Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin
-
Parsing Blockchain in Google Drive
-
Tutorial: https://youtu.be/ECAPypsmMQs
-
Analyze the data from the file "RawTX.json". Script breakECDSA.py reconstructs the unsigned message for each to find the Z value. The result is returned as R, S, Z, PUBKEY for each of the inputs present in the data in the "RawTX.json" file.
-
Tutorial: https://youtu.be/BYd-cuFRZmM
-
Tutorial: https://cryptodeeptech.ru/break-ecdsa-cryptography
-
Check Bitcoin Address Balance: Script pubtoaddr.py Converts PUBKEY (HEX) to Bitcoin Address (Base58) // Script bitcoin-checker.py Checks the balance by scanning the Blockchain
-
Tutorial: https://youtu.be/Hsk6QIzb7oY
-
Tutorial: https://cryptodeeptech.ru/check-bitcoin-address-balance
- Useful and Efficient Elliptic Curve Algorithms secp256k1
- Algorithm for generating a point on the curve E
- Algorithm for adding points
- Point doubling algorithm
- Algorithm for finding the integer multiple point
- Algorithm for finding an integer multiple point (Scalar multiplication)
- Algorithm for generating a divisor D over a curve E with a carrier supp(D) of a given size d
- Miller's algorithm for calculating the value of the Weil function f n, P from a divisor D such that supp(D) ∩ {P, O} = ∅
- Weil pairing
- Tutorial: https://youtu.be/gFbiBCNPsFk
- Tutorial: https://cryptodeeptech.ru/algorithms-for-secp256k
-
Vulnerable to Debian OpenSSL bug (CVE-2008-0166)
-
Tutorial: https://youtu.be/zHkXups2I8k
-
Pollard's kangaroo method computes discrete logarithms in arbitrary cyclic groups. It is applied when the discrete logarithm is known to lie within a certain range, say [ a , b ], and then has the expected time to execute the bulk operation. One way to break ECDSA signature schemes is to solve the discrete logarithm problem.
-
Tutorial: https://youtu.be/UGUJyxOhBBQ
-
Tutorial: https://cryptodeeptech.ru/kangaroo
-
Secp256k1 acceleration function using endomorphism which helps in optimizing ECDSA validation for bitcoin cryptocurrency.
-
Tutorial: https://youtu.be/DH6FyNY-Gh0
-
Tutorial: https://cryptodeeptech.ru/endomorphism
-
In this repository, we will use scripts that will help reduce the private key knowing only the leak from the "BLOCKCHAIN FOLBIT LEAKS" list and the public key from "UTXO".
-
Tutorial: https://youtu.be/zu2yiaZ_LOs
-
We all know that the disclosure of the private key in the ECDSA signature can lead to the complete recovery of the Bitcoin Wallet. In our earlier articles, we looked at weaknesses and vulnerabilities in blockchain transactions, but there are also ECDSA short signatures that also lead to the full recovery of a Bitcoin Wallet.
-
Tutorial: https://youtu.be/xBgjWE5tA7Y
-
Tutorial: https://cryptodeeptech.ru/shortest-ecdsa-signature
-
MrRobotQR is an open source script that automates the process from entering a search keyword to deriving the private key of a Bitcoin wallet.
-
Tutorial: https://youtu.be/bNMg2iJhMpg
-
Tutorial: https://cryptodeeptech.ru/mr-robot-qr
-
QBitcoin Address Collision Finder
-
Tutorial: https://youtu.be/KqJcPSIZ5RM
-
Tutorial: https://cryptodeeptech.ru/quantum-computer-qianshi
-
Coingecko-VanityGen is a command-line utility that can generate cryptocurrency addresses given initial parameters. Coingecko-VanityGen works with GPU runtime support (Google Colab) and generates beautiful crypto wallet addresses for the full list of the Coingecko aggregator according to its own parameters. The selection of the utility is based on a probabilistic search, which takes some time. The time depends on the complexity of the given template, computer speed and luck. To increase the speed of generating cryptocurrency addresses, there is oclvanitygen - which uses OpenCL-compatible GPUs.
