Been down the rabbit hole of Bitcoin key generation vulnerabilities lately. Ended up building a CLI tool to reproduce and analyze them.
What it does:
- Generates keys the "wrong way" — brainwallets, weak PRNGs (MT19937, LCG, Xorshift), that MultiBit HD bug, old Electrum derivation
- Analyzes if a key might have come from a vulnerable source (brute-forces 2^32 seed space etc.)
- Scans wordlists against target addresses
```sh
the classic brainwallet
vuke single "correct horse battery staple" --transform sha256
check if a key is a Milksad victim
vuke analyze --analyzer milksad <private_key>
```
Covers: - Milksad (CVE-2023-39910) — libbitcoin's 32-bit MT19937 disaster - Brainwallets — SHA256(password), still being exploited - LCG/Xorshift PRNGs — glibc rand(), JS Math.random() - MultiBit HD, Electrum pre-BIP39, Armory
Pure Rust, MIT license, optional GPU acceleration.
GitHub: https://github.com/oritwoen/vuke Install: cargo install vuke
One of my Bitcoin security research projects — also made kangaroo (https://github.com/oritwoen/kangaroo), boha (https://github.com/oritwoen/boha), and vgen (https://github.com/oritwoen/vgen) if you're into this stuff.
For research/education only, obviously. Happy to chat about the vulns if anyone's curious.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments