That time the Hacker known as 4chan (may have) decrypted Wikileak's Insurance File

Background Context

Julian Assange Thread #2 (10/17/16 - 10/17/16)

8ch[.]net/pol/res/7881571.html

IT’S FUCKING HAPPENING (10/21/16 - 10/22/16)

8ch[.]net/pol/res/7933031.html

DDoS Attack on DYNDNS (10/21/16 - 10/22/16)

8ch[.]net/pol/res/7931897.html

Wikileaks Insurance Files

Insurance files key testing (10/22/16 - 10/27/16)

8ch[.]net/pol/res/7946506.html

Insurance keys may actually have been released (10/24/16 - 10/27/16)

8ch[.]net/pol/res/7962287.html

WL Insurance Thread (10/24/16 - 12/07/16)

endchan[.]xyz/pol/res/20366.html

Outer Heaven (10/26/16 - 11/09/16)

8ch[.]pl/pol/res/24116.html

OUTER HEAVEN 2 (12/07/2016 - 12/26/2016)

endchan[.]xyz/POLAK/res/15.html
s6424n4x4bsmqs27[.]onion/POLAK/res/15.html

WE ARE PHASE 3 (11/16/16 - 12/20/2016)

2hu-ch[.]org/thread-5b30554cf29073d3aee1a74c298234c8e36a7bad.html
ev7fnjzjdbtu3miq[.]onion/thread-5b30554cf29073d3aee1a74c298234c8e36a7bad.html

WE ARE PHASE 4(?) (01/10/2017 - 01/30/2017)

2hu-ch[.]org/t/8f1dd166ffdde9fafd35ef4c8ea9132288119dc7/

WE ARE PHASE 5(?) (02/13/2017 - 04/19/2017)

2hu-ch[.]org/t/0da7a65f7fc0e480ba8455fe71987ffc69427b54/#0da7a65f7fc0e480ba8455fe71987ffc69427b54

URLs for this post:

Archives for this post:

Thread: Julian Assange Thread #2 (10/17/16 - 10/17/16)

8ch[.]net/pol/res/7881571.html


Anonymous 10/17/16 (Mon) 13:53:34 ID: 0e9a1f No.7881571

IS HE DEAD? IS HE BEING TORTURED? WILL THEY DROP THE FILES?

Internet has been cut off at the Embassy, 3 hashes have been released, vans are surrounding the embassy, happenings are ready to commence at any moment.

Encrypted files:

https://twitter.com/wikileaks/status/743824112376766465

[DIRECT LINK] https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent

TORRENT HASH: 41B179C7 1088FF50 32AD8517 C9FF5A3F 40C7490F

3 pre-commitment hashes posted

https://twitter.com/wikileaks/status/787777344740163584

https://twitter.com/wikileaks/status/787781046519693316

https://twitter.com/wikileaks/status/787781519951720449

Net cut:

https://twitter.com/wikileaks/status/787889195507417088

Contingency:

https://twitter.com/wikileaks/status/787889195507417088

Roger Stone:

https://archive.is/5ZUoj

https://archive.is/87Tqo

Assange “fine”

https://twitter.com/kellykolisnik/status/787936574658928640

John Deplo:

https://www.periscope.tv/JohnDeplo/1OwxWrZbMQDJQ

Anon.:

https://www.periscope.tv/Pepe777777/1ypKdAanybvGW

Embassy call:

Insurance files:

https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent

http://wlstorage.net/torrent/wlinsurance-20130815-A.aes256.torrent

http://wlstorage.net/torrent/wlinsurance-20130815-B.aes256.torrent

http://wlstorage.net/torrent/wlinsurance-20130815-C.aes256.torrent

https://twitter.com/SandraEckersley/status/787918450547044354

https://archive.is/vAuaE

Has Julian #Assange had his internet cut off due to claims of online sexual grooming? Case pending. #Wikileaks #auspol

IT’S FUCKING HAPPENING (10/21/16 - 10/22/16)

8ch[.]net/pol/res/7933031.html


OP Anonymous 10/21/16 (Fri) 16:02:47 ID: d5aa21 No.7933031

d081083fbcb4d0fd240a66c9132f95bec6416352

PHOTO: Heavily armed ‘police’ appear outside Ecuadorian Embassy in London where Julian Assange has political asylum (photo, Tuesday morning)

https://twitter.com/wikileaks/status/789493599121604609
https://archive.fo/HmIE4


Anonymous 10/22/16 (Sat) 08:32:38 ID: 356cac No.7941102

So, basically Assange is already dead. No video showing him alive. His Twitter account claims supporters’ responsibility for a “cyber attack” on USA, giving ammo to Hillary.

Anonymous, who claims responsibility, is a government shill.

WikiLeaks starts posting political shit as if he were actually being role played by someone whose job it was to roleplay as Anonymous. Look at his latest tweets. It’s like he is one of those “anonymous” faggots. Posting that shit about Clinton already being chosen for election. Being against Trump as a pied piper.

CTR is saying that concerns about Assange being dead is “autism gone too far” and is calling those with a real concern as “demoralizers” or shills or CTR themselves. People have bought this from them. Autism hasn’t gone too far. It hasn’t gone far enough.

Now with the OP, they are trying to make it seem like there will be a storming of the embassy, under the guise of getting a Russian agent hacker/“hacktivist”. That’s the excuse when they “go in after Assange.”

They will bring him out in a body bag and the only photos you will see of him will be his dead body, which is currently dead, weeks before this staged invasion of the embassy.

The fake death will be used to justify all the leaks and information up to that point were real and he was actually a Russian terrorist plotter.

You corrupt, nationless, morally bankrupt TOOLS.



Anonymous 10/22/16 (Sat) 18:51:26 ID: 1faeff No.7944978

>>7933031 (OP)

Goys….

https://twitter.com/Cryptomeorg/status/789871378879086592

wtf is going on

Assange surreptitious getaway from EC Consulate in London (smuggled from embassy)
51°31’49.39" N 0°07’01.46" W


Anonymous 10/22/16 (Sat) 18:59:42 ID: cabddb No.7945066

>>7944978

Tweet saying he got away

No picture of him in the act

Contradicting messages all over the place

Be wary for now


DDoS Attack on DYNDNS (10/21/16 - 10/22/16)

8ch[.]net/pol/res/7931897.html


OP Anonymous 10/21/16 (Fri) 12:51:58 ID: aba3dd No.7931897

35baa2f9759e57954c441decb47e6f6236fb4c04

DDoS Attack Against Dyn Managed DNS

Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.

https://archive.fo/fjxW3

Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.

https://archive.fo/Fb4uz


Anonymous 10/21/16 (Fri) 13:03:55 ID: aba3dd No.7931948

>>7931927

http://downdetector.com/status/level3/map/

9ff9fe15d903f5329240a8dafe6b6effee436ce5


Anonymous 10/21/16 (Fri) 13:39:12 ID: 9c1450 No.7932155>>7932165 >>7932172

>>7931964
>>7932118
>>7932127

I would not classify this outage as necessarily big enough. If Assange is in any way intelligent he had servers all over the world, each one totally independent of the others, and each obscured through multiple layers of anonymization. I could see that outage taking out maybe one of the servers, but not all of them at once. Putting them all in one geographic area is amateur hour.

But maybe I’m just overestimating the fuck out of Assange’s level of preparation. If he didn’t take every possible measure to secure himself and his dead man system, he’s a fucking colossal idiot.


Anonymous 10/21/16 (Fri) 13:53:25 ID: 9c1450 No.7932223>>7932279

>>7932165

Incorrect. It’s not a kill switch. It’s a dead man switch. That means it goes off if nobody talks to it for some interval of time. A kill switch implies someone has to actively trip it - it’s fail “off.” A dead man switch fails “on.” In addition, there would be no key to crack. If you were smart when you wrote the dead man switch code, you’d use a hash fingerprint of the actual entered code to identify whether it’s correct. Only a retard would embed the plaintext interval reset code in the actual program’s source code.

Also, keep in mind that only a truly stupid fuck would write a dead man switch in a scripting language where the source code is the executable code. It would be a binary executable with obfuscated binary code. You’d erase the fuck out of the source code after you got the thing to work. Black box to the max.

>>7932172

That’s my point. Assange knows what is in those insurance files, and if the governments of the world think it’s a big enough deal to threaten fucking drone strikes then he better have his shit locked down better than anyone. The great thing is that cryptography is absolutely a weapon. It is a force equalizer, and it happens to be that it can completely invert the balance of power. There’s a reason that strong crypto is ITAR controlled in the US. The win for all of us is that while you have to physically manufacture a gun, incredibly strong crypto can be transmitted purely digitally and can never be truly restricted.

>>7932191

Not that any of us are truly authority figures on this, but what you say seems to be the most likely explanation. A lot of anons think Soros got his fortune with insider information from the Rothschilds and operates as the visible front for their backchannel operations.


Anonymous 10/21/16 (Fri) 18:08:23 ID: ac63fa No.7934076

>>7934056

>>7934063

Still up for me, BUT……

09bca6a0427422206ddd3d925c146a1517cbcd04


Anonymous 10/21/16 (Fri) 21:11:15 ID: 2e7bb9 No.7936025

29892438fd941ad8e8371f70183554dcb936f1ac


Anonymous 10/21/16 (Fri) 21:14:30 ID: 3c617e No.7936071

>>7936025

WHAT

this is 100% proof that wikileaks is compromised and the attack is something they aren’t in control of.

what the fuck is this? the CIA/NSA telling them to stop?

i’m even more suspicious that this attack may be TAY


Anonymous 10/21/16 (Fri) 21:23:38 ID: 52f72c No.7936209

>>7936025

The card has been played. Assange is dead, his organization is being destroyed, and his legacy will die with it. The most major in the list of casualties in the War against the Establishment, but not the last.

0cabed64bb1a73c7551d9036f6c227675cc37f8d


Anonymous 10/21/16 (Fri) 21:26:49 ID: 5e0295 No.7936259

>>7936237

>>7936201

WHY ARE THEY RETWEETING IT?

e84a30013e4268b060e9edfb279208987057e94f


Insurance files key testing (10/22/16 - 10/27/16)

8ch[.]net/pol/res/7946506.html


OP Anonymous 10/22/16 (Sat) 21:12:00 ID: 22c2d5 No.7946506

During the DDoS attack a few hashes and keys were posted on several sites for a few minutes and then deleted without a trace (pic related is one of them http://i.imgur.com/undefined.png). (DEAD)

Additionally, the Wikileaks site showed “The Insurance files may have just been released” for a few minutes as well. (see http://i.imgur.com/6IMYfUK.png)

I have begun trying some of the candidate keys. I could use some help. I think the least we can do is try them and keep track of the results and what has been tried.

Files:

https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent

https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent

https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent

https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent

Candidate for file A (see pic related for how to generate it):

eta-numeris: f22d 7304 8224 8ad6

sin-tropper: 48ab b7eb ceda f42d

7FG: 6f46 30e1 c6f3 385d

project-runway: da46 2913 216c 9a0d

fall-of-cassandra: 07d6 db54 f3c2 7d4a

(The order might be incorrect, see https://archive.fo/pMEmC)

f22d730482248ad648abb7ebcedaf42d6f4630e1c6f3385dda462913216c9a0d07d6db54f3c27d4a

Candidate for file B:

eta-numeris: 52f3 436e 82db 1fde

sin-topper: b1a0 64d4 0004 8865

project-runway: a10a 3571 a17b 8898

7FG: fde0 5ea5 34a9 c372

fall-of-cassandra: ca1c c808 dfbd 0d23

52f3436e82db1fdeb1a064d400048865a10a3571a17b8898fde05ea534a9c372ca1cc808dfbd0d23

The candidate for C is in pic related as well but it has to be typed down manually. We should also rerun the commands shown there and verify that we get the same result. Moreover, I believe something similar can be done with the hashes tweeted recently.

Other unknown candidates:


Anonymous 10/22/16 (Sat) 22:11:35 ID: 1e948e No.7947297>>7947558

>>7947245

$ openssl enc -aes-256-cbc -d -in insurance.aes256 -out file.txt

is the case if it’s just a key, however, people seem to know something I don’t, and are constructing keyfiles from the supplied… dump? tweet? strings?

The process he’s using is something like

echo "eta numeris" > plaintext.txtopenssl enc -aes256 -in plaintext.txt -out keyfile> enter aes-256-cbc encryption password:  > Verifying - enter aes-256-cbc encryption password: (using phrase that's next to hex string)openssl enc -d -aes256 -in wlinsurance-20130815-A.aes256 -kfile keyfile > unencrypted-A
``

Insurance keys may actually have been released (10/24/16 - 10/27/16)

8ch[.]net/pol/res/7962287.html


OP Anonymous 10/24/16 (Mon) 05:07:13 ID: 947b6b No.7962287

I’m seeing snippets of info around suggesting the insurance keys actually DID get posted, and the DDOS was an attempt to stop them, but it wasn’t 100% successful.

Apparently the keys were divided into separate parts and given to a variety of people. Nobody had the whole key themselves, but they all had parts of a key.

Which means the keys we’ve been seeing around that haven’t worked, may simply need to be combined with other keys to unlock the files.

That’s what this thread is for: Posting anything you suspect might be part of an insurance key. Anons with the insurance files test out combinations and let us know if anything works.

Archive.is is your friend. Immediately archive any web page, facebook post, twitter, that you think might be a key.

I’ll start us off

https://archive.fo/SfyVA


Anonymous 10/24/16 (Mon) 12:22:51 ID: 7f4246 No.7964445

>>7964432

All sensitive posts are being deleted in this thread (and others).

Continue Insurance File Shitposting here:

https://endchan.xyz/pol/res/20366.html


WL Insurance Thread (10/24/16 - 12/07/16)

endchan[.]xyz/pol/res/20366.html


OP Anonymous 10/24/2016 (Mon) 12:10:08

Alright lads, post here what you were not allowed to post there.


Anonymous 10/24/2016 (Mon) 14:17:38 [Preview] No. 20395 [X] del >>21450

During the DDoS attack a few hashes and keys were posted on several sites for a few minutes and then deleted without a trace.

Additionally, the Wikileaks site showed “The Insurance files may have just been released” for a few minutes as well. (see https://i.imgur.com/6IMYfUK.png)

I have begun trying some of the candidate keys. I could use some help. I think the least we can do is try them and keep track of the results and what has been tried.

Files:
https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent

Original pastebin:

Follow up:

https://i.sli.mg/lck00e.jpg

New potential key: h ttps://pastebin.com/Aa5YxXsR

https://ww w.google.com/#q=i1KQxBG6&filter=0

Strange thread:

https://archive.is/AfyZh#selection-2615.65-2615.94

Thread that was not deleted:

https://boards.4chan.org/pol/thread/94035612

OCR for Tweets (h ttps://imgur.com/pve7F5I and h ttps://i.sli.mg/VAeKEp.png):

Wikileaks file that has been decrypted: h ttps://projectavalon.net/forum4/showthread.php?29431-WIKILEAKS-Insurance-file-password-revealed

How to try:

openssl enc -d -aes-256-cbc -in [file] -out [outputfile] -k [password]

You should get an error message like this:

bad decrypt 140654269195936:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:

Keys tried on wlinsurance-20130815-A.aes256:

“f22d 7304 8224 8ad6”

“eta numeris 392D8A3EEA2527D6AD8B1EBBAB6AD”

“bd478c3d6cc7d3cc5dd2a2dd4dbba”

“47d899f1e46ecfc3c34ac15f920fcb74b7812e1a58797dcdb3f3a8dde66f02feucDiusjeawyedOajFepOtdibodren9griUtFiegJeOmJodth8gromCeaTinuresk3a30daad2abb705cbed62fc58040a28b721fe65341276de74b1f8f834383ca77jidyupHasKiunIbNoofGijdabrugTindidagEroibPhevviudtaylvAntarHielb42336d521363fa817237cb37fa6d1596efcf027a077726edb098f4c96098e435UrbupJeldOgshUtkefJoigogWyuflugUchliWajbyvaurEijikwyklavwyctacnu”

“f22d 7304 8224 8ad6 48ab b7eb ceda f42d da46 2913 216c 9a0d fde0 5ea5 34a9 c372 07d6 db54 f3c2 7d4a”

“40a861f05c8a98cc88594781d81bf233f1fa11f56f340135e30c41d78808273f”

Tweets (40a861f05c8a98cc88594781d81bf233f1fa11f56f340135e30c41d78808273f8089b0f7040a - Pastebin.com)

“eyJ1cmwiOiJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvQ3ZmbVFfbFdFQVFwVDlpLmpwZzpsYXJnZSJ9”

“ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#”

Keys tried on wlinsurance-20130815-B.aes256:

TBA

Keys tried on wlinsurance-20130815-C.aes256:

TBA


Anonymous 10/24/2016 (Mon) 14:23:28 [Preview] No. 20396 [X] del >>21450

Ongoing 8chan thread:

https://8ch.net/pol/res/7946506.html

Posts on reddit:

https://www.reddit.com/r/WikiLeaks/comments/58ohn7/possible_insurance_wikileaks_key_dump_please_look/

https://www.reddit.com/r/conspiracy/comments/58owaq/i_think_something_serious_is_happening_with/

https://np.reddit.com/r/DNCleaks/comments/58ov84/possible_insurance_key_dump_please_help_the_donald/

Thread that was not deleted:

https://boards.4chan.org/pol/thread/94035612


Anonymous 10/24/2016 (Mon) 21:09:37 [Preview] No. 20425 [X] del >>21450

There is a key that has been posted numerous times on 8chan, 4chan, reddit and here that gets deleted immediately. Was someone able to take a screenshot?

These are some of the places where is has been posted:
https://8ch.net/pol/res/7962287.html
https://8ch.net/pol/res/7946506.html
https://8ch.net/pol/res/7931897.html


Anonymous 10/24/2016 (Mon) 23:37:29 Id: e73b0c [Preview] No. 20451 [Hide User Posts] [X] del

thread on other bunker, might be useful info
https://8ch.pl/pol/res/24004.html


Anonymous 10/25/2016 (Tue) 02:05:07 [Preview] No. 20467 [X] del >>20468>>20470

Information regarding the last password used by Assange:

EDITED TO ADD (9/1): From pp 138-9 of WikiLeaks:

Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’. Can you remember that?”

I think we can all agree that that’s a secure encryption key.

EDITED TO ADD (9/1): WikiLeaks says that the Guardian file and the insurance file are not encrypted with the same key. Which brings us back to the question: how did the encrypted Guardian file get loose?

EDITED TO ADD (9/1): Spiegel has the detailed story.

https://ww w.schneier.com/blog/archives/2011/09/unredacted_us_d.html


Anonymous 10/25/2016 (Tue) 02:14:04 Id: e73b0c [Preview] No. 20470 [Hide User Posts] [X] del >>20472

>>20467
>>20468
screenshot and the link they provided to the forum where decrypting it is discussed is 404: http://204.74.214.194/forum1/message1148625/pg1


Anonymous 10/25/2016 (Tue) 02:26:14 Id: e73b0c [Preview] No. 20477 [Hide User Posts] [X] del

>>20468
dead link from this blog was archived. might be old news but wtf here it is https://web.archive.org/web/20101211084611/https://simontay78.com/personal-thoughts/how-to-open-wikileaks-insurance-aes256-file/


Anonymous 10/25/2016 (Tue) 05:40:31 Id: 6d577c [Preview] No. 20500 [Hide User Posts] [X] del

>>20498
>>20499
Alright, so what I’m currently doing is seeing if he set the DMS to shoot transactions to the Bitcoin Blockhain (giving it permanence).

This is, undoubtedly, the best way to get the keys out without fear of censorship.

I don’t have the insurance files and have no idea how they were encrypted.

However, there are several 64byte keys in the blockchain, sometimes occurring in sequence. Take this sequence for example:
157b55f541c211e4e8fbd6075ee38591166520382496715f061b72dbff7ce2ac
29d702481029f8ec2a53e45b7f1cbbcfe0e5e8f8729ff8dd039d79678af161dd
934fa816c419c7f5f4e4f0f7f81934142a5d84c853e430b630e1c09573f6eeca
ec8310b437f09918c6f9e684ee440db6940860228294c964fb96d2279ff40aa7
371dc468600478afeedb8f1ebffc3a2132e8388d214090b6f0e8fb4637138c89
0e18ead5f2f25880c1736cea07babe401602a24986902f35c44f8b93bc527c1f
40460b8fd234289abedb5dd1d20389a5820d2657fc81ff87e2d9fe6a3b3b9b1c
9bc8b5fcf4186e2954c6ddfd0676e06155a4ac430e3e374c0974024ab525bba1
8cb2d96d888cc47f91a2efd0b26a81b6baec69302b66db8fb86eb48ca7bf6cd2
3ba6f4a1e73d57e3ea302debcc0f2e2f9443b4751fcc036586c4a1a328908b60
9b69e55023e36006c73ef4f01d25831665e1e8b45c4c063e25e4cb38b86eb2f9
From block 435225 @ 2016-10-21 08:27GMT.

11 transactions there = 11 * 64 = 704. (odd number)

This is probably too bigger key for the WL files, I think?

Anyone give me a clue as to what size I should be looking for? I don’t think transactions are definitely sequential and there’s no promise for their inclusion in a block.


Anonymous 10/25/2016 (Tue) 06:59:06 [Preview] No. 20510 [X] del >>20512>>21077

Just read this:

If anyone gets hold of the key(s), my recommendation: Send transactions on the Bitcoin blockchain and attach the key(s) as a message (using OP_RETURN). Once on the blockchain, it’ll be INSANELY difficult to reverse/censor. If your transaction doesn’t get through (in the case that they have the capability to censor the blockchain) post them in reverse and then link to transaction.

Maybe this is what Snowden was doing when he tweeted that hash?

https://www.reddit.com/r/Bitcoin/comments/4wxyhj/snowden_tweets_private_key_hash_then_deletes_it/

ffdae96f8dd292374a966ec8b57d9cc680ce1d23cb7072c522efe32a1a7e34b0

Can someone look into this? Maybe try it with the recent Wikileaks hashes too?

If someone posts potential keys I can try them.


Anonymous 10/25/2016 (Tue) 08:51:10 [Preview] No. 20525 [X] del

The insurance file was apparently posted and then deleted on these two threads:

https://8ch.net/pol/res/7962287.html

Does someone know of another way to find snapshots/cache of the older posts?


Anonymous 10/25/2016 (Tue) 09:05:33 Id: e73b0c [Preview] No. 20526 [Hide User Posts] [X] del

/7962287
https://archive.fo/K2oGX
/7881571.html
https://archive.fo/jBS6q
https://archive.fo/vr16Q
https://archive.fo/koTtO

Something must have been up with archive before because somehow these popped up and I’m pretty sure I searched those before.


Anonymous 10/25/2016 (Tue) 21:25:07 [Preview] No. 20576 [X] del >>20758>>21450

eta numeris 392D8A3EEA2527D6AD8B1EBBAB6AD
sin topper D6C4C5CC97F9CB8849D9914E516F9
project runway 847D8D6EA4EDD8583D4A7DC3DEEAE
7FG final request 831CF9C1C534ECDAE63E2C8783EB9
fall of cassandra 2B6DAE482AEDE5BAC99B7D47ABDB3

To hex:

65 74 61 20 6e 75 6d 65 72 69 73 20 33 39 32 44 38 41 33 45 45 41 32 35 32 37 44 36 41 44 38 42 31 45 42 42 41 42 36 41 44 0d 0a 73 69 6e 20 74 6f 70 70 65 72 20 44 36 43 34 43 35 43 43 39 37 46 39 43 42 38 38 34 39 44 39 39 31 34 45 35 31 36 46 39 0d 0a 70 72 6f 6a 65 63 74 20 72 75 6e 77 61 79 20 38 34 37 44 38 44 36 45 41 34 45 44 44 38 35 38 33 44 34 41 37 44 43 33 44 45 45 41 45 0d 0a 37 46 47 20 66 69 6e 61 6c 20 72 65 71 75 65 73 74 20 38 33 31 43 46 39 43 31 43 35 33 34 45 43 44 41 45 36 33 45 32 43 38 37 38 33 45 42 39 0d 0a 66 61 6c 6c 20 6f 66 20 63 61 73 73 61 6e 64 72 61 20 32 42 36 44 41 45 34 38 32 41 45 44 45 35 42 41 43 39 39 42 37 44 34 37 41 42 44 42 33


Anonymous 10/25/2016 (Tue) 21:58:13 Id: 5914b4 [Preview] No. 20583 [Hide User Posts] [X] del >>20584>>20589>>20590>>21077

for you guys looking into the blockchain idea. I found this old article interesting. Maybe it could shine a light on how to interpret what you are seeing in the different blocks.

Hidden surprises in the Bitcoin blockchain and how they are stored: Nelson Mandela, Wikileaks, photos, and Python software

just throwing this out there as an idea in case you hadn’t thought about it - have you tried using the bitcoin file downloader?

This source code is embedded in Bitcoin transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc · GitHub


Anonymous 10/25/2016 (Tue) 23:27:31 [Preview] No. 20589 [X] del

>>20583
posting wikileaks address in case someone wants to try to find a new message


Anonymous 10/26/2016 (Wed) 01:21:35 [Preview] No. 20607 [X] del >>21077>>22825

Alright guys, finally figured it out. We might have to go into the bunker at this point.