-
Tutorial: https://youtu.be/sB91EE-1mJo
-
Tutorial: https://cryptodeeptech.ru/coingecko-agent-ftpupload
-
There are many forms to create a Bitcoin wallet. One of the first methods to create a Bitcoin wallet was known as BrainWallet. BrainWallet is convenient in the sense that it allows you to store a "passphrase" in memory or in a notebook. The passphrase is hashed using the SHA-256 algorithm, and is used as the seed to generate the private key. Due to its popularity and ease of use, many BrainWallets over the past few years have been used with weak passphrases. This weak private key generation method allowed attackers to steal quite a lot of BTC coins by simply cracking the password against the hashes stored on the blockchain. Let's move on to the experimental part:
-
Tutorial: https://youtu.be/r0fTtBDWTnw
-
With a critical vulnerability in the Bitcoin blockchain transaction, we can solve the rather difficult discrete logarithm problem to extract the secret key "K" (NONCE) from the vulnerable ECDSA signature in order to ultimately restore the Bitcoin Wallet, since knowing the secret key we can get a private key. To do this, there are several algorithms from the list of popular attacks on Bitcoin, one of which is the “Frey-Rück Attack on Bitcoin”.
-
Tutorial: https://youtu.be/wqHES7r1qyc
-
The biggest cryptographic strength of the Bitcoin cryptocurrency is a computational method in discrete mathematics that takes the factorization problem of large integers and the hidden number problem (HNP) in the Bitcoin ECDSA signature transaction as a basis. Rowhammer Attack on Bitcoin, allows us to efficiently find all zeros for normalized polynomials modulo a certain value, and we adapt this method to the ECDSA signature algorithm, more precisely to critically vulnerable transactions in the Bitcoin blockchain. We will apply ECDSA signature differential failure analysis and obtain a private key from a transaction for different Bitcoin Wallets.
-
Tutorial: https://youtu.be/lfYPcXPzLjE
-
We will again touch on the topic of a signature failure in a blockchain transaction and apply a completely new attack: “WhiteBox Attack on Bitcoin” . Differential fault analysis (DFA)was briefly described in the literature in 1996 when an Israeli cryptographer and cryptanalyst Eli Biham and an Israeli scientist Adi Shamir showed that they could use error injection to extract the secret key and recover the private key using various signature and verification algorithms.
-
Tutorial: https://youtu.be/dLy74McEFTg
-
In this article, we will take a detailed look at the open source password recovery tools and wallet seed phrases in the Crypto Deep Tools repository, and we will also discuss the situation when you accidentally lost or forgot part of your mnemonic or made a mistake while decrypting it. (So you either see an empty wallet or get an error that your seed is invalid) For wallet password or passphrase recovery, it is primarily useful if you have a reasonable idea about what your password might be.
-
Tutorial: https://youtu.be/imTXE4rGqHw
-
Tutorial: https://cryptodeeptech.ru/btc-recover-crypto-guide
-
In this article, we will implement a Twist Attack with an example and show how, using certain points on the secp256k1 elliptic curve, we can get partial private key values and restore a Bitcoin Wallet within 5-15 minutes using “Sagemath pollard rho function: (discrete_log_rho)” and “ Chinese Remainder Theorem” .
-
Tutorial: https://youtu.be/S_ZUcM2cD8I
-
Tutorial: https://cryptodeeptech.ru/twist-attack
-
Google Colab has been updated to "Ubuntu 20.04.5 LTS". To perform cryptanalysis, we will install a new version of SageMath version 9.3.
