Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin
Parsing Blockchain in Google Drive
Tutorial: https://youtu.be/ECAPypsmMQs
Analyze the data from the file "RawTX.json". Script breakECDSA.py reconstructs the unsigned message for each to find the Z value. The result is returned as R, S, Z, PUBKEY for each of the inputs present in the data in the "RawTX.json" file.
Tutorial: https://youtu.be/BYd-cuFRZmM
Tutorial: https://cryptodeeptech.ru/break-ecdsa-cryptography
Check Bitcoin Address Balance: Script pubtoaddr.py Converts PUBKEY (HEX) to Bitcoin Address (Base58) // Script bitcoin-checker.py Checks the balance by scanning the Blockchain
Tutorial: https://youtu.be/Hsk6QIzb7oY
Tutorial: https://cryptodeeptech.ru/check-bitcoin-address-balance
Vulnerable to Debian OpenSSL bug (CVE-2008-0166)
Tutorial: https://youtu.be/zHkXups2I8k
Pollard's kangaroo method computes discrete logarithms in arbitrary cyclic groups. It is applied when the discrete logarithm is known to lie within a certain range, say [ a , b ], and then has the expected time to execute the bulk operation. One way to break ECDSA signature schemes is to solve the discrete logarithm problem.
Tutorial: https://youtu.be/UGUJyxOhBBQ
Tutorial: https://cryptodeeptech.ru/kangaroo
Secp256k1 acceleration function using endomorphism which helps in optimizing ECDSA validation for bitcoin cryptocurrency.
Tutorial: https://youtu.be/DH6FyNY-Gh0
Tutorial: https://cryptodeeptech.ru/endomorphism
In this repository, we will use scripts that will help reduce the private key knowing only the leak from the "BLOCKCHAIN FOLBIT LEAKS" list and the public key from "UTXO".
Tutorial: https://youtu.be/zu2yiaZ_LOs
We all know that the disclosure of the private key in the ECDSA signature can lead to the complete recovery of the Bitcoin Wallet. In our earlier articles, we looked at weaknesses and vulnerabilities in blockchain transactions, but there are also ECDSA short signatures that also lead to the full recovery of a Bitcoin Wallet.
Tutorial: https://youtu.be/xBgjWE5tA7Y
Tutorial: https://cryptodeeptech.ru/shortest-ecdsa-signature
MrRobotQR is an open source script that automates the process from entering a search keyword to deriving the private key of a Bitcoin wallet.
Tutorial: https://youtu.be/bNMg2iJhMpg
Tutorial: https://cryptodeeptech.ru/mr-robot-qr
QBitcoin Address Collision Finder
Tutorial: https://youtu.be/KqJcPSIZ5RM
Tutorial: https://cryptodeeptech.ru/quantum-computer-qianshi
Coingecko-VanityGen is a command-line utility that can generate cryptocurrency addresses given initial parameters. Coingecko-VanityGen works with GPU runtime support (Google Colab) and generates beautiful crypto wallet addresses for the full list of the Coingecko aggregator according to its own parameters. The selection of the utility is based on a probabilistic search, which takes some time. The time depends on the complexity of the given template, computer speed and luck. To increase the speed of generating cryptocurrency addresses, there is oclvanitygen - which uses OpenCL-compatible GPUs.
Tutorial: https://youtu.be/sB91EE-1mJo
Tutorial: https://cryptodeeptech.ru/coingecko-agent-ftpupload
There are many forms to create a Bitcoin wallet. One of the first methods to create a Bitcoin wallet was known as BrainWallet. BrainWallet is convenient in the sense that it allows you to store a "passphrase" in memory or in a notebook. The passphrase is hashed using the SHA-256 algorithm, and is used as the seed to generate the private key. Due to its popularity and ease of use, many BrainWallets over the past few years have been used with weak passphrases. This weak private key generation method allowed attackers to steal quite a lot of BTC coins by simply cracking the password against the hashes stored on the blockchain. Let's move on to the experimental part:
Tutorial: https://youtu.be/r0fTtBDWTnw
With a critical vulnerability in the Bitcoin blockchain transaction, we can solve the rather difficult discrete logarithm problem to extract the secret key "K" (NONCE) from the vulnerable ECDSA signature in order to ultimately restore the Bitcoin Wallet, since knowing the secret key we can get a private key. To do this, there are several algorithms from the list of popular attacks on Bitcoin, one of which is the “Frey-Rück Attack on Bitcoin”.