Here’s how to get the original cablegate hidden message:

Go here: Transaction: 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a | Blockchain.com

Then, just copy paste the entire part of the ‘Output Scripts’

f = open('outscripts.txt','r')
from binascii import unhexlify

for ff in f.readlines():
chunks = ff.split(' ')
for c in chunks[1:-3]:
unhexlify(c.encode('utf8'))

This is the output:

"sSEXWikileaks Cablegate Backup

cablegate-201012041811.7z

Download the following transactions with Satoshi Nakamoto’s download tool which
can be found in transaction 6c53cd987119ef797d5adccd
76241247988a0a5ef783572a9972e7371c5fb0cc

Free speech and free enterprise! Thank you Satoshi!


Anonymous 10/27/2016 (Thu) 14:47:38 Id: 508f85 [Preview] No. 20793 [Hide User Posts] [X] del >>20802>>20809>>20871

Assange was captured. They want to keep it out of media. So that it does not threaten hillary campaign.

Assange was going to kill himself if they removed him from embassy by force. Rather than be torured for life in the United States. Assange was drugges by his guest before being removed a few hours later.

There are pictures of a man being removed from the embassy with a gitmo bag over his head.

The equador government was threatened with assassination and then with trade sanctions and they caved.

The US govt does not understand the assange key drop mechanism. They were talking about replacing him with body double, to cause double about whether
Ether he was captured.

The wikileaks reddit has been seizes. Links to wikileaks are on sitewide reddit spam list now. Archieve.is was redirected to new site. 8chan and 4chan are under enemy control. There were several DNS domain seizures and IP address hijacking attacks at network backbone level.

I only know fragments of what happened. They have system for real time website interception and real time modification of content of pages and social media. This has been deployed.

The existing internet is completely compromised.

Some of the attacks are wide targeted like DNS. Other attacks are to shut down individual users.
Some of the attacks are deployed at the cable modem level. Inside of cable modem firmware. Some of them are crude like dropping DNS packets. Others are cable modem level redirection of specific IP address for a single server to another IP, to enable man in the middle attacks.

This is a military level cyberwar being conducted by group controlling the infrastructure on the home turf.


Anonymous 10/28/2016 (Fri) 07:47:02 Id: f958ff [Preview] No. 20866 [Hide User Posts] [X] del >>20892

IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW

IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES

import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2

transaction = str(sys.argv[1])
data = urllib2.urlopen("h ttps://blockchain.info/tx/"+transaction+"?show_adv=true")

dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))

length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
print dataout

usage

python script.py transaction_number

returns all the data in the output scripts

example

python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

Returns,

Wikileaks Cablegate Backup

cablegate-201012041811.7z

Download the following transactions with Satoshi Nakamoto’s download tool which
can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc

Free speech and free enterprise! Thank you Satoshi!

HOW TO FIND MESSAGES ON THE BLOCKCHAIN

I’ll be helping you with a few initial examples. Remember that if you feel like you’ve been compromised, switch over to codec communication.

I’m assuming you already did the example on Jean’s latest code dump >>24140 Let’s try to do a few more.

First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.

Use Jean’s script and do

'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf'

Once it is done you will be able to see a pdf was generated in that directory.

Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.

For example, take a look at this transaction: Transaction: 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd | Blockchain.com

If you do

python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

You will get a key that was leaked.

Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again.

Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand.

One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.

For example, the Bitcoin paper transaction.

If you do

'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output'

and then do,

'file -b output'

You will get:

'PDF document, version 1.4'

For

'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output'

'file -b output'

you should get

'GPG encrypted data'


Anonymous 10/28/2016 (Fri) 07:47:15 Id: f958ff [Preview] No. 20867 [Hide User Posts] [X] del

MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS

import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2

# usage, python script.py transactionlist.txt > file

txlist = str(sys.argv[1])

def txdecode(transaction):
data = urllib2.urlopen("h ttps://blockchain.info/tx/"+transaction+"?show_adv=true")

dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))

length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
return dataout

f = open(txlist, 'r')

alldata = b''
for l in f.readlines():
l = l.rstrip('\n')
alldata += txdecode(str(l))

print alldata

example:

python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

save the 130 transactions to trans.txt

then use the script above and do

python newscript.py trans.txt > cables

you will get a zipfile with the cables


Anonymous 10/28/2016 (Fri) 07:47:30 Id: f958ff [Preview] No. 20868 [Hide User Posts] [X] del

How to get address from hash
Run the following on bitcoin

from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
pk.public_key().address()
# Compressed address will be returned
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
pk.public_key().address()
# Uncompressed address will be returned

snowden
1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj

kerry
1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e

ecuador
1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB

ukfco
1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm

Analysis threads (heavily deleted and slid):

https://8ch.net/pol/res/7946506.html
https://8ch.net/pol/res/7962287.html

Post where a ‘key’ was posted and deletions started taking place:

https://web.archive.org/web/20161024220842/https://8ch.net/pol/res/7933031.html

New leads and alphabets showing up:

https://endchan.xyz/pol/res/20366.html

Link to original insurance file in case anyone wants to test that one:

https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010

https://web.archive.org/web/20100901162556/https://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256

https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent

https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent

openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"

the passwords seem to be telling us that there might be multiple files coming out of this, or it could be telling us a message like “Use a Tor Onion Router and do this”. It might be that the file has to be unlocked over and over.

also someone suggested, “take the last 32 or so bytes in the file, flip them, save it and then run ‘file -b’ on it.”

UNCRACKED TRANSACTIONS:

7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e

Anonymous 11/06/2016 (Sun) 08:11:54 [Preview] No. 21342 [X] del >>21343

>>21341

  • 22 August (2:47 AM): Attempted break-in at Assange’s embassy home; Ecuador questions London’s ‘inadequate response’
  • 7 October: Podestamails leaks first batch
  • 12 October: Wikileaks announces: now publishing on a schedule created by our new impact maximizing publishing algorithm the “Stochastic Terminator”
  • 12 October: Mike Cernovich tweets about getting info that 33K deleted emails exist
  • 15 october (morning): WikiLeaks releases Hillary Clinton’s Goldman Sachs transcripts.
  • 15 october (Lunch): Pamela Anderson visits Assange
  • 15 october: Cut off Assange’s internet access 5:00 pm GMT
  • 15/16 october (dawn): Wikileaks DNS Server was suddenly pointed elsewhere (not confirmed)
  • 16 october (between 11:00pm /11:30 pm GMT): Wikileaks releases 3 pre-commitments (1: Kerry; 2: Ecuador; 3: UK FCO)
  • 17 October (6:33 am GMT): “Wikileaks announces the Julian Assange’s internet link has been intentionally severed by a state party” and that “We have activated the appropriate contingency plans”.
  • 17 october (8:27 pm GMT): on a second tweet (almost 14 hours later) announces that “We can confirm Ecuador cut off Assange’s internet access Saturday (15 october), 5pm GMT, shortly after publication of Clinton’s Goldman Sachs speechs.”
  • 17 october: GUCCIFER_2 tweets: “i’m here and ready for new releases. already changed my location thanks @wikileaks for a good job!”
  • 18 october: a script was activated that made file.wikileaks.org/file publicly visible and set all the file date and time stamps to 01/01/1984 18 october: Wikileaks announces that : “Multiple US sources tell us John Kerry asked Ecuador to stop Assange from publishing Clinton docs during FARC peace negotiations”.(edited)
  • 18 october: Wikileaks announces “The John Kerry private meeting with Ecuador was made on the sidelines of the negotiations which took place pricipally on Sep 26 in Colombia.”
  • 18 october: Wikileaks announces that “A front has released through US Democratic media an elaborate story accusing Julian Assange of paedophillia & taking US$1million from Russia” – publishes all docs about this case
  • 18 October: Ecuador admits to ‘restricting’ Assange communications over US election.
  • 19 october: Craig Murray posts on his blog that “went to see Julian Assange for a whisky in the Ecuador Embassy” (….) “I left Julian after midnight. He is fit, well, sharp and in good spirits”.
  • 20 october: Cryptome tweets “Wrong building for Assange’s EC bolt hole. Orator perch still waving flag. 51°29’56.62" N 0°09’40.51" W”
  • 20 october: Wikileaks annouces “We have a suprise in store for @TimKaine and @DonnaBrazile.”
  • 20 and 21 october: Wikileaks tweets with many spelling mistakes – “HELP HIM” code.
  • 21 October: Dyn DDoS cyberattack
  • 21 October: Wikileaks tweets “Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point”.
  • 21 October: Wikileaks tweets: “The Obama administration should not have attempted to misuse its instruments of state to stop criticism of its ruling party candidate”.
  • 21 October: Wikilekas posts photo of “Armed policed outside Embassy”
  • 22 October: Wikileaks announces Stochastic Terminator Algorithm update (no explanation)
  • 22 October: Gavin MacFadyen death
  • 23 October: Wikileaks tweets “A bloody year for WikiLeaks: Jones/Ratner/Gavin”
  • 23 October: Tweet signed JA (honouring Gavin)
  • 23 October: Wikileaks announces that “We will release a statement tomorrow about Assange. Our editor is safe and still in full command despite reduced communications with staff.”
  • 24 October: WikiLeaks publishes “Editorial Board statement on the status of Julian Assange, Ecuador and the US election”
  • 24 October: Wikileaks publishes video Moore’s video(from June)
  • 24 October: Wikileaks annouces “poll”: “Thousands keep demanding Assange proof of life. Not unreasonable. He’s in a tough spot and is WikiLeaks best known validator. Preference?” – Video option won.
  • 24 october: Wikileaks announces that “While in London for #SHOCircus, Mark Halperin attempts to interview #wikileaks’ founder julian assange (Video with “Assange´s reply: “Everything” about what the MSM is missing about Podesta leaks).
  • 24 october: Assange lawyer ‪@BarnsGreg gives interview to “ABC Radio National2 (Australia)”, and states that spoke with Assange “yesterday”. (interview link not working anymore)
    25 October: CISL Conference schedule and posters change (Announcement of Assange “live connection” from London”
  • 25 October: Pamela Anderson tweets photo with toy “For Julian’s cat”
  • 26 October: Assange “speaks” at CISL (Argentina) – phone call.(edited)
  • 26 Oct 2016: (9: 25 am): Kim DotCom insinuating wikileaks has the deleted emails
  • 26 Oct 2016: (12:07 pm): Kim DotCom again insinuating wikileaks has the deleted emails
  • 26 Oct 2016: (12:42 pm) Kim DotCom telling Gowdy and Trump how to legally obtain deleted 33k emails
  • 26 Oct 2016(4:15 PM): Kim DotCom restating legal way to obtain emails so that when the release comes from wikileaks, to convict Hillary, congress / prosecutors can get valid evidence for US .gov
  • 26 Oct 2016: Wikileaks tweets about Pardon for Manning and about Obama lying about Hillary’s server - Podesta leaks starting to show Obama name.
  • 27 october: WikileaksTaskForce tweets: “The video from #Assange’s talk at @CISL_Argentina is legit. It was scheduled sometime ago. #CISL2016
  • 28 october: Wikileaks annouces that “Sweden has rejected Mr. Assange’s request to be escorted by police to the funeral of Gavin MacFadyen on Monday.”
  • 28 october: Wikileaks releases “statement from Mr. Assange” about swedish decision.
  • 28 October: FBI reopens hillary’s email case
  • 29 October: Wikileaks tweets about John Pilger’s article “on Clinton, Trump, the media, WikiLeaks and war”, where Pilger states that “Assange knows the truth. And let me assure those who are concerned, he is well, and WikiLeaks is operating on all cylinders.”
  • 30 October: Wikileaks announces “We commence PHASE 3 of our US election coverage next week.”
  • 31 October: Wikileaks publish a “poll”: “Who will US president Barack Obama pardon (for distributing documents marked classified) on his way out of office?
    Chelsea Manning/Hillary Clinton/Julian Assange/Edward Snowden” 3 nov: Kim tweets “Relax. Julian Assange is not dead. He’s very busy analyzing extremely sensitive leaked emails 20 hrs/day”.

Anonymous 11/07/2016 (Mon) 09:14:46 Id: c2d6cf [Preview] No. 21408 [Hide User Posts] [X] del

>>21340

We have the insurance files. They are in the blockchain.

They tried to do an attack with EC2 and fill up connections to the ports for accepting new transactions, to slow down or stop the key broadcast. The attack failed and people noticed also.

The transactions have been broadcast and executed. The bitcoin transaction pool has filled.

However, they twelve wikileaks admins are kidnapped or gone. We do not know where they are. They have the information about how to combine the information to decrypt the files.

Assange was told he was going to be removed from the embassy. He threatened to kill himself if removed from the embassy. I am sure he triggered the drop.

Someone needs to create a website, where people can put in candidate keys and test decryption on a small block.


Anonymous 11/07/2016 (Mon) 21:40:42 [Preview] No. 21438 del

NOT A DRILL, WIKILEAKS IS COMPROMISED THEY STOPPED EMAILS FROM GOING OUT

TWITTER
no one has answered since oct 16. the wikileaks chat is completely dead.
they just posted a video (read: NOT A RETWEET) posted by another person and accidentally put a link to the persons profile h ttps://twitter.com/wikileaks/status/795706165971841024
seems like a random fan girl is running the account h ttps://twitter.com/m_cetera

PODESTA
podesta 33 started at 53000. podesta 32 ended at 52481. they skipped 518 that are online 52481-52999. emails 56253-57153 have been online for a while and theres no announcement. something has been extra sketchy since last nights ddos.

DNC
wikileaks still shows 27515 emails for the dnc but in reality there are 44052 (16537 emails are not indexed). the election is tomorrow…


Anonymous 11/08/2016 (Tue) 21:59:40 [Preview] No. 21466 del >>21467>>21469

ALERT

WL just dropped a new set of insurance files.

https://twitter.com/wikileaks/status/796085225394536448
Download encrypted future WL publications for safekeeping:

2016-11-07_WL-Insurance_US.aes256 - 2.9gb
2016-11-07_WL-Insurance_UK.aes256 - 1.3gb
2016-11-07_WL-Insurance_EC.aes256 - 520mb

downloading now and seeding


Anonymous 11/08/2016 (Tue) 22:09:17 [Preview] No. 21467 [X] del >>21468>>21471>>22020

>>21466

hashes for files

US - 014d55394fb4621d5a01bf5eee9f5cddac8dad44
UK - 05e04c04e3315decfbd4f6ab0d2d5dd70586c57c
EC - 8367354076e79ebd8f489e044b61b4f3c8eb13b0

the Precommits
US Kerry - 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809
UK FCO - f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74
EC - eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72


Anonymous 11/08/2016 (Tue) 23:07:31 [Preview] No. 21470 [X] del

sha256sum 2016-11-07_WL-Insurance_EC.aes256 → b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995
sha256sum 2016-11-07_WL-Insurance_UK.aes256 → 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
sha256sum 2016-11-07_WL-Insurance_US.aes256 → ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002


Anonymous 11/08/2016 (Tue) 23:09:55 [Preview] No. 21471 [X] del >>22026

>>21467
sha1sum 2016-11-07_WL-Insurance_EC.aes256 → 4fcb391b440f7c68e3ca1b91027292323f300d54 sha1sum 2016-11-07_WL-Insurance_UK.aes256 → b7f94d0b15bb9bc0e4eb69ce4e11c4733b6b65cc sha1sum 2016-11-07_WL-Insurance_US.aes256 → 3da5150f1d52b830f90142b9d7d14c1fb29a6c56

nothing matches


Anonymous 11/13/2016 (Sun) 02:18:45 [Preview] No. 21868 [X] del >>21874

the pre-commitment hashes don’t match and nobody cares? from fullchan:

These are the hashes Wikileaks posted:
https://twitter.com/wikileaks/status/787777344740163584
https://twitter.com/wikileaks/status/787781046519693316
https://twitter.com/wikileaks/status/787781519951720449
US Kerry - 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809
UK FCO - f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74
EC - eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72

These are the hashes the files they posted produce (along with the commands to generate them):
https://twitter.com/wikileaks/status/796085225394536448?lang=en
sha256sum 2016-11-07_WL-Insurance_EC.aes256 → b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995
sha256sum 2016-11-07_WL-Insurance_UK.aes256 → 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
sha256sum 2016-11-07_WL-Insurance_US.aes256 → ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002

Just to be completely clear:
US Kerry - 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809 =/= ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002
UK FCO - f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74 =/= 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
EC - eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72 =/= b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995

why those same files have invalid PGP signatures

This can also be easily verified by anyone using ‘gpg’. This is the output:
gpg –verify 2016-11-07_WL-Insurance_EC.aes256 → gpg: verify signatures failed: unexpected data
gpg –verify 2016-11-07_WL-Insurance_UK.aes256 → gpg: verify signatures failed: unexpected data
gpg –verify 2016-11-07_WL-Insurance_US.aes256 → gpg: verify signatures failed: unexpected data
The torrents themselves (the file you use to download these files) are not verified either. You can test this by using Verisign. This is the output:

US:
d8:announce33:udp://tracker.opentrackr.org:133713:announce-listll33:udp://tracker.opentrackr.org:1337el34:udp://tracker.coppersurfer.tk:6969el40:udp://tracker.leechers-paradise.org:6969el21:udp://zer0day.ch:1337el23:udp://explodie.org:6969ee7:comment28:WL Insurance (US) 2016-11-0710:created by13:mktorrent 1.04:infod6:lengthi3188919835e4:name33:2016-11-07_WL-Insurance_US.aes25612:piece lengthi2097152e6:pieces30420:

UK:
d8:announce33:udp://tracker.opentrackr.org:133713:announce-listll33:udp://tracker.opentrackr.org:1337el34:udp://tracker.coppersurfer.tk:6969el40:udp://tracker.leechers-paradise.org:6969el21:udp://zer0day.ch:1337el23:udp://explodie.org:6969ee7:comment28:WL Insurance (UK) 2016-11-0710:created by13:mktorrent 1.04:infod6:lengthi1394333337e4:name33:2016-11-07_WL-Insurance_UK.aes25612:piece lengthi2097152e6:pieces13300:

EC:
d8:announce33:udp://tracker.opentrackr.org:133713:announce-listll33:udp://tracker.opentrackr.org:1337el34:udp://tracker.coppersurfer.tk:6969el40:udp://tracker.leechers-paradise.org:6969el21:udp://zer0day.ch:1337el23:udp://explodie.org:6969ee7:comment28:WL Insurance (EC) 2016-11-0710:created by13:mktorrent 1.04:infod6:lengthi545315877e4:name33:2016-11-07_WL-Insurance_EC.aes25612:piece lengthi2097152e6:pieces5220:


Anonymous 11/16/2016 (Wed) 21:30:19 [Preview] No. 22147 [X] del

0417d2c4e0a1b62997e1d546ce4c5a97b48ff6b3

NOTE: When we release pre-commitment hashes they are for decrypted files (obviously). Mr. Assange appreciates the concern.

Wikileaks just confirmed they are compromised.

Hashes have been for encrypted files since 2010.
They admitted the hashes are for those files.
They admitted they are watching.

we have to find those leaks that were stopped.

WE ARE PHASE3


Anonymous 11/17/2016 (Thu) 15:12:04 [Preview] No. 22206 [X] del >>22209>>22212>>22276

EVERYONE GET READY




Anonymous 11/19/2016 (Sat) 10:04:08 Id: bdafc2 [Preview] No. 22385 [Hide User Posts] [X] del >>22393

>>22384

we want PGP signer message as proof of life

tl;dr Many people are asking for PGP signed message as proof of Assanges life.
We DON’T have knowledge of any PGP key that is owned strictly by Assange.

We have two keys that might be owned by WikiLeaks: Editorial Office Key and High Security Signing Key(this one might be fake, there is no proof of WL or Assange ever owning it).

0x92318DBA 2015-04-10 WikiLeaks Editorial Office High Security Communication Key (You can contact WikiLeaks at https://wlchatc3pjwpli5r.onion and https://wikileaks.org/talk) contact-us-using-our-chat-system@wikileaks.org
This one is controlled by Editorial Office. PGP message signed by it doesnt mean Assange signed it. It might even been compromised if servers and assets were taken over.
This key matches https://wikileaks.org/#submit_wlkey (that is only public proof that this key is owned by WikiLeaks. Or current admin of wikileaks.org)

0x73C81E1B 2015-04-10 WikiLeaks High Security Signing Key (The key is available to view at https://wikileaks.org/wl-high-security-signing-key. You can contact WikiLeaks at https://wlchatc3pjwpli5r.onion and h ttps://wikileaks.org/talk.) contact-us-using-our-chatsystem@wikileaks.org
For this one we have no proof it was ever used by Assange or WL. I havent found any mention of it on internet. Its also not signed WL Editorial Office key, so they havent show they trust it.

On link https://pgp.mit.edu/pks/lookup?op=vindex&search=0x93ED732E92318DBA you can see I managed to sign 0x92318DBA WikiLeaks Editorial Office with my fake key I created. (239D778D 2015-04-10 Fake Wikileaks key for testing fake creation time (Created in Oct 19 2016) Fake@fake.com)
My key is even higher than “WikiLeaks High Security Signing Key”.

If I would use same credentials as WikiLeaks High Security Signing Key, there would be no way to tell which key is more “High Security”. Only differnce would be in fingerprint. But because https://wikileaks.org/wl-high-security-signing-key is 404, there is no way to tell which fingerprint is legit.

I havent found any sources with key that would be used exclusively by Assange. (just one from some mailing list from 1996, probably not used anymore)


Anonymous 11/19/2016 (Sat) 10:13:06 [Preview] No. 22386 [X] del

>>22365
NORMIE TUTORIAL
https://ww w.reddit.com/r/Bitcoin/comments/5dqufl/blockchain_experts_the_world_needs_your_help_the/da6t6qn


Anonymous 11/19/2016 (Sat) 21:44:57 [Preview] No. 22417 [X] del >>22480>>22814

>>22416
>>21839

[chan] wikileaks
[name] BM-2cVFHKC263sXfXYF7JU3n4FPLY9HD5H7SC


Anonymous 11/19/2016 (Sat) 22:12:42 [Preview] No. 22419 [X] del >>22425

SOMEONE PLEASE DOWNLOAD PDFS FOR ALL THESE AND POST THEM ON GLOP.ME

https://8ch.net/pol/res/7933031.html

https://8ch.net/pol/res/7962287.html

Https://8ch.net/pol/res/7946506.html

https://8ch.net/pol/res/7931897.html

https://web.archive.org/web/https://boards.4chan.org/pol/thread/93319969
https://web.archive.org/web/20161019170505/https://8ch.net/pol/res/7881571.html
https://archive.fo/K2oGX
https://archive.fo/jBS6q
https://archive.fo/vr16Q
https://archive.fo/koTtO

Something must have been up with archive before because somehow these popped up and I’m pretty sure I searched those before.

Probably bullshit but just in case it isn’t h ttps://archive.fo/0YMBk funny that it got bumplocked right away


Anonymous 11/19/2016 (Sat) 23:54:29 [Preview] No. 22428 [X] del >>22432

https://np.reddit.com/r/WikiLeaks/comments/5dtl6y/wikileaks_made_some_interesting_transactions/


Anonymous 11/20/2016 (Sun) 02:34:32 [Preview] No. 22432 [X] del

>>22428
They just emptied their wallet. 68471.13 US Dollars in one day gone.

We should check if the same is happening with Litecoin.

If we track down where the money goes, we can find who took over WL.

https://np.reddit.com/r/WikiLeaks/comments/5dtl6y/wikileaks_made_some_interesting_transactions/
https://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v
https://ltc.blockr.io/address/info/LQ3B36Yv2rBTxdgAdYpU2UcEZsaNwXeATk

someone make a tor irc before they kill the bitmessage channel.


Anonymous 11/20/2016 (Sun) 02:52:25 [Preview] No. 22435 [X] del >>22437

Suggestion regarding distribution:
Previous replies have noted that those attempting distribution have been V&. Moving forward, a 2 prong attempt should be made:

  1. If you should come across any keys which successfully open wikileaks insurance files, queue up the printer. The first thing you should do is print off thousands of copies of the keys and how you can use those keys to open the WL insurance files. Print them up, and scatter them in an extremely public location (i.e. Times Square or the most population dense location in your vicinity).

You don’t have to be the one to physically distribute the information, but ensure that whoever you have distributing, make sure that the connection and contact is made in person/offline. If you have access to the keys, trying to distribute on the system controlled by them is playing into their hands.

Beyond printouts, locate ham operators in your area. Ask them to send one unauthorized message containing the DMS keys. This will be broadcast worldwide, and will be impossible to contain.

  1. Once distribution is made to thousands in your area via printouts, attempt distribution online. If those with something to hide have the capabilities available described above this post; it is in our/your best interest that the information is distributed in the classical manner via hard copy. Once that step is accomplished, do battle in their domain. Use your skills to distribute in the most efficient digitally manner.

Note: The first American Revolution was started in bar rooms, with an insurrectionist pamphlet titled “Common Sense” that swayed the public opinion. If they control the digital sphere, let’s push it out in the old-school dumb method.

TL:DR: Go old school.


