END_TEST START_TEST(test_bip32_compare) { HDNode node1, node2, node3; int i, r; hdnode_from_seed(fromhex("301133282ad079cbeb59bc446ad39d333928f74c46997d3609cd3e2801ca69d62788f9f174429946ff4e9be89f67c22fae28cb296a9b37734f75e73d1477af19"), 64, &node1); hdnode_from_seed(fromhex("301133282ad079cbeb59bc446ad39d333928f74c46997d3609cd3e2801ca69d62788f9f174429946ff4e9be89f67c22fae28cb296a9b37734f75e73d1477af19"), 64, &node2); for (i = 0; i < 300; i++) { memcpy(&node3, &node1, sizeof(HDNode)); r = hdnode_private_ckd(&node1, i); ck_assert_int_eq(r, 1); r = hdnode_public_ckd(&node2, i); ck_assert_int_eq(r, 1); r = hdnode_public_ckd(&node3, i); ck_assert_int_eq(r, 1); ck_assert_int_eq(node1.depth, node2.depth); ck_assert_int_eq(node1.depth, node3.depth); ck_assert_int_eq(node1.fingerprint, node2.fingerprint); ck_assert_int_eq(node1.fingerprint, node3.fingerprint); ck_assert_int_eq(node1.child_num, node2.child_num); ck_assert_int_eq(node1.child_num, node3.child_num); ck_assert_mem_eq(node1.chain_code, node2.chain_code, 32); ck_assert_mem_eq(node1.chain_code, node3.chain_code, 32); ck_assert_mem_eq(node2.private_key, fromhex("0000000000000000000000000000000000000000000000000000000000000000"), 32); ck_assert_mem_eq(node3.private_key, fromhex("0000000000000000000000000000000000000000000000000000000000000000"), 32); ck_assert_mem_eq(node1.public_key, node2.public_key, 33); ck_assert_mem_eq(node1.public_key, node3.public_key, 33); } }
void MainWindow::on_buttonLoad_clicked() { if (!mnemonic_check(ui->editMnemonic->text().toLocal8Bit().data())) { QMessageBox::critical(this, "Error", "Text is not a valid BIP39 mnemonic.", QMessageBox::Ok); return; } uint8_t seed[64]; mnemonic_to_seed(ui->editMnemonic->text().toLocal8Bit().data(), ui->editPassphrase->text().toLocal8Bit().data(), seed, 0); hdnode_from_seed(seed, 64, SECP256K1_NAME, &root); root_set = true; ui->spinAccount->setValue(1); on_spinAccount_valueChanged(1); }
bool storage_getRootNode(HDNode *node) { // root node is properly cached if (sessionRootNodeCached) { memcpy(node, &sessionRootNode, sizeof(HDNode)); return true; } // if storage has node, decrypt and use it if (storage.has_node) { if (!protectPassphrase()) { return false; } if (hdnode_from_xprv(storage.node.depth, storage.node.fingerprint, storage.node.child_num, storage.node.chain_code.bytes, storage.node.private_key.bytes, &sessionRootNode) == 0) { return false; } if (storage.has_passphrase_protection && storage.passphrase_protection && strlen(sessionPassphrase)) { // decrypt hd node uint8_t secret[64]; uint8_t salt[12]; memcpy(salt, "TREZORHD", 8); layoutProgressSwipe("Waking up", 0); pbkdf2_hmac_sha512((const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), salt, 8, BIP39_PBKDF2_ROUNDS, secret, 64, get_root_node_callback); aes_decrypt_ctx ctx; aes_decrypt_key256(secret, &ctx); aes_cbc_decrypt(sessionRootNode.chain_code, sessionRootNode.chain_code, 32, secret + 32, &ctx); aes_cbc_decrypt(sessionRootNode.private_key, sessionRootNode.private_key, 32, secret + 32, &ctx); } memcpy(node, &sessionRootNode, sizeof(HDNode)); sessionRootNodeCached = true; return