Release new address data, documentation improvements

2024-12-17 12:54:08 +01:00 · 2024-12-17 12:54:08 +01:00 · fa1c1ec540
parent 064ef4eed0
commit fa1c1ec540
10 changed files with 228 additions and 4 deletions
--- a/MT19937__bx_pattern/BIP32/README.md
+++ b/MT19937__bx_pattern/BIP32/README.md
@ -0,0 +1,12 @@
+# Mersenne Twister 32 bit seeding => bx consumption pattern => BIP32 derivation
+
+This is a special and unusual way of generating keys from PRNG output using BIP32, but not BIP39.
+
+See [libbitcoin-explorer bx-hd-new](https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-hd-new) for details.
+
+Victims could have used a combination of `bx seed` and `bx hd-new` to generate weak keys in this range.
+
+
+## Usage
+* We only investigated usage with Bitcoin.
+* Compressed pubkeys
--- a/MT19937__bx_pattern/BIP32/victim_addresses_bitcoin_sorted_collection_all_key_sizes_2024_10__mt_bx_bip32.txt
+++ b/MT19937__bx_pattern/BIP32/victim_addresses_bitcoin_sorted_collection_all_key_sizes_2024_10__mt_bx_bip32.txt
@ -0,0 +1,4 @@
+14CVYqJgJa8AUx1T9TWEyno8pMSaGTnSZp
+15pX86rnerqKLm3g996DTkmTajkuFSwtRV
+1BnkSifZC7DZ5i2rJQ4whPBBHdKLdEPSQn
+1H4F5AWH38fpfLDkBfQjjxTQznUWcPKyN1
--- a/MT19937__bx_pattern/BIP39/README.md
+++ b/MT19937__bx_pattern/BIP39/README.md
@ -1,4 +1,4 @@
-# Mersenne Twister 32 bit seeding | bx consumption pattern | BIP39
+# Mersenne Twister 32 bit seeding => bx consumption pattern => BIP39


 ## Example private keys without victim funds
--- a/MT19937__bx_pattern/direct/README.md
+++ b/MT19937__bx_pattern/direct/README.md
@ -0,0 +1,17 @@
+# Mersenne Twister 32 bit seeding => bx consumption pattern => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+See [libbitcoin-explorer bx-ec-new](https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-ec-new) for details.
+
+Victims could have used a combination of `bx seed` and `bx ec-new` to generate weak keys in this range.
+
+
+## Observed Usage
+
+* We only investigated usage with Bitcoin.
+* Compressed and uncompressed pubkeys
+
+## Writeups
+
+* See [research update #1](https://milksad.info/posts/research-update-1/).
--- a/MT19937__bx_pattern/direct/victim_addresses_bitcoin_sorted_collection_all_key_sizes_2024_10__mt_bx_ec.txt