Anonymous 11/20/2016 (Sun) 05:37:58 [Preview] No. 22460 [X] del

https://ww w.reddit.com/r/WhereIsAssange/comments/5dtsnc/blockchaininfo_most_widely_used_site_to_check/
https://np.reddit.com/r/Bitcoin/comments/573lis/it_looks_like_blockchaininfo_has_been_dns_hijacked/
#OLD BLOCKCHAIN UNIT
#SKEPTIC UNIT


Anonymous 11/20/2016 (Sun) 07:21:16 [Preview] No. 22464 [X] del >>22469>>22476

TO ALL THE NORMIES READING THIS THREAD
USE THIS TIMELINE: https://oxwugzccvk3dk6tj.onion/pol/res/8180723.html#q8192699
LOOK AT THE DATES AND CHECK THE POSTS HAPPENING HERE AT THOSE TIMES
THE KEYS WERE FOUND AND THE FILES UNLOCKED ON OCT 27
WE ARE TRYING TO POST THE INFO WITHOUT GETTING V&
WE ARE WORKING ON TUTORIALS SO THAT OTHERS CAN FIND IT THEMSELVES
THAT WAY WE DON’T HAVE TO EVER POST IT

(FIRST IMPACT OCT 21)
(SECOND IMPACT NOV 9)
(THIRD IMPACT ???)

THANKS FOR READING


Anonymous 11/20/2016 (Sun) 21:18:27 [Preview] No. 22656 [X] del >>22657>>22664

https://gateway.glop.me/ipfs/QmbwGeZRRXsqhTU2BZRz7TQDcR2PEr8ePEiLmkPiabYgTj/Public%20Key%20Server%20--%20Get%20’0x6c02eb218229e48b%20’.2016-11-19T11-09-26Z.htm

https://gateway.glop.me/ipfs/QmWRBF86M2fonTBorBCbPmKZEN678KBTDxC5WDJqSf7812/Public%20Key%20Server%20--%20Get%20’0x93ed732e92318dba%20’.as%20of%202016-11-19T11-09-26Z.htm

https://gateway.glop.me/ipfs/QmXi28ETPYS3SE48ansMusxazXL2FpuxW6d2Z868YrAvT5/Public%20Key%20Server%20--%20Get%20’0x71862823239d778d%20’.2016-11-19T11-09-26Z.htm


Anonymous 11/20/2016 (Sun) 21:31:36 [Preview] No. 22657 [X] del

>>22656
https://mega.nz/#!4EwTgAIA!_b3jL45adY_RLlh_xpNvcsAE33EvAuMHz9O1tekLf04


Anonymous 11/21/2016 (Mon) 22:38:00 [Preview] No. 22792 [X] del >>22802

NORMIES LEARNING TO BLOCKCHAINZ LOOK HERE

Tutorial (getting cablegate.zip and other files):
https://www.reddit.com/r/WhereIsAssange/comments/5e55p3/a_simple_blockchain_decoding_tutorial/

Code:
http://gateway.glop.me/ipfs/QmSU67Ei3TerNe32CcZTgd48jKqsVvBTgera1qBWFjKK9V/jean.py
http://gateway.glop.me/ipfs/QmburFHeUtM3wdrEj3rmUuBkx6iDmYpreyGCvHijgJhZnh/jean_b.py
http://gateway.glop.me/ipfs/QmafUK8hYKztKD3hNNzF4EsW3N5nUcNvHZ4auEidjLkqJd/jean2.py
http://gateway.glop.me/ipfs/QmaVdcqSowfbr58295ipeZxUU97FmqLXBadBgjcXwuqXa9/block-opreturn-finder.py
http://gateway.glop.me/ipfs/QmRWjFfGzhtxMLdrHXeCAPFvqyrQPRebpEzpNANfhfTMxA/block-reader.c
https://codepaste.net/gh3mui
https://codepaste.net/f1ca5s
https://codepaste.net/2kk75e
https://codepaste.net/4yn1vy

Leads:
Blocks 434304-435711, 383000-383100
http://s6424n4x4bsmqs27.onion/.media/t_8bb6afe8feb8a9836a9b23a505c14809-imagepng
691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
https://blockchain.info/tx/6ad9a4728d3a06dc6452324f67cf5dea9a8bc5b286089e6a04b884135b9dafe0
https://bitcointalk.org/index.php?topic=260881

Important dates:
18 October: large number of Wikileaks bitcoin transactions
https://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v

26 October (01:21:35): Endchan post on how to use bitcoin data to produce cables.
https://endchan.xyz/pol/res/20366.html#20607

26 October (02:00:00) Bitcoing transaction fees increase dramatically, occurs 39 minutes after the above post.
https://imgur.com/a/steMy

26 Oct: The blockchain is blocked with $10 fees, 43000 unconfirmed transactions appear in the mempool, Bitcoin 0.13.1 is released and a ‘soft fork’ begins:
https://bitcoin.org/en/release/v0.13.1
https://endchan.xyz/pol/res/20366.html#q20647

7 Nov: Absurdly high transaction fees.
https://www.reddit.com/r/Bitcoin/comments/5bizrb/1block_confirmation_fee_estimates_are_absurdly/

Misc attacks:
https://np.reddit.com/r/WhereIsAssange/comments/5dtsnc/blockchaininfo_most_widely_used_site_to_check/
https://np.reddit.com/r/Bitcoin/comments/573lis/it_looks_like_blockchaininfo_has_been_dns_hijacked/

THREAD THEME https://www.youtube.com/watch?v=lrauk6XfHRo

WE FOUND THEM TWICE. LET’S DO IT AGAIN.

Happiness doesn’t walk to me, because I’m walking to it
One day,
one step.
Three steps in three days
Three steps forward,
two steps back
Life’s a
ONE
TWO
PUNCH


Anonymous 11/22/2016 (Tue) 02:14:26 [Preview] No. 22825 [X] del >>23728

FRIENDLY FUCKING REMINDER

>>20607

10/26/2016
Alright guys, finally figured it out. We might have to go into the bunker at this point.

>>20635

10/26/2016
I think this has definitely passed the point where it’s possible that people are going to get v&…

>>20648

10/26/2016
Holy crap… this stuff really must be some terrible stuff for them to go that far. BE SUPER AND EXTRA CAREFUL.
We need to make sure this information doesn’t die though!

>>20649

10/26/2016
I’m out before I get V&.

>>20650

10/26/2016
My internet is getting cut off and coming back. I’m doing my best to stay on this thread but my laptop is really hot with fans spinning like crazy and my connection is really not reliable. I just lost a lot of progress from a random reboot.

>>20665

10/26/2016
Come on everyone. Don’t let them intimidate you.

>>20710

10/26/2016
OpSec guys!!! I can’t get on here through my desktop. Someone has blocked me from being able to even do DNS lookups to this backup.

>>20739

10/26/2016
the Podesta emails are disappearing from WL.

>>20765

10/27/2016
everyone head into the bunker, we need help down here

BUNKER
10/27/2016
all this information will be deletd soon. we have to push it into the blockchain NOW. this includes all threads posted here.

BUNKER
10/27/2016
posts are still being deleted or stopped. some people flat out cant post in certain places. right now talking about the key posted and removed on 7962287, looking at the blockchain and trying to find the keys hidden in posts that happened during the ddos seem to be the most sensitive. it might mean thats the right way to go.

BUNKER
>>10/27/2016
ALPHABETS FOR FUCKS SAKE SHOW YOURSELVES

YOU EITHER WANT TO HELP OR YOU WANT US TO SHUT THIS DOWN

YOU’VE BEEN LEADING US THE RIGHT WAY FOR WEEKS NOW. WHAT THE FUCK IS ALL THE V& BULLSHIT. THERE ARE PEOPLE HERE PUTTING HOURS AND HOURS INTO THIS SHIT. PEOPLE WITH JOBS AND FAMILIES.

BUNKER
>>10/27/2016
There is a lot of information in that blockchain, don’t let anyone tell you otherwise. The insurance files can be unlocked. JA is not safe. Don’t let them convince to stop helping. This might be his only hope at this point. A lot of things are going to be deleted and altered to hide all of this. Don’t trust anyone. Trust your gut. Keep looking.

BUNKER
10/27/2016
Take note of the future attacks to the blockchain. Take note of how it’s flooded. Take note of when they do the attacks and where. Take note of the future DDoSs. Make copies of every relevant thread. Take note of what is deleted and what is altered. Take note of when they spread disinformation in order to get you to stop looking. Use the censorship against them. What gets deleted and hidden is what is needed to get to the truth.

Put everything on external hard drives.

Do not work in secret. It will only endanger you. You have to spread the progress or they will silence you.

The truth is in that blockchain. You have enough information to find everything and decrypt it all. Don’t give up.

DONT MAKE THE SAME MISTAKES
WORK IN GROUPS
PUSH PROGRESS
OPSEC GUYS
DONT GIVE UP

YOU ARE PHASE 3


Anonymous 11/22/2016 (Tue) 21:53:05 [Preview] No. 22945 [X] del >>22947>>23306>>24630

HOW TO GET THE KEYS (AND MORE) FROM THE BLOCKCHAIN:

The goal is to make very simple code that is easy to use and understand so that everyone can do this. This is a rough explanation of how it works.

There are two main approaches users are taking to decode messages in the blockchain. Scanning transactions, let’s call this ‘tx scanning’, and scanning blocks, let’s call this ‘block scanning’. The main reason users are not yet able to see meaningful content is because both approaches have to be combined.

TX SCANNING:
When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.

BLOCK SCANNING:
When you scan by block, you will be able to find encoded data more easily but it is harder to extract the tx id and wallets. One benefit of block scanning is that you can explicitly search for file headers and important strings. For example you can directly search for the magic numbers in GPG files. When you find one of these, you can then tx crawl from that starting point in order to get all pieces of the file. More concretely, if you want to find the Cablegate Backup with a block scanner, you could search for the magic number of Zip files. Then, when one is found, you can find the tx id that contains it, and finally tx crawl to get all the pieces. Yet, file headers are just one of the many other patterns that can be used to find important transactions. Examples of others are:
. Magic numbers: Look for the first bytes in different types of file. ‘file’ can be used in UNIX.
. Ability to compress: Compress the decoded output. If the size is reduced, the output is possibly a message or part of a file.
. Text: If the decoded output has text, it might have information.
. Keywords (Very important): Search for relevant keywords, e.g., checksums for files in Wikileaks.org, checksums for the insurance files, hashes, dates, names, time stamps, etc.
. Reversibility: Some messages are in reverse and need to be flipped. This should be tried both before and after decoding.


Anonymous 11/22/2016 (Tue) 21:54:41 [Preview] No. 22947 [X] del

>>22945

Both scanners have to be used. The starting points for the searches should be Wikileak’s wallet, important dates (for example, during the DDoS attacks), previous messages and checksum hashes. The Cablegate Backup was a bit simpler than the more recent messages. In that case, only one wallet spent the funds in each transaction, and simply looking at wallet’s next transaction was enough to find all the pieces. Newer messages are bit more complicated. Some of the wallets that receive money make multiple transactions with no encoded data before proceeding with the ‘real’ transaction. Moreover, in a lot of cases, all wallets involved spend the funds (not just one). Therefore, the crawler has to keep track of all wallets that receive funds, and all future transactions of that wallet while using techniques (like those above) to detect encoded data. A transaction tree should be kept and the pieces of each files should be combined in multiple orderings.

If you implement the process described above you will find all the keys, other backups and other files that are not released. One way to test your code is to search for checksum hashes for files that have already been published at a specific date. There are multiple messages in the blockchain that include file hashes and dates. [/spoiler]Use the leads in this thread.[/spoiler]

I recommend you use a local copy of the blockchain and carry out the search on a computer that has no internet access. Work in groups and share the process. Remember to look at other cryptocurrencies as well and to encode your findings into the blockchain yourself.

Good luck!


Anonymous 11/23/2016 (Wed) 02:28:05 [Preview] No. 22978 [X] del >>22985

>>22970
friendly reminder that what is happening right now is identical to what happened on oct 27 when the keys were first found
3854bce0b45d2795856a570731df23caca0f2287


Anonymous 11/23/2016 (Wed) 06:10:36 [Preview] No. 22993 [X] del >>22999>>23037>>23039>>23045>>23051>>23301>>23500>>23891>>23977>>24585

I might be compromised. So, before I get silenced, I’d like to present some tips for those investigating the blockchain angle (in the case that I am unable to continue my work):

  1. Sort transactions based on TX Fees. The DMS TX(s) will probably have a high fee associated with it to a) ensure its inclusion in the block (against the spamming attacks we’re seeing) and b) draw attention to it. If a transaction contains an OP_RETURN and has an unusually high fee, IT IS WORTH INVESTIGATING.

  2. Look for duplicate OP_RETURN data. Provided there wasn’t a lone machine setup to post the DMS, it would likely be posted twice or more. Create a script to store transactions in a database. Store block number, date, op_return, fee and amount (if any of the outputs contain “911”, also pay attention.)

  3. The DMS will likely NOT come from the Wikileaks address (but might go to it). In the event that the server(s) hosting the DMS got compromised, the attacker would have access to that address’ private key (and thus all of WikiLeaks’ funds).

  4. This address might be worth investigating: https://blockchain.info/address/1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM?offset=100&filter=0
    Many OP_RETURNs and all on the 10/16/2016 within a period of a few hours. I have not had the chance to investigate further.

Some side notes:
Bootstrap8080.bitmessage.org and Bootstrap8444.bitmessage.org were down last night around 3AM (USA time). Worth checking DNS history on these to ensure they weren’t compromised.

My computer is sending ICMP packets routinely to addresses in San Francisco and UK. This is one of my reasons to suspect compromise (could these be packing non-erronous data?).

If you don’t hear from me within a week, consider me silenced. Solution to hash below will be posted as Proof of Identity at a later date.

a52a2c343c800197eeb29766147f26e50aac8dfd2b621eb1f8085dc2126d7bd0


Anonymous 11/23/2016 (Wed) 19:36:57 [Preview] No. 23051 [X] del >>23063

>>22993

fees
There were some recent spikes in fees on Oct 27, Nov 7, and yesterday (Nov 22). This is easy to verify and there are several links to sources in this thread. It could be a coincidence, but these increases have taken place when users have found new information and attempted to encode it in the BTC blockchain. This can be verified by looking at the dates of certain posts in this thread.

Large fees and a flooded mempol prevent us from encoding messages for others to recreate what was done here. However, there are other cryptocurrencies. I recommend pushing to BTC, Litecoin, and another cryptocurrency that starts with the letter ‘M’.

Look for duplicate OP_RETURN data
This is very important.

if any of the outputs contain “911”, also pay attention.
Some suspect that these transactions are made by BTC bot/scammers. I’ll post some of that information for completeness. I don’t recommend anyone follow this lead directly as the steps posted above are sufficient for users to find all of the messages.

Kelly Kolisnik tweeted 1BpjNVeYm6kiER2m7N6FXy3zNZbqEkp1Tm on Nov 21st. That wallet is involved in a 911 transaction which can be seen here: https://blockchain.info/tx/dfd7522529bd9af9556d68af2214a068f6de66b5e11488e84deede26c817bde6

Taking Snowden’s tweeted hash and turning it into a BTC wallet results in 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg. If you look at that wallet, you will see several transactions with 911. https://blockchain.info/address/1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg Note the dates and compare them to the date of the tweet

ICMP packets
It’s good to have firewalls and to use something like Wireshark to track what’s going on. However, I strongly recommend you do all your blockchain work in a computer that’s not connected to the internet. When you find something and want to communicate your findings to others, use redundancy. My advice is to post the information on a darknet site, clearnet site, regular site, BM, and in person to someone in your group. In that order. If you are able to encode messages into the blockchain, that should be the first thing that is done. If you find something sensitive in the blockchain, do not send others any information about what is it, or where it was found. Instead, send them an actual piece of the blockchain that contains it first, and then explain.

>>23037

that isnt BS at first glance
What seems to be ‘BS’ does not matter. I can confidently tell you that if you are willing to discard information because it does not ‘seem’ real, is vague, or is posted alongside false leads, you will miss the steps on how to do this. All information can be tested. You should not trust what anyone tells you. You can verify what is real and what isn’t. Everything needed to find these messages is already in this thread. If you are unable to find facts in a statement that is not completely factual you will never progress.

>>23039

arguing
Let’s try to work together. We are all stressed and worried, lacking sleep and so on. When more users start independently finding the keys, we will have a lot of false posters attempting to divide us with arguments and disagreements. We will also have a lot of false updates that are designed to be ‘debunked’ by others. For many it will be enough for them to discard everything completely. If we stay level-headed, focus on provable facts, and work in cooperation, we will finish soon.


Anonymous 11/23/2016 (Wed) 22:48:16 [Preview] No. 23063 [X] del

>>23051

putting data into the blockchain

http://gateway.glop.me/ipfs/QmXV7haSznR3LQtrVEejrSQueVbZ1u5s6ASGHCfWVnNvbD/bitcoin-insertion-tool.py
http://gateway.glop.me/ipfs/Qmdd3u4FdrMwM5z4MfgCAwnDkXTb6taUXd1FA1Drjmryhh/send-op-return.py
https://21.co/learn/embedding-data-blockchain-op-return/#creating-and-sending-the-transaction


Anonymous 11/23/2016 (Wed) 23:05:18 Id: 2282bc [Preview] No. 23066 [Hide User Posts] [X] del

>>20388
----FROM:
->TO:
OTRTOKEN: bd0f03fff493e329989f4ce661798a29ca2e85f1613072d12539cd5b4264da1f

---------------- GPG BLOCK ----------------
Dear distributors,

the time has come and it’s about to get serious. Circumstances are chaotic due to the nature
of the package. Despite the contents of it, please remain calm. Use the pre-defined distribution
channels with the following changes:

*don’t use ANY infrastructure located in countries inside the NATO / EUROPE bloc
*preferred nodes in Japan, Russia and China. We have a GO from our partners
*Do NOT use Bittorrent at this stage and wait until further instructions

This time, there is going to be a threat to your physical safety, depending how
good your OPSEC is, so please take the necessary precautions and only
proceed with distribution if you are well aware of the implicaitons. Do NOT, under ANY
circumstances participate in the seed command if you’re physically located in
countries within NATO / EUROPE bloc.

We thank you for your service.
.

ENCRYPTION KEY SET 1/4: (

+7[CX=\MJ8)TF{V,w+UMhlc’i]y<Y|)$v>Z^DDX*ct>88Mb0.
=hJ;.C6RBgPOu@U.U"v’7
]xKu)Tux2f~{w&Tqy1c^(/YrsIZL?W
},nt"U#:=D’3"9!;1x#J6uNr

ENCRYPTION KEY SET 2/4: (

:|Ag’$s<oOH`D%}Nb23rV9V"Yzz1$N]8%BuJJFguUc’p:7>m![P
kHWYGYd}*T:Ojo5UeXm,CvWll={~d~y.q)<Z!|Fj~YC!Q\1D<H(Hrl
X9>p!l3e2M8;pw<N:YR$o8

)

.

STRUCTURE:

/
FILEGUIDE_RELEASE_COMMENTARY.txt
EUROPEANUNION/
meeting_tavistock.tct
intercept_tavistock.avi
intercept_tavistock_CG.avi
EUROPEANUNION2/
TABS.EUKOM.zip
TABS.DEUTSCHEBANK.zip
TABS.MCKIN.zip
ISRAEL ISIS/
EURO_MIGR_AGREEMENT.ixt
IRAN_PSS.txt
MARVELLOUS.PDF
OXITBEAR.PDF
SYRIA_UAE.PDF
US_US_UAE.PDF
NINEONEONE/
call1.wav
call2.wav
transcript1.tct
thermite.txt
thermite.wav
thermite.avi
USHOMDEFSOC_KILL_LISTS
SUICIDES1.tct
SUICIDES2.txt
SUICIDES3.txt
SUICIDES4.txt
SUIDICES5.1xt
SUMOP1.pdf
SUMOP2.pdf

---------------- GPG BLOCK ----------------


Anonymous 11/24/2016 (Thu) 05:21:44 [Preview] No. 23091 [X] del >>23098

While we wait to get a proper database… here’s a script that will give you a transaction list for each BTC address (it just scrapes blockchain.info):

http://gateway.glop.me/ipfs/QmS6cQ14HgdfR8H2RLStTsYP8oikoMrwYQDLf243rtuoJ8/get_wallet_txs.py
https://codepaste.net/rzo26r

Example:

python get_wallet_txs.py 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE

Will save the list to 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE_tx_list.txt

>>23091
Script to find transactions with encoded files. Scans all transactions made by a wallet. Prints tx id and file type. Saves decoded data and a list of tx ids.

https://codepaste.net/dm1hyo
http://gateway.glop.me/ipfs/QmPidNDyo9Zn89BeGsFMErhjQ9zcurkVYCveJC6pC9fKHo/get_files_in_wallet.py

Setup:

Download TrID http://mark0.net/soft-trid-e.html
Do ‘chmod +x trid’
Download tridupdate.py http://mark0.net/download/tridupdate.zip

Do ‘python tridupdate.py’

TrID and get_files_in_wallet.py should be in the same directory.

Example:

python get_files_in_wallet.py 1C3WStWpfCmsoG5WmDeaYSwAeEY1ncWQoh

It should find a PDF. It will save all decoded data from transactions, a list of tx ids and a list of tx ids that include file headers.


Anonymous 11/25/2016 (Fri) 04:50:22 [Preview] No. 23185 [X] del

IF YOU STILL HAVE AN INTERNET CONNECTION DOWNLOAD THE THREAD NOW

BRACE FOR HAPPENING

I REPEAT

THIS IS NOT A DRILL

IT IS HAPPENING RIGHT NOW

here is the up to date blockchain torrent/magnet. Please consider downloading and seeding even if you have it already to help the swarm. Thanks. It’s about 100GB

magnet:?xt=urn:btih:2dcade69d98b3a245b5d733762bd3b23184bf3e5&dn=Bitcoin%20Blockchain%202016-11-25&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337

Once you download copy or move the files to this location, then you can run Bitcoin core to sync it up to the minute: %APPDATA%\Roaming\Bitcoin
or C:\Users\ \AppData\Roaming\Bitcoin


Anonymous 11/25/2016 (Fri) 05:07:55 [Preview] No. 23186 [X] del >>23337>>23342>>24461

CRAWL STARTING HERE AND ON FILES IN OCTOBER

**c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48**
fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12
**2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-08-26 23:23:10**
**eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10**
**c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48**
fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12
f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec 100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18
042c1cd09ec672e2d504b76e16398c62396fa57ab0004a793dfc68d49d3e4cc9 100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 2016-04-24 07:47:50
83f7a29360abe4e927ae25ad803d2a28d088d119a47941fe0c42445bb2e78730 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-21 06:17:47
ad85d76b5fd006cb3f08edda4d80327f425caed83aeb20aaa0c0ed281064484b 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 19:14:05
fa3e0d76b55e01c45dd4218a41794f39b3792310cf1a88f3502824e4afc3e867 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 02:26:40
6ea5ff73db52591661ff7c0c7eb161594b67b8e129ccc2e1429fe0c71d69e1ff 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 23:05:59
35bfef9b0febbf3b1cefbd8f503e90d997e55d9f3841e45f359529debd6c1bca 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 22:07:46
7fd31fccd96a3e94c21d15b45ae1957c22fe51a1aa6cb18f054bda20966304ac 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 04:22:39
**78a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf3bdcb1eba 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-12 22:23:58**
c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48
fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12
f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec 100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18
042c1cd09ec672e2d504b76e16398c62396fa57ab0004a793dfc68d49d3e4cc9 100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 2016-04-24 07:47:50
83f7a29360abe4e927ae25ad803d2a28d088d119a47941fe0c42445bb2e78730 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-21 06:17:47
ad85d76b5fd006cb3f08edda4d80327f425caed83aeb20aaa0c0ed281064484b 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 19:14:05
fa3e0d76b55e01c45dd4218a41794f39b3792310cf1a88f3502824e4afc3e867 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 02:26:40
6ea5ff73db52591661ff7c0c7eb161594b67b8e129ccc2e1429fe0c71d69e1ff 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 23:05:59
35bfef9b0febbf3b1cefbd8f503e90d997e55d9f3841e45f359529debd6c1bca 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 22:07:46
7fd31fccd96a3e94c21d15b45ae1957c22fe51a1aa6cb18f054bda20966304ac 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 04:22:39
78a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf3bdcb1eba 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-12 22:23:58
aa3bf652dc745e8a1265c3641858e9a75e4cd3ee85eb843033b4302e2dec5fc7 100.0% (.FLC) FLIC FLC video (1/1) 2016-04-06 05:53:04
b4c38335541fd578bdc4d45a1a4a47e3baadd2a55ae41c0e5535eb4307d49b24 100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1) 2016-03-18 18:12:19
b20ad5f8b75bae16a6d1e3de2fb25910be868f936a6e3cc3d997598dced14f89 100.0% (.FLI) FLIC FLI video (1/1) 2016-03-15 21:19:44
24b0967ecca36dd455b9a96e48d8c0f13a36acdd37290f6baae3c50b7065627e 99.9% (.MP3) MP3 audio (1000/1) 2015-11-28 09:53:31
32d71a560a965fe17ca5a652202844f5bb580d185e38485aacad8717485b0b8e 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2015-11-20 21:53:12
03e8a9b1197744012af33c642671ed8eb50fd2d442d4875a3274f730ac2ca951 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2015-11-19 22:16:50
2a38f95db552a52aefa82565ffd81e885103738da25627f1e894f5892a672325 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2015-11-12 18:27:54
15d4f6606f7ad966e27f9628acf3c1929eb50cb2fef0ecb949fb8941b94254cc 100.0% (.MP3) MP3 audio (1000/1) 2015-11-06 10:47:37
13bd667802cc58936996dbf5defd2307b716e1f84a9908de0c77f3c1a3b4cde3 100.0% (.FLI) FLIC FLI video (1/1) 2016-11-21 18:23:36
8218ab03d82ebfa309aceedb484e695bc058f080397d7794826c9efc1d0287b7 100.0% (.) QuickBasic BSAVE binary data (1000/1) 2016-11-15 19:41:03
c06244b1da9edb9da54736c17cf8d92cc754e1cd109c5a9858d7eb107079ff31 100.0% (.FLI) FLIC FLI video (1/1) 2016-11-09 18:46:55

Anonymous 11/25/2016 (Fri) 05:25:32 [Preview] No. 23188 [X] del

YOU DONT NEED THESE

magnet:?xt=urn:btih:133896d4c115d2bbe15995a28a71f63049bf3bd&dn=wl_ks.dat&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969

magnet:?xt=urn:btih:18a41794f39b3792310cf1a88f3502824e4afc3e867&dn=wl_2016.7z&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969

magnet:?xt=urn:btih:5b78a74la420482342234a3fe2a4ff0f13cda9eb9244be0&dn=wl_2015.7z&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969

magnet:?xt=urn:btih:a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf30&dn=wl_2014.7z&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969


Anonymous 11/25/2016 (Fri) 19:23:37 [Preview] No. 23253 [X] del >>23254

>>23252
Read the fucking thread. Just like the Cablegate backup. The first piece has the file header, then you combine it and get a complete file. If you do not understand this method which has been explained on this thread several times, go learn and then come back. This was designed to be something everyone verifies on their own specifically to circumvent the problems of shills like you. There is no reason for you to ask me for anything. If you have a copy of the blockchain you have the keys, all the files, and hashes and time stamps for all official Wikileaks files. Trust no one and do your own testing.


