Release new address data, documentation improvements

This commit is contained in:
Christian Reitter 2024-12-17 12:54:08 +01:00
parent 064ef4eed0
commit fa1c1ec540
10 changed files with 228 additions and 4 deletions

View File

@ -0,0 +1,12 @@
# Mersenne Twister 32 bit seeding => bx consumption pattern => BIP32 derivation
This is a special and unusual way of generating keys from PRNG output using BIP32, but not BIP39.
See [libbitcoin-explorer bx-hd-new](https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-hd-new) for details.
Victims could have used a combination of `bx seed` and `bx hd-new` to generate weak keys in this range.
## Usage
* We only investigated usage with Bitcoin.
* Compressed pubkeys

View File

@ -0,0 +1,4 @@
14CVYqJgJa8AUx1T9TWEyno8pMSaGTnSZp
15pX86rnerqKLm3g996DTkmTajkuFSwtRV
1BnkSifZC7DZ5i2rJQ4whPBBHdKLdEPSQn
1H4F5AWH38fpfLDkBfQjjxTQznUWcPKyN1

View File

@ -1,4 +1,4 @@
# Mersenne Twister 32 bit seeding | bx consumption pattern | BIP39
# Mersenne Twister 32 bit seeding => bx consumption pattern => BIP39
## Example private keys without victim funds

View File

@ -0,0 +1,17 @@
# Mersenne Twister 32 bit seeding => bx consumption pattern => direct elliptic curve key
This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
See [libbitcoin-explorer bx-ec-new](https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-ec-new) for details.
Victims could have used a combination of `bx seed` and `bx ec-new` to generate weak keys in this range.
## Observed Usage
* We only investigated usage with Bitcoin.
* Compressed and uncompressed pubkeys
## Writeups
* See [research update #1](https://milksad.info/posts/research-update-1/).