true; } // if storage has mnemonic, convert it to node and use it if (storage.has_mnemonic) { if (!protectPassphrase()) { return false; } uint8_t seed[64]; layoutProgressSwipe("Waking up", 0); mnemonic_to_seed(storage.mnemonic, sessionPassphrase, seed, get_root_node_callback); // BIP-0039 if (hdnode_from_seed(seed, sizeof(seed), &sessionRootNode) == 0) { return false; } memcpy(node, &sessionRootNode, sizeof(HDNode)); sessionRootNodeCached = true; return true; } return false; }
int main(int argc, char **argv) { if (argc != 3) { fprintf(stderr, "Usage: bip39bruteforce mnemonic address\n"); return 1; } const char *mnemonic = argv[1]; const char *address = argv[2]; if (!mnemonic_check(mnemonic)) { fprintf(stderr, "\"%s\" is not a valid mnemonic\n", mnemonic); return 2; } if (!ecdsa_address_decode(address, addr)) { fprintf(stderr, "\"%s\" is not a valid address\n", address); return 3; } printf("Reading passphrases from stdin ...\n"); start = clock(); for (;;) { if (fgets(passphrase, 256, stdin) == NULL) break; int len = strlen(passphrase); if (len <= 0) { continue; } count++; passphrase[len - 1] = 0; mnemonic_to_seed(mnemonic, passphrase, seed, NULL); hdnode_from_seed(seed, 512 / 8, &node); hdnode_private_ckd_prime(&node, 44); hdnode_private_ckd_prime(&node, 0); hdnode_private_ckd_prime(&node, 0); hdnode_private_ckd(&node, 0); hdnode_private_ckd(&node, 0); ecdsa_get_pubkeyhash(node.public_key, pubkeyhash); if (memcmp(addr + 1, pubkeyhash, 20) == 0) { found = 1; break; } } float dur = (float)(clock() - start) / CLOCKS_PER_SEC; printf("Tried %d passphrases in %f seconds = %f tries/second\n", count, dur, (float)count/dur); if (found) { printf("Correct passphrase found! :-)\n\"%s\"\n", passphrase); return 0; } printf("Correct passphrase not found. :-(\n"); return 4; }
END_TEST // test vector 2 from https://en.bitcoin.it/wiki/BIP_0032_TestVectors START_TEST(test_bip32_vector_2) { HDNode node; int r; // init m hdnode_from_seed(fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node); // [Chain m] ck_assert_int_eq(node.fingerprint, 0x00000000); ck_assert_mem_eq(node.chain_code, fromhex("60499f801b896d83179a4374aeb7822aaeaceaa0db1f85ee3e904c4defbd9689"), 32); ck_assert_mem_eq(node.private_key, fromhex("4b03d6fc340455b363f51020ad3ecca4f0850280cf436c70c727923f6db46c3e"), 32); ck_assert_mem_eq(node.public_key, fromhex("03cbcaa9c98c877a26977d00825c956a238e8dddfbd322cce4f74b0b5bd6ace4a7"), 33); // [Chain m/0] r = hdnode_private_ckd(&node, 0); ck_assert_int_eq(r, 1); ck_assert_int_eq(node.fingerprint, 0xbd16bee5); ck_assert_mem_eq(node.chain_code, fromhex("f0909affaa7ee7abe5dd4e100598d4dc53cd709d5a5c2cac40e7412f232f7c9c"), 32); ck_assert_mem_eq(node.private_key, fromhex("abe74a98f6c7eabee0428f53798f0ab8aa1bd37873999041703c742f15ac7e1e"), 32); ck_assert_mem_eq(node.public_key, fromhex("02fc9e5af0ac8d9b3cecfe2a888e2117ba3d089d8585886c9c826b6b22a98d12ea"), 33); // [Chain m/0/2147483647'] r = hdnode_private_ckd_prime(&node, 2147483647); ck_assert_int_eq(r, 1); ck_assert_int_eq(node.fingerprint, 0x5a61ff8e); ck_assert_mem_eq(node.chain_code, fromhex("be17a268474a6bb9c61e1d720cf6215e2a88c5406c4aee7b38547f585c9a37d9"), 