Anonymous 11/25/2016 (Fri) 20:12:46 [Preview] No. 23261 [X] del >>23298

For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable. -Julian Assange

https://www.youtube.com/watch?v=MaB3Zw5_p9c&feature=youtu.be&t=7m06s

Anyone that is skeptical of the information you have extracted from the blockchain is only attempting to discredit you. Every person that truly cares about verifying this information does not go online to ask others. Those who want real evidence go and verify it themselves. This is the way the system was meant to be used. You have the blockchain. You have direct access to the information. There is no need for opinions, speculations, reports, or analysis by other parties. The only evidence that matters is the evidence you, the reader, are able to test on your own. The system helps you detect the people that are attempting to influence you. If you need to ask others how to obtain the information you are admitting that you do not want to independently verify this information and are instead dependent on others. This dependence on others is what allows censorship and it is precisely the reason information is encoded in this way. If someone tells you they were not able to find anything you can prove that they are lying. You have a permanent source of information that can not be modified. Use it as it was designed to be used.


Anonymous 11/25/2016 (Fri) 23:21:56 [Preview] No. 23306 [X] del >>23309

>>22945

When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:

. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).

. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.

. Continue doing this until you are not able to see the pattern repeat itself.

Confirming that jean3 is able to find the 7-zip headers for the cablegate addresses.

python jean3.py 1NT3ACYygZj9YHYsZo7hp2jGEPiUDMqs53
python jean3.py 1AuoHX7VNGGK5KkkUcBAGG3RuKgMuRdpMB
python jean3.py 1Me9i8XjbdBVZzgcki4NiPdF6VkYf75ykZ

All find 1 file header.

100.0% (.7Z) 7-Zip compressed archive (6000/1)


Anonymous 11/25/2016 (Fri) 23:41:47 [Preview] No. 23309 [X] del

>>23306
https://codepaste.net/qjafvb
http://gateway.glop.me/ipfs/Qmf8gcVAv9VwX6i7xWnMg9kj9HWrnHMZVtLF8q3Z9AWto7/jean3.py


Anonymous 11/26/2016 (Sat) 03:57:28 [Preview] No. 23348 [X] del

>>23342
Three ‘100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated)’ encoded after the Cablegate backup.

(From txs:
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c)

http://gateway.glop.me/ipfs/QmShQjcUaKagC6hXzXqCdtRyP8pAXfBkjP5C51XsZVZg2e/737.gpg
http://gateway.glop.me/ipfs/QmZxXabEusrSK4e9esLGJY7YAqLxxXhXPCyXhNWcnEVQH9/cce.gpg
http://gateway.glop.me/ipfs/QmcnVecuQtobYWUkhUHGFLVAzfokQRRYsWKS2jV8bJwsic/d3c.gpg


Anonymous 11/27/2016 (Sun) 02:03:41 [Preview] No. 23483 [X] del

Code zip:

http://gateway.glop.me/ipfs/QmV1Z8kXBFZrLtsGTxTaB9HS6TTDURa27vyFJfAoiJi5wH/code.7z

To compile:

gcc bcrdr2.c sha256.c ripe160.c -lsqlite3 -o bcrdr2

To Run:

./bcrdr2 <blocks dir> <database file>

e.g:
./bcrdr2 ~/.bitcoin/blocks/ out.db

WHAT IT DOES:

This program reads through every file named blk*.dat in the folder to point it at and parses it.
It creates an sqlite3 database with the following schema:

CREATE TABLE BLOCK("
"ID INT PRIMARY KEY NOT NULL,"
"PREV CHAR(64) NOT NULL,"
"MERKLE CHAR(64) NOT NULL,"
"HASH CHAR(64) NOT NULL,"
"NUM INT ,"
"BITS INT NOT NULL,"
"NONCE INT NOT NULL,"
"TIME INT NOT NULL);";

Block header info, including the computed double SHA256 hash for the block.
PREV is previous block hash, MERKLE is the merkle root hash, HASH is this block’s hash.
The other fields are miscellaneous.

"CREATE TABLE TX("
"ID INT PRIMARY KEY NOT NULL,"
"HASH CHAR(64) NOT NULL,"
"FILE TEXT NOT NULL,"
"OFFSET INT NOT NULL);";

Transaction header.
HASH is this transaction’s SHA double hash.
FILE is the .DAT file’s ID that it came from (See the FILE table below to get the file’s name)
OFFSET is the offset in the file it came from.

"CREATE TABLE TX_INPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"PREV CHAR(64) NOT NULL," \
"DATA BLOB NOT NULL," \
"IDX INT ," \
"SEQ INT );";

Input transaction. Here for completeness, not really useful unless you want to verify transactions. (We don’t)

TX is the transaction it’s part of
PREV is the previous transaction
DATA is the raw script data.
IDX and SEQ are misc fields.

"CREATE TABLE TX_OUTPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"DATA BLOB NOT NULL," \
"ADDR TEXT ," \
"VAL BIGINT );";

Output transactions.
TX is the transaction it’s part of.
DATA is the raw script data.
ADDR is the transaction address the program tried to figure out given the script in DATA.
VAL is the bitcoin amount in it’s raw format (integer)

"CREATE TABLE FILE(" \
"ID INT PRIMARY KEY NOT NULL," \
"NAME FILE NOT NULL);";

FILE is the table that simply assigns an ID to each file name for reference in the table above.

These are relational tables to quickly find parent child relationships. i.e. What TX has what INPUT and vice versa.

"CREATE TABLE REL_BLOCK_TX(" \
"ID INT PRIMARY KEY NOT NULL," \
"BLOCK INT NOT NULL," \
"TX INT NOT NULL);";

Table for Block Transactions

"CREATE TABLE REL_TX_INPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"INPUT INT NOT NULL);";

Table for Input Transactions

"CREATE TABLE REL_TX_OUTPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"OUTPUT INT NOT NULL);";

Table for Output Transactions

These two aren’t used yet, but were intended for linking blocks in a chain (not really needed since all we care about are the transactions themselves)

"CREATE TABLE REL_BLOCK_NEXT(" \
"ID INT PRIMARY KEY NOT NULL," \
"BLOCK INT NOT NULL," \
"NEXT INT NOT NULL);";
"CREATE TABLE REL_BLOCK_PREV(" \
"ID INT PRIMARY KEY NOT NULL," \
"BLOCK INT NOT NULL," \
"PREV INT NOT NULL);";

Anonymous 11/30/2016 (Wed) 00:51:13 Id: 829890 [Preview] No. 24105 [Hide User Posts] [X] del >>24107>>24110>>24112>>24113

>>24067

New, working code (handles the end of the last block file, no database corruption)

http://gateway.glop.me/ipfs/QmchSMCChfKYTpAYm4XXZaS1JQkyjy9zMPqZCEfoBtAFM1/db.7z

It will compile on windows in Visual Studio 2015.

For VS2015, add these parameters to Configuration Properties → C/C++ → Preprocessor → Preprocessor Definitions: _CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS

On UNIX:

gcc bcrdr2.c sha256.c ripe160.c sqlite3.c -lpthread -o bcrdr2

To RUN:

./bcrdr2 ~/.bitcoin/blocks/ out.db

The resulting database will be ~197GB


Anonymous 12/06/2016 (Tue) 01:28:57 [Preview] No. 24630 [X] del >>24638>>24693>>24718

NORMIES PAY ATTENTION

Stop relying on scripts and crappy software. The steps to find every single file in the blockchain have been posted here numerous times >>22945. A lot of you have been staring at the data for over a week now. Here’s another attempt at being even more clear:

Every single file has a hex file header. You can see a list of some here: http://www.garykessler.net/library/file_sigs.html However, this is not the entire list. The lists ‘trid’ and ‘file’ use are not complete either. Yet, you don’t even need these lists. You can simply look at any file of a type you are interested in finding. Yes, any. Open it with a hex editor and look at the file header. If you want to find a zip file, just download any zipfile, look at the header with a hex editor and then search for it. The headers are not going to always be at the beginning of the file. Scan the entire file for headers and footers.

Yes footers. Files also have footers! You can find the ending of a file by looking for its hex footer. Here are some examples: http://www.datadoctor.biz/data_recovery_programming_book_chapter14-page2.html Again, this is not a complete list. If you want to see what the footer of a file looks like, open one with a hex editor.

JUST TO MAKE SURE WE’RE BEING COMPLETELY CLEAR HERE:

If you find 37 7A BC AF 27 1C, you just found the beginning of a 7-zip file. If you find 89 50 4E 47 0D 0A 1A 0A, you just found the beginning of a PNG file. These are just examples. There are a lot more file headers to look out for.

If you find 50 4B 05 06 00, you just found the end of a zip file. If you find 25 25 45 4F 46 you just found the end of a pdf file. There are more footers and you can make your own list by looking at different files. These are just examples. There are a lot more file footers to look out for.

Stop looking at only the beginning of decoded data. trid and file both do this (and badly). It can be anywhere in the transaction!

Don’t rely on software to do this. Simply search for those hex values in the decoded data!

If you are one of those normies that don’t understand why the steps can’t be posted online in a detailed way that everyone can follow, please read this http://www.thecubablog.com/uncategorized/staff/the-us-has-a-way-to-shut-down-wikileaks-the-infamous-sdn-list/ THAT WAS WRITTEN IN 2010. If you are still ‘skeptical’ and want to test internet censorship you can do the following experiment: 1. find one of the censored sites 2. go to the site 3. post the link and some of the text on a normie site NOT HERE 4. enjoy your v&!


Anonymous 12/06/2016 (Tue) 20:09:58 [Preview] No. 24684 [X] del >>24690

For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable’. -Julian Assange, Nantucket Project, Sept 28 2104

Wikileaks needs to change in order to survive and thrive through the next few months… If necessary of course, if I’m not able to continue or the Ecuadorian people are unreasonably blamed for Wikileaks’ publications, I will have to resign as editor, but our publications will continue. The part of the necessary defense of Wikileaks, we have engaged in a new project to recruit people across the world to defend our publication - and we’ll give details of that as the weeks go by… …we will issue guidelines about how you can promote Wikileaks publications without censorship. - Julian Assange, Wikileaks 10 Years Press Conference, Oct 4th 2016


Anonymous 12/07/2016 (Wed) 00:53:13 [Preview] No. 24705 [X] del >>24740

We need to start having a serious conversation about alternative channels and redundancy.

It’s not clear if this thread will last too long. The admins here have been great and remove illegal content and spam when they attack this site but we can’t count on them to do this forever.

So far, regarding what we’ve been using:

BM: >>23911 Logless BM bunker >>21839 [chan] wikileaks [name] BM-2cVFHKC263sXfXYF7JU3n4FPLY9HD5H7SC
Both are effectively jammed when good progress is made. They are extremely slow and unreliable. BM-2cVFHKC263sXfXYF7JU3n4FPLY9HD5H7SC got spammed with illegal content recently.

clearnet:
A lot of threads on clearnet boards are still alive. A lot have been deleted. We have also had problems with illegal content. I don’t think it is a good idea to post links here as this thread can be googled. We can’t discuss these without an alternative to BM that is not logged.

darknet/i2p:
Most of these threads are unreachable today. It is a good idea to make backups on sites like these but we can’t count on them to spread information to others. These also can’t be posted anywhere, including logged chats otherwise we pretty much turn them into clearnet threads. We can’t discuss these directly on any channel.

IRC: A couple of these have been posted. As far as I know all of them are logged so they are not a good option.
https://anarplex.net/webirc/?channels=#WikiLeaks
127.0.0.1/6668 (i2p)
ogn5vbujhrvbihko.onion/6667 (tor to i2p)

Archive.org/is/fo: has been unreliable since Oct 17 when we first saw stuff disappearing from it.

Twitter/halfchan/fullchan/plebbit/etc: Completely unusable. Unless we come up with a way to embed the information into something that looks like harmless posts, it is all deleted, buried or shilled instantly.

Tox: you give out your IP while using this.

We need a BM and fastposting alternatives (that are not logged). Does anyone have any suggestions? In order to keep this stuff alive we are going to have to start backing up all the information/progress/leads into several sites. We can’t discuss clearnet sites until we have a way to communicate like we did with BM.

If we don’t start creating new backups all of this work will disappear as soon as this thread dies.


Anonymous 12/07/2016 (Wed) 04:42:32 [Preview] No. 24746 [X] del

>>24745
in case anyone wants to try them

INSURANCE SNIPPETS:
http://gateway.glop.me/ipfs/QmUUiWf1KLshZBQWHDt8yVaabHdMjJA2g1md7YS8qsvMci/insurance.aes256.5120
http://gateway.glop.me/ipfs/QmZHmQrNuBL1MJEi3cSn7bYoLShLiqGue5oeqZmcvHtBD6/wlinsurance-20130815-A.aes256.5120
http://gateway.glop.me/ipfs/QmRRAnoHgZGqMrJodHA3Nj6GeQ5j4y1AHUbG8MgVXWshMH/wlinsurance-20130815-B.aes256.5120
http://gateway.glop.me/ipfs/QmPCPmGwyCghyMrVENUB1AEbzkZ9dULE9rBJcVMqc5RG1M/wlinsurance-20130815-C.aes256.5120
http://gateway.glop.me/ipfs/QmNdwpvqWXkYsxPnjoL8rSZZpVDRDNu3YYvddsQ7dLdrEC/2016-06-03_insurance.aes256.5120
http://gateway.glop.me/ipfs/QmcDMXxr99Fi583oZKYqFzg8TwomugeV49oFkMrtGHEJ6Z/2016-11-07_WL-Insurance_EC.aes256.5120
http://gateway.glop.me/ipfs/QmPAoxkRcJERJEyj3uXsnKwe819WkqnX2Gp1VgpoaxLtys/2016-11-07_WL-Insurance_UK.aes256.5120
http://gateway.glop.me/ipfs/QmaYUUco1VtVurovbrtboMvu6kvFp9pdz6CEA97ftxojy5/2016-11-07_WL-Insurance_US.aes256.5120


Outer Heaven (10/26/16 - 11/09/16)

8ch[.]pl/pol/res/24116.html


Anonymous 23 days ago ID: baa5e8 No.24116

42 69 74 63 6f 69 6e 20 41 64 64 72 65 73 73 65 73

53 6e 6f 77 64 65 6e

1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg

1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj

4b 65 72 72 79

1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU

1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e

45 63 75 61 64 6f 72

1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta

16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB

55 4b 46 43 4f

1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf

1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm

55 6e 63 72 61 63 6b 65 64 20 74 72 61 6e 73 61 63 74 69 6f 6e 73

5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5


Anonymous 23 days ago ID: baa5e8 No.24117>>24128

23 20 45 78 61 6d 70 6c 65 3a 0d 0a 23 20 31 2e 20 47 6f 20 74 6f 20 68 74 74 70 73 3a 2f 2f 62 6c 6f 63 6b 63 68 61 69 6e 2e 69 6e 66 6f 2f 74 78 2f 36 63 35 33 63 64 39 38 37 31 31 39 65 66 37 39 37 64 35 61 64 63 63 64 37 36 32 34 31 32 34 37 39 38 38 61 30 61 35 65 66 37 38 33 35 37 32 61 39 39 37 32 65 37 33 37 31 63 35 66 62 30 63 63 20 0d 0a 23 20 32 2e 20 53 61 76 65 20 65 76 65 72 79 74 68 69 6e 67 20 75 6e 64 65 72 20 27 4f 75 74 70 75 74 20 53 63 72 69 70 74 73 27 20 69 6e 74 6f 20 61 20 74 65 78 74 20 66 69 6c 65 20 6e 61 6d 65 64 20 27 62 6c 6f 63 6b 2e 74 78 74 27 0d 0a 23 20 33 2e 20 52 75 6e 20 74 68 69 73 20 73 63 72 69 70 74 2c 20 69 2e 65 2e 2c 20 27 70 79 74 68 6f 6e 20 73 63 72 69 70 74 2e 70 79 27 0d 0a 23 20 34 2e 20 59 6f 75 20 73 68 6f 75 6c 64 20 73 65 65 20 53 61 74 6f 73 68 69 27 73 20 6f 6c 64 20 64 6f 77 6e 6c 6f 61 64 20 63 6f 64 65 0d 0a 0d 0a 69 6d 70 6f 72 74 20 73 74 72 75 63 74 0d 0a 66 72 6f 6d 20 62 69 6e 61 73 63 69 69 20 69 6d 70 6f 72 74 20 75 6e 68 65 78 6c 69 66 79 2c 20 63 72 63 33 32 0d 0a 0d 0a 66 20 3d 20 6f 70 65 6e 28 27 62 6c 6f 63 6b 2e 74 78 74 27 2c 27 72 27 29 0d 0a 0d 0a 64 61 74 61 20 3d 20 62 27 27 0d 0a 66 6f 72 20 66 66 20 69 6e 20 66 2e 72 65 61 64 6c 69 6e 65 73 28 29 3a 0d 0a 20 20 20 20 63 68 75 6e 6b 73 20 3d 20 66 66 2e 73 70 6c 69 74 28 27 20 27 29 0d 0a 20 20 20 20 66 6f 72 20 63 20 69 6e 20 63 68 75 6e 6b 73 3a 0d 0a 20 20 20 20 20 20 20 20 69 66 20 27 4f 27 20 6e 6f 74 20 69 6e 20 63 20 61 6e 64 20 27 5c 6e 27 20 6e 6f 74 20 69 6e 20 63 3a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 20 2b 3d 20 75 6e 68 65 78 6c 69 66 79 28 63 2e 65 6e 63 6f 64 65 28 27 75 74 66 38 27 29 29 0d 0a 0d 0a 6c 65 6e 67 74 68 20 3d 20 73 74 72 75 63 74 2e 75 6e 70 61 63 6b 28 27 3c 4c 27 2c 20 64 61 74 61 5b 30 3a 34 5d 29 5b 30 5d 0d 0a 63 68 65 63 6b 73 75 6d 20 3d 20 73 74 72 75 63 74 2e 75 6e 70 61 63 6b 28 27 3c 4c 27 2c 20 64 61 74 61 5b 34 3a 38 5d 29 5b 30 5d 0d 0a 64 61 74 61 20 3d 20 64 61 74 61 5b 38 3a 38 2b 6c 65 6e 67 74 68 5d 0d 0a 0d 0a 69 66 20 63 68 65 63 6b 73 75 6d 20 21 3d 20 63 72 63 33 32 28 64 61 74 61 29 3a 0d 0a 20 20 20 20 20 20 20 20 70 72 69 6e 74 28 27 43 68 65 63 6b 73 75 6d 20 6d 69 73 6d 61 74 63 68 3b 20 65 78 70 65 63 74 65 64 20 25 64 20 62 75 74 20 63 61 6c 63 75 6c 61 74 65 64 20 25 64 27 20 25 20 28 63 68 65 63 6b 73 75 6d 2c 20 63 72 63 33 32 28 64 61 74 61 29 29 29 0d 0a 0d 0a 70 72 69 6e 74 20 64 61 74 61


:arrow_forward:Anonymous 23 days ago ID: baa5e8 No.24119

23 20 48 6f 77 20 74 6f 20 67 65 74 20 61 64 64 72 65 73 73 20 66 72 6f 6d 20 68 61 73 68 0d 0a 23 20 52 75 6e 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 6f 6e 20 62 69 74 63 6f 69 6e 0d 0a 66 72 6f 6d 20 70 79 62 69 74 63 6f 69 6e 20 69 6d 70 6f 72 74 20 42 69 74 63 6f 69 6e 50 72 69 76 61 74 65 4b 65 79 0d 0a 70 6b 20 3d 20 42 69 74 63 6f 69 6e 50 72 69 76 61 74 65 4b 65 79 28 27 48 41 53 48 47 4f 45 53 48 45 52 45 27 2c 20 63 6f 6d 70 72 65 73 73 65 64 3d 54 72 75 65 29 0d 0a 70 6b 2e 70 75 62 6c 69 63 5f 6b 65 79 28 29 2e 61 64 64 72 65 73 73 28 29 0d 0a 23 20 43 6f 6d 70 72 65 73 73 65 64 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 72 65 74 75 72 6e 65 64 0d 0a 70 6b 20 3d 20 42 69 74 63 6f 69 6e 50 72 69 76 61 74 65 4b 65 79 28 27 48 41 53 48 47 4f 45 53 48 45 52 45 27 2c 20 63 6f 6d 70 72 65 73 73 65 64 3d 46 61 6c 73 65 29 0d 0a 70 6b 2e 70 75 62 6c 69 63 5f 6b 65 79 28 29 2e 61 64 64 72 65 73 73 28 29 0d 0a 23 20 55 6e 63 6f 6d 70 72 65 73 73 65 64 20 61 64 64 72 65 73 73 20 77 69 6c 6c 20 62 65 20 72 65 74 75 72 6e 65 64


:arrow_forward:Anonymous 23 days ago ID: baa5e8 No.24120

Current unfinished tasks:

  1. Create code that downloads output scripts from transactions allowing us to not enter them manually.

  2. Analyze transactions around date 10/16.

  3. Combine the content of the transactions made with the address resulting from Snowden’s tweet. It currently produces a damaged 7z file.

https://blockchain.info/tx/5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5

  1. Find interesting transactions involving the wl address 68 74 74 70 73 3a 2f 2f 62 6c 6f 63 6b 63 68 61 69 6e 2e 69 6e 66 6f 2f 61 64 64 72 65 73 73 2f 31 48 42 35 58 4d 4c 6d 7a 46 56 6a 38 41 4c 6a 36 6d 66 42 73 62 69 66 52 6f 44 34 6d 69 59 33 36 76 3f 6f 66 66 73 65 74 3d 31 30 30 26 66 69 6c 74 65 72 3d 31

  2. Find interesting transactions involving address 68 74 74 70 73 3a 2f 2f 62 6c 6f 63 6b 63 68 61 69 6e 2e 69 6e 66 6f 2f 61 64 64 72 65 73 73 2f 31 45 4d 42 41 53 53 59 79 68 6f 59 5a 69 76 31 63 48 46 70 50 52 4d 35 66 6e 53 58 6b 36 43 37 47 70

  3. Follow the change and analyze transactions involving the addresses in the cablegates message. For example: 68 74 74 70 73 3a 2f 2f 62 6c 6f 63 6b 63 68 61 69 6e 2e 69 6e 66 6f 2f 74 78 2f 32 32 31 64 39 30 30 62 35 61 63 37 30 31 30 32 38 66 39 64 66 61 62 37 64 66 62 61 33 32 36 66 36 30 38 33 30 38 33 38 36 64 34 35 63 30 35 34 33 32 65 37 32 31 62 37 63 31 32 32 63 62 61 37

  4. Create a tool that is able to recognize file types.


:arrow_forward:Anonymous 23 days ago ID: baa5e8 No.24121

55 73 65 20 74 68 69 73 20 74 6f 20 73 63 61 6e 20 62 6c 6f 63 6b 73 20 62 65 74 77 65 65 6e 20 31 35 74 68 20 75 70 20 75 6e 74 69 6c 20 6e 6f 77 2e 0a 0a 68 74 74 70 73 3a 2f 2f 70 61 73 74 65 2e 65 65 2f 70 2f 49 4b 64 66 4c 23 67 38 77 6c 56 50 54 67 55 45 69 58 46 4e 36 6f 46 75 75 62 4a 4d 63 47 33 43 5a 32 6b 46 72 72


:arrow_forward:Anonymous 23 days ago ID: baa5e8 No.24140>>24159 >>24165 >>24179 >>24198

fresh code

696d706f7274207379730d0a696d706f72742070796375726c0d0a696d706f7274207374727563740d0a66726f6d2062696e617363696920696d706f727420756e6865786c6966792c2063726333320d0a696d706f72742075726c6c6962320d0a0d0a7472616e73616374696f6e203d20737472287379732e617267765b315d290d0a64617461203d2075726c6c6962322e75726c6f70656e282268747470733a2f2f626c6f636b636861696e2e696e666f2f74782f222b7472616e73616374696f6e2b223f73686f775f6164763d7472756522290d0a0d0a646174616f7574203d206227270d0a61746f7574707574203d2046616c73650d0a666f72206c696e6520696e20646174613a0d0a2020202020202020696620274f757470757420536372697074732720696e206c696e653a0d0a20202020202020202020202061746f7574707574203d20547275650d0a2020202020202020696620273c2f7461626c653e2720696e206c696e653a0d0a20202020202020202020202061746f7574707574203d2046616c73650d0a202020202020202069662061746f75747075743a0d0a2020202020202020202020206966206c656e286c696e6529203e203130303a0d0a202020202020202020202020202020206368756e6b73203d206c696e652e73706c697428272027290d0a20202020202020202020202020202020666f72206320696e206368756e6b733a0d0a2020202020202020202020202020202020202020696620274f27206e6f7420696e206320616e6420275c6e27206e6f7420696e206320616e6420273e27206e6f7420696e206320616e6420273c27206e6f7420696e20633a0d0a202020202020202020202020202020202020202020202020646174616f7574202b3d20756e6865786c69667928632e656e636f64652827757466382729290d0a0d0a6c656e677468203d207374727563742e756e7061636b28273c4c272c20646174616f75745b303a345d295b305d0d0a636865636b73756d203d207374727563742e756e7061636b28273c4c272c20646174616f75745b343a385d295b305d0d0a646174616f7574203d20646174616f75745b383a382b6c656e6774685d0d0a7072696e7420646174616f75740d0a

usage

python script.py transaction_number

returns all the data in the output scripts

example

707974686f6e2073637269707420363931646432373764633065393061343632613364363532613131373136383664653439636631393036376364333363376466303339323833336662393836610d0a0d0a52657475726e732c200d0a0d0a57696b696c65616b73204361626c6567617465204261636b75700d0a0d0a6361626c65676174652d3230313031323034313831312e377a0d0a0d0a446f776e6c6f61642074686520666f6c6c6f77696e67207472616e73616374696f6e732077697468205361746f736869204e616b616d6f746f277320646f776e6c6f616420746f6f6c2077686963680d0a63616e20626520666f756e6420696e207472616e73616374696f6e20366335336364393837313139656637393764356164636364373632343132343739383861306135656637383335373261393937326537333731633566623063630d0a0d0a467265652073706565636820616e64206672656520656e746572707269736521205468616e6b20796f75205361746f73686921


:arrow_forward:Anonymous 23 days ago ID: baa5e8 No.24142

Posting relevant threads again. Please read or at least skim before following new leads.

