Keyhunt(Linux)
ETH/BTC Private keys hunter
Work for Bitcoin & Ethereum
Address/rmd160 hashes/PubKeys(Compressed/Uncompressed)
root@CryptoXploit:~#git clone https://github.com/CryptoXploit/Keyhunt.git (keyhunt linux version)
There is no difference in command functionalities of keyhunt linux & windows version.in linux you need to use ./keyhunt and in windows use keyhunt-win.exe
root@cryptoxploit:~/Keyhunt# cd Keyhunt
root@cryptoxploit:~/Keyhunt# make
root@cryptoxploit:~/Keyhunt# ./keyhunt -h
2.rmd160
3.xpoint
4.pub2rmd(deprecated)
5.BSGS
6.Minikey
7.Ethereum
This is the most basic approach to work, in this mode your text file need to have a list of the publicaddress to be search.
Example of address from solved puzzles, this file is already on the repository tests/1to32.txt
root@cryptoxploit:~/Keyhunt# ./keyhunt -m address -f tests/1to32.txt -r 1:FFFFFFFF
Also we can search for -l compressed or -l uncompressed as well
For example for searching puzzle 64 which is compressed address we can use
root@cryptoxploit:~/Keyhunt# ./keyhunt -m address -f tests/66.txt -b 66 -l compress -R -q -s 10 -t 4
with -b we can specify bit range(puzzle #66 is 66 bit)
-R is for random mode
For searching multiple dormant addresses(Compressed/uncompressed) within 256 bit range with endomorphism enabled
root@cryptoxploit:~/Keyhunt# ./keyhunt -m address -t 4 -f tests/dormant.txt -b 256 -l both -R -q -s 10 -e
root@cryptoxploit:~/Keyhunt# ./keyhunt -m vanity -t 4 -l compress -R -b 256 -v 1Donate -v 1Tweet
Here we are using 4 CPU threads and searching 1Donate & 1Tweet in 256 bit range.it will produce multiple addresses
You can search for a single puzzle vanity or multiple vanity addresses
Single puzzle 66 vanity address lookup
root@cryptoxploit:~/Keyhunt# ./keyhunt -m vanity -t 4 -f tests/66vanity.txt -l compress -R -b 66 -e -s 10 -q
-f is file of unsolved vanity puzzle 66 address which we are looking in 66 bit range
root@cryptoxploit:~/Keyhunt# ./keyhunt -m vanity -t 4 -f tests/dormantvanity.txt -l compress -R -b 256 -e -s 10 -q
we are searching for dormant addresses as vanity within entire 256 Bit range with endomorphism enabled.
root@cryptoxploit:~/Keyhunt# ./keyhunt -m vanity -t 4 -f tests/dormantvanity.txt -l both -R -b 256 -e -s 10 -q
upon finding the vanity pattern it will create a VANITYKEYFOUND.txt in current directory.
This is same as address mode but it must have rmd160 hashes instead of compresses/uncompressed addresses and its 2X faster speed than address mode
root@cryptoxploit:~/Keyhunt# ./keyhunt -m rmd160 -t 4 -f tests/1to32.rmd -r 1:FFFFFFFF -l compress -s 5
Same like #puzzle 66 compressed address you can search using its rmd160 hash so the speed would be nearby 2X more.
root@cryptoxploit:~/Keyhunt# ./keyhunt -m rmd160 -t 4 -f tests/66.rmd -b 66 -l compress -R -q
This mode targets the X value of the PubKeys.the speed is better than Address & rmd160 hash modes
Input file can have 1 PubKey per line(Compressed/Uncompressed)
Publickey Compressed (66 hexcharacters)
Publickey Uncompressed (130 hexcharacters)
Sample Input File-
A few subtracted values from puzzle 40
034eee474fe724cb631d19f24934e88016e4ef2aee80d086621d87d7f6066ff860 # – 453856235784
0274241b684e7c31e7933510b510aa14de9ac88ec3635bdd35a3bcf1d16da210be # + 453856235784
03abc6aff092b9a64bf69e00f4ec7a8b7ca51cfc6656732cbbc9f5674925b88609 # – 529328067324
034f4fe33b02c202b732d278f90eedc635af6f3be8a93c8d1cb0a01f6399aab2a4 # + 529328067324
03716ff57705e6446ac3e217c8c8bd9e9c8e58547457a6fe93ac254c37fd48afcb # – 14711740067
02ffa0769b0459c64b41f59f93495063ae031de0b846180bee37f921f20e141f60 # + 14711740067
03de1df5d801bbd5e7d86577bf14950f732fd41e586945d06d19e0fdea41a37d62 # – 549755814000
038d3711fd681e26c05b2f0cd423fa596e15054024e40add24a93bfa0c630531f1 # + 549755814000
03a2efa402fd5268400c77c20e574ba86409ededee7c4020e4b9f0edbee53de0d4 # target
Now use keyhunt against some thousand values of the puzzle 40:
root@cryptoxploit:~/Keyhunt# ./keyhunt -m xpoint -t 4 -f tests/substracted40.txt -n 65536 -t 4 -b 40
After we hit the first private key we can calculate with simple maths to derive original private key of puzzle #40.
if the first hit key is 800258a2ce
then check the file tests/substracted40.txt for corresponding decimal value mentioned in front of it.we can see that for “0274241b684e7c31e7933510b510aa14de9ac88ec3635bdd35a3bcf1d16da210be” the corresponding decimal value is +453856235784.
convert it into hex +453856235784->+69ABF09108
now we need to perform addition operation on the first hit private key to reveal private key of puzzle 40.