-
Tutorial: https://youtu.be/DBu0UnVe0ig
-
Tutorial: https://cryptodeeptech.ru/install-sagemath-in-google-colab
-
POLYNONCE ATTACK we use BITCOIN signatures as a Polynomial to an arbitrarily high power of 128 bits to get a Private Key
-
Tutorial: https://youtu.be/7nKs_KHtyn4
-
LATTICE ATTACK 249bits we solve the problem of hidden numbers using 79 signatures ECDSA
-
Tutorial: https://youtu.be/CzaHitewN-4
-
Solidity Forcibly Send Ether Vulnerability to a Smart Contract continuation of the list of general EcoSystem security from attacks
-
Tutorial: https://youtu.be/lqjsHB2r6gU
-
Tutorial: https://cryptodeeptech.ru/solidity-forcibly-send-ether-vulnerability
-
Phenomenon from Blockchain Cryptocurrency Solidity Vulnerable Honeypots
-
Tutorial: https://youtu.be/UrkOGyuuepE
-
Tutorial: https://cryptodeeptech.ru/solidity-vulnerable-honeypots
-
ShellShock Attack vulnerability on “Bitcoin” & “Ethereum” server discovered in GNU Bash cryptocurrency exchange
-
Tutorial: https://youtu.be/fIYYi1kGEnc
-
Tutorial: https://cryptodeeptech.ru/shellshock-attack-on-bitcoin
-
On August 10, 2023, a group of Bitcoin security researchers identified a vulnerability in the Libbitcoin Explorer 3.x library. This critical vulnerability allowed attackers to steal more than $900,000 from Bitcoin Wallet users, according to a report from blockchain security firm SlowMist. The vulnerability may also affect Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash users who use Libbitcoin to create accounts. The vulnerability, dubbed "Milk Sad", was first discovered by cybersecurity team Distrust. This Bitcoin-threatening vulnerability allows attackers to gain access to the private keys of a crypto wallet using the Mersenne Twister pseudo-random number generator (PRNG), which leads to disastrous consequences. In our last article, we clearly showed an example of such an attack on Bitcoin Wallets. Let's look at two examples with a total loss: 40886.76 USD // BITCOIN: 1.17536256 BTC and a second example with a total loss: 19886.91 USD // BITCOIN: 0.58051256 BTC
-
Tutorial: https://youtu.be/YMdb7_iboaA
-
Tutorial: https://cryptodeeptech.ru/milk-sad-vulnerability-in-libbitcoin-explorer
-
In this repository, we will focus on the popular Bitcoin Wallet application for iOS and Android smartphones with support for fast payments through the Lightning network BLW: Bitcoin Lightning Wallet. Unfortunately, many autonomous nodes of the open source mobile application from LNbits Node Manager and Core Lightning are exposed to a HIGH RISK of losing all funds in various cryptocurrency coins. Developer David Shares from the Japanese company Bitcoin Portal published a chronological list that shows that the Lightning Network is drowning in technical problems, bugs, shortcomings, criticisms and exploits. It is an over-promised technology that does not provide decentralization and is still far from being functional and secure for users. Look at example with a total loss: 11032.77 USD // BITCOIN: 0.30412330 BTC
-
Tutorial: https://youtu.be/ZpflbzENAAw
-
Tutorial: https://cryptodeeptech.ru/bitcoin-lightning-wallet-vulnerability
-
Padding Oracle Attack This method is a side-channel attack on the Bitcoin Core cryptosystem that uses leaked data from a poorly implemented decryption routine to completely undermine the cryptosystem. An attacker can effectively decrypt the data in the wallet.dat file without knowing the decryption key if the target system leaks whether a padding error occurred when decrypting the ciphertext. Let's look at an example with a total loss: 44502.42 US dollars // BITCOIN: 1.17461256 BTC
-
Tutorial: https://youtu.be/0aCfT-kCRlw
-
Tutorial: https://cryptodeeptech.ru/padding-oracle-attack-on-wallet-dat
-
"Dust Attack" known as: "Dusting Attack" or "Crypto Dust". Perhaps every cryptocurrency user or holder of a large amount of BTC, ETH coins replaced the receipt of an insignificantly small amount of coins in satoshi on their cryptocurrency wallet, this receipt is disguised as “Donate”, but in fact it is a whole mathematically refined system for taking away all the accumulated coins of the wallet for balance. Let's look at two different examples of dust attacks to shed light on all the intricacies of this manipulation and what risks can await users and holders of the popular cryptocurrency Bitcoin. To carry out a dust attack, confirmation of isomorphism by miners plays an important role, because From 2022 to 2024, many cryptocurrency services and hardware wallets are actively fighting the dust attack. At the moment, the method of independently creating dust transactions on your own cold wallet has become widely popular. Let's transform the dust transaction into isomorphism, according to the theory, two transactions must be confirmed by miners. Having created the RawTX of the dust attack, we send a small amount of 555 satoshi, then we receive an isomorphism of the first transaction, where a reverse transfer of funds occurs from the balance of the victim of the dust attack.
