void MainWindow::on_spinAccount_valueChanged(int arg1)
{
if (!root_set) return;
const char addr_version = 0x00, wif_version = 0x80;
const size_t buflen = 128;
char buf[buflen + 1];
HDNode node;
// external chain
for (int chain = 0; chain < 2; chain++) {
QTableWidget *list = chain == 0 ? ui->listAddress : ui->listChange;
node = root;
hdnode_private_ckd(&node, 44 | 0x80000000);
hdnode_private_ckd(&node, 0 | 0x80000000); // bitcoin
hdnode_private_ckd(&node, (arg1 - 1) | 0x80000000);
hdnode_serialize_private(&node, buf, buflen); QString xprv = QString(buf); ui->lineXprv->setText(xprv);
hdnode_serialize_public(&node, buf, buflen); QString xpub = QString(buf); ui->lineXpub->setText(xpub);
hdnode_private_ckd(&node, chain); // external / internal
for (int i = 0; i < 100; i++) {
HDNode node2 = node;
hdnode_private_ckd(&node2, i);
ecdsa_get_address(node2.public_key, addr_version, buf, buflen); QString address = QString(buf);
ecdsa_get_wif(node2.private_key, wif_version, buf, buflen); QString wif = QString(buf);
list->setItem(i, 0, new QTableWidgetItem(address));
list->setItem(i, 1, new QTableWidgetItem(wif));
list->setItem(i, 2, new QTableWidgetItem("0.0"));
}
}
}
int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count)
{
if (i_count == 0) {
return 1;
}
if (i_count == 1) {
if (hdnode_private_ckd(inout, i[0]) == 0) return 0;
return 1;
}
bool found = false;
// if root is not set or not the same
if (!private_ckd_cache_root_set || memcmp(&private_ckd_cache_root, inout, sizeof(HDNode)) != 0) {
// clear the cache
private_ckd_cache_index = 0;
memset(private_ckd_cache, 0, sizeof(private_ckd_cache));
// setup new root
memcpy(&private_ckd_cache_root, inout, sizeof(HDNode));
private_ckd_cache_root_set = true;
} else {
// try to find parent
int j;
for (j = 0; j < BIP32_CACHE_SIZE; j++) {
if (private_ckd_cache[j].set &&
private_ckd_cache[j].depth == i_count - 1 &&
memcmp(private_ckd_cache[j].i, i, (i_count - 1) * sizeof(uint32_t)) == 0) {
memcpy(inout, &(private_ckd_cache[j].node), sizeof(HDNode));
found = true;
break;
}
}
}
// else derive parent
if (!found) {
size_t k;
for (k = 0; k < i_count - 1; k++) {
if (hdnode_private_ckd(inout, i[k]) == 0) return 0;
}
// and save it
private_ckd_cache[private_ckd_cache_index].set = true;
private_ckd_cache[private_ckd_cache_index].depth = i_count - 1;
memcpy(private_ckd_cache[private_ckd_cache_index].i, i, (i_count - 1) * sizeof(uint32_t));
memcpy(&(private_ckd_cache[private_ckd_cache_index].node), inout, sizeof(HDNode));
private_ckd_cache_index = (private_ckd_cache_index + 1) % BIP32_CACHE_SIZE;
}
if (hdnode_private_ckd(inout, i[i_count - 1]) == 0) return 0;
return 1;
}
int main(int argc, char **argv)
{
if (argc != 3) {
fprintf(stderr, "Usage: bip39bruteforce mnemonic address\n");
return 1;
}
const char *mnemonic = argv[1];
const char *address = argv[2];
if (!mnemonic_check(mnemonic)) {
fprintf(stderr, "\"%s\" is not a valid mnemonic\n", mnemonic);
return 2;
}
if (!ecdsa_address_decode(address, addr)) {