Tutorial: https://youtu.be/wqHES7r1qyc
The biggest cryptographic strength of the Bitcoin cryptocurrency is a computational method in discrete mathematics that takes the factorization problem of large integers and the hidden number problem (HNP) in the Bitcoin ECDSA signature transaction as a basis. Rowhammer Attack on Bitcoin, allows us to efficiently find all zeros for normalized polynomials modulo a certain value, and we adapt this method to the ECDSA signature algorithm, more precisely to critically vulnerable transactions in the Bitcoin blockchain. We will apply ECDSA signature differential failure analysis and obtain a private key from a transaction for different Bitcoin Wallets.
Tutorial: https://youtu.be/lfYPcXPzLjE
We will again touch on the topic of a signature failure in a blockchain transaction and apply a completely new attack: “WhiteBox Attack on Bitcoin” . Differential fault analysis (DFA)was briefly described in the literature in 1996 when an Israeli cryptographer and cryptanalyst Eli Biham and an Israeli scientist Adi Shamir showed that they could use error injection to extract the secret key and recover the private key using various signature and verification algorithms.
Tutorial: https://youtu.be/dLy74McEFTg
In this article, we will take a detailed look at the open source password recovery tools and wallet seed phrases in the Crypto Deep Tools repository, and we will also discuss the situation when you accidentally lost or forgot part of your mnemonic or made a mistake while decrypting it. (So you either see an empty wallet or get an error that your seed is invalid) For wallet password or passphrase recovery, it is primarily useful if you have a reasonable idea about what your password might be.
Tutorial: https://youtu.be/imTXE4rGqHw
Tutorial: https://cryptodeeptech.ru/btc-recover-crypto-guide
In this article, we will implement a Twist Attack with an example and show how, using certain points on the secp256k1 elliptic curve, we can get partial private key values and restore a Bitcoin Wallet within 5-15 minutes using “Sagemath pollard rho function: (discrete_log_rho)” and “ Chinese Remainder Theorem” .
Tutorial: https://youtu.be/S_ZUcM2cD8I
Tutorial: https://cryptodeeptech.ru/twist-attack
Google Colab has been updated to "Ubuntu 20.04.5 LTS". To perform cryptanalysis, we will install a new version of SageMath version 9.3.
Tutorial: https://youtu.be/DBu0UnVe0ig
Tutorial: https://cryptodeeptech.ru/install-sagemath-in-google-colab
POLYNONCE ATTACK we use BITCOIN signatures as a Polynomial to an arbitrarily high power of 128 bits to get a Private Key
Tutorial: https://youtu.be/7nKs_KHtyn4
LATTICE ATTACK 249bits we solve the problem of hidden numbers using 79 signatures ECDSA
Tutorial: https://youtu.be/CzaHitewN-4
Solidity Forcibly Send Ether Vulnerability to a Smart Contract continuation of the list of general EcoSystem security from attacks
Tutorial: https://youtu.be/lqjsHB2r6gU
Tutorial: https://cryptodeeptech.ru/solidity-forcibly-send-ether-vulnerability
Phenomenon from Blockchain Cryptocurrency Solidity Vulnerable Honeypots
Tutorial: https://youtu.be/UrkOGyuuepE
Tutorial: https://cryptodeeptech.ru/solidity-vulnerable-honeypots
ShellShock Attack vulnerability on “Bitcoin” & “Ethereum” server discovered in GNU Bash cryptocurrency exchange
Tutorial: https://youtu.be/fIYYi1kGEnc
Tutorial: https://cryptodeeptech.ru/shellshock-attack-on-bitcoin
On August 10, 2023, a group of Bitcoin security researchers identified a vulnerability in the Libbitcoin Explorer 3.x library. This critical vulnerability allowed attackers to steal more than $900,000 from Bitcoin Wallet users, according to a report from blockchain security firm SlowMist. The vulnerability may also affect Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash users who use Libbitcoin to create accounts. The vulnerability, dubbed "Milk Sad", was first discovered by cybersecurity team Distrust. This Bitcoin-threatening vulnerability allows attackers to gain access to the private keys of a crypto wallet using the Mersenne Twister pseudo-random number generator (PRNG), which leads to disastrous consequences. In our last article, we clearly showed an example of such an attack on Bitcoin Wallets. Let's look at two examples with a total loss: 40886.76 USD // BITCOIN: 1.17536256 BTC and a second example with a total loss: 19886.91 USD // BITCOIN: 0.58051256 BTC