Analysis threads (heavily deleted and slid):

https://8ch.net/pol/res/7946506.html

https://8ch.net/pol/res/7962287.html

Post where a ‘key’ was posted and deletions started taking place:

https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html

https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html

New leads and alphabets showing up:

https://endchan.xyz/pol/res/20366.html

First onion:

http://8ch.vichandcxw4gm3wy.onion/pol/res/24004.html


:arrow_forward:Anonymous 23 days ago ID: baa5e8 No.24144>>24145 >>24146 >>24181

Link to original insurance file in case anyone wants to test that one:

https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010

https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24165>>24166

>>24159

Hi Snake. 141.12 here.

I’ll be helping you with a few initial examples. Remember that if you feel like you’ve been compromised, switch over to codec communication. 546f782038363945304438434436414146433136454237393142353039303442394144443346454131443343304639453539443236334439374638383431454139323339324144453236333145434536

I’m assuming you already did the example on Jean’s latest code dump >>24140 Let’s try to do a few more.

First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.

Use Jean’s script and do

‘python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf’

Once it is done you will be able to see a pdf was generated in that directory.


>>24165

Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.

For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

If you do

python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

You will get a key that was leaked.

Now, ff you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again.

Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand.

Some of them are:

7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c

d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635

cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c

2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df

657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1

05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db

623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be

5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24167

>>24166

One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.

For example, the Bitcoin paper transaction.

If you do

‘python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output’

and then do,

‘file -b output’

You will get:

‘PDF document, version 1.4’

For

‘python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output’

‘file -b output’

you should get

‘GPG encrypted data’


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24169

posts are still being deleted or stopped. some people flat out cant post in certain places. right now talking about the key posted and removed on 7962287, looking at the blockchain and trying to find the keys hidden in posts that happened during the ddos seem to be the most sensitive. it might mean thats the right way to go.


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24177>>24181 >>24191 >>24258

>>24146

>>24148

6f 70 65 6e 73 73 6c 20 65 6e 63 20 2d 64 20 2d 61 65 73 2d 32 35 36 2d 63 62 63 20 2d 69 6e 20 69 6e 73 75 72 61 6e 63 65 2e 61 65 73 32 35 36 20 2d 6f 75 74 20 6f 6e 69 6f 6e 6f 75 74 20 2d 6b 20 22 4f 4e 49 4f 4e 22 0a 6f 70 65 6e 73 73 6c 20 65 6e 63 20 2d 64 20 2d 62 66 20 2d 69 6e 20 69 6e 73 75 72 61 6e 63 65 2e 61 65 73 32 35 36 20 2d 6f 75 74 20 62 66 6f 6e 69 6f 6e 6f 75 74 20 2d 6b 20 22 4f 4e 49 4f 4e 22 0a 6f 70 65 6e 73 73 6c 20 65 6e 63 20 2d 64 20 2d 61 65 73 2d 32 35 36 2d 63 66 62 38 20 2d 69 6e 20 69 6e 73 75 72 61 6e 63 65 2e 61 65 73 32 35 36 20 2d 6f 75 74 20 66 62 38 6f 6e 69 6f 6e 6f 75 74 20 2d 6b 20 22 4f 4e 49 4f 4e 22 0a 6f 70 65 6e 73 73 6c 20 65 6e 63 20 2d 64 20 2d 62 66 20 2d 69 6e 20 69 6e 73 75 72 61 6e 63 65 2e 61 65 73 32 35 36 20 2d 6f 75 74 20 62 66 72 6f 75 74 65 72 6f 75 74 20 2d 6b 20 22 52 4f 55 54 45 52 22 20 0a 6f 70 65 6e 73 73 6c 20 65 6e 63 20 2d 64 20 2d 63 61 73 74 20 2d 69 6e 20 69 6e 73 75 72 61 6e 63 65 2e 61 65 73 32 35 36 20 2d 6f 75 74 20 6f 75 74 74 6f 72 20 2d 6b 20 22 54 6f 72 22 0a 74 68 65 20 70 61 73 73 77 6f 72 64 73 20 73 65 65 6d 20 74 6f 20 62 65 20 74 65 6c 6c 69 6e 67 20 75 73 20 74 68 61 74 20 74 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 6d 75 6c 74 69 70 6c 65 20 66 69 6c 65 73 20 63 6f 6d 69 6e 67 20 6f 75 74 20 6f 66 20 74 68 69 73 2c 20 6f 72 20 69 74 20 63 6f 75 6c 64 20 62 65 20 74 65 6c 6c 69 6e 67 20 75 73 20 61 20 6d 65 73 73 61 67 65 20 6c 69 6b 65 20 22 55 73 65 20 61 20 54 6f 72 20 4f 6e 69 6f 6e 20 52 6f 75 74 65 72 20 61 6e 64 20 64 6f 20 74 68 69 73 22 2e 20 49 74 20 6d 69 67 68 74 20 62 65 20 74 68 61 74 20 74 68 65 20 66 69 6c 65 20 68 61 73 20 74 6f 20 62 65 20 75 6e 6c 6f 63 6b 65 64 20 6f 76 65 72 20 61 6e 64 20 6f 76 65 72 2e 20 0a 0a 61 6c 73 6f 20 73 6f 6d 65 6f 6e 65 20 73 75 67 67 65 73 74 65 64 2c 20 22 74 61 6b 65 20 74 68 65 20 6c 61 73 74 20 33 32 20 6f 72 20 73 6f 20 62 79 74 65 73 20 69 6e 20 74 68 65 20 66 69 6c 65 2c 20 66 6c 69 70 20 74 68 65 6d 2c 20 73 61 76 65 20 69 74 20 61 6e 64 20 74 68 65 6e 20 72 75 6e 20 27 66 69 6c 65 20 2d 62 27 20 6f 6e 20 69 74 2e 22


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24178>>24179

69 6d 70 6f 72 74 20 73 79 73 0a 69 6d 70 6f 72 74 20 70 79 63 75 72 6c 0a 69 6d 70 6f 72 74 20 73 74 72 75 63 74 0a 66 72 6f 6d 20 62 69 6e 61 73 63 69 69 20 69 6d 70 6f 72 74 20 75 6e 68 65 78 6c 69 66 79 2c 20 63 72 63 33 32 0a 69 6d 70 6f 72 74 20 75 72 6c 6c 69 62 32 20 20 0a 0a 23 20 75 73 61 67 65 2c 20 70 79 74 68 6f 6e 20 73 63 72 69 70 74 2e 70 79 20 74 72 61 6e 73 61 63 74 69 6f 6e 6c 69 73 74 2e 74 78 74 20 3e 20 66 69 6c 65 0a 0a 74 78 6c 69 73 74 20 3d 20 73 74 72 28 73 79 73 2e 61 72 67 76 5b 31 5d 29 0a 0a 64 65 66 20 74 78 64 65 63 6f 64 65 28 74 72 61 6e 73 61 63 74 69 6f 6e 29 3a 0a 20 20 20 20 64 61 74 61 20 3d 20 75 72 6c 6c 69 62 32 2e 75 72 6c 6f 70 65 6e 28 22 68 74 74 70 73 3a 2f 2f 62 6c 6f 63 6b 63 68 61 69 6e 2e 69 6e 66 6f 2f 74 78 2f 22 2b 74 72 61 6e 73 61 63 74 69 6f 6e 2b 22 3f 73 68 6f 77 5f 61 64 76 3d 74 72 75 65 22 29 20 0a 0a 20 20 20 20 64 61 74 61 6f 75 74 20 3d 20 62 27 27 0a 20 20 20 20 61 74 6f 75 74 70 75 74 20 3d 20 46 61 6c 73 65 0a 20 20 20 20 66 6f 72 20 6c 69 6e 65 20 69 6e 20 64 61 74 61 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 27 4f 75 74 70 75 74 20 53 63 72 69 70 74 73 27 20 69 6e 20 6c 69 6e 65 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 74 6f 75 74 70 75 74 20 3d 20 54 72 75 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 27 3c 2f 74 61 62 6c 65 3e 27 20 69 6e 20 6c 69 6e 65 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 74 6f 75 74 70 75 74 20 3d 20 46 61 6c 73 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 61 74 6f 75 74 70 75 74 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 6c 65 6e 28 6c 69 6e 65 29 20 3e 20 31 30 30 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 68 75 6e 6b 73 20 3d 20 6c 69 6e 65 2e 73 70 6c 69 74 28 27 20 27 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 63 20 69 6e 20 63 68 75 6e 6b 73 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 27 4f 27 20 6e 6f 74 20 69 6e 20 63 20 61 6e 64 20 27 5c 6e 27 20 6e 6f 74 20 69 6e 20 63 20 61 6e 64 20 27 3e 27 20 6e 6f 74 20 69 6e 20 63 20 61 6e 64 20 27 3c 27 20 6e 6f 74 20 69 6e 20 63 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 6f 75 74 20 2b 3d 20 75 6e 68 65 78 6c 69 66 79 28 63 2e 65 6e 63 6f 64 65 28 27 75 74 66 38 27 29 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 6c 65 6e 67 74 68 20 3d 20 73 74 72 75 63 74 2e 75 6e 70 61 63 6b 28 27 3c 4c 27 2c 20 64 61 74 61 6f 75 74 5b 30 3a 34 5d 29 5b 30 5d 0a 20 20 20 20 63 68 65 63 6b 73 75 6d 20 3d 20 73 74 72 75 63 74 2e 75 6e 70 61 63 6b 28 27 3c 4c 27 2c 20 64 61 74 61 6f 75 74 5b 34 3a 38 5d 29 5b 30 5d 0a 20 20 20 20 64 61 74 61 6f 75 74 20 3d 20 64 61 74 61 6f 75 74 5b 38 3a 38 2b 6c 65 6e 67 74 68 5d 0a 20 20 20 20 72 65 74 75 72 6e 20 64 61 74 61 6f 75 74 0a 0a 66 20 3d 20 6f 70 65 6e 28 74 78 6c 69 73 74 2c 20 27 72 27 29 0a 0a 61 6c 6c 64 61 74 61 20 3d 20 62 27 27 0a 66 6f 72 20 6c 20 69 6e 20 66 2e 72 65 61 64 6c 69 6e 65 73 28 29 3a 0a 20 20 20 20 6c 20 3d 20 6c 2e 72 73 74 72 69 70 28 27 5c 6e 27 29 0a 20 20 20 20 61 6c 6c 64 61 74 61 20 2b 3d 20 74 78 64 65 63 6f 64 65 28 73 74 72 28 6c 29 29 0a 0a 70 72 69 6e 74 20 61 6c 6c 64 61 74 61 0a

use >>24140

and do

70 79 74 68 6f 6e 20 73 63 72 69 70 74 2e 70 79 20 36 39 31 64 64 32 37 37 64 63 30 65 39 30 61 34 36 32 61 33 64 36 35 32 61 31 31 37 31 36 38 36 64 65 34 39 63 66 31 39 30 36 37 63 64 33 33 63 37 64 66 30 33 39 32 38 33 33 66 62 39 38 36 61 0a 0a 73 61 76 65 20 74 68 65 20 31 33 30 20 74 72 61 6e 73 61 63 74 69 6f 6e 73 20 74 6f 20 74 72 61 6e 73 2e 74 78 74 0a 0a 74 68 65 6e 20 75 73 65 20 74 68 65 20 73 63 72 69 70 74 20 61 62 6f 76 65 20 61 6e 64 20 64 6f 0a 0a 70 79 74 68 6f 6e 20 6e 65 77 73 63 72 69 70 74 2e 70 79 20 74 72 61 6e 73 2e 74 78 74 20 3e 20 63 61 62 6c 65 73 0a 0a 79 6f 75 20 77 69 6c 6c 20 67 65 74 20 61 20 7a 69 70 66 69 6c 65 20 77 69 74 68 20 74 68 65 20 63 61 62 6c 65 73

this file can be used to merge multiple transactions into one file


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24185

>>24184

someone was warning us about a hard fork yesterday. it looks like it’s possible.

ANON DOWNLOAD THE FUCKING ENTIRE BLOCKCHAIN AS SOON AS YOU CAN. MAKE COPIES. THEY ARE GOING TO TRY TO BURY THIS SHIT.

https://bitcoinmagazine.com/articles/breadwallet-ceo-aaron-voisine-segwit-soft-fork-first-then-block-size-hard-fork-1453914051


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24197

Jean has likely been compromised (all links sent to me lacked SSL).

At this point, consider this operation infiltrated.

Someone make this info public now.

Let KimDotCom know. He is loud. I cannot post to Reddit and am also probably now compromised.


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24198

IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW

IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES

import sys

import pycurl

import struct

from binascii import unhexlify, crc32

import urllib2

transaction = str(sys.argv[1])

data = urllib2.urlopen("[https://blockchain.info/tx/](https://archive.is/o/K1eZq/https://blockchain.info/tx/)"+transaction+"?show_adv=true")

dataout = b''

atoutput = False

for line in data:

if 'Output Scripts' in line:

atoutput = True

if '</table>' in line:

atoutput = False

if atoutput:

if len(line) > 100:

chunks = line.split(' ')

for c in chunks:

if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:

dataout += unhexlify(c.encode('utf8'))

length = struct.unpack('<L', dataout[0:4])[0]

checksum = struct.unpack('<L', dataout[4:8])[0]

dataout = dataout[8:8+length]

print dataout

usage

python script.py transaction_number

returns all the data in the output scripts

example

python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

Returns,

Wikileaks Cablegate Backup

cablegate-201012041811.7z

Download the following transactions with Satoshi Nakamoto’s download tool which

can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc

Free speech and free enterprise! Thank you Satoshi!

HOW TO FIND MESSAGES ON THE BLOCKCHAIN

I’ll be helping you with a few initial examples. Remember that if you feel like you’ve been compromised, switch over to codec communication.

I’m assuming you already did the example on Jean’s latest code dump >>24140 Let’s try to do a few more.

First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.

Use Jean’s script and do

'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf'

Once it is done you will be able to see a pdf was generated in that directory.

Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.

For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

If you do

python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

You will get a key that was leaked.

Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again.

Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand.

One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.

For example, the Bitcoin paper transaction.

If you do

'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output'

and then do,

'file -b output'

You will get:

'PDF document, version 1.4'

For

'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output'

'file -b output'

you should get

'GPG encrypted data'


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24199>>24258 >>24463

MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS

import sys

import pycurl

import struct

from binascii import unhexlify, crc32

import urllib2

# usage, python script.py transactionlist.txt > file

txlist = str(sys.argv[1])

def txdecode(transaction):

data = urllib2.urlopen("[https://blockchain.info/tx/](https://archive.is/o/K1eZq/https://blockchain.info/tx/)"+transaction+"?show_adv=true")

dataout = b''

atoutput = False

for line in data:

if 'Output Scripts' in line:

atoutput = True

if '</table>' in line:

atoutput = False

if atoutput:

if len(line) > 100:

chunks = line.split(' ')

for c in chunks:

if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:

dataout += unhexlify(c.encode('utf8'))

length = struct.unpack('<L', dataout[0:4])[0]

checksum = struct.unpack('<L', dataout[4:8])[0]

dataout = dataout[8:8+length]

return dataout

f = open(txlist, 'r')

alldata = b''

for l in f.readlines():

l = l.rstrip('\n')

alldata += txdecode(str(l))

print alldata

example:

python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

save the 130 transactions to trans.txt

then use the script above and do

python newscript.py trans.txt > cables

you will get a zipfile with the cables

GETTING ADDRESSES FROM HASHES

How to get address from hash

Run the following on bitcoin

from pybitcoin import BitcoinPrivateKey

pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)

pk.public_key().address()

Compressed address will be returned

pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)

pk.public_key().address()

Uncompressed address will be returned

snowden

1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg

1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj

kerry

1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU

1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e

ecuador

1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta

16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB

ukfco

1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf

1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm

Analysis threads (heavily deleted and slid):

https://8ch.net/pol/res/7946506.html

https://8ch.net/pol/res/7962287.html

Post where a ‘key’ was posted and deletions started taking place:

https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html

https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html

New leads and alphabets showing up:

https://endchan.xyz/pol/res/20366.html

Link to original insurance file in case anyone wants to test that one:

https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010

https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256

https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent

https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent

https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent

https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent

openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"

the passwords seem to be telling us that there might be multiple files coming out of this, or it could be telling us a message like “Use a Tor Onion Router and do this”. It might be that the file has to be unlocked over and over.

also someone suggested, “take the last 32 or so bytes in the file, flip them, save it and then run ‘file -b’ on it.”

UNCRACKED TRANSACTIONS:

7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e

:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24205

Take note of the future attacks to the blockchain. Take note of how it’s flooded. Take note of when they do the attacks and where. Take note of the future DDoSs. Make copies of every relevant thread. Take note of what is deleted and what is altered. Take note of when they spread disinformation in order to get you to stop looking. Use the censorship against them. What gets deleted and hidden is what is needed to get to the truth.

Put everything on external hard drives.

Do not work in secret. It will only endanger you. You have to spread the progress or they will silence you.

The truth is in that blockchain. You have enough information to find everything and decrypt it all. Don’t give up.


:arrow_forward:Anonymous 22 days ago ID: baa5e8 No.24206

get the salt.

get the IV.

get the Key.

picture what the world will be like if we lose this fight. it is worth it. get everyone back safe. information is our only leverage.

https://web.archive.org/web/20130428035200/http://www.openssl.org/docs/crypto/EVP_BytesToKey.html

https://web.archive.org/web/20150921141747/http://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase/29139

https://en.wikipedia.org/wiki/Jean_Seberg#Death


:arrow_forward:Anonymous 10 days ago ID: baa5e8 No.24539>>24553

>>24488

no ones going to hold your hand and tell you how to do it. go be distracted by the new files.

https://twitter.com/wikileaks/status/796085225394536448

Download encrypted future WL publications for safekeeping:

2016-11-07_WL-Insurance_US.aes256 - 2.9gb
2016-11-07_WL-Insurance_UK.aes256 - 1.3gb
2016-11-07_WL-Insurance_EC.aes256 - 520mb

US - 014d55394fb4621d5a01bf5eee9f5cddac8dad44
UK - 05e04c04e3315decfbd4f6ab0d2d5dd70586c57c
EC - 8367354076e79ebd8f489e044b61b4f3c8eb13b0

the Precommits

US Kerry - 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809
UK FCO - f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74
EC - eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72


OUTER HEAVEN 2 (12/07/2016 - 12/26/2016)

endchan[.]xyz/POLAK/res/15.html
s6424n4x4bsmqs27[.]onion/POLAK/res/15.html


OUTER HEAVEN Anonymous 12/07/2016 (Wed) 19:31:30 [Preview] No. 15 [X] >>757>>944

SALTS:
insurance.aes256 DE 18 1B 73 EF F3 5E 39 DA
wlinsurance-20130815-A.aes256 0F 0B DA 00 F0 35 9A 0F C8
wlinsurance-20130815-B.aes256 AB C2 04 75 6B AB 85 BE 30
wlinsurance-20130815-C.aes256 73 6B 46 4C 2F 84 9A C2 A4

INSURANCE SNIPPETS:
http://gateway.glop.me/ipfs/QmUUiWf1KLshZBQWHDt8yVaabHdMjJA2g1md7YS8qsvMci/insurance.aes256.5120
http://gateway.glop.me/ipfs/QmZHmQrNuBL1MJEi3cSn7bYoLShLiqGue5oeqZmcvHtBD6/wlinsurance-20130815-A.aes256.5120
http://gateway.glop.me/ipfs/QmRRAnoHgZGqMrJodHA3Nj6GeQ5j4y1AHUbG8MgVXWshMH/wlinsurance-20130815-B.aes256.5120
http://gateway.glop.me/ipfs/QmPCPmGwyCghyMrVENUB1AEbzkZ9dULE9rBJcVMqc5RG1M/wlinsurance-20130815-C.aes256.5120
http://gateway.glop.me/ipfs/QmNdwpvqWXkYsxPnjoL8rSZZpVDRDNu3YYvddsQ7dLdrEC/2016-06-03_insurance.aes256.5120
http://gateway.glop.me/ipfs/QmcDMXxr99Fi583oZKYqFzg8TwomugeV49oFkMrtGHEJ6Z/2016-11-07_WL-Insurance_EC.aes256.5120
http://gateway.glop.me/ipfs/QmPAoxkRcJERJEyj3uXsnKwe819WkqnX2Gp1VgpoaxLtys/2016-11-07_WL-Insurance_UK.aes256.5120
http://gateway.glop.me/ipfs/QmaYUUco1VtVurovbrtboMvu6kvFp9pdz6CEA97ftxojy5/2016-11-07_WL-Insurance_US.aes256.5120

FILES:
https://file.wikileaks.org/torrent/2016-11-07_WL-Insurance_US.aes256.torrent
https://file.wikileaks.org/torrent/2016-11-07_WL-Insurance_UK.aes256.torrent
https://file.wikileaks.org/torrent/2016-11-07_WL-Insurance_UK.aes256.torrent
https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
https://web.archive.org/web/20100901162556/https://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256

US Kerry [1]- 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809
UK FCO [2]- f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74
EC [3]- eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72

sha256sum 2016-11-07_WL-Insurance_US.aes256 ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002
sha256sum 2016-11-07_WL-Insurance_UK.aes256 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
sha256sum 2016-11-07_WL-Insurance_EC.aes256 b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995

wlinsurance-20130815-A.aes256 [5],[6]
6688fffa9b39320e11b941f0004a3a76d49c7fb52434dab4d7d881dc2a2d7e02

wlinsurance-20130815-B.aes256 [5], [7]
3dcf2dda8fb24559935919fab9e5d7906c3b28476ffa0c5bb9c1d30fcb56e7a4

wlinsurance-20130815-C.aes256 [5], [8]
913a6ff8eca2b20d9d2aab594186346b6089c0fb9db12f64413643a8acadcfe3

insurance.aes256 [9], [10]
cce54d3a8af370213d23fcbfe8cddc8619a0734c

[1] https://twitter.com/wikileaks/status/787777344740163584
[2] https://twitter.com/wikileaks/status/787781046519693316
[3] https://twitter.com/wikileaks/status/787781519951720449
[4] https://twitter.com/wikileaks/status/796085225394536448?lang=en
[5] https://wiki.installgentoo.com/index.php/Wiki_Backups
[6] https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
[7] https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
[8] https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
[9] https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
[10] https://web.archive.org/web/20100901162556/https://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256


Anonymous 12/07/2016 (Wed) 19:33:27 [Preview] No. 16 [X] del

THREADS:
oniichanylo2tsi4.onion/thread-5b30554cf29073d3aee1a74c298234c8e36a7bad.html
http://oxwugzccvk3dk6tj.onion/tech/res/679042.html
http://s6424n4x4bsmqs27.onion/pol/res/20366.html
https://web.archive.org/web/20161030073742/http://8ch.net/pol/res/7946506.html
https://web.archive.org/web/20161023211637/http://oxwugzccvk3dk6tj.onion/pol/res/7931897.html
https://web.archive.org/web/20161024220236/http://8ch.net/pol/res/7962287.html
http://oxwugzccvk3dk6tj.onion/pol/res/8180723.html
http://oxwugzccvk3dk6tj.onion/tech/res/679042.html

DECODING ONE TX:
Download http://gateway.glop.me/ipfs/QmSU67Ei3TerNe32CcZTgd48jKqsVvBTgera1qBWFjKK9V/jean.py
(or http://gateway.glop.me/ipfs/QmburFHeUtM3wdrEj3rmUuBkx6iDmYpreyGCvHijgJhZnh/jean_b.py))
Usage:
python jean.py transaction_number

Example:
python jean.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

Returns:
"Wikileaks Cablegate Backup

cablegate-201012041811.7z

Download the following transactions with Satoshi Nakamoto’s download tool which can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc Free speech and free enterprise! Thank you Satoshi!"

