This weekend I helped the team of friends, H3x Pr0ph3ts
in Global Cyberlympics Pre-Quals. At some point of the competition we found this file containing a Bitcoin Paper Wallet addressed to Agent Smith
Bitcoin wallets
- Private key, a single unsigned 256 bit integer (32 bytes)
- Public key, a number that corresponds to a private key, but does not need to be kept secret.
A public key can be calculated from a private key, but not vice versa.
Looking at the image, our objective is recover the private key in a way to import into a new wallet to take control of Agent Smith funds. (Or just post it as flag).
The public key is not properly blurred, we can read it.. but the private key is unreadable(maybe not for this guy who almost recovered the private key from blurry qrcode).
Bitcoin wallets are secure and is impossible to recover the private key if it was properly random generated. My thoughts is they used a Brain Wallet, a bitcoin wallet derived from a Passphrase, a password easy to memorize.
What is the problem with Brain Wallets?
Brain wallets can be brute forced because it is based on a simple password, and to make it worse, humans love to reuse passwords.
To help with the task i've used a tool created by Ryan Castellucci, he made a awesome talk @ DEFCON 23 about this.
Before input the public address in brainflayer we need to follow the reverse path of creating a bitcoin wallet. The first task is extract the Hash160 from pubkey public address.
- Pubkey(b58c): 175sZR2eBf6JapbxWZFJk3qeicUsg3Atqr
- Hash160: 42BC9F7ABBE700EA1E105D9877E6DE82F77F370B
From this HEX
, pre-compute the BLF
..
$ echo 175sZR2eBf6JapbxWZFJk3qeicUsg3Atqr > ex2.hex
$ hex2blf ex2.hex ex2.blf
And run brainflayer against it using a common password list, my first try was the classic rockyou.txt
Bingo!
42bc9f7abbe700ea1e105d9877e6de82f77f370b:u:sha256:itsasecret
itsasecret
is a passphrase used to create the brainwallet.
..now create a new brain wallet w/ the recovered passphrase
Take the secret exponent and keep following the reverse path of creating a bitcoin wallet, the final step is to convert it to Base58Check
Now you have a valid bitcoin wallet privkey. You can import it to a wallet and recover A. Smith funds.
FLAG: 5J4whis157ZkfhPa1CfEzExR4VE7HGRx3fYBYNe73dGMPyrG2Hg