fprintf(stderr, "\"%s\" is not a valid address\n", address);
return 3;
}
printf("Reading passphrases from stdin ...\n");
start = clock();
for (;;) {
if (fgets(passphrase, 256, stdin) == NULL) break;
int len = strlen(passphrase);
if (len <= 0) {
continue;
}
count++;
passphrase[len - 1] = 0;
mnemonic_to_seed(mnemonic, passphrase, seed, NULL);
hdnode_from_seed(seed, 512 / 8, &node);
hdnode_private_ckd_prime(&node, 44);
hdnode_private_ckd_prime(&node, 0);
hdnode_private_ckd_prime(&node, 0);
hdnode_private_ckd(&node, 0);
hdnode_private_ckd(&node, 0);
ecdsa_get_pubkeyhash(node.public_key, pubkeyhash);
if (memcmp(addr + 1, pubkeyhash, 20) == 0) {
found = 1;
break;
}
}
float dur = (float)(clock() - start) / CLOCKS_PER_SEC;
printf("Tried %d passphrases in %f seconds = %f tries/second\n", count, dur, (float)count/dur);
if (found) {
printf("Correct passphrase found! :-)\n\"%s\"\n", passphrase);
return 0;
}
printf("Correct passphrase not found. :-(\n");
return 4;
}
END_TEST
START_TEST(test_bip32_compare)
{
HDNode node1, node2, node3;
int i, r;
hdnode_from_seed(fromhex("301133282ad079cbeb59bc446ad39d333928f74c46997d3609cd3e2801ca69d62788f9f174429946ff4e9be89f67c22fae28cb296a9b37734f75e73d1477af19"), 64, &node1);
hdnode_from_seed(fromhex("301133282ad079cbeb59bc446ad39d333928f74c46997d3609cd3e2801ca69d62788f9f174429946ff4e9be89f67c22fae28cb296a9b37734f75e73d1477af19"), 64, &node2);
for (i = 0; i < 300; i++) {
memcpy(&node3, &node1, sizeof(HDNode));
r = hdnode_private_ckd(&node1, i); ck_assert_int_eq(r, 1);
r = hdnode_public_ckd(&node2, i); ck_assert_int_eq(r, 1);
r = hdnode_public_ckd(&node3, i); ck_assert_int_eq(r, 1);
ck_assert_int_eq(node1.depth, node2.depth);
ck_assert_int_eq(node1.depth, node3.depth);
ck_assert_int_eq(node1.fingerprint, node2.fingerprint);
ck_assert_int_eq(node1.fingerprint, node3.fingerprint);
ck_assert_int_eq(node1.child_num, node2.child_num);
ck_assert_int_eq(node1.child_num, node3.child_num);
ck_assert_mem_eq(node1.chain_code, node2.chain_code, 32);
ck_assert_mem_eq(node1.chain_code, node3.chain_code, 32);
ck_assert_mem_eq(node2.private_key, fromhex("0000000000000000000000000000000000000000000000000000000000000000"), 32);
ck_assert_mem_eq(node3.private_key, fromhex("0000000000000000000000000000000000000000000000000000000000000000"), 32);
ck_assert_mem_eq(node1.public_key, node2.public_key, 33);
ck_assert_mem_eq(node1.public_key, node3.public_key, 33);
}
}
void fsm_deriveKey(HDNode *node, uint32_t *address_n, size_t address_n_count)
{
size_t i;
if (address_n_count > 3) {
layoutProgressSwipe("Preparing keys", 0, 0);
}
for (i = 0; i < address_n_count; i++) {
hdnode_private_ckd(node, address_n[i]);
if (address_n_count > 3) {
layoutProgress("Preparing keys", 1000 * i / address_n_count, i);
}
}
}
serializedAsymmetricKey TrezorCrypto::GetChild(
const proto::AsymmetricKey& parent,
const uint32_t index) const
{
std::shared_ptr<HDNode> node = SerializedToHDNode(parent);
