1.9 KiB
bx seed walker for BIP39 mnemonics
Optimized proof-of-concept program to derive all possible 2^32
weak mnemonics for CVE-2023-39910
on a given key length without the need for slow bx
calls.
Basic operation:
- Walk over all possible PRNG seeding states
- For each PRNG configuration:
- simulate the
bx seed
behavior to derive the corresponding weak seed - simulate
bx mnemonic-new
to construct a BIP39 mnemonic - output the resulting data on stdout
- simulate the
This program does not perform any filtering of the recovered mnemonics by any criteria.
With some modifications to the PRNG consumption pattern, this program should also be able to generate mnemonics for CVE-2023-31290
, although we didn't test this.
Usage
- Build: see
Makefile
. - Parameters set at build time using build variables.
- Output to stdout.
- Warning: when directed to the file system, the output files for a complete key range will be large (several 100 GiB).
Status
This is experimental, unmaintained code. Use only as research inspiration.
This program was helpful as a quick proof-of-concept implementation during early experimentation and research in July 2023. It remains in an experimental state.
License
This folder contains adapted code from multiple sources, as well as derived code. See the file headers for more information.
Due to the derivative usage of libbitcoin code, the primary license is GNU Affero General Public License
in version 3 or later.
Other code snippets fall under different licenses, namely some versions of CC BY SA.
Credits
Written by Christian Reitter. Based on code from libbitcoin and other authors.
Tests
Example to compare output with stock bx
behavior for a given FAKETIME
value == PRNG seed id:
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME_FMT=%s FAKETIME=4.294967294 ./bx-linux-x64-qrcode seed -b 256 | ./bx-linux-x64-qrcode mnemonic-new