+++ b/MT19937__bx_pattern/direct/victim_addresses_bitcoin_sorted_collection_all_key_sizes_2024_10__mt_bx_ec.txt
@ -0,0 +1,81 @@
+12qsEmUXKQFrz9R3WPXvvkNLDDXRTnoUT6
+12uUAHFzNAqavozbenBiEq87LZJ8XsaWi6
+12vEJUPD7gY9RMvjzuYunhUwNzXmu4vG9x
+139sqEGdwWUd2hfvVgoWGMB2r3XLpPbmvt
+13jVu7B3vKhYAjhFZjjFiMMZGo2tgycCxy
+13zhcRa2FShzpNikQ6DLNPBhCBLxuPbyaF
+146aAM8DcfMxyCKqCvnTLZ65EvNiVBw1or
+147kKTHvBBfutd7JusnitgVvgGJqb4Y7bC
+14bYYdD34hbEWex84kt4pqZ3BCAUorn4CE
+14gtuDCRj8D4rvduRJKrdQeffjHJZh8VtT
+14nVTqSyR6DscckH1q1yL5gJWfKveYT8NS
+14RvY8CKXw6ra13UNivcHuTqsT1gc72Zoz
+14rZ1ioYwzDnLZhA6AUMdgc4TtoAsFcJXU
+14ytvyfhB2bcZJc4Y3hYSBBcjB8zstUDxb
+155J4gua2523wRSS4B9WsQeBjxckqA16jE
+15Eyzg8qnVhiyohZ1oDCnkCmSfup4VVjNP
+15gzYFBkLR1v1HccoxGTbHHKKcWDfqrqyR
+15msLr5kttG1EeSYfaqBXWYnw5mfhN3QUd
+15qAqYLUrieN4icVgNxqvQKkSy5VE8Zz7P
+16Yu9uuX5j2uqy64kWGvH3HnzCrLhT9vF9
+17hBo91VUUY8csWWenN2xnK8EnuwDPcga2
+17ntGo6sPnZY4vUfbsn9dy8xQgKzDiCxpp
+17vfTecEQVZLw2M7CNhKy4qmxERrbwhR7R
+17yZW73Wu4FvQ97jy9skykwf9NyP6795Jy
+18bTpLo8BPEgfamwevfHhtVtprrk2x9jqc
+18HU5eJcjRE8u5HoLywSvQ61dwab1q6Ejd
+18NuofNRfegV5wkfPBuHsYyxTApFSkhEwu
+18rwuZSe9HCrdXKTPXGCPeZnRPsrsy2EYa
+18TJobuwoNCjF1anuoAmYx1w6u7Ruzhw9c
+19aeCYtFVHn9xz6uy962ftrYHX4aeEMunH
+19hpokcanwqTJZwVSrQiBZudeD6A9xMCw3
+19so7XzTJCjpymcN7FJ51hgS1GXRQDYje8
+1A3MvQpsQKfyf9AMbzo1Epaqp9TUfDCCQ9
+1AAsi215Bx6UFQg7xYEi1ThB4PgATpbE1x
+1AYTbjbTmsGYX64LfKPBFP9aXPr9aTUEn3
+1BDXhZ4JzLZXwjiYtRLXZD8H1me2NLEfe3
+1Bg4eipv7DsWZ9LJQhu9fn8hJ7iKLxRxbD
+1BmWvs5vFZGAoPfGE6Cduqjd3zXiLNpx8P
+1Bo6uGUsHnjvbdrPnnHaBf8esmB74EQ2Dh
+1Br2hHFPpg6y7S7abzjQX2t2eES3yM4MR2
+1BtnWdyjjgMZxVYsM7fSgMqkPcqRkWvmM7
+1BudhdYDD7KJud3MiNi6udUSKvYWRmBvVq
+1CCi52thxALuybL6qWcsBMyZeCPxpwXpTL
+1CeuzQcb5pmM1PmyoDgV5rfPsJDkAY8ScR
+1CHygsU8dDKbAvcsQTEXQSQxbsQpk219HT
+1CLtLS6ATxqcjNmJvsEY9UQbKNzTiLdJSF
+1CUSKYar1yGBAg3MHWhC3sYhTfBQqc2sTN
+1DBUWW1G1QGWMdCdE5GKM11iy5CjZfMHNd
+1DGjHDmntdWjdaUHDBExhUf5BDSUmHdsxs
+1DksTT2Y76iaHaL4J9dtA8M7ERWcqURMaD
+1EzEBX6dgbzjanHGkAW9aC7FhVXcUD5xob
+1F83zotZruCBAG5a2etyjXGdkYDE3XGnZ5
+1FDJkTetnGWH8nb2xcQxEQoVr9rPm7gu3x
+1FnvbpFTQgQsdP9EhKheYPu7Zpf2A4F3RR
+1G2x8czwUWxRwAML7zfGkhD72uK8D51ggP
+1GBwHrt4jkytVEifE1yATAKzT33noN2Z2j
+1GcdzkK9Bgh2EVoQe7LGouCynkKWcnauVE
+1GginVjMXsw5zJzhj8Tm4LQqmDGVCE9iA5