if (proto::KEYMODE_PRIVATE == parent.mode()) {
hdnode_private_ckd(node.get(), index);
} else {
hdnode_public_ckd(node.get(), index);
}
serializedAsymmetricKey key = HDNodeToSerialized(
*node,
TrezorCrypto::DERIVE_PRIVATE);
return key;
}
static const HDNode *getDerivedNode(uint32_t *address_n, size_t address_n_count)
{
static CONFIDENTIAL HDNode node;
if (!storage_getU2FRoot(&node)) {
layoutHome();
debugLog(0, "", "ERR: Device not init");
return 0;
}
if (!address_n || address_n_count == 0) {
return &node;
}
for (size_t i = 0; i < address_n_count; i++) {
if (hdnode_private_ckd(&node, address_n[i]) == 0) {
layoutHome();
debugLog(0, "", "ERR: Derive private failed");
return 0;
}
}
return &node;
}
END_TEST
// test vector 2 from https://en.bitcoin.it/wiki/BIP_0032_TestVectors
START_TEST(test_bip32_vector_2)
{
HDNode node;
int r;
// init m
hdnode_from_seed(fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node);
// [Chain m]
ck_assert_int_eq(node.fingerprint, 0x00000000);
ck_assert_mem_eq(node.chain_code, fromhex("60499f801b896d83179a4374aeb7822aaeaceaa0db1f85ee3e904c4defbd9689"), 32);
ck_assert_mem_eq(node.private_key, fromhex("4b03d6fc340455b363f51020ad3ecca4f0850280cf436c70c727923f6db46c3e"), 32);
ck_assert_mem_eq(node.public_key, fromhex("03cbcaa9c98c877a26977d00825c956a238e8dddfbd322cce4f74b0b5bd6ace4a7"), 33);
// [Chain m/0]
r = hdnode_private_ckd(&node, 0);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0xbd16bee5);
ck_assert_mem_eq(node.chain_code, fromhex("f0909affaa7ee7abe5dd4e100598d4dc53cd709d5a5c2cac40e7412f232f7c9c"), 32);
ck_assert_mem_eq(node.private_key, fromhex("abe74a98f6c7eabee0428f53798f0ab8aa1bd37873999041703c742f15ac7e1e"), 32);
ck_assert_mem_eq(node.public_key, fromhex("02fc9e5af0ac8d9b3cecfe2a888e2117ba3d089d8585886c9c826b6b22a98d12ea"), 33);
// [Chain m/0/2147483647']
r = hdnode_private_ckd_prime(&node, 2147483647);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0x5a61ff8e);
ck_assert_mem_eq(node.chain_code, fromhex("be17a268474a6bb9c61e1d720cf6215e2a88c5406c4aee7b38547f585c9a37d9"), 32);
ck_assert_mem_eq(node.private_key, fromhex("877c779ad9687164e9c2f4f0f4ff0340814392330693ce95a58fe18fd52e6e93"), 32);
ck_assert_mem_eq(node.public_key, fromhex("03c01e7425647bdefa82b12d9bad5e3e6865bee0502694b94ca58b666abc0a5c3b"), 33);
// [Chain m/0/2147483647'/1]
r = hdnode_private_ckd(&node, 1);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0xd8ab4937);
ck_assert_mem_eq(node.chain_code, fromhex("f366f48f1ea9f2d1d3fe958c95ca84ea18e4c4ddb9366c336c927eb246fb38cb"), 32);
ck_assert_mem_eq(node.private_key, fromhex("704addf544a06e5ee4bea37098463c23613da32020d604506da8c0518e1da4b7"), 32);
ck_assert_mem_eq(node.public_key, fromhex("03a7d1d856deb74c508e05031f9895dab54626251b3806e16b4bd12e781a7df5b9"), 33);
// [Chain m/0/2147483647'/1/2147483646']
r = hdnode_private_ckd_prime(&node, 2147483646);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0x78412e3a);
ck_assert_mem_eq(node.chain_code, fromhex("637807030d55d01f9a0cb3a7839515d796bd07706386a6eddf06cc29a65a0e29"), 32);