-
Tutorial: https://youtu.be/TD16C_ExwSc
-
Tutorial: https://cryptodeeptech.ru/dustattack
-
Tutorial: https://dzen.ru/video/watch/65be9256df804947fbd96fd7
-
Tutorial: https://rutube.ru/video/23d09792ab3d180f526dd55314a14cd7
-
Bitcoin utilities are numerous and varied. Its decentralized nature and lack of intermediaries make it a powerful tool for a variety of use cases. As the technology continues to evolve and mature, we can expect to see even more innovative applications of Bitcoin in the future.
-
Tutorial: https://youtu.be/nPFihyxjCOc
-
Tutorial: https://dzen.ru/video/watch/65de483b3474ef16c0430f35
-
Tutorial: https://colab.research.google.com/drive/17R_qWLkpz2HJsASCRXG-Brcs-Nhv9xxR
-
Application of the Gauss-Jacobi method for a cryptographic task - decrypting the password of the wallet.dat file for a Bitcoin wallet. The modification of the algorithm emphasizes its mathematical basis, explaining the process, how this method can be adapted to work with cryptographic tasks, in particular, with decrypting the password of a cryptocurrency wallet.
-
Tutorial: https://youtu.be/un3gs6x8qDk
-
Tutorial: https://dzen.ru/video/watch/66119078be267c07401d9e4c
-
Tutorial: https://colab.research.google.com/drive/1I8vNdD2l2wdLiszoDBBkDjhepXjnWGR_
-
The scientific article explores the possibilities of integrating blockchain technologies with web services and APIs. Discusses the benefits of using blockchain APIs to improve the security, transparency and efficiency of web applications. Examples of successful blockchain projects are given and prospects for the development of this area are discussed.
-
Tutorial: https://youtu.be/Dz6K-q9wUEQ
-
Tutorial: https://dzen.ru/video/watch/6617ad848b9fc93b9ba699c7
-
Tutorial: https://cryptodeeptech.ru/blockchain-api-and-web-services
-
Tutorial: https://colab.research.google.com/drive/19Phx62sS0XpLGtzjFFLIqkvjfTGtq2db
-
In this study, we will look at the DeserializeSignature vulnerability, which allowed attackers to create invalid ECDSA signatures on the Bitcoin network. In cryptography, an ECDSA digital signature is a mathematical scheme that allows you to prove the authenticity of a digital message or document. In the Bitcoin network, signatures are used to authorize transactions, confirming that the owner of a certain amount of bitcoins actually agrees to their transfer. However, a vulnerability in the function DeserializeSignature, discovered in 2023 , allowed attackers to create invalid signatures that could be accepted as valid by the network.