+1GkwxuLjgNwu3vRRH4qYjT1mqqWtGQ3J8
+1GtTPj6cYmDRkPYkqheGmV2HTg4Ed72D8m
+1HJ21WaRVsZ4qfxiBmAtRzyT9AZHvymTSR
+1Hs9b1eUAp7dGG1uxCgp5f1XU7zm6ysaN2
+1JcZBRycwzVNJMHnWhr39Vkhm2p2jjsUM4
+1JpzcH1eWxGnw7jMpfUi6k6pAn7sQWtsYf
+1JUdUgFm7B9GZihtf4jtryCmt4YcRMaJGx
+1K1Wgf7UCXdwU97SnKcbCZ1L2YRbcKmNZw
+1KDUyeL6ZkB3qMbP8J2gifaWsxiRLye1X
+1KJsZ2BBonQQqnY82e1z5jiCsgUFL2iJ9J
+1KNUK3C6dVuiou42ZwGhduCPvw66rTvk16
+1LsSkJ8NWQrDPsBU5CmFRSiVKZ1ihNA17
+1M2mCnwxzyVfhtmY5rLCpYUbsh3fRoBH8S
+1M3zuJ9xMgnWhiTXsZaFyarNkp5UbTXgQ5
+1MapF77ARUzQS2tEoXLxUjWdTLcbwhVGSd
+1MCx6SocS1iu2RPNm2JNeNGacvA3pXaqDh
+1MRrkhGmZrNBPz8wwhQ73viCvuGMMwDdPx
+1NLyT9QA8Uh2hmxgV3DH2SFr8HKozWvQ28
+1NP33cLHZLivBZY77Cn26ZzwV2qXnGKbBj
+1NuTd1F1X79PemBpctBNxmcTsnUaYWmRqQ
+1PiTiTQ91LdzeRwR4bYXyHk8kc3CD3VReb
+1Q8VbRyzA975EqQMHjxa4KWqF8WGfjTxd6
+1SPeJFC5ebSXRH9XC7C2XfYx8DEzkbQi9
--- a/MT19937__trust_wallet_pattern/BIP39/256bit/selected_victim_addresses_bitcoin_large_transaction_amounts_sorted__mt_tw1_bip39_256bit.txt
+++ b/MT19937__trust_wallet_pattern/BIP39/256bit/selected_victim_addresses_bitcoin_large_transaction_amounts_sorted__mt_tw1_bip39_256bit.txt
@ -6,4 +6,4 @@
 3J4sTPyD1g6KvNUSJxjwLs4iaPeDPqxUZr
 3JJ8b7voMPSPChHazdHkrZMqxC7Cb4vNk2
 3Pja5FPK1wFB9LkWWJai8XYL1qjbqqT9Ye
-3PWNGS2357TnjRX7FpewqR3e3qsWwpFrJH
+3PWNGS2357TnjRX7FpewqR3e3qsWwpFrJH
--- a/MT19937__trust_wallet_pattern/README.md
+++ b/MT19937__trust_wallet_pattern/README.md
@ -1,4 +1,4 @@
-# Mersenne Twister | Trust Wallet PRNG consumption pattern
+# Mersenne Twister => Trust Wallet PRNG consumption pattern

 See https://milksad.info/disclosure.html for 32 bit to 8 bit output truncation PRNG consumption pattern details.

--- a/MT19937__trust_wallet_pattern/direct/README.md
+++ b/MT19937__trust_wallet_pattern/direct/README.md
@ -0,0 +1,14 @@
+# Mersenne Twister 32 bit seeding => Trust Wallet PRNG consumption pattern => direct elliptic curve key
+
+This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
+
+We're not aware of a specific wallet software with this weak generation pattern.
+
+## Observed Usage
+
+* We only investigated usage with Bitcoin.
+* Compressed and uncompressed pubkeys
+
+## Writeups
+
+* See [research update #2](https://milksad.info/posts/research-update-2/).
