoded as a Bitcoin address and for all intents and purposes it's a point address but the hash 160 may not actually have a private or public key behind it right and this is a classic example there is this address on the blockchain it currently today has a balance of five hundred and three thousand dollars with the Bitcoin waiting for the taking all you've gotta do is find a private key who's charging five six and and hash 160 is all zeroes right if you can do that you can spin this big point but until someone can do that and prove they've got a private key

they can do their you're not going anywhere questions

for you I have a day job sorry

now there is a product key because the China shouted five six of nothing right so sure if you don't give captain to captain positive function the hatches function you don't even in output is to use to keep you a result the first sha-256 hash to the business that makes sense yes the private key this is the thing is seriously trainers just like I've tried to read articles unlike I've seen they're like people from like the workshop on black money laundry like analysis and they subsidies but I'm trying to do that I don't know how people do that it's really not a good question Bethenny an open on hey you did it with single dictionary but I was wondering if you've looked

into but at the 12th with recovery crazy no I haven't done that and it's and that's the whole other thing I'd like to dig into it some are interested in how hard we work with because I would rather use a deterministic process which is based off that initial problem an initial bit of information privacy is another process super complicated we've seen basically another product key based on Facebook and it keeps running like a beautiful time so we need to recover that yeah I haven't tried that I did for pure dollars worth mr. oh my cucumber stuff in a realistic way but yeah having fun with the head up head up do that I think it's connected as well

all right [Applause]