32); ck_assert_mem_eq(node.private_key, fromhex("877c779ad9687164e9c2f4f0f4ff0340814392330693ce95a58fe18fd52e6e93"), 32); ck_assert_mem_eq(node.public_key, fromhex("03c01e7425647bdefa82b12d9bad5e3e6865bee0502694b94ca58b666abc0a5c3b"), 33); // [Chain m/0/2147483647'/1] r = hdnode_private_ckd(&node, 1); ck_assert_int_eq(r, 1); ck_assert_int_eq(node.fingerprint, 0xd8ab4937); ck_assert_mem_eq(node.chain_code, fromhex("f366f48f1ea9f2d1d3fe958c95ca84ea18e4c4ddb9366c336c927eb246fb38cb"), 32); ck_assert_mem_eq(node.private_key, fromhex("704addf544a06e5ee4bea37098463c23613da32020d604506da8c0518e1da4b7"), 32); ck_assert_mem_eq(node.public_key, fromhex("03a7d1d856deb74c508e05031f9895dab54626251b3806e16b4bd12e781a7df5b9"), 33); // [Chain m/0/2147483647'/1/2147483646'] r = hdnode_private_ckd_prime(&node, 2147483646); ck_assert_int_eq(r, 1); ck_assert_int_eq(node.fingerprint, 0x78412e3a); ck_assert_mem_eq(node.chain_code, fromhex("637807030d55d01f9a0cb3a7839515d796bd07706386a6eddf06cc29a65a0e29"), 32); ck_assert_mem_eq(node.private_key, fromhex("f1c7c871a54a804afe328b4c83a1c33b8e5ff48f5087273f04efa83b247d6a2d"), 32); ck_assert_mem_eq(node.public_key, fromhex("02d2b36900396c9282fa14628566582f206a5dd0bcc8d5e892611806cafb0301f0"), 33); // [Chain m/0/2147483647'/1/2147483646'/2] r = hdnode_private_ckd(&node, 2); ck_assert_int_eq(r, 1); ck_assert_int_eq(node.fingerprint, 0x31a507b8); ck_assert_mem_eq(node.chain_code, fromhex("9452b549be8cea3ecb7a84bec10dcfd94afe4d129ebfd3b3cb58eedf394ed271"), 32); ck_assert_mem_eq(node.private_key, fromhex("bb7d39bdb83ecf58f2fd82b6d918341cbef428661ef01ab97c28a4842125ac23"), 32); ck_assert_mem_eq(node.public_key, fromhex("024d902e1a2fc7a8755ab5b694c575fce742c48d9ff192e63df5193e4c7afe1f9c"), 33); // init m hdnode_from_seed(fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node); // test public derivation // [Chain m/0] r = hdnode_public_ckd(&node, 0); ck_assert_int_eq(r, 1); ck_assert_int_eq(node.fingerprint, 0xbd16bee5); ck_assert_mem_eq(node.chain_code, fromhex("f0909affaa7ee7abe5dd4e100598d4dc53cd709d5a5c2cac40e7412f232f7c9c"), 32); ck_assert_mem_eq(node.private_key, fromhex("0000000000000000000000000000000000000000000000000000000000000000"), 32); ck_assert_mem_eq(node.public_key, fromhex("02fc9e5af0ac8d9b3cecfe2a888e2117ba3d089d8585886c9c826b6b22a98d12ea"), 33); }
/* * storage_get_root_node() - Returns root node of device * * INPUT * - node: where to put the node that is found * OUTPUT * true/false whether root node was found */ bool storage_get_root_node(HDNode *node) { // root node is properly cached if(sessionRootNodeCached) { memcpy(node, &sessionRootNode, sizeof(HDNode)); return true; } // if storage has node, decrypt and use it if(shadow_config.storage.has_node) { if(!passphrase_protect()) { return false; } layout_loading(); if(hdnode_from_xprv(shadow_config.storage.node.depth, shadow_config.storage.node.fingerprint, shadow_config.storage.node.child_num, shadow_config.storage.node.chain_code.bytes, shadow_config.storage.node.private_key.bytes, &sessionRootNode) == 0) { return