ck_assert_mem_eq(node.private_key, fromhex("f1c7c871a54a804afe328b4c83a1c33b8e5ff48f5087273f04efa83b247d6a2d"), 32);
ck_assert_mem_eq(node.public_key, fromhex("02d2b36900396c9282fa14628566582f206a5dd0bcc8d5e892611806cafb0301f0"), 33);
// [Chain m/0/2147483647'/1/2147483646'/2]
r = hdnode_private_ckd(&node, 2);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0x31a507b8);
ck_assert_mem_eq(node.chain_code, fromhex("9452b549be8cea3ecb7a84bec10dcfd94afe4d129ebfd3b3cb58eedf394ed271"), 32);
ck_assert_mem_eq(node.private_key, fromhex("bb7d39bdb83ecf58f2fd82b6d918341cbef428661ef01ab97c28a4842125ac23"), 32);
ck_assert_mem_eq(node.public_key, fromhex("024d902e1a2fc7a8755ab5b694c575fce742c48d9ff192e63df5193e4c7afe1f9c"), 33);
// init m
hdnode_from_seed(fromhex("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542"), 64, &node);
// test public derivation
// [Chain m/0]
r = hdnode_public_ckd(&node, 0);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0xbd16bee5);
ck_assert_mem_eq(node.chain_code, fromhex("f0909affaa7ee7abe5dd4e100598d4dc53cd709d5a5c2cac40e7412f232f7c9c"), 32);
ck_assert_mem_eq(node.private_key, fromhex("0000000000000000000000000000000000000000000000000000000000000000"), 32);
ck_assert_mem_eq(node.public_key, fromhex("02fc9e5af0ac8d9b3cecfe2a888e2117ba3d089d8585886c9c826b6b22a98d12ea"), 33);
}
int main(int argc, char **argv) {
if (argc != 2 && argc != 3) {
fprintf(stderr, "Usage: bip39bruteforce address [mnemonic]\n");
return 1;
}
const char *address = argv[1];
const char *mnemonic, *item;
if (argc == 3) {
mnemonic = argv[2];
item = "passphrase";
} else {
mnemonic = NULL;
item = "mnemonic";
}
if (mnemonic && !mnemonic_check(mnemonic)) {
fprintf(stderr, "\"%s\" is not a valid mnemonic\n", mnemonic);
return 2;
}
if (!ecdsa_address_decode(address, 0, secp256k1_info.hasher_base58, addr)) {
fprintf(stderr, "\"%s\" is not a valid address\n", address);
return 3;
}
printf("Reading %ss from stdin ...\n", item);
start = clock();
for (;;) {
if (fgets(iter, 256, stdin) == NULL) break;
int len = strlen(iter);
if (len <= 0) {
continue;
}
count++;
iter[len - 1] = 0;
if (mnemonic) {
mnemonic_to_seed(mnemonic, iter, seed, NULL);
} else {
mnemonic_to_seed(iter, "", seed, NULL);
}
hdnode_from_seed(seed, 512 / 8, SECP256K1_NAME, &node);
hdnode_private_ckd_prime(&node, 44);
hdnode_private_ckd_prime(&node, 0);
hdnode_private_ckd_prime(&node, 0);
hdnode_private_ckd(&node, 0);
hdnode_private_ckd(&node, 0);
hdnode_fill_public_key(&node);
ecdsa_get_pubkeyhash(node.public_key, secp256k1_info.hasher_pubkey,
pubkeyhash);
if (memcmp(addr + 1, pubkeyhash, 20) == 0) {
found = 1;
break;
}
}
float dur = (float)(clock() - start) / CLOCKS_PER_SEC;
printf("Tried %d %ss in %f seconds = %f tries/second\n", count, item, dur,
(float)count / dur);
if (found) {
printf("Correct %s found! :-)\n\"%s\"\n", item, iter);
return 0;
}
printf("Correct %s not found. :-(\n", item);
return 4;
}
