code/early_research_code/bx_seed_walker_bip39_mnemonic/README.md

47 lines
1.9 KiB
Markdown
Raw Normal View History

# bx seed walker for BIP39 mnemonics
Optimized proof-of-concept program to derive all possible `2^32` weak mnemonics for `CVE-2023-39910` on a given key length without the need for slow `bx` calls.
Basic operation:
* Walk over all possible PRNG seeding states
* For each PRNG configuration:
* simulate the `bx seed` behavior to derive the corresponding weak seed
* simulate `bx mnemonic-new` to construct a BIP39 mnemonic
* output the resulting data on stdout
This program does not perform any filtering of the recovered mnemonics by any criteria.
With some modifications to the PRNG consumption pattern, this program should also be able to generate mnemonics for `CVE-2023-31290`, although we didn't test this.
## Usage
* Build: see `Makefile`.
* Parameters set at build time using build variables.
* Output to stdout.
* Warning: when directed to the file system, the output files for a complete key range will be large (several 100 GiB).
## Status
This is experimental, unmaintained code. Use only as research inspiration.
This program was helpful as a quick proof-of-concept implementation during early experimentation and research in July 2023. It remains in an experimental state.
## License
This folder contains adapted code from multiple sources, as well as derived code. See the file headers for more information.
Due to the derivative usage of libbitcoin code, the primary license is `GNU Affero General Public License` in version 3 or later.
Other code snippets fall under different licenses, namely some versions of CC BY SA.
## Credits
Written by Christian Reitter. Based on code from libbitcoin and other authors.
## Tests
Example to compare output with stock `bx` behavior for a given `FAKETIME` value == PRNG seed id:
```
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME_FMT=%s FAKETIME=4.294967294 ./bx-linux-x64-qrcode seed -b 256 | ./bx-linux-x64-qrcode mnemonic-new
```