Tutorial: https://youtu.be/YMdb7_iboaA
Tutorial: https://cryptodeeptech.ru/milk-sad-vulnerability-in-libbitcoin-explorer
In this repository, we will focus on the popular Bitcoin Wallet application for iOS and Android smartphones with support for fast payments through the Lightning network BLW: Bitcoin Lightning Wallet. Unfortunately, many autonomous nodes of the open source mobile application from LNbits Node Manager and Core Lightning are exposed to a HIGH RISK of losing all funds in various cryptocurrency coins. Developer David Shares from the Japanese company Bitcoin Portal published a chronological list that shows that the Lightning Network is drowning in technical problems, bugs, shortcomings, criticisms and exploits. It is an over-promised technology that does not provide decentralization and is still far from being functional and secure for users. Look at example with a total loss: 11032.77 USD // BITCOIN: 0.30412330 BTC
Tutorial: https://youtu.be/ZpflbzENAAw
Tutorial: https://cryptodeeptech.ru/bitcoin-lightning-wallet-vulnerability
Padding Oracle Attack This method is a side-channel attack on the Bitcoin Core cryptosystem that uses leaked data from a poorly implemented decryption routine to completely undermine the cryptosystem. An attacker can effectively decrypt the data in the wallet.dat file without knowing the decryption key if the target system leaks whether a padding error occurred when decrypting the ciphertext. Let's look at an example with a total loss: 44502.42 US dollars // BITCOIN: 1.17461256 BTC
Tutorial: https://youtu.be/0aCfT-kCRlw
Tutorial: https://cryptodeeptech.ru/padding-oracle-attack-on-wallet-dat
"Dust Attack" known as: "Dusting Attack" or "Crypto Dust". Perhaps every cryptocurrency user or holder of a large amount of BTC, ETH coins replaced the receipt of an insignificantly small amount of coins in satoshi on their cryptocurrency wallet, this receipt is disguised as “Donate”, but in fact it is a whole mathematically refined system for taking away all the accumulated coins of the wallet for balance. Let's look at two different examples of dust attacks to shed light on all the intricacies of this manipulation and what risks can await users and holders of the popular cryptocurrency Bitcoin. To carry out a dust attack, confirmation of isomorphism by miners plays an important role, because From 2022 to 2024, many cryptocurrency services and hardware wallets are actively fighting the dust attack. At the moment, the method of independently creating dust transactions on your own cold wallet has become widely popular. Let's transform the dust transaction into isomorphism, according to the theory, two transactions must be confirmed by miners. Having created the RawTX of the dust attack, we send a small amount of 555 satoshi, then we receive an isomorphism of the first transaction, where a reverse transfer of funds occurs from the balance of the victim of the dust attack.
Tutorial: https://youtu.be/TD16C_ExwSc
Tutorial: https://cryptodeeptech.ru/dustattack
Tutorial: https://dzen.ru/video/watch/65be9256df804947fbd96fd7
Tutorial: https://rutube.ru/video/23d09792ab3d180f526dd55314a14cd7
Bitcoin utilities are numerous and varied. Its decentralized nature and lack of intermediaries make it a powerful tool for a variety of use cases. As the technology continues to evolve and mature, we can expect to see even more innovative applications of Bitcoin in the future.