false; } if(shadow_config.storage.has_passphrase_protection && shadow_config.storage.passphrase_protection && strlen(sessionPassphrase)) { // decrypt hd node uint8_t secret[64]; /* Length of salt + 4 bytes are needed as workspace by pbkdf2_hmac_sha512 */ uint8_t salt[strlen(PBKDF2_HMAC_SHA512_SALT) + 4]; memcpy((char *)salt, PBKDF2_HMAC_SHA512_SALT, strlen(PBKDF2_HMAC_SHA512_SALT)); animating_progress_handler(); pbkdf2_hmac_sha512((const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), salt, strlen(PBKDF2_HMAC_SHA512_SALT), BIP39_PBKDF2_ROUNDS, secret, 64, get_root_node_callback); aes_decrypt_ctx ctx; aes_decrypt_key256(secret, &ctx); aes_cbc_decrypt(sessionRootNode.chain_code, sessionRootNode.chain_code, 32, secret + 32, &ctx); aes_cbc_decrypt(sessionRootNode.private_key, sessionRootNode.private_key, 32, secret + 32, &ctx); } memcpy(node, &sessionRootNode, sizeof(HDNode)); sessionRootNodeCached = true; return true; } // if storage has mnemonic, convert it to node and use it if(shadow_config.storage.has_mnemonic) { if(!passphrase_protect()) { return false; } if(storage_get_root_node_cache(node)) { return true; } layout_loading(); uint8_t seed[64]; animating_progress_handler(); mnemonic_to_seed(shadow_config.storage.mnemonic, sessionPassphrase, seed, get_root_node_callback); // BIP-0039 if(hdnode_from_seed(seed, sizeof(seed), &sessionRootNode) == 0) { return false; } storage_set_root_node_cache(&sessionRootNode); memcpy(node, &sessionRootNode, sizeof(HDNode)); sessionRootNodeCached = true; return true; } return false; }
int main(int argc, char **argv) { if (argc != 2 && argc != 3) { fprintf(stderr, "Usage: bip39bruteforce address [mnemonic]\n"); return 1; } const char *address = argv[1]; const char *mnemonic, *item; if (argc == 3) { mnemonic = argv[2]; item = "passphrase"; } else { mnemonic = NULL; item = "mnemonic"; } if (mnemonic && !mnemonic_check(mnemonic)) { fprintf(stderr, "\"%s\" is not a valid mnemonic\n", mnemonic); return 2; } if (!ecdsa_address_decode(address, 0, secp256k1_info.hasher_base58, addr)) { fprintf(stderr, "\"%s\" is not a valid address\n", address); return 3; } printf("Reading %ss from stdin ...\n", item); start = clock(); for (;;) { if (fgets(iter, 256, stdin) == NULL) break; int len = strlen(iter); if (len <= 0) { continue; } count++; iter[len - 1] = 0; if (mnemonic) { mnemonic_to_seed(mnemonic, iter, seed, NULL); } else { mnemonic_to_seed(iter, "", seed, NULL); } hdnode_from_seed(seed, 512 / 8, SECP256K1_NAME, &node); hdnode_private_ckd_prime(&node, 44); hdnode_private_ckd_prime(&node, 0); hdnode_private_ckd_prime(&node, 0); hdnode_private_ckd(&node, 0); hdnode_private_ckd(&node, 0); hdnode_fill_public_key(&node); ecdsa_get_pubkeyhash(node.public_key, secp256k1_info.hasher_pubkey, pubkeyhash); if (memcmp(addr + 1, pubkeyhash, 20) == 0) { found = 1; break; } } float dur = (float)(clock() - start) / CLOCKS_PER_SEC; printf("Tried %d %ss in %f seconds = %f tries/second\n", count, item, dur, (float)count / dur); if (found) { printf("Correct %s found! :-)\n\"%s\"\n", item, iter); return 0; } printf("Correct %s not found. :-(\n", item); return 4; }