-
Tutorial: https://youtu.be/8E2KJeWu4XA
-
Tutorial: https://dzen.ru/video/watch/664e34fc8df6514b10da09e9
-
Tutorial: https://cryptodeeptech.ru/deserialize-signature-vulnerability-bitcoin
-
Google Colab: https://colab.research.google.com/drive/1EiIIJh8UCOZZ8DVbelxhESFPvqu_xZUo
-
Fuzzing is a software testing method used to identify vulnerabilities and errors by introducing random or specially generated data into a program's input. In the context of cryptanalysis, Fuzzing testing is used to test cryptographic algorithms and systems for weaknesses that can be exploited by attackers. Applying Fuzzing testing to cryptocurrency wallets has several benefits: Detecting vulnerabilities and Improving reliability. Incorrect data processing in cryptographic operations can lead to private key leaks or other critical vulnerabilities, as well as errors in transaction processing: Fuzzing can reveal errors in transaction processing logic that can lead to incorrect transactions or even loss of funds. At the beginning of 2024, modern technologies that develop the pre-trained Bitcoin ChatGPT model and find effective ways to solve complex cryptographic problems that underlie the fuzzing testing method gained widespread popularity. Let's consider an example of building the structure of a vulnerable Raw transaction that uses the BitcoinChatGPT module.
-
Tutorial: https://youtu.be/CU4CFoxgKc8
-
Tutorial: https://dzen.ru/video/watch/665f6986a2886608ad194e31
-
Google Colab: https://colab.research.google.com/drive/1jxw_oBTd0HW6M2Mo_VDvdYcsXQyb6KHF
-
In this article we will look at an example using real data, what are software that use the Vector76 Attack mechanism, how they work and what impact they have on the Bitcoin cryptocurrency. Vector76 Attack is a type of double-spending attack in which an attacker attempts to conduct the same transaction twice. Unlike the classic double-spend attack, Vector76 exploits vulnerabilities in transaction confirmation mechanisms and time delays in the propagation of blocks across the Bitcoin network.
-
Tutorial: https://youtu.be/Mk_BPBCXd3I
-
Tutorial: https://dzen.ru/video/watch/669558eb4bbd297f7d375e06
-
Google Colab: https://colab.research.google.com/drive/1VoEMueKTxGedLfi1PprkuGYMPL5tZBQK
-
Vulnerability of the Jacobian Curve algorithm allows manipulation of the curve coordinates if the input data of users is not properly verified, this can lead to serious failures in the Bitcoin system, where an attacker can take advantage of the moment and inject their own code and ultimately manipulate the system by creating fake signatures in Bitcoin transactions. As we have learned, attackers can use the vulnerability to carry out DoS attacks, overloading the network with invalid transactions, which destabilizes the Bitcoin network. In this article, we will consider an example using a Bitcoin wallet: 15gCfQVJ68vyUVdb6e3VDU4iTkTC3HtLQ2 , where there were lost coins in the amount of: 266.03138481 BTC as of August 2024, this amount is: 15747770.36 USD
-
Tutorial: https://youtu.be/qf6u85wGwNw
-
Tutorial: https://cryptodeeptech.ru/jacobian-curve-algorithm-vulnerability
-
Tutorial: https://dzen.ru/video/watch/66caadc6523ee35df3f58b89
-
Google Colab: https://colab.research.google.com/drive/1E3ZZpzPXcqbK3ngZbxRVk5McI4L8K5h3
-
In this article, we conducted a large study of the Signature Malleability vulnerability that threatens the security of popular cryptocurrencies such as Bitcoin and Ethereum. We also considered a real example of the mechanisms for exploiting CVE-2024-42461 in the Elliptic library for ECDSA, using the Bitcoin wallet 1LeEbwu667oPtQC5dKiGiysUjFM3mQaxpw, which lost coins worth 21.2529214 BTC, which is 1,744,572.51 USD as of November 2024
-
Tutorial: https://youtu.be/wf6QwCpP3oc
-
Tutorial: https://dzen.ru/video/watch/674116440bddfa35d730ca7a
-
Google Colab: https://colab.research.google.com/drive/1HMmeEQDL4kRKfJNQptTf3Mz4VTZmka8h
Donation Address | |
---|---|
♥ BTC | 1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV |
♥ ETH | 0xaBd66CF90898517573f19184b3297d651f7b90bf |