Tutorial: https://youtu.be/nPFihyxjCOc
Tutorial: https://dzen.ru/video/watch/65de483b3474ef16c0430f35
Tutorial: https://colab.research.google.com/drive/17R_qWLkpz2HJsASCRXG-Brcs-Nhv9xxR
Application of the Gauss-Jacobi method for a cryptographic task - decrypting the password of the wallet.dat file for a Bitcoin wallet. The modification of the algorithm emphasizes its mathematical basis, explaining the process, how this method can be adapted to work with cryptographic tasks, in particular, with decrypting the password of a cryptocurrency wallet.
Tutorial: https://youtu.be/un3gs6x8qDk
Tutorial: https://dzen.ru/video/watch/66119078be267c07401d9e4c
Tutorial: https://colab.research.google.com/drive/1I8vNdD2l2wdLiszoDBBkDjhepXjnWGR_
The scientific article explores the possibilities of integrating blockchain technologies with web services and APIs. Discusses the benefits of using blockchain APIs to improve the security, transparency and efficiency of web applications. Examples of successful blockchain projects are given and prospects for the development of this area are discussed.
Tutorial: https://youtu.be/Dz6K-q9wUEQ
Tutorial: https://dzen.ru/video/watch/6617ad848b9fc93b9ba699c7
Tutorial: https://cryptodeeptech.ru/blockchain-api-and-web-services
Tutorial: https://colab.research.google.com/drive/19Phx62sS0XpLGtzjFFLIqkvjfTGtq2db
In this study, we will look at the DeserializeSignature vulnerability, which allowed attackers to create invalid ECDSA signatures on the Bitcoin network. In cryptography, an ECDSA digital signature is a mathematical scheme that allows you to prove the authenticity of a digital message or document. In the Bitcoin network, signatures are used to authorize transactions, confirming that the owner of a certain amount of bitcoins actually agrees to their transfer. However, a vulnerability in the function DeserializeSignature, discovered in 2023 , allowed attackers to create invalid signatures that could be accepted as valid by the network.
Tutorial: https://youtu.be/8E2KJeWu4XA
Tutorial: https://dzen.ru/video/watch/664e34fc8df6514b10da09e9
Tutorial: https://cryptodeeptech.ru/deserialize-signature-vulnerability-bitcoin
Google Colab: https://colab.research.google.com/drive/1EiIIJh8UCOZZ8DVbelxhESFPvqu_xZUo
Fuzzing is a software testing method used to identify vulnerabilities and errors by introducing random or specially generated data into a program's input. In the context of cryptanalysis, Fuzzing testing is used to test cryptographic algorithms and systems for weaknesses that can be exploited by attackers. Applying Fuzzing testing to cryptocurrency wallets has several benefits: Detecting vulnerabilities and Improving reliability. Incorrect data processing in cryptographic operations can lead to private key leaks or other critical vulnerabilities, as well as errors in transaction processing: Fuzzing can reveal errors in transaction processing logic that can lead to incorrect transactions or even loss of funds. At the beginning of 2024, modern technologies that develop the pre-trained Bitcoin ChatGPT model and find effective ways to solve complex cryptographic problems that underlie the fuzzing testing method gained widespread popularity. Let's consider an example of building the structure of a vulnerable Raw transaction that uses the BitcoinChatGPT module.
Tutorial: https://youtu.be/CU4CFoxgKc8
Tutorial: https://dzen.ru/video/watch/665f6986a2886608ad194e31
Google Colab: https://colab.research.google.com/drive/1jxw_oBTd0HW6M2Mo_VDvdYcsXQyb6KHF
In this article we will look at an example using real data, what are software that use the Vector76 Attack mechanism, how they work and what impact they have on the Bitcoin cryptocurrency. Vector76 Attack is a type of double-spending attack in which an attacker attempts to conduct the same transaction twice. Unlike the classic double-spend attack, Vector76 exploits vulnerabilities in transaction confirmation mechanisms and time delays in the propagation of blocks across the Bitcoin network.
Tutorial: https://youtu.be/Mk_BPBCXd3I
Tutorial: https://dzen.ru/video/watch/669558eb4bbd297f7d375e06
Google Colab: https://colab.research.google.com/drive/1VoEMueKTxGedLfi1PprkuGYMPL5tZBQK
Donation Address | |
---|---|
♥ BTC | 1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV |
♥ ETH | 0xaBd66CF90898517573f19184b3297d651f7b90bf |