Skip to content

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin

Notifications You must be signed in to change notification settings

demining/CryptoDeepTools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CryptoDeepTools

Crypto Deep Tools a set of scripts for detailed cryptanalysis of the Blockchain network in cryptocurrency Bitcoin




  • Useful and Efficient Elliptic Curve Algorithms secp256k1
  • Algorithm for generating a point on the curve E
  • Algorithm for adding points
  • Point doubling algorithm
  • Algorithm for finding the integer multiple point
  • Algorithm for finding an integer multiple point (Scalar multiplication)
  • Algorithm for generating a divisor D over a curve E with a carrier supp(D) of a given size d
  • Miller's algorithm for calculating the value of the Weil function f n, P from a divisor D such that supp(D) ∩ {P, O} = ∅
  • Weil pairing


  • Pollard's kangaroo method computes discrete logarithms in arbitrary cyclic groups. It is applied when the discrete logarithm is known to lie within a certain range, say [ a , b ], and then has the expected time to execute the bulk operation. One way to break ECDSA signature schemes is to solve the discrete logarithm problem.

  • Tutorial: https://youtu.be/UGUJyxOhBBQ

  • Tutorial: https://cryptodeeptech.ru/kangaroo




  • We all know that the disclosure of the private key in the ECDSA signature can lead to the complete recovery of the Bitcoin Wallet. In our earlier articles, we looked at weaknesses and vulnerabilities in blockchain transactions, but there are also ECDSA short signatures that also lead to the full recovery of a Bitcoin Wallet.

  • Tutorial: https://youtu.be/xBgjWE5tA7Y

  • Tutorial: https://cryptodeeptech.ru/shortest-ecdsa-signature




  • Coingecko-VanityGen is a command-line utility that can generate cryptocurrency addresses given initial parameters. Coingecko-VanityGen works with GPU runtime support (Google Colab) and generates beautiful crypto wallet addresses for the full list of the Coingecko aggregator according to its own parameters. The selection of the utility is based on a probabilistic search, which takes some time. The time depends on the complexity of the given template, computer speed and luck. To increase the speed of generating cryptocurrency addresses, there is oclvanitygen - which uses OpenCL-compatible GPUs.

  • Tutorial: https://youtu.be/sB91EE-1mJo

  • Tutorial: https://cryptodeeptech.ru/coingecko-agent-ftpupload


  • There are many forms to create a Bitcoin wallet. One of the first methods to create a Bitcoin wallet was known as BrainWallet. BrainWallet is convenient in the sense that it allows you to store a "passphrase" in memory or in a notebook. The passphrase is hashed using the SHA-256 algorithm, and is used as the seed to generate the private key. Due to its popularity and ease of use, many BrainWallets over the past few years have been used with weak passphrases. This weak private key generation method allowed attackers to steal quite a lot of BTC coins by simply cracking the password against the hashes stored on the blockchain. Let's move on to the experimental part:

  • Tutorial: https://youtu.be/r0fTtBDWTnw

  • Tutorial: https://cryptodeeptech.ru/tesla-brainwallet


  • With a critical vulnerability in the Bitcoin blockchain transaction, we can solve the rather difficult discrete logarithm problem to extract the secret key "K" (NONCE) from the vulnerable ECDSA signature in order to ultimately restore the Bitcoin Wallet, since knowing the secret key we can get a private key. To do this, there are several algorithms from the list of popular attacks on Bitcoin, one of which is the “Frey-Rück Attack on Bitcoin”.

  • Tutorial: https://youtu.be/wqHES7r1qyc

  • Tutorial: https://cryptodeeptech.ru/frey-ruck-attack


  • The biggest cryptographic strength of the Bitcoin cryptocurrency is a computational method in discrete mathematics that takes the factorization problem of large integers and the hidden number problem (HNP) in the Bitcoin ECDSA signature transaction as a basis. Rowhammer Attack on Bitcoin, allows us to efficiently find all zeros for normalized polynomials modulo a certain value, and we adapt this method to the ECDSA signature algorithm, more precisely to critically vulnerable transactions in the Bitcoin blockchain. We will apply ECDSA signature differential failure analysis and obtain a private key from a transaction for different Bitcoin Wallets.

  • Tutorial: https://youtu.be/lfYPcXPzLjE

  • Tutorial: https://cryptodeeptech.ru/rowhammer-attack


  • We will again touch on the topic of a signature failure in a blockchain transaction and apply a completely new attack: “WhiteBox Attack on Bitcoin” . Differential fault analysis (DFA)was briefly described in the literature in 1996 when an Israeli cryptographer and cryptanalyst Eli Biham and an Israeli scientist Adi Shamir showed that they could use error injection to extract the secret key and recover the private key using various signature and verification algorithms.

  • Tutorial: https://youtu.be/dLy74McEFTg

  • Tutorial: https://cryptodeeptech.ru/whitebox-attack


  • In this article, we will take a detailed look at the open source password recovery tools and wallet seed phrases in the Crypto Deep Tools repository, and we will also discuss the situation when you accidentally lost or forgot part of your mnemonic or made a mistake while decrypting it. (So you either see an empty wallet or get an error that your seed is invalid) For wallet password or passphrase recovery, it is primarily useful if you have a reasonable idea about what your password might be.

  • Tutorial: https://youtu.be/imTXE4rGqHw

  • Tutorial: https://cryptodeeptech.ru/btc-recover-crypto-guide


  • In this article, we will implement a Twist Attack with an example and show how, using certain points on the secp256k1 elliptic curve, we can get partial private key values ​​and restore a Bitcoin Wallet within 5-15 minutes using “Sagemath pollard rho function: (discrete_log_rho)” and “ Chinese Remainder Theorem” .