--- a/MT19937__trust_wallet_pattern/direct/victim_addresses_bitcoin_sorted_collection_all_key_sizes_2024_10__mt_tw1_ec
+++ b/MT19937__trust_wallet_pattern/direct/victim_addresses_bitcoin_sorted_collection_all_key_sizes_2024_10__mt_tw1_ec
@ -0,0 +1,96 @@
+12GR12ZZnJvP21khgrxM3GgKK7kvXoRGz7
+12oMLxE5hVYqCS6uwG3WFYwgKLXvzzQPE5
+12W54invTqR53jsa5USySPW2BNbKtyFgoT
+12z5eH8qpzVi3LJKVG7f7UHHMdeRotxcfZ
+133LaBpNP8XYfeUMhWXT8PDDCn2oMHDktn
+139FLadt5jiuNVDs9PgvCdFomijCwkKtoY
+13jALR6S35CqKrvRCKCz5uBGcj9dCXcPYX
+13oyFdhFHP3aTmiWsMJsP6m28VRDqcgkZc
+13SUUZq7fUMW3yaQwJH3kyaAVPSKzkbWm6
+13V112j5UA87UQjbG3Sux6zQjCmSZH29h8
+146bsJWNuvUbncZw8G3CzvxbEeZawzbmaZ
+14Bdc89eZHi4s5zAMuvxdvQWSGDTtHpcb6
+14KeEhpALVqhoqfNZpnnF2stfiEZhQ5qAY
+14vxPouuVw3NcBBgKzHAi7uLvSFXk7hmsS
+14YCULo2TTgYatgmmKPGRDjCd2LUffkNF1
+152iLEC6Y396ZnAjsYEAP4pFnFwN2p3P5T
+152kTxweAgJjdYNoX1aZJL9kMiUuskUQ2Q
+15j5eFjdTJrciiDqRWRvRiM93Qgkxm3ebb
+15KJzn2AzrL8hkyfvrGWf2qKpEyR5U8u3Z
+15y5TwwjHbQ8z74TQHoSswU1iGwR4CdGWN
+15yp5RwkGBt3x7F7A8cyBu2SkdTghcU3in
+1685iFHWXEV8BtvPvg58MTN35iNz7M6p44
+16CSsw3kyDpgT4A9cYP51q1YHqvV5QNNSf
+16gdnxBtKn915wMgfXUYcJ8odpt4N5izNC
+16HdaM2EnSphsFiAD7GGwTBLs4gKrB1qCP
+16xUCauV7N3nWJ6LioUUHdoJGXsHEAf1Dr
+173S6R3rRagamztdSe2pkcmzuuj8D7wjEt
+17WM2EQ8NNs2pyAxfPSb1XuyxrZMCYKP9r
+17Xq55J1Z4Hqn4EoeoZ2LqFWaD6ojCHkCk
+17yJUKGTEViDu4eoy8QC9Yq6kyvcio5CkR
+183f6vSvpY1gZdZTxZTDdeDi7xDBHrAbbY
+18UB9NvHg3NSkn2RrtMh2MR5Twt2sosUWe
+19mzdTdshpYHRhXxqBaxBDiuyBvmkZizSR
+19Q2RuE3DHSeAtr7XTKmYRmVB7Ssh1b1My
+19X37f3e4Ujo1yMqXBQy9AnmLDE9kdk4qE
+1A4tVtK6CfjRgSAMvstD6PAmBkoWmH43wV
+1ABCeARehTVfdPwQE5Sy1u7JWJP3xnUMu3
+1Aq4HLY3xMrDrMW75hkngYgPYWcLBJ6MEQ
+1B2vUVJLYUTknqXezGqFeF96EdYWExrjmX
+1BKzriiWN9dbCbARR9jojFoU2znVt3g2Pk
+1Bvic5SizriWELujVvSdJiHY8r8k1Wt3Ys
+1BXRZ7wSiBjRXTrgWPZ2pC642CSodTMY44
+1C57NvRHDPTYVcdEJn5ckqNu61zpcwvxaF
+1Ck747seh3FjrhgofetAN25LXmqKdPVtQG
+1CnGDBCsVNZnavBNqQPPWMSRDFdbZNHYyA
+1CRvqbNwPPXB3ic2GunHA1WwRTdLyWDLc8
+1D3b6McG7DitHifivfAYNyM8LMEhQFdVyr
+1D3HW1hqfzo89jGn8z6LihR9E8V7qmsu7F
+1DiHuowD26PCeMnq8Uz4XeFevDiWq4aXJN
+1DoMjnPxHhdrA2YhMdTBRRML48NmYwmpUp
+1EejBeKLrkkpAfcUGMN74isCw8m2sSjWSc
+1EKPYQDXpCrsTCVQ9FkwAQ9GqriycyDFgs
+1EoEjREXaBKS2g1DMktaZPM8SVadPRNWQ7
+1EWHu2cQtCDxJ66Hwx7g4R7RfMnGzGTosW
+1FBRZgVZsk1NxaF4QNxgomyNqUGB8Af8ta