800258a2ce+69ABF09108=e9ae4933d6 which is the private key of puzzle #40.
for Puzzle #130 try-
root@cryptoxploit:~/Keyhunt# ./keyhunt -m xpoint -t 4 -f tests/130.txt -b 130 -R -q
This method is to find out public key of an address where only address is known and no transactions ever made(Unrevealed PubKeys).its useful for puzzles as well whose pubkey isn’t known for e.g. Puzzle #666.t works a little more faster because it skip the EC Operations
The input file need to have the hash RMD160 of the address(Without publickey leaked)
root@CryptoXploit:~/Keyhunt# ./keyhunt -m pub2rmd -t 4 -f tests/puzzleswopublickey.txt -q
once you hit the key you can use BSGS or Kangaroo faster tools to hit the target.
It requires public key of a known address(compressed/decompressed)
Input file can have mix of Compressed/Uncompressed pubkeys one at a line and any word followed by a space is ignored/commented
Example:
043ffa1cc011a8d23dec502c7656fb3f93dbe4c61f91fd443ba444b4ec2dd8e6f0406c36edf3d8a0dfaa7b8f309b8f1276a5c04131762c23594f130a023742bdde # 0000000000000000000000000000000000800000000000000000100000000000
046534b9e9d56624f5850198f6ac462f482fec8a60262728ee79a91cac1d60f8d6a92d5131a20f78e26726a63d212158b20b14c3025ebb9968c890c4bab90bfc69 # 0000000000000000000000000000000000800000000000000000200000000000
Dont load more than 100-1000 keys otherwise the processing and speed would be too slow.
File creation-
BSGS Mode switch -m bsgs pre creates two bloom filters & one bp table file for faster loading process. Use -S switch along for save & read file. These three files are created only once during first run of the command next time onwards the tool reads existing files. The 3 files size depends on the value of -n & -k.so test the appropriate combination of (n,k)values based on your hardwares(RAM/CPU/SSD)etc. for optimized performance level. The size of 3 files will be allocated in memory.
FIRST RUN:
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -R -b 130 -q -S -s 10
SECOND RUN:
when we run the program with same parameters again the creation of bloom filters and table is not required and it will read from pre-created database.
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -R -b 130 -q -S -s 10
remember if you change the test public key or bit ranges. The bloom filter and bP tables would be recreated.
testing Puzzle #130 with some known public keys(Sequential Mode)
root@cryptoxploit:~/Keyhunt# time ./keyhunt -m bsgs -f tests/test130.txt -b 130 -S
testing Puzzle #130 with some public keys(RANDOM MODE)
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -b 130 -q -s 10 -R
testing Puzzle #120 with some public keys(BSGS RANDOM MODE)
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -b 130 -q -s 10 -B random
We can speed up process by selecting a bigger K value.bigger K value requires more RAM & n value is the total length of the item tested in random range so experiment with (n,k) values
Valid n and k values(experimental reference table)
+——+———————-+————————-+———————–+—————–+
| bits | n in hexadecimal | k max value | RAM Requirements
+——+———————-+————————-+———————–+—————–+
| 20 | 0x100000 | 1 (default) | |
| 22 | 0x400000 | 2 | |
| 24 | 0x1000000 | 4 | |
| 26 | 0x4000000 | 8 | |
| 28 | 0x10000000 | 16 | |
| 30 | 0x40000000 | 32 | |
| 32 | 0x100000000 | 64 | |
| 34 | 0x400000000 | 128 | 2 GB |
| 36 | 0x1000000000 | 256 | 4 GB |
| 38 | 0x4000000000 | 512 | 8 GB |
| 40 | 0x10000000000 | 1024 | 16 GB |
| 42 | 0x40000000000 | 2048 | 32 GB |
| 44 | 0x100000000000 | 4096 | 64 GB |
| 46 | 0x400000000000 | 8192 | 128 GB |
| 48 | 0x1000000000000 | 16384 | 256 GB |
| 50 | 0x4000000000000 | 32768 | 512 GB |
| 52 | 0x10000000000000 | 65536 | 1 TB |
| 54 | 0x40000000000000 | 131072 | 2 TB |
| 56 | 0x100000000000000 | 262144 | 4 TB |
| 58 | 0x400000000000000 | 524288 | 8 TB |
| 60 | 0x1000000000000000 | 1048576 |
| 62 | 0x4000000000000000 | 2097152 |
| 64 | 0x10000000000000000 | 4194304 |
+——+———————-+——————————————————————-+