DECODING FILES:
A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.

python jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf

Once it is done you will be able to see a pdf was generated in that directory.

Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.

For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

If you do
python jean.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

You will get a key that was leaked.

Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again. This is the process of ‘following the change’.

Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand. One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.

Some of them are:
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e


Anonymous 12/07/2016 (Wed) 19:34:47 [Preview] No. 17 [X] del >>97>>762

I might be compromised. So, before I get silenced, I’d like to present some tips for those investigating the blockchain angle (in the case that I am unable to continue my work):

  1. Sort transactions based on TX Fees. The DMS TX(s) will probably have a high fee associated with it to a) ensure its inclusion in the block (against the spamming attacks we’re seeing) and b) draw attention to it. If a transaction contains an OP_RETURN and has an unusually high fee, IT IS WORTH INVESTIGATING.
  1. Look for duplicate OP_RETURN data. Provided there wasn’t a lone machine setup to post the DMS, it would likely be posted twice or more. Create a script to store transactions in a database. Store block number, date, op_return, fee and amount (if any of the outputs contain “911”, also pay attention.)
  1. The DMS will likely NOT come from the Wikileaks address (but might go to it). In the event that the server(s) hosting the DMS got compromised, the attacker would have access to that address’ private key (and thus all of WikiLeaks’ funds).
  1. This address might be worth investigating: htt ps://blockchain.info/address/1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM?offset=100&filter=0
    Many OP_RETURNs and all on the 10/16/2016 within a period of a few hours. I have not had the chance to investigate further.

Some side notes: Bootstrap8080.bitmessage.org and Bootstrap8444.bitmessage.org were down last night around 3AM (USA time). Worth checking DNS history on these to ensure they weren’t compromised.

My computer is sending ICMP packets routinely to addresses in San Francisco and UK. This is one of my reasons to suspect compromise (could these be packing non-erronous data?).


Anonymous 12/07/2016 (Wed) 19:37:08 [Preview] No. 19 [X] del >>157>>215

For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable’. -Julian Assange, Nantucket Project, Sept 28 2104

Wikileaks needs to change in order to survive and thrive through the next few months… If necessary of course, if I’m not able to continue or the Ecuadorian people are unreasonably blamed for Wikileaks’ publications, I will have to resign as editor, but our publications will continue. The part of the necessary defense of Wikileaks, we have engaged in a new project to recruit people across the world to defend our publication - and we’ll give details of that as the weeks go by… …we will issue guidelines about how you can promote Wikileaks publications without censorship. - Julian Assange, Wikileaks 10 Years Press Conference, Oct 4th 2016


Anonymous 12/07/2016 (Wed) 19:38:20 [Preview] No. 20 [X] del >>641

https://en.m.wikipedia.org/wiki/Rubberhose_%28file_system%29

The project was originally named Rubberhose, as it was designed to be resistant to attacks by people willing to use torture on those who knew the encryption keys. This is a reference to the rubber-hose cryptanalysis euphemism.
It was written in 1997–2000 by Julian Assange, Suelette Dreyfus, and Ralf Weinmann.[


Anonymous 12/07/2016 (Wed) 19:39:21 [Preview] No. 21 [X] del >>739

http://gateway.glop.me/ipfs/QmSYg1TfsV7yKW3hzQRy9qxMSDUgztka5vVu91S9sFVeuM/code-fixed.7z
To compile:

gcc bcrdr2.c sha256.c ripe160.c -lsqlite3 -o bcrdr2

To Run:

./bcrdr2

e.g:
./bcrdr2 ~/.bitcoin/blocks/ out.db

WHAT IT DOES:

This program reads through every file named blk*.dat in the folder to point it at and parses it.
It creates an sqlite3 database with the following schema:

CREATE TABLE BLOCK("
“ID INT PRIMARY KEY NOT NULL,”
“PREV CHAR(64) NOT NULL,”
“MERKLE CHAR(64) NOT NULL,”
“HASH CHAR(64) NOT NULL,”
“NUM INT ,”
“BITS INT NOT NULL,”
“NONCE INT NOT NULL,”
“TIME INT NOT NULL);”;

Block header info, including the computed double SHA256 hash for the block.
PREV is previous block hash, MERKLE is the merkle root hash, HASH is this block’s hash.
The other fields are miscellaneous.

“CREATE TABLE TX(”
“ID INT PRIMARY KEY NOT NULL,”
“HASH CHAR(64) NOT NULL,”
“FILE TEXT NOT NULL,”
“OFFSET INT NOT NULL);”;

Transaction header.
HASH is this transaction’s SHA double hash.
FILE is the .DAT file’s ID that it came from (See the FILE table below to get the file’s name)
OFFSET is the offset in the file it came from.


Anonymous 12/07/2016 (Wed) 19:41:19 [Preview] No. 22 [X] del

HOW TO GET THE KEYS (AND MORE) FROM THE BLOCKCHAIN:

The goal is to make very simple code that is easy to use and understand so that everyone can do this. This is a rough explanation of how it works.

There are two main approaches users are taking to decode messages in the blockchain. Scanning transactions, let’s call this ‘tx scanning’, and scanning blocks, let’s call this ‘block scanning’. The main reason users are not yet able to see meaningful content is because both approaches have to be combined.

TX SCANNING:
When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.

BLOCK SCANNING:
When you scan by block, you will be able to find encoded data more easily but it is harder to extract the tx id and wallets. One benefit of block scanning is that you can explicitly search for file headers and important strings. For example you can directly search for the magic numbers in GPG files. When you find one of these, you can then tx crawl from that starting point in order to get all pieces of the file. More concretely, if you want to find the Cablegate Backup with a block scanner, you could search for the magic number of Zip files. Then, when one is found, you can find the tx id that contains it, and finally tx crawl to get all the pieces. Yet, file headers are just one of the many other patterns that can be used to find important transactions. Examples of others are:
. Magic numbers: Look for the first bytes in different types of file. ‘file’ can be used in UNIX.
. Ability to compress: Compress the decoded output. If the size is reduced, the output is possibly a message or part of a file.
. Text: If the decoded output has text, it might have information.
. Keywords (Very important): Search for relevant keywords, e.g., checksums for files in Wikileaks.org, checksums for the insurance files, hashes, dates, names, time stamps, etc.
. Reversibility: Some messages are in reverse and need to be flipped. This should be tried both before and after decoding.


Anonymous 12/07/2016 (Wed) 19:41:31 [Preview] No. 23 [X] del

Both scanners have to be used. The starting points for the searches should be Wikileak’s wallet, important dates (for example, during the DDoS attacks), previous messages and checksum hashes. The Cablegate Backup was a bit simpler than the more recent messages. In that case, only one wallet spent the funds in each transaction, and simply looking at wallet’s next transaction was enough to find all the pieces. Newer messages are bit more complicated. Some of the wallets that receive money make multiple transactions with no encoded data before proceeding with the ‘real’ transaction. Moreover, in a lot of cases, all wallets involved spend the funds (not just one). Therefore, the crawler has to keep track of all wallets that receive funds, and all future transactions of that wallet while using techniques (like those above) to detect encoded data. A transaction tree should be kept and the pieces of each files should be combined in multiple orderings.

If you implement the process described above you will find all the keys, other backups and other files that are not released. One way to test your code is to search for checksum hashes for files that have already been published at a specific date. There are multiple messages in the blockchain that include file hashes and dates. [/spoiler]Use the leads in this thread.[/spoiler]

I recommend you use a local copy of the blockchain and carry out the search on a computer that has no internet access. Work in groups and share the process. Remember to look at other cryptocurrencies as well and to encode your findings into the blockchain yourself.

Good luck!


Anonymous 12/08/2016 (Thu) 18:38:48 [Preview] No. 28 [X] del


Anonymous 12/08/2016 (Thu) 19:10:05 [Preview] No. 31 [X] del

NEW CODE:
https://github.com/WikiLeaksFreedomForce


Anonymous 12/08/2016 (Thu) 19:38:11 [Preview] No. 32 [X] del

FILE ASSEMBLY CODE:
http://gateway.glop.me/ipfs/QmVWJVbis7es6s7cDsRmt5WBHeioc4HztR4R74Lg8KBmhU/e0911.php


Anonymous 12/08/2016 (Thu) 20:17:03 [Preview] No. 36 [X] del

https://blockchain.info/tx/624075b5d5d56b619b413966297b441ae727fc019871c22676405dd5d8200cc9
View information about a bitcoin transaction 624075b5d5d56b619b413966297b441ae727fc019871c22676405dd5d8200cc9

OMG
I thnk I found it
hang on
look at this
https://blockchain.info/block/0000000000000000026fb408f6a035e55c126a1409e9c5f5fea7d22610645289
Transactions contained within bitcoin block 435172
scroll down to roughly

It’s possible that a 7z or other compressed text document with instructions is hidden within a single transaction
And that transaction is spent.

37 7a bc af 27 1c 20 04 0e 15 c8 0f 26 20 20 20 20 20 20 20 62 20 20 20 20 20 20 20 50 c7 af >be 01 20 21 67 73 63 6c 69 6c 69 70 74 72 68 6e 65 74 65 65 74 73 67 68 69 6e 61 65 75 6f 64 >69 6e 65 72 72 69 69 20 01 04 06 20 01 09 26 20 07 0b 01 20 01 21 21 01 20 0c 22 20 08 0d 0a >01 86 66 4f f7 20 20 05 01 19 0c 20 20 20 20 20 20 20 20 20 20 20 20 11 17 20 77 20 6c 20 63 >20 6f 20 64 20 65 20 2e 20 74 20 78 20 74 20 20 20 19 04 20 20 20 20 14 0d 0a 01 20 bd 31 89 >c3 e9 42 d2 01 15 06 01 20 20 20 20 20

That’s a possible 7z encrypted message, albeit a small one

https://blockchain.info/address/1E14k7i1wVSytoMfbaCnbmhofVMNsZrpLh
Transactions sent and received from bitcoin address 1E14k7i1wVSytoMfbaCnbmhofVMNsZrpLh.
https://blockchain.info/tx/4aadbaa0edd0f0b19d5e8ae0a818e3ac7fde7cd5f6caedcd9cf4e7ac2b9582e9
View information about a bitcoin transaction 4aadbaa0edd0f0b19d5e8ae0a818e3ac7fde7cd5f6caedcd9cf4e7ac2b9582e9


Anonymous 12/08/2016 (Thu) 20:37:42 [Preview] No. 37 [X] del >>39

1Gii1VoJksAKrL34Gd4sLF1bUTQdUq1qe1 and i dont know if this is old news but this should be JA’s address… There’s a DMS at the beginning of the txs
First being oldest. 1Fpdrx7Q7fVgf19imhXeDwNEhBAQV1a6Gp

for example this is one of the 4 txs… its cryptic so “im dead when back” and likely implies something to do with the hex

If you look at the oldest tx on Gii, you’ll see what looks like a dms… Y is for key. It’s always been here but it needs to be disarmed. Thats basically what it is.

The account basically returns what is sent to it… which is what this ‘QdUq1qe1’

The unconfirmed tx has actually been there since this weekend since I found it but it looks like it rejected it and has one from 12/6
http://gateway.glop.me/ipfs/QmXUMj6fRG9mNHLTgythygDJxUodGCnWFkBfcQfaqZo896/outtx.xlsx

list of unable to decode from block 435251
435251.xlsx
list of unable to decode from block 435252
435252.xlsx
http://gateway.glop.me/ipfs/QmTtdJr3sEYeWSHdgWTyP7uq89YRQWyUKbyWYcbeBKY6kh/435251.xlsx
http://gateway.glop.me/ipfs/QmUs1xK7wf89gf9t4wtdRNPpVdaQgnsmLDBcuBrbFcQT5v/435252.xlsx
http://gateway.glop.me/ipfs/QmUttF4q2JgjzGgKkuJoXvWvUaVZvG47XKAguHDYRX1NXP/block_435250_unable_to_decode.xlsx

There’s only one that had any actual value associated (it’s on the list ending in 51) all other transactions have shown as 0

an example would be if you find a hex code for a 7zip header
such as in https://blockchain.info/tx/5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5
View information about a bitcoin transaction 5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5
at bottom 377ABCAF271C
that is the hex code for a 7zip header
also i believe this has footer http://www.7-zip.org/recover.html

just to make sure im not wasting my time, is it a waste of time to be looking at https://blockchain.info/address/135zDqhbNcmPk3gbyeJmH75yiLdVZechsK?offset=10800&filter=4, batches of transactions ~20 each(sometimes significantly more such as the 57 on the 21) at same time. literally thousands of transactions in a row with same file size
throuugh 300 some odd pages, other than the first few, there are only 3 file sizes
and average bitcoin transaction is ~.001 over 84444 transactions

this one is huge…
https://blockchain.info/tx/842a17b3a797ec03c7ab856a6e62103c3288e03d790c8dc00a6e9175d164ece0

https://blockchain.info/address/135zDqhbNcmPk3gbyeJmH75yiLdVZechsK?offset=15250&filter=4
Transactions sent and received from bitcoin address 135zDqhbNcmPk3gbyeJmH75yiLdVZechsK.
same size transactions but changes size on oct 9
fucktons of transactions for weeks all of which are same size

https://blockchain.info/ip-address/47.89.39.165, a lot of same size same time transactions and unable to decode output

http://gateway.glop.me/ipfs/Qmaut7iGTaCoVZE4RAuV6cNBY5B2HxYgZDpaFrpKYKqYgH/Filenames_16D.txt
http://gateway.glop.me/ipfs/QmUUWrmeCQrhVQrbVBJqKKBbEWoHEpgWPoKhKi6Yune52Q/Filenames_16G.txt


Anonymous 12/08/2016 (Thu) 21:39:22 [Preview] No. 40 [X] del >>41

Possible tip:

https://blockchain.info/tx/7f1e4e76084ab2a44b484358900d74261e4629879db173b85251cb54cac21070
https://blockchain.info/address/1NAQExkFZTFJKQq76KoyUosoQEfiY8K9GN
https://blockchain.info/address/1B896LaaMVJvQD84ko52XN3976gaKA7nXJ

Multiple ‘Escrows’. Seems like addresses are using the change as in cablegate.7z.


Anonymous 12/09/2016 (Fri) 06:20:27 [Preview] No. 47 [X] del


Anonymous 12/09/2016 (Fri) 15:28:18 [Preview] No. 50 [X] del

https://github.com/manly/BlockChainParser


Anonymous 12/09/2016 (Fri) 19:16:07 [Preview] No. 57 [X] del >>483>>497

HOW TO SPLIT AND UPLOAD GIANT FILES:

  1. Take giant file and slip it into pieces with 7zip
    Linux: http://superuser.com/questions/184557/how-to-create-multipart-7zip-file-in-linux
    Example:
    7z -v100m a my_zip.7z my_folder/
    Windows: http://www.linglom.com/it-support/how-to-split-a-large-file-using-7-zip/
  2. Upload the pieces to mega.nz or filedropper (max 5GB):
    filedropper.com
    mega.nz
    2b (optional). Do it from the command line to save time:
    https://megatools.megous.com/
    Example:
    https://youtube.com/watch?v=LWfFMysaspQ [Embed]&feature=youtu.be

FILES WE NEED UPLOADS FOR:

  1. All insurance files
  2. Blockchain
  3. SQL databases of the blockchain
  4. wikileaks.org

Anonymous 12/09/2016 (Fri) 22:06:52 [Preview] No. 65 [X] del

PROTIP:
Download first insurance file: https://web.archive.org/web/20100901162556/https://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
Write a python script that tries words from a dictionary on it and writes down the ones that don’t have errors (example ONION). (make sure to try with different both lower and upper case)
Read words that don’t produce errors.
also decrypt the files that comes out with the words that work. do this over and over.


Anonymous 12/10/2016 (Sat) 07:05:38 [Preview] No. 70 [X] del

There news that some groups are starting to find torrent headers in the blockchain. Some advice regarding that.

  1. Check the file structure.
    A torrent file is a bencoded dictionary with the following keys:
    announce—the URL of the tracker
    info—this maps to a dictionary whose keys are dependent on whether one or more files are being shared:
    name—suggested filename where the file is to be saved (if one file)/suggested directory name where the files are to be saved (if multiple files)
    piece length—number of bytes per piece. This is commonly 28 KiB = 256 KiB = 262,144 B.
    pieces—a hash list, i.e., a concatenation of each piece’s SHA-1 hash. As SHA-1 returns a 160-bit hash, pieces will be a string whose length is a multiple of 160-bits. If the torrent contains multiple files, the pieces are formed by concatenating the files in the order they appear in the files dictionary (i.e. all pieces in the torrent are the full piece length except for the last piece, which may be shorter).
    length—size of the file in bytes (only when one file is being shared)
    files—a list of dictionaries each corresponding to a file (only when multiple files are being shared). Each dictionary has the following keys:
    path—a list of strings corresponding to subdirectory names, the last of which is the actual file name
    length—size of the file in bytes.

  2. Check the tracker information.
    Multiple trackers
    BEP-0012[4] extends BitTorrent to support multiple trackers.
    A new key, announce-list, is placed in the top-most dictionary (i.e. with announce and info)
    {

    ‘announce-list’: [[‘’][‘’]]

    }

  3. If it a single file or Multi file torrent

Single file[edit]
Here is what a de-bencoded torrent file (with piece length 256 KiB = 262144 bytes) for a file debian-503-amd64-CD-1.iso (whose size is 678 301 696 bytes) might look like:
{
‘announce’: 'http://bttracker.debian.org:6969/announce‘,
‘info’:
{
‘name’: ‘debian-503-amd64-CD-1.iso’,
‘piece length’: 262144,
‘length’: 678301696,
‘pieces’: ‘841ae846bc5b6d7bd6e9aa3dd9e551559c82abc1…d14f1631d776008f83772ee170c42411618190a4’
}
}

{
‘announce’: 'http://tracker.site1.com/announce‘,
‘info’:
{
‘name’: ‘directoryName’,
‘piece length’: 262144,
‘files’:
[
{‘path’: [‘111.txt’], ‘length’: 111},
{‘path’: [‘222.txt’], ‘length’: 222}
],
‘pieces’: ‘6a8af7eda90ba9f851831073c48ea6b7b7e9feeb…8a43d9d965a47f75488d3fb47d2c586337a20b9f’
}
}

  1. Trackers
    You can see the tracker in:
    ‘announce’: 'http://bttracker.debian.org:6969/announce‘,
  2. Check the trackers to see if the files are valid.
    Trackers themselves should be verified by Verisgn or any other tool for tracker verification.

If the file is downloaded, keep it and post it here. If the torrent was incomplete or corrupted it might be possible to fix it with file recovery software.


Anonymous 12/10/2016 (Sat) 07:50:26 [Preview] No. 71 [X] del >>304

  • file header match (type: jpg) (block hash: 000000000000000001c49996dd0946a3eb734173fd2b0c66c84de64e96f835a5) (tx hash: 4b0cd7e191ef0a14a9b6ab1c5900be534118c20a332ff26407648168d2722a2e)

yes this picture was in that transaction


Anonymous 12/10/2016 (Sat) 15:55:24 [Preview] No. 73 [X] del

if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "DOC Header Found " # DOC Header
if "576F72642E446F63756D656E742E".lower() in hexcode:
filetype += "DOC Footer Found " # DOC Footer
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "XLS Header Found " # XLS Header
if "FEFFFFFF000000000000000057006F0072006B0062006F006F006B00".lower() in hexcode:
filetype += "XLS Footer Found " # XLS Footer
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "PPT Header Found " # PPT Header
if "A0461DF0".lower() in hexcode:
filetype += "PPT Footer Found " # PPT Footer
if "504B030414".lower() in hexcode:
filetype += "ZIP Header Found " # ZIP Header
if "504B050600".lower() in hexcode:
filetype += "ZIP Footer Found " # ZIP Footer
if "504B030414000100630000000000".lower() in hexcode:
filetype += "ZIPLock Footer Found " # ZLocked Encrypted
if "FFD8FFE000104A464946000101".lower() in hexcode:
filetype += "JPG Header Found " # JPG Header
if "474946383961".lower() in hexcode:
filetype += "GIF Header Found " # GIF Header
if "474946383761".lower() in hexcode:
filetype += "GIF Header Found " # GIF Header
if "2100003B00".lower() in hexcode:
filetype += "GIF Footer Found " # GIF Footer
if "25504446".lower() in hexcode:
filetype += "PDF Header Found " # PDF Header
if "2623323035".lower() in hexcode:
filetype += "PDF Header Found " # PDF Header
if "2525454F46".lower() in hexcode:
filetype += "PDF Footer Found " # PDF Footer
if "616E6E6F756E6365".lower() in hexcode:
filetype += "Torrent Header Found " # Torrent Header
if "1F8B".lower() in hexcode:
filetype += ".TAR.GZ Header Found " # TAR/GZ Header | Going to have lots of false positives
if "0011AF".lower() in hexcode:
filetype += "FLI Header Found " # FLI Header
if "504B03040A000200".lower() in hexcode:
filetype += "EPUB Header Found " # EPUB Header
if "89504E470D0A1A0A".lower() in hexcode:
filetype += "PNG Header Found " # PNG Header
if "6D51514E42".lower() in hexcode:
filetype += "8192PGP Header Found " # 8192 Header
if "6D51494E4246672F".lower() in hexcode:
filetype += "4096PGP Header Found " # 4096 Header
if "952e3e2e584b7a".lower in hexcode:
filetype += "2048PGP Header Found " # 2048 Header
if "526172211A0700".lower() in hexcode:
filetype += "Secret Header Found" # Secret Header
if "6D51454E424667".lower() in hexcode:
filetype += "RAR Header Found" # RAR Header
if "EFEDFACE".lower() in hexcode:
filetype += "UTF8 Header Found" # UTF8 header
if "4F676753".lower() in hexcode:
filetype += "OGG Header Found" # OGG Header
if "42494646".lower() in hexcode and "57415645".lower() in hexcode:
filetype += "WAV Header Found" # WAV Header
if "42494646".lower() in hexcode and "41564920".lower() in hexcode:
filetype += "AVI Header Found" # AVI Header
if "4D546864".lower() in hexcode:
filetype += "MIDI Header Found" # MIDI Header
if "377ABCAF271C".lower() in hexcode:
filetype += "7z Header Found" # 7z Header
if "0000001706".lower() in hexcode:
filetype += "7z Footer Found" # 7z Footer

Anonymous 12/12/2016 (Mon) 02:24:27 [Preview] No. 75 [X] del

http://zerobinqmdqd236y.onion/?7cd87b53ca199bdb#+Ht0Kg+aa8Nqx4oKXQIPM9UZibcVuZMMBMw22lc/+pw=

need to search each output script individually with trid that was sent TO the wikileaks address by some address, and in particular the time frame of 10/17 to 10/29

his dead man’s switch was “check in by the end of the day on friday”

lowest number of transactions + highest fees + 0.0000000001 amounts paid (or close to 0 as possible because it is blackholed money since the data dictates the destination address and you don’t have the priv key for the destination address)

and yes output scripts less than 40 are significant as well, because they do not un-hash (so to speak) to a valid address
also any output hex that is an ODD number is suspect

you can hide small shit, like keys or a text document inside a zip file (really small 2kb footprint)

the output script looks like this
“OP_DUP OP_HASH160 9f2fe1c79fefbc6166a906fc4fdadc61a08709fa OP_EQUALVERIFY OP_CHECKSIG”
if you take the hex string portion only:
9f2fe1c79fefbc6166a906fc4fdadc61a08709fa
and use it on this website:
http://bitcoinvalued.com/tools.php

put that string into the top right field. hit convert
Result: BitCoin address: 1FWhoQ3scrAPh7M7uy4jsk7VCNTe3vZeVL

This 9f2fe1 string is the hash160 of wallet 1FWhoQ3

Example: Looking at a transaction
“c234056fd6cc3bad6f51945e36893affc5493e824cfc3e90b51860a24f069a80”
you’ll see that part of the transaction was sent to the wallet named:
“1FWhoQ3scrAPh7M7uy4jsk7VCNTe3vZeVL”
https://blockchain.info/tx/c234056fd6cc3bad6f51945e36893affc5493e824cfc3e90b51860a24f069a80

what has happened here is that the wallet 1FWhoQ3scrAPh7M7uy4jsk7VCNTe3vZeVL has received part of the UTXO (unspent transaction) from the sender

this transaction proves that

hell it was confirmed 20000 times or whatever

“27401 Confirmations”

so now the 1FWhoQ wallet may spend what they received - they are now able to spend it without throwing red flags

1FWhoQ has to put the right shit in the input scripts (bunch of version and shit and that’s the input script and is basically automated by the wallet and cannot fuck up because it has to have the wallet’s key to be able to spend the transaction out of the wallet)

and also 1FWhoQ will put the recipient’s HASH160 into the output scripts

there will be one output script per recipient address

so if i wanted to send a file to the blockchain, i would have to send it to the addresses that my data dictates. because the data is in a particular order that creates the original file.