View File

@ -0,0 +1,81 @@
12qsEmUXKQFrz9R3WPXvvkNLDDXRTnoUT6
12uUAHFzNAqavozbenBiEq87LZJ8XsaWi6
12vEJUPD7gY9RMvjzuYunhUwNzXmu4vG9x
139sqEGdwWUd2hfvVgoWGMB2r3XLpPbmvt
13jVu7B3vKhYAjhFZjjFiMMZGo2tgycCxy
13zhcRa2FShzpNikQ6DLNPBhCBLxuPbyaF
146aAM8DcfMxyCKqCvnTLZ65EvNiVBw1or
147kKTHvBBfutd7JusnitgVvgGJqb4Y7bC
14bYYdD34hbEWex84kt4pqZ3BCAUorn4CE
14gtuDCRj8D4rvduRJKrdQeffjHJZh8VtT
14nVTqSyR6DscckH1q1yL5gJWfKveYT8NS
14RvY8CKXw6ra13UNivcHuTqsT1gc72Zoz
14rZ1ioYwzDnLZhA6AUMdgc4TtoAsFcJXU
14ytvyfhB2bcZJc4Y3hYSBBcjB8zstUDxb
155J4gua2523wRSS4B9WsQeBjxckqA16jE
15Eyzg8qnVhiyohZ1oDCnkCmSfup4VVjNP
15gzYFBkLR1v1HccoxGTbHHKKcWDfqrqyR
15msLr5kttG1EeSYfaqBXWYnw5mfhN3QUd
15qAqYLUrieN4icVgNxqvQKkSy5VE8Zz7P
16Yu9uuX5j2uqy64kWGvH3HnzCrLhT9vF9
17hBo91VUUY8csWWenN2xnK8EnuwDPcga2
17ntGo6sPnZY4vUfbsn9dy8xQgKzDiCxpp
17vfTecEQVZLw2M7CNhKy4qmxERrbwhR7R
17yZW73Wu4FvQ97jy9skykwf9NyP6795Jy
18bTpLo8BPEgfamwevfHhtVtprrk2x9jqc
18HU5eJcjRE8u5HoLywSvQ61dwab1q6Ejd
18NuofNRfegV5wkfPBuHsYyxTApFSkhEwu
18rwuZSe9HCrdXKTPXGCPeZnRPsrsy2EYa
18TJobuwoNCjF1anuoAmYx1w6u7Ruzhw9c
19aeCYtFVHn9xz6uy962ftrYHX4aeEMunH
19hpokcanwqTJZwVSrQiBZudeD6A9xMCw3
19so7XzTJCjpymcN7FJ51hgS1GXRQDYje8
1A3MvQpsQKfyf9AMbzo1Epaqp9TUfDCCQ9
1AAsi215Bx6UFQg7xYEi1ThB4PgATpbE1x
1AYTbjbTmsGYX64LfKPBFP9aXPr9aTUEn3
1BDXhZ4JzLZXwjiYtRLXZD8H1me2NLEfe3
1Bg4eipv7DsWZ9LJQhu9fn8hJ7iKLxRxbD
1BmWvs5vFZGAoPfGE6Cduqjd3zXiLNpx8P
1Bo6uGUsHnjvbdrPnnHaBf8esmB74EQ2Dh
1Br2hHFPpg6y7S7abzjQX2t2eES3yM4MR2
1BtnWdyjjgMZxVYsM7fSgMqkPcqRkWvmM7
1BudhdYDD7KJud3MiNi6udUSKvYWRmBvVq
1CCi52thxALuybL6qWcsBMyZeCPxpwXpTL
1CeuzQcb5pmM1PmyoDgV5rfPsJDkAY8ScR
1CHygsU8dDKbAvcsQTEXQSQxbsQpk219HT
1CLtLS6ATxqcjNmJvsEY9UQbKNzTiLdJSF
1CUSKYar1yGBAg3MHWhC3sYhTfBQqc2sTN
1DBUWW1G1QGWMdCdE5GKM11iy5CjZfMHNd
1DGjHDmntdWjdaUHDBExhUf5BDSUmHdsxs
1DksTT2Y76iaHaL4J9dtA8M7ERWcqURMaD
1EzEBX6dgbzjanHGkAW9aC7FhVXcUD5xob
1F83zotZruCBAG5a2etyjXGdkYDE3XGnZ5
1FDJkTetnGWH8nb2xcQxEQoVr9rPm7gu3x
1FnvbpFTQgQsdP9EhKheYPu7Zpf2A4F3RR
1G2x8czwUWxRwAML7zfGkhD72uK8D51ggP
1GBwHrt4jkytVEifE1yATAKzT33noN2Z2j
1GcdzkK9Bgh2EVoQe7LGouCynkKWcnauVE
1GginVjMXsw5zJzhj8Tm4LQqmDGVCE9iA5
1GkwxuLjgNwu3vRRH4qYjT1mqqWtGQ3J8
1GtTPj6cYmDRkPYkqheGmV2HTg4Ed72D8m
1HJ21WaRVsZ4qfxiBmAtRzyT9AZHvymTSR
1Hs9b1eUAp7dGG1uxCgp5f1XU7zm6ysaN2
1JcZBRycwzVNJMHnWhr39Vkhm2p2jjsUM4
1JpzcH1eWxGnw7jMpfUi6k6pAn7sQWtsYf
1JUdUgFm7B9GZihtf4jtryCmt4YcRMaJGx
1K1Wgf7UCXdwU97SnKcbCZ1L2YRbcKmNZw
1KDUyeL6ZkB3qMbP8J2gifaWsxiRLye1X
1KJsZ2BBonQQqnY82e1z5jiCsgUFL2iJ9J
1KNUK3C6dVuiou42ZwGhduCPvw66rTvk16
1LsSkJ8NWQrDPsBU5CmFRSiVKZ1ihNA17
1M2mCnwxzyVfhtmY5rLCpYUbsh3fRoBH8S
1M3zuJ9xMgnWhiTXsZaFyarNkp5UbTXgQ5
1MapF77ARUzQS2tEoXLxUjWdTLcbwhVGSd
1MCx6SocS1iu2RPNm2JNeNGacvA3pXaqDh
1MRrkhGmZrNBPz8wwhQ73viCvuGMMwDdPx
1NLyT9QA8Uh2hmxgV3DH2SFr8HKozWvQ28
1NP33cLHZLivBZY77Cn26ZzwV2qXnGKbBj
1NuTd1F1X79PemBpctBNxmcTsnUaYWmRqQ
1PiTiTQ91LdzeRwR4bYXyHk8kc3CD3VReb
1Q8VbRyzA975EqQMHjxa4KWqF8WGfjTxd6
1SPeJFC5ebSXRH9XC7C2XfYx8DEzkbQi9

View File

@ -1,4 +1,4 @@
# Mersenne Twister | Trust Wallet PRNG consumption pattern
# Mersenne Twister => Trust Wallet PRNG consumption pattern
See https://milksad.info/disclosure.html for 32 bit to 8 bit output truncation PRNG consumption pattern details.