n in hexadecimal | k max value | RAM Requirements
+———————-+———————–+————————-+——————+
0x100000 | 1 (default) | |
0x400000 | 2 | |
0x1000000 | 4 | |
0x4000000 | 8 | |
0x10000000 | 16 | |
0x40000000 | 32 | |
0x100000000 | 64 | |
0x100000000000 | 128 | 2 GB |
0x1000000000 | 256 | 4 GB |
0x4000000000 | 512 | 8 GB |
0x10000000000 | 1024 | 16 GB |
0x40000000000 | 2048 | 32 GB |
0x100000000000 | 4096 | 64 GB |
0x400000000000 | 4096 | 128 GB |
0x400000000000 | 8192 | 256 GB |
0x1000000000000 | 8192 | 512 GB |
0x1000000000000 | 16384 | 1 TB |
0x4000000000000 | 16384 | 2 TB |
0x4000000000000 | 32768 | 4 TB |
0x10000000000000 | 32768 | 8 TB |
0x1000000000000000 | 1048576 | |
0x4000000000000000 | 2097152 | |
0x10000000000000000 | 4194304 | |
+——+———————-+———————————————————–——-+
There are several variations to play with the values -n and -k but there are some minimal values required, n can not be less than 1048576 (2^20)
To get optimal performance the k values need to be base 2^x values, this is 1,2,4,8,16,32 and so on
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -b 130 -R -k 20 -S
Impressive speed of 469 TeraKeys/Second
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -b 130 -R -k 128 -S
Utilizing less than 2 GB RAM with speed of 3 PetaKeys/Second
root@cryptoxploit:~/Keyhunt# ./keyhunt -m bsgs -f tests/130.txt -b 130 -R -k 2048 -q -t 4 -s 10 -S
Utilizing less than 32 GB RAM with speed of 142 PetaKeys/Second
lets test small range to see the performance & optimization
Testing puzzle 63 bits
PubKey
0365ec2994b8cc0a20d40dd69edfe55ca32a54bcbbaa6b0ddcff36049301a54579
root@cryptoxploit:~/Keyhunt# time ./keyhunt -m bsgs -t 4 -f tests/63.pub -k 2048 -s 0 -S -b 63
The minikey are generated from a 16 byte buffer using the base58 encode function using the bitcoin string 123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz.at the moment only Minikeys of 22 characters are available
Sequential
root@cryptoxploit:~/Keyhunt# ./keyhunt -m minikeys -f tests/minikeys.txt -C SG64GZqySYwBm9KxE1wJ28 -t 4
Random
root@cryptoxploit:~/Keyhunt# ./keyhunt -m minikeys -f tests/minikeys.txt -q -R -t 4
Ethereum modes support address and xpoint and BSGS mode
root@cryptoxploit:~/Keyhunt# ./keyhunt -c eth -f tests/1to32.eth -r 1:100000000 -M
the 1to20eth consists of randomly chosen addresses from the given range.you can customize it.
root@cryptoxploit:~/Keyhunt# ./keyhunt -t 4 -m bsgs -c eth -f tests/ethsinglepubkey.txt -r 1:10000000000000 -S -M -s 10 -q
The ethsinglepubkey.txt contains single ETH pubkey and we are searching a known key sequentially
remove old tables and bloom filters
root@CryptoXploit:~/Keyhunt# rm *.tbl
root@CryptoXploit:~/Keyhunt# rm *.blm
root@cryptoxploit:~/Keyhunt# ./keyhunt -t 4 -m bsgs -c eth -f tests/ethmultipubkeys.txt -r 1:10000000000000000000000 -k 2048 -S -M -s 10 -q
the ethmultipubkeys.txt contains 4 pubkeys.the more public keys the more slow speed so don’t use more than 100 keys.
KEYHUNT(WINDOWS)
webdo@LAPTOP-PQ668TBO ~$ git clone https://github.com/CryptoXploit/Keyhunt.git (Keyhunt-Win[Windows version precompiled binaries executables])
Download windows zip version:
Click/Scan QR
lets check one compressed address from puzzle#66 range
D:\Keyhunt>keyhunt.exe -m address -f tests/66rangetest.txt -b 66 -l compress -q -s 10 -t 10
now lets check power of BSGS
we will choose 66 bit range address.BSGS works only with public key. We will use this already known address
privkey-000000000000000000000000000000000000000000000002001a000000000000
Pubkey-029540a6bf24b18c13b4797720e2ee94b22268c2b23897187c888ec9dea478102c
Address(C)-1DnaZdMhoaBha4gVhoeu9qLwJGj1uuPjCi
D:\Keyhunt>keyhunt.exe -m bsgs -f tests/test66.txt -b 66 -q -S -t 10
within 30 seconds it penetrated the range deeper with unrealistic speed.rest all options are same as linux tutorial above.
Thanks for your blog, nice to read. Do not stop.
how can i change Bit Range 64 in KEYHUNT(WINDOWS) for bitcoin puzzle?
Hi 👋 how are you I am Delvie kindly need help to recover my account,I’ve lost private keys