secp8x32

Demonstrate how to calculate the messagehash for the two signatures in this transaction

See ecdsa_demo.py for code showing how to use this to crack the bitcoin secret key.

These are the values extracted from the example transaction below:

pk="04 db d0 c6 15 32 27 9c f7 29 81 c3 58 4f c3 22 16 e0 12 76 99 63 5c 27 89 f5 49 e0 73 0c 05 9b 81 ae 13 30 16 a6 9c 21 e2 3f 18 59 a9 5f 06 d5 2b 7b f1 49 a8 f2 fe 4e 85 35 c8 a8 29 b4 49 c5 ff"
r="d4 7c e4 c0 25 c3 5e c4 40 bc 81 d9 98 34 a6 24 87 51 61 a2 6b f5 6e f7 fd c0 f5 d5 2f 84 3a d1"
s1="44 e1 ff 2d fd 81 02 cf 7a 47 c2 1d 5c 9f d5 70 16 10 d0 49 53 c6 83 65 96 b4 fe 9d d2 f5 3e 3e"

secp8x32

PicoCTF 2017: ECC2

A 1064CBread Writeup

Problem

In the file handout.txt, we are given the following parameters for an elliptic curve:

• y^2 = x^3 + A*x + B mod M -- the curve equation
• M -- the modulus of the curve

secp8x32

/*
 * CryptoJS by default:
 * - uses CBC mode
 * - pkcs7 for padding
 * - evpKDF to extract key
 * - part of the key is used as IV
 * - before converting to base64 it makes "Salt__"+salt+encrypted_text
 */

var CryptoJS = require('crypto-js');

secp8x32

Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.

The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).

---

I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.

secp256k1 uses the following prime for its x and y coordinates:

secp8x32

Elliptic Curve Cryptography (ECC)

Abstract

ECC is about a group created via:

• a 2-dimension elliptic curve: an equation with unknowns x and y
  • every Elliptic Curve follows this formula: y² + a₁ x y + a₃ y = x³ + a₂ x² + a₄ x + a₆ (for some specified a₁, a₂, a₃, a₄, a₆)
  • actually, it can be shorten to this y² = x³ + a x + b (short weierstrass form) in practice because the characteristic (order of a prime field) 2 and 3 points in prime fields (except for binary (GF(2^x)) and GF(3^x) curves)

• a curve of characteristic 2 (defined over GF(2^x)) can be simplified to y² + xy = x³ + ax² + b

secp8x32

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\Directory\Background\shell\Cmder]
[-HKEY_CLASSES_ROOT\Directory\shell\Cmder]

secp8x32

import argparse
import urllib3
from urllib3 import util
import json
import math

LIMIT = 120
SATOSHI = 1e+8

secp8x32

转换方法:

1. Convert Android VectorDrawable to SVG:

使用附件中的java程序。命令如下：

cp Vector2Svg.java path/to/xml_dir
javac Vector2Svg.java
java Vector2Svg ./*.xml
mkdir svg_dir

secp8x32

<?php

function whpp_track_post_views($post_id) {
    if (!is_single())
        return;
    if (empty($post_id)) {
        global $post;
        $post_id = $post->ID;
    }
    whpp_set_post_views($post_id);

secp8x32

@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");

#titlebar-max {
  -moz-box-ordinal-group: 0;
}

#titlebar-content {
  direction: rtl;
}