View File

@ -0,0 +1,14 @@
# Mersenne Twister 32 bit seeding => Trust Wallet PRNG consumption pattern => direct elliptic curve key
This is a special and unusual way of generating keys directly from the PRNG output without any BIP39 or BIP32 hashing or derivations.
We're not aware of a specific wallet software with this weak generation pattern.
## Observed Usage
* We only investigated usage with Bitcoin.
* Compressed and uncompressed pubkeys
## Writeups
* See [research update #2](https://milksad.info/posts/research-update-2/).

View File

@ -0,0 +1,96 @@
12GR12ZZnJvP21khgrxM3GgKK7kvXoRGz7
12oMLxE5hVYqCS6uwG3WFYwgKLXvzzQPE5
12W54invTqR53jsa5USySPW2BNbKtyFgoT
12z5eH8qpzVi3LJKVG7f7UHHMdeRotxcfZ
133LaBpNP8XYfeUMhWXT8PDDCn2oMHDktn
139FLadt5jiuNVDs9PgvCdFomijCwkKtoY
13jALR6S35CqKrvRCKCz5uBGcj9dCXcPYX
13oyFdhFHP3aTmiWsMJsP6m28VRDqcgkZc
13SUUZq7fUMW3yaQwJH3kyaAVPSKzkbWm6
13V112j5UA87UQjbG3Sux6zQjCmSZH29h8
146bsJWNuvUbncZw8G3CzvxbEeZawzbmaZ
14Bdc89eZHi4s5zAMuvxdvQWSGDTtHpcb6
14KeEhpALVqhoqfNZpnnF2stfiEZhQ5qAY
14vxPouuVw3NcBBgKzHAi7uLvSFXk7hmsS
14YCULo2TTgYatgmmKPGRDjCd2LUffkNF1
152iLEC6Y396ZnAjsYEAP4pFnFwN2p3P5T
152kTxweAgJjdYNoX1aZJL9kMiUuskUQ2Q
15j5eFjdTJrciiDqRWRvRiM93Qgkxm3ebb
15KJzn2AzrL8hkyfvrGWf2qKpEyR5U8u3Z
15y5TwwjHbQ8z74TQHoSswU1iGwR4CdGWN
15yp5RwkGBt3x7F7A8cyBu2SkdTghcU3in
1685iFHWXEV8BtvPvg58MTN35iNz7M6p44
16CSsw3kyDpgT4A9cYP51q1YHqvV5QNNSf
16gdnxBtKn915wMgfXUYcJ8odpt4N5izNC
16HdaM2EnSphsFiAD7GGwTBLs4gKrB1qCP
16xUCauV7N3nWJ6LioUUHdoJGXsHEAf1Dr
173S6R3rRagamztdSe2pkcmzuuj8D7wjEt
17WM2EQ8NNs2pyAxfPSb1XuyxrZMCYKP9r
17Xq55J1Z4Hqn4EoeoZ2LqFWaD6ojCHkCk
17yJUKGTEViDu4eoy8QC9Yq6kyvcio5CkR
183f6vSvpY1gZdZTxZTDdeDi7xDBHrAbbY
18UB9NvHg3NSkn2RrtMh2MR5Twt2sosUWe
19mzdTdshpYHRhXxqBaxBDiuyBvmkZizSR
19Q2RuE3DHSeAtr7XTKmYRmVB7Ssh1b1My
19X37f3e4Ujo1yMqXBQy9AnmLDE9kdk4qE
1A4tVtK6CfjRgSAMvstD6PAmBkoWmH43wV
1ABCeARehTVfdPwQE5Sy1u7JWJP3xnUMu3
1Aq4HLY3xMrDrMW75hkngYgPYWcLBJ6MEQ
1B2vUVJLYUTknqXezGqFeF96EdYWExrjmX
1BKzriiWN9dbCbARR9jojFoU2znVt3g2Pk
1Bvic5SizriWELujVvSdJiHY8r8k1Wt3Ys
1BXRZ7wSiBjRXTrgWPZ2pC642CSodTMY44
1C57NvRHDPTYVcdEJn5ckqNu61zpcwvxaF
1Ck747seh3FjrhgofetAN25LXmqKdPVtQG
1CnGDBCsVNZnavBNqQPPWMSRDFdbZNHYyA
1CRvqbNwPPXB3ic2GunHA1WwRTdLyWDLc8
1D3b6McG7DitHifivfAYNyM8LMEhQFdVyr
1D3HW1hqfzo89jGn8z6LihR9E8V7qmsu7F
1DiHuowD26PCeMnq8Uz4XeFevDiWq4aXJN