so if the first 20 bytes were ABCDABCDABCDABCDABCDABCD then it would send to this address: BitCoin address: 1NDUKKcNpLnAwcozASKSa11
and that is because 1NDUKK’s hash160 value is ABCDABCDABCDABCDABCDABCD

if I don’t own 1NDUKKcNpLnAwcozASKSa11, then I’m basically throwing money away because i can’t send it out from the 1NDUKK wallet because i don’t own that wallet because i don’t have the private key and that is the most major part of the input script that allows the confirmations to occur(edited)

therefore the amount I send will be very, very small. but i may allow a big transaction fee (as a bounty) to make sure that transaction is confirmed and included in the blockchain quickly

and the way bitcoin works, when I send it, I have to send from only sources of unspent transactions. If I wanted to give you 1BTC and I had 10BTC, but I didn’t have any unspent transaction in my wallet that was exactly 1BTC, then I’d have to send you chunks (for example 0.3 and 0.25 and 0.21 and 0.24) or i’d send you an amount larger than what i’m trying to send you if my smallest unspent transaction was one that i had received that was 2BTC. So my 10BTC wallet might be filled with four transactions → 2BTC + 5BTC + 0.5BTC + 2.5BTC
and if i had to send you 2BTC, I’d want my 1BTC in change. so i have to include that as a recipient. i can choose to have it come back to my own wallet (if my wallet software allows and handles that properly) or i could give it another wallet that my wallet software auto


Anonymous 12/12/2016 (Mon) 22:21:59 [Preview] No. 84 [X] del

tx ids with torrent data
bd8e9ac3b25ced616e6f71e8c3c2a79926fe2278ae6822e223e0eda3d61df265
acc265638c4df520b33e2cce387aeccafe58f3ac1e14cd5584e37d7fc7c1e719
b7cfb08bdd92640eeee8994918c99a2a2c399999ad8f9676ee44f289d5df0ddd
8983a0ed9841ab288da34034f1d734d5cb98eb62055809f7b2c2fc45ccce8573
64d0df47323a19de34f6aacfe21b8e0fc52e2489ceceb2021a89856dc64cbae1
7e1778b7923d94d2ba958496306e346980f8218f34fe327211ba148136d44b84
9ade07dc5164f2d76172bbba5be853a2890036bb8ae8e35b273c899702d48212
57ba46e55765216fdbfea96f0c8252f2cedda154f56ed7fc66e8749e3db38319
828c07e14e268088d9f8c1dc3a4e94402632d7a4b91d993d92c97589a8836775
b60940c01ef648208c12a974581848c4d482f4b6f3a09d12b7627cb639cea820
e5aa29db8d661c13c4b9b3a04751502076baaec707293711cfb458ca3ab8b23f
ea4b2b11ebf37b5e209df56a70af86db409274d78b19d95efc4aa5a99a0f8409
cd8cf4ad7d0a949440ee40fcc1cfa41b86ec60a26661a18cf4c439654bc8900b
a73ab459d7b241161cb37082fd3782ea56a04f3f7f4bcc40e92bccaa660055c8
4723cd287a3c838d41c463ac91cab02ad10c5f1b5a34e414ab37d1e61b478078
ff406b1421640431f595c8f5d917277dda03982748266612c4359c8906d7cd0b
e7f2b3084fcc4bff5123d6e11c7f8c2920d6058e5eb8896c88078f84944397b8
f6d8a9faaade839892fa396dd023d4b48ffcaab9c51b86254224ec0a4e39ba35
c3084d66144da01773a312a8774efe054b2db14590fdb533cbfb39c0ff7b97cd
1576a405924468a9de9311eb418d3b4cc208af91b36cd2e9bffdfc27dd79b6d4
426823bfc6904e340ffc87c24adc14ff309e54e68fc296dd63e1bb29bbc8449b
b96e47740804918aa85e0388797246526b370da94a837ebce56177f8d1ca2e70
9efd086375e95455c635b9b5a35642b265b211ca4c59d711b3bdb309ef88878d
dd7e40667f07cc8da15ac4371cb7bc2471451a34cfe4c3ef366853ad6fc85f7a
f2a0a96bea0809bb988a6b2a078e96421d6994dd73a7f988ecfbd05da26ca17e
59fab817f921d4bec2d2fbee9ce2db490e69aa3ce1feeb91661ad0410c7b3da7
2985a64603b7f265d502de793c7109ddc6796572719208da5ddaf38e6b7c703a
581ec43e1569e273acc4a5396ed284c308c340991d833e1cb1778a587c300dc0
e956c1bf549a9564f242872986462d4fc27ce2115832a40477e5ebf1e0fc92fa
af4a748bf70664e7a868270258c9d7e60485ca50a2e5b187008dca0d15aeb13e
cdaa47392cb7072b7931a3d60b1649977f2b46285ea34370a18902428e6d3e7c
4c875d1ef76e3d24c3e0c6cb0900b87297a25e174c92444eef8fa86bffa8448f
6ff6bcb2b5c55d2f955876983c0b5ff64a57b0680459a7736ecdef00ebce1011
71400c5447afd78350d39cede7e3ed253df098b9e19cf90ff5731c04de9bd75c
5c2b92b350b2755b47b0733635325acabf4ae9ec1dc41333ce5bb31a60c184a1
9ba8e84c70b9e53f809b2dc7d7b974ee7496dd9949e7a94d0271598c8a7017b0
4817a0e4fb11fe71db429ddab1152d14795b02a21cdc91233c0505d77eb5ebde
bde1d757b5782e28dc6f9fcf336c1602ea5aad617af5cb59ac8d773ab638ee80

http://zerobinqmdqd236y.onion/?8b0155d2c7cdadbc#wTXK9pGF83eZ1B7rnvUUcjO/Ki4GqOnDJujcgyO1SAI=


Anonymous 12/13/2016 (Tue) 00:14:42 [Preview] No. 85 [X] del

http://zerobinqmdqd236y.onion/?316f491a36e7dc74#PDK1n/TYozarViizzJwQQ5QZW/7UL5AQyBntKV8eBps=

Wikileaks failed certificates Dec 12 00:01:59 UTC

sha1/HxoIFABDOXjcQh8q/PaX2vO26x4= sha256/eAtnKZihtuel9O8UVuhR0s83Ayv3jCa/U2e8WxaAKaA= sha1/2ptSqHcRadMTGKVn4dybH0S1s1w= sha256/YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg= sha1/qOMClnCmi1fr7O/MKU6RdJrUkjg= sha256/Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN


Anonymous 12/13/2016 (Tue) 21:21:03 [Preview] No. 87 [X] del

Someone please check if anything was changed last night.

To do this do:

mkdir filesdec13
cd filesdec13

wget -m -p -E -k -K -np Index of /file/

md5sum * > md5sumsdec13.txt
sha1sum * > sha1sumsdec13.txt
sha256sum * > sha2sumsdec13.txt

cd …

mkdir torrentsdec13
cd torrentsdec13

wget -m -p -E -k -K -np Index of /torrent/

md5sum * > md5sumtorrentsdec13.txt
sha1sum * > sha1sumtorrentsdec13txt
sha256sum * > sha2sumtorrentsdec13.txt

Then download the ones from dec 11

http://zerobinqmdqd236y.onion/?47efdb06b80fccfa#oI74/sbXomHCVsZ+Ux0T4iZi0LYOtjyPzndqAOgkLb4=
http://zerobinqmdqd236y.onion/?7e446df674013eba#nvIXrvcdLi7iKsM16mX/4OJDgaeS9kZU9l+85qpf5yY=
http://zerobinqmdqd236y.onion/?0d05f8455e9b8d88#fSjEocuR+D1YSB2dDcVeqYda7Bz/LbpYzIx9oEuMZD4=
http://zerobinqmdqd236y.onion/?0663280c2bcd12ce#1fIcSERfAIqbq4/sM3D6GuguSbQ1HdYy3q0x9oFmT+k=
http://zerobinqmdqd236y.onion/?56b4c8c49c62c7b5#VEFaK7MBuyDAyJmg/GDgoIEV2PZ1ZXxfMJYtexFA+Zw=
http://zerobinqmdqd236y.onion/?5677061058c45134#KAQgvYoulFti4AHXQJXdQPmnlb4+tE9bTRQxi7r2NxY=

diff md5sumtorrentsdec13.txt md5sumtorrents.txt
diff sha1sumtorrentsdec13.txt sha1sumtorrents.txt
diff sha256sumtorrentsdec13.txt sha256sumtorrents.txt
diff md5sumsdec13.txt md5sums.txt
diff sha1sumsdec13.txt sha1sums.txt
diff sha256sumsdec13.txt sha256sums.txt

If you get a diff something was changed while Wikileaks.org was down last night.


Anonymous 12/13/2016 (Tue) 21:33:31 [Preview] No. 88 [X] del >>835

For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable. -Julian Assange, Nantucket Project, Sept 28 2104
https://youtube.com/watch?v=MaB3Zw5_p9c [Embed]&feature=youtu.be&t=7m06s

http://gateway.glop.me/ipfs/QmZ7v1pXQ72mSJtWtUYaP7AK53q9JzbXFTmbfVFc6LmCAv/hashsearch.zip
Works on output from https://github.com/WikiLeaksFreedomForce/Blockchain-downloader/blob/master/blockchain_downloader.py

python wlsearch.py


Anonymous 12/14/2016 (Wed) 01:58:00 [Preview] No. 89 [X] del >>90>>116>>207>>325

We are 7 days away from D-Day.

HOLDING GROUPS
If you are in a holding group you should slowly begin contact with the new seekers. You should assume that every user you speak to is a shill. If you are receiving intel from previous groups you should assume all information is not valid. The shilling that will take place in the next few days will be more advanced than what we have previously seen. Use CQC to gain new leads, use GW to prove your identity. If you have followed this project you should know how to engage and disable bots. This will be important.

OPERATION SKYE
You should assume your current medium of communication is compromised and monitored. Redundancy and constant change of channels is essential. If you are in a decoy Outer Heaven, make sure to have it completely briefed. The BM bunker will not be reliable this week. Make arrangements to mantain communication within your unit. Use Codec Communciation when discussing sensitive details.

AS OF 10:31:13 UTC
wikileaks.org is constantly being modified. Keep track of changes as these will lead newer groups to the encoded information.
Plans for the Internet blackout have been confirmed by multiple sources.
Distribution of backups and new findings should take place outside the Internet. Make arrangement so your unit is able to access another net.

IF the keys for the decoy insurance files are released by ‘Wikileaks’ you should break radio silence and commence distribution of the real data.
IF the Internet goes down, you should break radio silence and commence physical distribution of the real data.
IF we experience a prolonged Internet blackout in the US, we will have to delegate certain task to our allies. Get Google Translate ready. You will need it.
IF the information has not reached the public once the Internet is restored, FOXALIVE will be released. This is our last measure and we should everything we can to avoid it.

Remember, if Arsenal Gear is deployed in the next few days, we lose the Internet forever.

Good luck.

https://youtube.com/watch?v=QvEDSkK3GQU [Embed]


Anonymous 12/15/2016 (Thu) 00:29:03 [Preview] No. 92 [X] del >>93>>103

OPERATION INSULAR AMBIENCE

For those of you working on setting up alternatives to the Internet to continue our progress in a more secure and anonymous way.

Begin by setting up:

  1. Cjdns [1]
  2. Batman-adv-nc [2]
  3. Adhoc capable network card [3]
  4. Cjdns hosting device (Raspberry Pi/SoC [4], a device compatible with Libreboot (preferred) [5] or Coreboot [6], PC not recommended)
  5. Any *unix distribution [7][8] (not Ubtunu or Redhat-based including CentOS; avoid MacOS and OSX)

Optional:

  1. Onioncat and pre-Oct 1st Tor
  2. i2p/i2pd or GNUnet along with any other anonymizing networks
  3. (Recommended alternatives to 5 above) use a security oriented *unix project like OpenBSD or Gentoo Hardened (or use OpenWRT)

[1] https://en.wikipedia.org/wiki/Cjdns
[2] https://en.wikipedia.org/wiki/B.A.T.M.A.N
[3] https://en.wikipedia.org/wiki/Wireless_ad_hoc_network
[4] https://en.wikipedia.org/wiki/System_on_a_chip
[5] https://en.wikipedia.org/wiki/Libreboot
[6] https://en.wikipedia.org/wiki/Coreboot
[7] https://upload.wikimedia.org/wikipedia/commons/1/1b/Linux_Distribution_Timeline.svg
[8] https://en.wikipedia.org/wiki/List_of_BSD_operating_systems


Anonymous 12/19/2016 (Mon) 19:40:56 [Preview] No. 108 [X] del

2015
https://blockchain.info/tx/cd9104ce6d385428060d33e1d4843b0cdfc78db2f327116eb4f97d8e177a4d82
actually they are talking about bitcoin lol
looks like a garbled HTML file as well
possibly an email discussing wikileaks
http://gateway.glop.me/ipfs/QmVBmLgkSreEReWXifWfs8pW9Sj3Jns8jKuAPszDecZeDL/Fileorigindata.txt
There’s the full unaltered document
Also note it is in the input scripts
This needs some investigation


Anonymous 12/19/2016 (Mon) 21:19:36 [Preview] No. 112 [X] del >>268>>466>>484>>548

BLOCKCHAIN NOV 25:
magnet:?xt=urn:btih:2dcade69d98b3a245b5d733762bd3b23184bf3e5&dn=Bitcoin%20Blockchain%202016-11-25&tr=http%3a%2f%2fexplodie.org%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce&tr=http%3a%2f%2fmgtracker.org%3a2710%2fannounce&tr=http%3a%2f%2ftracker.tfile.me%2fannounce&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2f9.rarbg.to%3a2710%2fannounce&tr=&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337&tr=udp%3a%2f%2f9.rarbg.me%3a2710%2fannounce&tr=udp%3a%2f%2f9.rarbg.com%3a2710%2fannounce&tr=http%3a%2f%2ftracker.trackerfix.com%2fannounce&tr=http%3a%2f%2ftracker.torrenty.org%3a6969%2fannounce&tr=http%3a%2f%2fwww.mvgroup.org%3a2710%2fannounce&tr=udp%3a%2f%2fexodus.desync.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce&tr=http%3a%2f%2fannounce.torrentsmd.com%3a6969%2fannounce&tr=http%3a%2f%2fbt.careland.com.cn%3a6969%2fannounce&tr=udp%3a%2f%2fcoppersurfer.tk%3a6969%2fannounce&tr=udp%3a%2f%2fglotorrents.pw%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.glotorrents.com%3a6969%2fannounce&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker4.piratux.com%3a6969%2fannounce&tr=http%3a%2f%2f9.rarbg.com%3a2710%2fannounce&tr=udp%3a%2f%2fopen.demonii.com%3a1337%2fannounce&tr=udb%3a%2f%2ftracker.opentrackr.org%3a1337


Anonymous 12/20/2016 (Tue) 01:44:36 [Preview] No. 114 [X] del >>677>>959>>971

http://gateway.glop.me/ipfs/QmdanmRuJLpEfFAjDZF5sBtnpajmZWGvmC8cWJQBoZKwNi/jean_i.py
http://gateway.glop.me/ipfs/QmZ1pbx6g23Piyd8gfvBrJ4vmjUcu2kYDtN5YqBwyanaub/out.html

'python jean_i.py cd9104ce6d385428060d33e1d4843b0cdfc78db2f327116eb4f97d8e177a4d82 > out.html'

Wikileaks contact info? [quote author=RHorning link=topic=1735.msg26876#msg26876 date=1291501064]
Basically, bring it on. Let’s encourage Wikileaks to use Bitcoins and I’m willing to face any risk or fallout from that act.
[/quote]
No, don’t “bringit on”.

The project needs to grow gradually so the software can be strengthened along the way.

I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.

We have the hashes for genesis block through block 74000 hardcoded (compiled) into bitcoin, so there’s no reason why we shouldn’t be able to automatically download a compressed zipfile of the block database from anywhere,unpack it, verify it, and start running.
[/quote]
The 74000 checkpoint is not enough to protect you, and does nothing if the download is already past 74000. -checkblocks does more, but is still easily defeated. You still must trust the supplier of the zipfile.

uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.

The data is mostly hashes and keys and signatures that are uncompressible.


Anonymous 12/20/2016 (Tue) 18:49:13 [Preview] No. 116 [X] del >>167>>207>>271

>>89
>>93
>>106

Any surviving holding teams out there?

WikiLeaks ‏@wikileaks 13m13 minutes ago
Today:
-Truck drives into Berlin Christmas crowd replaying Nice
-Russian envoy shot over Allepo in Turkey
-3 shot at Zurich Islamic centre

  1. Major sites down during these past few days.
  2. Internet outages in US, Moscow and Japan.
  3. Record breaking packet loss these past two days for major ISPs.
  4. Russian ambassador to Turkey shot.
  5. Obama publicly hinted at cyber war during the past few days.
  6. Wikileaks posted a new bogus insurance file.
  7. Electoral college vote currently taking place.

BM kill
fullchan video captcha and high shill activity
clearnet shill spamming multiple sites down
darknet sites permanently down since last night
torrent sites down, some permanently closed

Comcast
http://downdetector.com/status/comcast-xfinity/news/96591-problems-at-comcast
Internet (66%)
TV (20%)
Total Blackout (12%)

Youtube
http://downdetector.com/status/youtube/news/96608-problems-at-youtube
Watching videos (61%)
Website (23%)
Uploading videos (15%)

AT&T
http://downdetector.com/status/att/news/96607-problems-at-att
Internet (70%)
Uverse (20%)
Phone (10%)

Netflix
http://downdetector.com/status/netflix/news/96597-problems-at-netflix
No connection (41%)
Video streaming (40%)
Log-in (18%)

Dish Network
http://downdetector.com/status/dish-network/news/96590-problems-at-dish-network
Limited channels (60%)
No TV (30%)
[email protected] (10%)

Instagram
http://downdetector.com/status/instagram/news/96589-problems-at-instagram
News feed (50%)
Log-in (33%)
Website (16%)

Facebook
http://downdetector.com/status/facebook/news/96584-problems-at-facebook
Total blackout (50%)
Log in (28%)
pictures (21%)

DirectTV
http://downdetector.com/status/directv/news/96582-problems-at-directv-2
No signal (64%)
Bad signal (20%)
Online viewing (16%)

Time Warner Cable
http://downdetector.com/status/time-warner-cable/news/96580-problems-at-time-warner-cable-3
Internet (61%)
Total Blackout (21%)
TV (17%)

Reddit
http://downdetector.com/status/reddit/news/96579-problems-at-reddit
Website (91%)
Log-in (8%)

Amazon
http://downdetector.com/status/amazon/news/96574-problems-at-amazon-3
Website (48%)
Log-in (40%)
Check-out (12%)


Anonymous 12/21/2016 (Wed) 01:05:32 [Preview] No. 119 [X] del >>120

>>118
if you read the threads inside that png you will able to see everything that happened that was saved before deletion.
rushed summary:

oct 17: strange activity is noticed at the embassy, first responders investigate, periscope is killed, twitter goes full orwell, archive.org is changed to no longer save sites properly.something that is instantly deleted is posted several times on pleddit, halfchan, fullchan, onion links and darkweb. it is all wiped. people regroup in several places since there is no way to post without threads being deleted or sites going down. a lot end up here.

oct 21: as the director of wikileaks is dying a huge ddos takes down most sites. blockchain is attacked. lot of stuff gets deleted.

oct 24: someone finds the wikileaks backups in the blockchain and posts instructions and code to decode the data.

oct 27: the deletions get too severe. sites begin being flooded with illegal content or going down. people create their own private channel to discuss progress. the keys and all hidden data in the blockchain are found. the group pushes the information into a few cryptocurrencies. blockchain is flooded. mempool graphs now have a giant spike on oct 27. soft fork for bitcoin begins. onion threads with the info get instantly wiped. everyone involved goes silent except one of two people. this group is then referred to as ‘group 1’. first finding of the keys as ‘first impact’.
few days later: one of the people following the progress of group 1 starts teaching others how to retrace the steps.

late oct: people figure out that unlocking the data gets you xkeyscored’d making you lose internet connection and makes sites get attacked if the stuff is not deleted.

early nov: focus changes to teaching others how to find the information on airgapped computers to avoid deletion and sacrificing public channels of communication. threads that have progress start being flooded with illegal content every morning.

nov 8: wikileaks.org begins being changed. some files are deleted. checksum hashes start not matching older backups.

some point in nov: irs asks bitcoin to give them the identities of all transactions. copies of the blockchain start showing ‘undecodable’ or empty transactions not seen before.

mid nov: ‘group 2’ doxxes the people pretending to be wikileaks and tried to spread more detailed instructions for getting the files. posts did not last more than a few minutes. it seems like they tried to push to blockchain but apparently the data did not make it in. group 2 goes silent. they start calling this day the ‘second impact’.


Anonymous 12/21/2016 (Wed) 01:05:45 [Preview] No. 120 [X] del >>121

>>119
nov 25: third impact. files are found by a new group that seems to not be american. they post instructions all the place but they don’t last more than a few hours. they tried to encode data into cryptocurrencies but it is not clear if it made it. this day is the second spike visible on the mempool graph.

at some point after this people agree to stop using the endchan thread for this because admins have to deal with too much illegal content floods and site going down. it becomes clear that any channel used to discuss this is ‘sacrificed’, in other words, it starts going down a lot, they flip the mods, deletion, illegal spams, etc. this thread is created for that reason. you can figure out what is special about this thread if you read the logs in the png. most progress after this point is exclusively on channels with no logs on darkweb. most of these eventually go down. the endchan thread is eventually locked. everyone that posted is blocked to this day. it is then deleted.

dec: planning for d-day begins. all holding groups spend all of december teaching others how to find the files.

mid dec: someone allegedly speaking on behalf of appelbaum posts links to code he wrote to find and repair keys in memory. new teams are told to use it. obama starts talking about a cyber war with russia.

dec 18: files are found in japan. a meshnet using ps3s is created to spread the files but it does not seem to last too long.

dec 19: d-day. happenings all over the world. most ISPs, torrent communities and major sites go down. wikileaks releases a new insurance file. uk, ec, and us insurance files from before no longer show on wikileaks.org unless you have IPs from specific countries. it is one of the biggest internet outages in history and it is not reported in a single news site that i have been able to find. holding groups go silent. some members are now trying to find their old teams.

tl;dr blockchain has backups for all wikileaks files since 2013. it also has checksum hashes and upload proofs for all files. there is a lot of stuff in there that triggers xkeyscore or echelon and is virtually impossible to share or even talk about. three months have been spent trying to teach others how to recreate the steps. there is a noticeable pattern. group finds it, start teaching others how to do it, then everything is deleted and people go silent. then a new group finds the breadcrums and starts over. it’s not clear what happened yesterday or what will happen next but there are people from all the world trying to investigate. at this point and there is no part of the internet where it is allowed.


Anonymous 12/21/2016 (Wed) 01:16:11 [Preview] No. 121 [X] del >>122>>123

>>120

Holy shit. Looking at the graph it is indisputable that they are fucking with the blockchain Nov 22-27 7x as many transactions that is not possible in normal context.

If what you say is true the blockchain may become contraband. Comments?


Anonymous 12/21/2016 (Wed) 03:51:38 [Preview] No. 126 [X] del >>127

>>124
because xkeyscore exists and if you find the files or try to share them while you’re online you internet is instakill. doesnt matter how many proxies and underwater vpns you have there’s plenty of hardware backdoors to fuck your shit up. if you try to post them you will just insta ded that site. not even the max level shills can explain how deep af darkweb sites that are made just for this go down as soon as that content hits them. everyone ended up in here not because they wanted to hide but cause they flat out could not make a thread that lasted more than 2 minutes on any other site. this aint no game. and when this thread is found and flooded all evidence of this shit will disappear from normies forever. thats why most people in this shit are from other countries now.

>>124
yes and they are found again every other week. if you follow the old endchan thread it tells you how to get them.


Anonymous 12/21/2016 (Wed) 09:05:49 [Preview] No. 148 [X] del >>150

>>145
keys and other files are in the blockchain. hard to explain to others how to do it. inforamtion cant be posted directly because kill the site its posted on. halfchan would be a great channel for this because they have good number and organize pretty well. however the mods seem to be flipped. hopefully someone figures out how get them to join this cause as well. same goes for fullchan. it’s just really hard with flipped mods.


Anonymous 12/21/2016 (Wed) 18:04:05 [Preview] No. 223 [X] del >>270

>>218
here is a normie explanation https://www.reddit.com/r/WhereIsAssange/comments/5h3xch/the_great_blockchain_search_discord_update/
this is a normie blockchain tutorial https://www.reddit.com/r/WhereIsAssange/comments/5e55p3/a_simple_blockchain_decoding_tutorial/
reddit has a repo for their code here https://github.com/WikiLeaksFreedomForce
they have a discord channel too but thats not a safe site to use


Anonymous 12/22/2016 (Thu) 02:34:10 [Preview] No. 339 [X] del >>611

about reaching out to normal people. what i have seen (for me) that works best is to start with:

  1. the quote about how he embeds everything into the blockchain from the hologram interview (normies like videos, so send youtube link with the timestamp)
  2. the quote from oct 4 (his last message) about wikileaks changing, him stepping down and finding a way to avoid censhorship (again, timestamp video)
  3. then showing that cablegate is in the blockchain
  4. explaining why the blockchain ‘cannot be changed’
  5. then showing the timing of the ddos, internet cut, the fact that the director gavin was dying during the ddos, and how the blockchain got flooded on oct 21st and oct 27st.

this was my personal experience over the last two months. everyone is different so you can build your own strategy. i have tried to start with tech people by showing them one of the gpg files sent by wikileaks on the blockchain and they dont give a fuck until they quotes and read ruberhose. people dont care about proof of life, him missing or anything. some trump people care about how the emails are not completely there, they stopped before 10 weeks and that the deleted emails never came out.