+1FfxqebGSKg9iLgDPVGvXJsN3hP5eGu9j2
+1FVmXmvsZMK8T941iuDicay9bFr1dwi8RB
+1GLHHNUosWXEgVu417VbjDPbxiFsQ2uxC
+1GQUqhrmTwqNEs7uzLkFgU8qTk4wKxnsQ1
+1Gt2qYGiPEkFcm9PET9fko1sqxNQsvDt7k
+1GVg4wufTSfBvHr6FoshucSSmL7VLxobTQ
+1H6WFN1xH4gXQM3feZSKJyXUNkPyhAmYs6
+1H8bDaZrVwmqYzTbYtCbLVPyujwh8KoxMQ
+1HATMxJvJqqSmKGnsWgsAUi9Y1qsWtAYKB
+1HuUVgjyHYn5Hrvzkf9mpQXFdw3djGvSrg
+1JeBPVy6Lxi6ZcWeFs8SWrB4czXmFBNnSq
+1JeRQRa1fnGKCFVQcxTRno5LMPjzfRDRbC
+1JSMHvKLFYprj1AmN24ZEaajgSUbg2eHA9
+1JZndiWahUGK4tED7W7getDuRLUrdHPRkW
+1KaX3zXGW8P9DrihWxjUtptBwn8oD6brz2
+1KKwSW4Rn5HtX6khzLZGVtqTTNH2gTX9TT
+1KnpxMY8kquX89EDYERFpUUffJDEvutmm1
+1Kp7ExkXbSMkBfisZYb7q5UfnrZGKW1Uxc
+1KqB1g43BWHVMWVt9YSZu1wDNRBw3BfpBH
+1L7g7mpwAuT6LkGR15ATbF1TqW9T5rs4tK
+1LBn7CAFEXhpiFaoJ5AU1QDE9DYaZvLFnD
+1LC6Q4YgHKHRmTvVBAFKvEeCi6cyrVrFhf
+1Ly4hhPxBspidbvdSoTtQS4BE4kkHuhaxd
+1Mbzs5m2gaW4CQMDdBerZanKwCfn7oVBUg
+1Me8RptgbbbB6cQW9jQVv649LhL9Se6JcA
+1MoRU6cPfdkTQMbKDXdFq3GwWJf7Q2jEAk
+1MPp8zEPfs95iKAPQiWudM2R7TDSagDtLJ
+1Mw7htnsykxcMFteeMFEF9RuoY3QLLhU8N
+1MyNtumgtu96ZyrAGSubHrFQSRyL77ZNaj
+1NFQguif28R3V753XqfrQAaCJCrzjERJdK
+1Ngu4ZiwmHmG1MF9TcwFcsDAgAhrm9zQcp
+1NNg6FeqTUxFpGDFiW5VFpq99LAqch9vyp
+1NvNWEVsd3eeWXkjixJdz31BR2Z8r2ouNU
+1PBGqj2y2Gr9fRp2TDCZwsq7WThRH1me7q
+1PkUo9Zk3DydcySwQQH7iYKzxtVTDzioUH
+1PN1Zeti5uN3tjddZtSkk14HzWuivAvTFj
+1PUY18167Hx2LRMdwSGwCVpJrX1PuyCKyd
+1Q6AdbCBDLRshV5bgdXhZixZX3b9FLE77i
+1QC7krU5qeQX8oddgtBPnUZfB5oZAcrd4v
+1QD38EBTpgiKk7MFuKjS23aGtA2x7nRtzM
+1YDVvTyMHgosUKpeyAZjQ9vgxfc9vxbwJ
--- a/dart_random__cake_wallet_pattern__electrum_mnemonic/README.md
+++ b/dart_random__cake_wallet_pattern__electrum_mnemonic/README.md
@ -19,7 +19,7 @@ A collection of hashes over the mnemonic secrets for all vulnerable wallets we d

 * Creation date: around 2023-11-24
 * Detection: confirmed Bitcoin Mainnet usage of a `bc1` address on at least one of the sub-accounts, checked until #79
-* Bitcoin Mainnnet address database from ca. early 2023-11
+* Bitcoin Mainnet address database from ca. early 2023-11
 * Entry format: SHA-256 hash computed over the lowercase space-separated seed string without leading spaces, trailing spaces or newlines
 * File format: newline-separated ASCII entries, sorted
 * Additional comments: 12 word Electrum seed, "100" segwit prefix