1DoMjnPxHhdrA2YhMdTBRRML48NmYwmpUp
1EejBeKLrkkpAfcUGMN74isCw8m2sSjWSc
1EKPYQDXpCrsTCVQ9FkwAQ9GqriycyDFgs
1EoEjREXaBKS2g1DMktaZPM8SVadPRNWQ7
1EWHu2cQtCDxJ66Hwx7g4R7RfMnGzGTosW
1FBRZgVZsk1NxaF4QNxgomyNqUGB8Af8ta
1FfxqebGSKg9iLgDPVGvXJsN3hP5eGu9j2
1FVmXmvsZMK8T941iuDicay9bFr1dwi8RB
1GLHHNUosWXEgVu417VbjDPbxiFsQ2uxC
1GQUqhrmTwqNEs7uzLkFgU8qTk4wKxnsQ1
1Gt2qYGiPEkFcm9PET9fko1sqxNQsvDt7k
1GVg4wufTSfBvHr6FoshucSSmL7VLxobTQ
1H6WFN1xH4gXQM3feZSKJyXUNkPyhAmYs6
1H8bDaZrVwmqYzTbYtCbLVPyujwh8KoxMQ
1HATMxJvJqqSmKGnsWgsAUi9Y1qsWtAYKB
1HuUVgjyHYn5Hrvzkf9mpQXFdw3djGvSrg
1JeBPVy6Lxi6ZcWeFs8SWrB4czXmFBNnSq
1JeRQRa1fnGKCFVQcxTRno5LMPjzfRDRbC
1JSMHvKLFYprj1AmN24ZEaajgSUbg2eHA9
1JZndiWahUGK4tED7W7getDuRLUrdHPRkW
1KaX3zXGW8P9DrihWxjUtptBwn8oD6brz2
1KKwSW4Rn5HtX6khzLZGVtqTTNH2gTX9TT
1KnpxMY8kquX89EDYERFpUUffJDEvutmm1
1Kp7ExkXbSMkBfisZYb7q5UfnrZGKW1Uxc
1KqB1g43BWHVMWVt9YSZu1wDNRBw3BfpBH
1L7g7mpwAuT6LkGR15ATbF1TqW9T5rs4tK
1LBn7CAFEXhpiFaoJ5AU1QDE9DYaZvLFnD
1LC6Q4YgHKHRmTvVBAFKvEeCi6cyrVrFhf
1Ly4hhPxBspidbvdSoTtQS4BE4kkHuhaxd
1Mbzs5m2gaW4CQMDdBerZanKwCfn7oVBUg
1Me8RptgbbbB6cQW9jQVv649LhL9Se6JcA
1MoRU6cPfdkTQMbKDXdFq3GwWJf7Q2jEAk
1MPp8zEPfs95iKAPQiWudM2R7TDSagDtLJ
1Mw7htnsykxcMFteeMFEF9RuoY3QLLhU8N
1MyNtumgtu96ZyrAGSubHrFQSRyL77ZNaj
1NFQguif28R3V753XqfrQAaCJCrzjERJdK
1Ngu4ZiwmHmG1MF9TcwFcsDAgAhrm9zQcp
1NNg6FeqTUxFpGDFiW5VFpq99LAqch9vyp
1NvNWEVsd3eeWXkjixJdz31BR2Z8r2ouNU
1PBGqj2y2Gr9fRp2TDCZwsq7WThRH1me7q
1PkUo9Zk3DydcySwQQH7iYKzxtVTDzioUH
1PN1Zeti5uN3tjddZtSkk14HzWuivAvTFj
1PUY18167Hx2LRMdwSGwCVpJrX1PuyCKyd
1Q6AdbCBDLRshV5bgdXhZixZX3b9FLE77i
1QC7krU5qeQX8oddgtBPnUZfB5oZAcrd4v
1QD38EBTpgiKk7MFuKjS23aGtA2x7nRtzM
1YDVvTyMHgosUKpeyAZjQ9vgxfc9vxbwJ

View File

@ -19,7 +19,7 @@ A collection of hashes over the mnemonic secrets for all vulnerable wallets we d
* Creation date: around 2023-11-24
* Detection: confirmed Bitcoin Mainnet usage of a `bc1` address on at least one of the sub-accounts, checked until #79
* Bitcoin Mainnnet address database from ca. early 2023-11
* Bitcoin Mainnet address database from ca. early 2023-11
* Entry format: SHA-256 hash computed over the lowercase space-separated seed string without leading spaces, trailing spaces or newlines
* File format: newline-separated ASCII entries, sorted
* Additional comments: 12 word Electrum seed, "100" segwit prefix