code/early_research_code/bx_seed_walker_bip39_mnemonic/README.md

1.9 KiB

bx seed walker for BIP39 mnemonics

Optimized proof-of-concept program to derive all possible 2^32 weak mnemonics for CVE-2023-39910 on a given key length without the need for slow bx calls.

Basic operation:

  • Walk over all possible PRNG seeding states
  • For each PRNG configuration:
    • simulate the bx seed behavior to derive the corresponding weak seed
    • simulate bx mnemonic-new to construct a BIP39 mnemonic
    • output the resulting data on stdout

This program does not perform any filtering of the recovered mnemonics by any criteria.

With some modifications to the PRNG consumption pattern, this program should also be able to generate mnemonics for CVE-2023-31290, although we didn't test this.

Usage

  • Build: see Makefile.
  • Parameters set at build time using build variables.
  • Output to stdout.
  • Warning: when directed to the file system, the output files for a complete key range will be large (several 100 GiB).

Status

This is experimental, unmaintained code. Use only as research inspiration.

This program was helpful as a quick proof-of-concept implementation during early experimentation and research in July 2023. It remains in an experimental state.

License

This folder contains adapted code from multiple sources, as well as derived code. See the file headers for more information.

Due to the derivative usage of libbitcoin code, the primary license is GNU Affero General Public License in version 3 or later.

Other code snippets fall under different licenses, namely some versions of CC BY SA.

Credits

Written by Christian Reitter. Based on code from libbitcoin and other authors.

Tests

Example to compare output with stock bx behavior for a given FAKETIME value == PRNG seed id:

LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME_FMT=%s FAKETIME=4.294967294 ./bx-linux-x64-qrcode seed -b 256 | ./bx-linux-x64-qrcode mnemonic-new