  • Tutorial: https://youtu.be/S_ZUcM2cD8I

  • Tutorial: https://cryptodeeptech.ru/twist-attack








  • On August 10, 2023, a group of Bitcoin security researchers identified a vulnerability in the Libbitcoin Explorer 3.x library. This critical vulnerability allowed attackers to steal more than $900,000 from Bitcoin Wallet users, according to a report from blockchain security firm SlowMist. The vulnerability may also affect Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash users who use Libbitcoin to create accounts. The vulnerability, dubbed "Milk Sad", was first discovered by cybersecurity team Distrust. This Bitcoin-threatening vulnerability allows attackers to gain access to the private keys of a crypto wallet using the Mersenne Twister pseudo-random number generator (PRNG), which leads to disastrous consequences. In our last article, we clearly showed an example of such an attack on Bitcoin Wallets. Let's look at two examples with a total loss: 40886.76 USD // BITCOIN: 1.17536256 BTC and a second example with a total loss: 19886.91 USD // BITCOIN: 0.58051256 BTC

  • Tutorial: https://youtu.be/YMdb7_iboaA

  • Tutorial: https://cryptodeeptech.ru/milk-sad-vulnerability-in-libbitcoin-explorer


  • In this repository, we will focus on the popular Bitcoin Wallet application for iOS and Android smartphones with support for fast payments through the Lightning network BLW: Bitcoin Lightning Wallet. Unfortunately, many autonomous nodes of the open source mobile application from LNbits Node Manager and Core Lightning are exposed to a HIGH RISK of losing all funds in various cryptocurrency coins. Developer David Shares from the Japanese company Bitcoin Portal published a chronological list that shows that the Lightning Network is drowning in technical problems, bugs, shortcomings, criticisms and exploits. It is an over-promised technology that does not provide decentralization and is still far from being functional and secure for users. Look at example with a total loss: 11032.77 USD // BITCOIN: 0.30412330 BTC

  • Tutorial: https://youtu.be/ZpflbzENAAw

  • Tutorial: https://cryptodeeptech.ru/bitcoin-lightning-wallet-vulnerability


  • Padding Oracle Attack This method is a side-channel attack on the Bitcoin Core cryptosystem that uses leaked data from a poorly implemented decryption routine to completely undermine the cryptosystem. An attacker can effectively decrypt the data in the wallet.dat file without knowing the decryption key if the target system leaks whether a padding error occurred when decrypting the ciphertext. Let's look at an example with a total loss: 44502.42 US dollars // BITCOIN: 1.17461256 BTC

  • Tutorial: https://youtu.be/0aCfT-kCRlw

  • Tutorial: https://cryptodeeptech.ru/padding-oracle-attack-on-wallet-dat


  • "Dust Attack" known as: "Dusting Attack" or "Crypto Dust". Perhaps every cryptocurrency user or holder of a large amount of BTC, ETH coins replaced the receipt of an insignificantly small amount of coins in satoshi on their cryptocurrency wallet, this receipt is disguised as “Donate”, but in fact it is a whole mathematically refined system for taking away all the accumulated coins of the wallet for balance. Let's look at two different examples of dust attacks to shed light on all the intricacies of this manipulation and what risks can await users and holders of the popular cryptocurrency Bitcoin. To carry out a dust attack, confirmation of isomorphism by miners plays an important role, because From 2022 to 2024, many cryptocurrency services and hardware wallets are actively fighting the dust attack. At the moment, the method of independently creating dust transactions on your own cold wallet has become widely popular. Let's transform the dust transaction into isomorphism, according to the theory, two transactions must be confirmed by miners. Having created the RawTX of the dust attack, we send a small amount of 555 satoshi, then we receive an isomorphism of the first transaction, where a reverse transfer of funds occurs from the balance of the victim of the dust attack.

  • Tutorial: https://youtu.be/TD16C_ExwSc

  • Tutorial: https://cryptodeeptech.ru/dustattack

  • Tutorial: https://dzen.ru/video/watch/65be9256df804947fbd96fd7

  • Tutorial: https://rutube.ru/video/23d09792ab3d180f526dd55314a14cd7






  • Fuzzing is a software testing method used to identify vulnerabilities and errors by introducing random or specially generated data into a program's input. In the context of cryptanalysis, Fuzzing testing is used to test cryptographic algorithms and systems for weaknesses that can be exploited by attackers. Applying Fuzzing testing to cryptocurrency wallets has several benefits: Detecting vulnerabilities and Improving reliability. Incorrect data processing in cryptographic operations can lead to private key leaks or other critical vulnerabilities, as well as errors in transaction processing: Fuzzing can reveal errors in transaction processing logic that can lead to incorrect transactions or even loss of funds. At the beginning of 2024, modern technologies that develop the pre-trained Bitcoin ChatGPT model and find effective ways to solve complex cryptographic problems that underlie the fuzzing testing method gained widespread popularity. Let's consider an example of building the structure of a vulnerable Raw transaction that uses the BitcoinChatGPT module.

  • Tutorial: https://youtu.be/CU4CFoxgKc8

  • Tutorial: https://cryptodeeptech.ru/fuzzing-bitcoin

  • Tutorial: https://dzen.ru/video/watch/665f6986a2886608ad194e31

  • Google Colab: https://colab.research.google.com/drive/1jxw_oBTd0HW6M2Mo_VDvdYcsXQyb6KHF



Donation Address
BTC 1Lw2gTnMpxRUNBU85Hg4ruTwnpUPKdf3nV
ETH 0xaBd66CF90898517573f19184b3297d651f7b90bf