For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.
-Julian Assange, Nantucket Project, Sept 28 2104
https://youtube.com/watch?v=MaB3Zw5_p9c [Embed]&feature=youtu.be&t=7m06s

Wikileaks needs to change in order to survive and thrive through the next few months… If necessary of course, if I’m not able to continue or the Ecuadorian people are unreasonably blamed for Wikileaks’ publications, I will have to resign as editor, but our publications will continue. The part of the necessary defense of Wikileaks, we have engaged in a new project to recruit people across the world to defend our publication - and we’ll give details of that as the weeks go by… …we will issue guidelines about how you can promote Wikileaks publications without censorship.

there is data in input and output scripts
make sure you don’t have this line in your code
length = struct.unpack(‘<L’, dataout[0:4])[0]
checksum = struct.unpack(‘<L’, dataout[4:8])[0]
dataout = dataout[8:8+length]


Anonymous 12/22/2016 (Thu) 03:39:34 [Preview] No. 361 [X] del

crawl from the cablegate backup

python jean.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > out1

python jean.py d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635 > out2

python jean.py cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c > out3

./trid out1
100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated) (3001/2)

./trid out2
100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated) (3001/2)

./trid out3
100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated) (3001/2)

keep crawling from there and you’ll find a lot more


Anonymous 12/22/2016 (Thu) 06:19:09 [Preview] No. 396 [X] del >>408>>419

Scan the entire blockchain and save everything, that means all:
decoded input
input hex
decoded output
output hex

After you save the entire thing, use these cheat codes:

sudo apt-get install rsakeyfind
sudo apt-get install aeskeyfind
sudo apt-get install aesfix

Take the entire stuff you got from blockchain and put it in a memory image. Then:

Run rsakeyfind on data to find RSA keys
Run aeskeyfind on data to find AES keys
If you find a corrupted AES key, try using aesfix

You’ll get all the RSA and AES keys in the blockchain. Then search for all these checksums:

http://zerobinqmdqd236y.onion/?0663280c2bcd12ce#1fIcSERfAIqbq4/sM3D6GuguSbQ1HdYy3q0x9oFmT+k=
http://zerobinqmdqd236y.onion/?56b4c8c49c62c7b5#VEFaK7MBuyDAyJmg/GDgoIEV2PZ1ZXxfMJYtexFA+Zw=
http://zerobinqmdqd236y.onion/?5677061058c45134#KAQgvYoulFti4AHXQJXdQPmnlb4+tE9bTRQxi7r2NxY=

http://zerobinqmdqd236y.onion/?47efdb06b80fccfa#oI74/sbXomHCVsZ+Ux0T4iZi0LYOtjyPzndqAOgkLb4=
http://zerobinqmdqd236y.onion/?7e446df674013eba#nvIXrvcdLi7iKsM16mX/4OJDgaeS9kZU9l+85qpf5yY=
http://zerobinqmdqd236y.onion/?0d05f8455e9b8d88#fSjEocuR+D1YSB2dDcVeqYda7Bz/LbpYzIx9oEuMZD4=

At that point you will have found the upload evidence for all 10 million documents.

Finally, use the instructions in the deleted endchan thread and you’ll find all the leaks that haven’t gotten out.

If you do this and are able to figure out a way to spread the information (maybe an interpretative dance that can be used to get the info somehow) then congratulations you just saved the world.


Anonymous 12/22/2016 (Thu) 20:37:52 [Preview] No. 460 [X] del

(1019.94 KB 500x260 thisisnow.gif)

(940.33 KB 627x502 knowmore.gif)

If someone has a box to spare. Here’s how you can help right now.

Go here: http://boards.4chan.org/pol/thread/104000502 and tell them about:
https://endchan.xyz/POLAK/res/15.html
and
https://2hu-ch.org/thread-0150e376c0bf778c0f04d49b8f3988ea06b61d7c.html

If you have a strong stomach, you can also recruit people from here:
https://www.reddit.com/r/WhereIsAssange/comments/5jh5au/endchan_post_detailing_supposed_progress_in/
and
https://www.reddit.com/r/WhereIsAssange/comments/5h3xch/the_great_blockchain_search_discord_update/

Remember that in order for this to finally reach the public you will have to collaborate with people you would never talk to on the Internet. We will have a flood of normies trying to learn. We all should do our best to teach them. We also have to teach them how to deal with shills, OPSEC, and permanent logging.

If you are a normie and somewhat organized you could greatly help by going through the threads in docs.png and creating an image with important posts and information about what is going on.

Collaboration is going to be key this week.


Anonymous 12/23/2016 (Fri) 00:59:56 [Preview] No. 596 [X] del

NEW CODE TO DO THIS:

For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.
-Julian Assange, Nantucket Project, Sept 28 2104
https://youtube.com/watch?v=MaB3Zw5_p9c [Embed]&feature=youtu.be&t=7m06s

https://github.com/WikiLeaksFreedomForce/Blockchain-downloader/blob/master/wlffbd/hashsearch.py

raw way

http://gateway.glop.me/ipfs/QmZ7v1pXQ72mSJtWtUYaP7AK53q9JzbXFTmbfVFc6LmCAv/hashsearch.zip
Works on output from https://github.com/WikiLeaksFreedomForce/Blockchain-downloader/blob/master/blockchain_downloader.py

python wlsearch.py


Anonymous 12/23/2016 (Fri) 22:24:20 [Preview] No. 746 [X] del >>756

Regarding Assange getting his Internet back, few things to consider:

A good step towards proof of life would be him signing anything with his public key.

The opposition has all kinds of excuses for why he might not be able to do this.

However, if Assange got his Internet back, the first thing he would do is read the new leak submissions.

In order for him to read any leak submission, he needs access to his private key. Every submission is made using the Wikileaks public key. https://wikileaks.org/#submit_wlkey

If Assange or someone else is able to read submissions, they can sign a file and proof that someone has access to his key.

If Assange or someone else has access to the key and don’t use it to sign anything, they are not interested in showing that Wikileaks is still reliable as a safe, anonymous submission system.

If Assange or someone else had lost access to the Wikileaks public key, they would have revoked it and changed the public key required to submit any leaks to them.

If Assange or someone else do not make any statement regarding the status of the key and keep the submission instructions and visible (on Twitter and every html page on the site) public key, then they still have access to it or do not care about submissions.

In simpler terms:

If they still have access to the key, then they can sign with it.
If they don’t have it, then they would have revoked and changed it the moment the lost it.
If they didn’t know they lost it, then Wikileaks has not cared about leak submissions or communications since October 16.

None of the current outcomes are compatible with the statements and actions made by Wikileaks and Assange regarding this issue in their 10 year history.

QED

Remember to always use ACH when analyzing complicated situations:
https://en.wikipedia.org/wiki/Analysis_of_competing_hypotheses#Process


Anonymous 12/24/2016 (Sat) 00:55:26 [Preview] No. 766 [X] del >>1014

>>761
decryption is done in the first 256 bytes so that’s all you need to check.

here’s an example,

first make an encrypted file with openssl,

openssl aes-256-cbc -in blockchain-sql.7z -out block.aes256 -k test

(password is ‘test’)

copy a few bytes from the beginning,

head -c 2560 block.aes256 > snippet

to see the information on the full file do this,

openssl enc -aes-256-cbc -pass pass:test -d -P -in block.aes256

you’ll get something like this:
salt=1918B41E8B10FAE7
key=8A8F02AE3133122E132762B20A9E04121A1B4B7D60DEDEA3097B759BE554A1F0
iv =588F3CEAC295D353EC66DDF6805C5710

if you do it on the snippet you get this:

openssl enc -aes-256-cbc -pass pass:test -d -P -in snippet
salt=1918B41E8B10FAE7
key=8A8F02AE3133122E132762B20A9E04121A1B4B7D60DEDEA3097B759BE554A1F0
iv =588F3CEAC295D353EC66DDF6805C5710

which is the same. (you can check the salt of any encrypted file by opening it with a hex editor and looking at bytes 8-16 which follow ‘Salted__’)

If you try with a wrong password, it will different, for example,

openssl enc -aes-256-cbc -pass pass:wrong -d -P -in snippet
salt=1918B41E8B10FAE7
key=C8D05A985E929EAC6153024B4A6E1673C85FD474B4108D0DCADD365A435E2C9E
iv =A34052C10470A2BFAB1C0BA586FA5668

now to decrypt,

on the original file,

openssl aes-256-cbc -d -in block.aes256 -out unlocked.7z -k test

it works and you get unlocked.7z

openssl aes-256-cbc -d -in snippet -out snippetunlocked.7z -k test

you get ‘bad decrypt’ because you do not have the full file, but if you look at the decrypted bytes in snippetunlocked.7z

head -c 8 snippetunlocked.7z

you get

7z¼¯’^^@^C

which shows it is a valid 7z file.


Anonymous 12/24/2016 (Sat) 07:30:04 [Preview] No. 835 [X] del >>838>>859>>860

>>799

1.) LARPERS. They know nothing, they know they know nothing, but are using others works to spread their larp. Concrete LARP is “key can’t be uploaded or insta-nuke”. That’s simply not true.
Post the sdn list >>635 on a site outside the this thread. Post it in plaintext or better yet the content of those sites. Then post a link to that thread. Or even better, post the steps to get the GPG files after cablegate in here >>760. Show how badass you are by posting it and proving how pathetic the people on this thread really are. Or just post these steps >>345 on a normal site. Go ahead. Do it and prove that it’s not real. Here’s a new link in case you’re an idiot and can’t find it:

http://download.cabledrum.net/cablegate/cables.csv/z.gpg
gpg -d z.gpg > z_encrypted.7z
#Passphrase: >“ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay#”
7z x z_encrypted.7z

2.) The people the LARPers are basing their larp off of. Real work being done in the blockchain. Has born little to no fruit so far, and none of which is keys (new keys, anyway). These people can’t really explain it, at least not all of it, because they just are running someone elses code.

There’s evidence of thousands of files in the blockchain in this thread. If you don’t understand it. Leave the thread, use google and come back. Every wikileaks file has a transaction in the blockchain >>88 This public and there’s nothing you can do about it.

3.) The people who write the code. These people are the most knowledgeable, however, not one person who has written the code leaves comments, or gives a detailed guide.
This is the only ‘comment’ you need
unhexlify Return the binary data represented by the hexadecimal string.
Do that to the blockchain.
Data comes out.
End of explanation.

4.) People who want a detailed guide before fucking their PC over.
Every person that uses bitcoin already has this data on their computer. Reading it does not ‘fuck’ a PC over.

4a.) People who try to follow a mixture of bullshit (LARP) and legitimate code.
Try
Learn how to use a computer. Then shill.

5.) People who will not follow the steps, but proclaim it all to be 100% gospel.
Those people don’t even know how to find this thread and left when ‘countdown meme’ didn’t work out.

5a.) People who will not follow the steps, but are asking for more information, while stating without information it is bullshit.
Those people don’t even bother finding a thread on a shitty site that no one visits. The only people who come here to say it’s bullshit are shills. Do you go into magic crystal stores to tell them it’s pseudo-science?

5b.) Its bullshit.
I don’t see people going into michael jackson is alive threads and telling them is bullshit. Somehow there’s a lot of people here.

5c.) You’re a shill
Or part of the mental botnet of being a skeptic that doesn’t believe anything until it’s on CNN or you can google it while somehow simultaneously knowing that it’s all bullshit.

6.) Observers.
Most people here. In fact, the people that understand this don’t ever post, run the shit on their computers in private and then decide it’s not worth making public.

7.) Pizzagate fags.
These people don’t understand how encryption works. If they did, they would have already found all the evidence they need. They are still rocking Windows and playing vidya on breaks.

The only people here are, curious people, people trying to teach others how to do this, and shills. That’s it. Simple.


Anonymous 12/24/2016 (Sat) 23:13:13 [Preview] No. 922 [X] del >>923>>926>>929>>935

>>862
>>863
>>864
>>865

The story the media is running is that the protest “erupted” around October 29 due to one of the cables on Wikileaks: https://wikileaks.org/plusd/cables/07SEOUL2178_a.html That cable has been online since 2010. In fact, the unredcated cables have also been online since 2010 >>683 You can check for that cable in the blockchain (uploaded in 2013) or in the encrypted unredacted cables file (2010).

Let’s now look at the timing.

If you look at the reporting on this news, the protests began on Oct 28/29:
http://www.telegraph.co.uk/news/2016/10/29/secret-advisers-nepotism-and-even-rumours-of-a-murky-religious-s/

Oct 29
http://www.reuters.com/article/us-southkorea-politics-idUSKCN12T08V
Oct 29
https://www.washingtonpost.com/world/asia_pacific/south-koreas-presidency-on-the-brink-of-collapse-as-scandal-grows/2016/10/28/7639a2cc-1700-4ef7-a3a4-661b3ff989c4_story.html?utm_term=.c890d36d3735
Oct 29
http://www.nytimes.com/2016/11/29/world/asia/park-geun-hye-south-korea-resign.html?_r=0

On Nov 29 Park Geun-hey says she’s willing to resign:
http://www.nytimes.com/2016/11/29/world/asia/park-geun-hye-south-korea-resign.html?_r=0

Nov 29

Here is a reddit post about how the media is not covering the situation in the US: https://www.reddit.com/r/WikiLeaks/comments/59z06x/breaking_media_blackout_regarding_korea/

Now consider the fact that keys were first released on Oct 27, and then again in Nov 25. Why would South Korea suddenly erupt into a protest where two million people took to the streets on Oct 29 because of a document that has been available since 2011?

They were not protesting a five year old document. That five year old cable is the only thing the media was able to find that is already public. The insurance files were unlocked two days before the protests began. On November some of them came here to recreated the steps. That group (which had people from many countries) was successful on Nov 25.


Anonymous 12/25/2016 (Sun) 01:16:37 [Preview] No. 927 [X] del >>929>>930

>>926
http://www.telegraph.co.uk/news/2016/10/29/secret-advisers-nepotism-and-even-rumours-of-a-murky-religious-s/

A newly released Wikileaks cable from the US embassy in Seoul described him as having “complete control over the body and soul of the president in her formative years” in 2007.

https://www.washingtonpost.com/world/asia_pacific/south-koreas-presidency-on-the-brink-of-collapse-as-scandal-grows/2016/10/28/7639a2cc-1700-4ef7-a3a4-661b3ff989c4_story.html?utm_term=.3369761fa267
“Rumors are rife that the late pastor had complete control over Park’s body and soul during her formative years and that his children accumulated enormous wealth as a result,” read the cable, released by WikiLeaks.

http://www.usatoday.com/story/news/world/2016/12/09/profile-south-korea-park-geun-hye/95186340/
“In 2007, a leaked diplomatic cable published by WikiLeaks revealed the U.S. Embassy in Seoul had noted Choi was often referred to as “Korea’s Rasputin” and that there were bizarre rumors circulating that Choi “had complete control over Park’s body and soul during her formative years and that his children accumulated enormous wealth as a result.” Park was forced to deny she had a child by Choi.”

http://www.wsj.com/articles/a-presidential-scandal-transfixes-south-korea-1480112351
"Opponents depicted her as having fallen under the control of a “Korean Rasputin,” according to a hacked U.S. diplomatic cable from the embassy in Seoul published by WikiLeaks. The cable cited widespread rumors “that the late pastor had complete control over Park’s body and soul during her formative years.” "


Anonymous 12/25/2016 (Sun) 02:19:59 [Preview] No. 944 [X] del >>948

>>15
some people are finding that insurance files don’t match their hashes. remember to check here:

insurance.aes256:
sha1: cce54d3a8af370213d23fcbfe8cddc8619a0734c

WikiLeaks insurance 20130815 - A (3.6gb)
SHA256: 6688fffa9b39320e11b941f0004a3a76d49c7fb52434dab4d7d881dc2a2d7e02

WikiLeaks insurance 20130815 - B (49gb)
SHA256: 3dcf2dda8fb24559935919fab9e5d7906c3b28476ffa0c5bb9c1d30fcb56e7a4

WikiLeaks insurance 20130815 - C (349gb)
SHA256: 913a6ff8eca2b20d9d2aab594186346b6089c0fb9db12f64413643a8acadcfe3

WikiLeaks Insurance 20160603 (88gb)
SHA256: 1df5bcfa13d1e728e6f37a15ba7cd1354e3d1e41b46b1295c3ab835542528bec

WikiLeaks Insurance 20161107 - EC (512mb)
SHA256: b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995

WikiLeaks Insurance 20161107 - UK (1.3gb)
SHA256: 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340

WikiLeaks Insurance 20161107 - US (3.0gb)
SHA256: ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002

https://wiki.installgentoo.com/index.php/Wiki_Backups
https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010

if they don’t match post where you downloaded the file from and then diff it to one that matches the hash.


WE ARE PHASE3 oldfag Wed Nov 16 23:06:58 2016 >>5b30554cf29073d3ae [Reply] [x]

f385c76d8ba1d4d39a92b92f001a5f1304175c74

I declare this to be a throw away bunker.
==IF YOU DETECT SOMETHING FOREIGN ABANDON THREAD==


Anonymous Wed Nov 16 23:30:22 2016 >>5bd3397b509c8a4135 [Reply] [x]

THREADS:

FILES:

BM: [chan] wikileaks
[name] BM-2cVFHKC263sXfXYF7JU3n4FPLY9HD5H7SC

HASH SHIT:

  • US Kerry [1]- 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809
  • UK FCO [2]- f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74 EC [3]- eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72
  • sha256sum 2016-11-07_WL-Insurance_US.aes256 ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002
  • sha256sum 2016-11-07_WL-Insurance_UK.aes256 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
  • sha256sum 2016-11-07_WL-Insurance_EC.aes256 b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995
  • https://wiki.installgentoo.com/index.php/Wiki_Backups
  • https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010

FBIANON:

OPENSSL BUG:

The EVP_BytesToKey key derivative algorithm uses md5. It is trivial to break the key for the first block. >AES decrypts in blocks 256 bytes at a time. take one of the insurance files, copy the first 256 bytes, make a new tiny file and use the key on that. if the data is compressible or has runs on zeros or consant values or has some known values in it, then the key is right

Applications of SAT Solvers to Cryptanalysis of Hash Functions | SpringerLink

head -c 256 file > newfile

salts

strings wlinsurance-20130815-A.aes256 | head -c 16

BITCOIN LEADS:

691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c 
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635 
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c 
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df 
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1 
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db 
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be 
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e

Anonymous Wed Nov 16 23:38:29 2016 >>c3c2551e4de82e1ca6 [Reply] [x]

OP_RETURN data scraped from BTC Blocks around 15th Oct. Planning on doing up until 25th Oct, but power outage and not sure where it stopped:
gateway.glop.me/ipfs/QmXfLkggUEdNvJt4ZKHZLxL4kdi19pWX6G6JVeZ4doodTE/434304 434250ish.txt.gz
(HINT: Bruteforce the insurance files!)

Script for you to perform this OP_RETURN scrape yourself:
gateway.glop.me/ipfs/QmaVdcqSowfbr58295ipeZxUU97FmqLXBadBgjcXwuqXa9/block-opreturn-finder.py

Change RPC user/pass in code (txindex = 1 must also be set in bitcoin.conf).

Use with:
python block-opreturn-finder.py blocks 434304 435711 # Oct 15 through Oct 25


Anonymous Wed Nov 16 23:48:02 2016 >>cf7ef0caf8c183f294 [Reply] [x]

SITE FUCKERY:

For one example, go to Index of /torrent/
Ctr+F ‘09-Nov-438498967 06:00’, which is not the format the use for dates.
Look at the file. You can download a copy of this file from Oct 21 2016 here: https://archive.org/details/SaudiArabiaDatabaseFromWikileaks
and from June 2015 here: https://archive.is/TdJ4t
You can then use the ‘diff’ to compare the files. The output is ‘the binaries differ’.
That torrent file timestamp was corrupted as back as Jul 25 http://archive.is/09Gu5
podesta 33 started at 53000. podesta 32 ended at 52481. they skipped 518 that are online 52481-52999. duplicates everywhere doing empty search gives you less emails than there are online.
wikileaks still shows 27515 emails for the dnc but in reality there are 44052 (16537 emails are not indexed) TWITTER FUCKERY:
video posted with accidental link https://twitter.com/wikileaks/status/795706165971841024
seems like a random fan girl is running the account https://twitter.com/m_cetera


Anonymous Wed Nov 16 23:56:22 2016 >>b35f20b30ce3ce8499 [Reply] [x]

BLOCKCHAIN ATTACKS:

I know the mempool was flooded a day or two afterwards (40000 transactions as opposed to the usual 4000 or so), but this could’ve been an attack to thwart and discourage adoption of Bitcoin 0.13.1 (SegWit) by those that don’t support it. (The timing here is suspicious.)

10/26

43000 unconfirmed transactions in the mempool. $10 fees.

https://www.reddit.com/r/Bitcoin/comments/59qiyg/is_there_some_attack_going_whats_with_large/

11/7

https://www.reddit.com/r/Bitcoin/comments/5bizrb/1block_confirmation_fee_estimates_are_absurdly/

MANNING STATEMENT:
https://www.documentcloud.org/documents/3213878-Binder2.html


Anonymous Thu Nov 17 03:03:09 2016 >>cf504945762c54791f [Reply] [x]

The Litecoin blockchain scrape is now ready (blocks 1078900-1089000)

strings opreturns.txt:
.3V6
KH%i
<G3c"p&>
T=R7
y+y?
3-H-r
n5`/t
H@W99)
{0Z&
C"^U
hello!
hello!
&WJ#
rClZz
i;ki
$zt"W
"I_?_
8 9R
)Q*z
Tq$y-
hello!
hello!
hello!
hello!
hello!
hello!
hello!
hello!
hello!
hello!
china
12345678901234567890
Yager 's Block App
Better late than never
Just do it
Say hello to eveyone
Letter is first block app
uHzl#
**db
5U s
ahBxL
e"Mh%R
3?S$
012345678901234567890123456789012345678

The original output file is uploaded here:
h ttp://gateway.glop.me/ipfs/Qma14B5qkrWLBqJDDBqWJkqrAbQN44m1AkhVQE3M3z84H2/opreturns.txt.gz

sha1sum opreturns.txt.gz
6cfd2ba90a04a6719a6999b4b50707e95b0a8c8b opreturns.txt.gz

Unfortunately I was a retard and didn’t redirect stdout to a file, so I don’t have the transaction id’s for those.

ps. I bet this line is the encryption passphrase: 012345678901234567890123456789012345678


Anonymous Thu Nov 17 15:23:18 2016 >>731c0e1a28b01bc58d [Reply] [x]

GETTING TIMESTAMPS FROM THE BLOCKCHAIN:

gateway.glop.me/ipfs/QmerhXbKc9UmeEtudXN1DA81BYEMcCy9wREXKcPEPihcMe/blockchainstamps.txt

WE NEED STAMPS FOR ALL INSURANCE FILES STAT. DUMP ON THIS THREAD AND BM.


Anonymous Sun Nov 20 03:28:52 2016 >>1053e63e2d35892dc7 [Reply] [x]

THREADS WITH DELETED KEYS:
https://8ch.net/pol/res/7931897.html
https://web.archive.org/web/20161023211637/http://8ch.net/pol/res/7931897.html
https://8ch.net/pol/res/7933031.html
https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
https://8ch.net/pol/res/7962287.html
https://web.archive.org/web/20161029143658/http://8ch.net/pol/res/7962287.html
https://8ch.net/pol/res/7946506.html
https://web.archive.org/web/20161030073742/http://8ch.net/pol/res/7946506.html
https://web.archive.org/web/https://boards.4chan.org/pol/thread/93319969
https://web.archive.org/web/20161019170505/http://8ch.net/pol/res/7881571.html
https://archive.fo/K2oGX
https://archive.fo/jBS6q
https://archive.fo/vr16Q
https://archive.fo/koTtO


Anonymous Sun Nov 20 04:13:39 2016 >>fe5c4ffa76090ff711 [Reply] [x]

MISSING EMAILS WORK IN PROGRESS: https://www.reddit.com/r/DNCleaks/comments/5cljkp/work_in_progress_wikileaks_the_missinglosthidden/


Anonymous Sun Nov 20 08:44:25 2016 >>eb62b100a5bd705b20 [Reply] [x]

C CODE TO READ LOCAL BLOCKCHAIN: http://gateway.glop.me/ipfs/QmRWjFfGzhtxMLdrHXeCAPFvqyrQPRebpEzpNANfhfTMxA/block-reader.c

/*
A simple Blockchain .dat file reader.
Dumps the fields from a local Blockchain file.

To use:

gcc block-reader.c -o block-reader
./block-reader ~/.bitcoin/blocks/blkXXXXX.dat

Remove the usleep() calls to make it dump faster, but it’s
not worth it because the program will spit it out way
too much information. The next version will actually
do something with the information, but for now this is
a good starting point.
*/


Anonymous Mon Nov 21 01:33:57 2016 >>5d11da0757232e1b41 [Reply] [x]

EVP_BYTESTOKEY CODE:

I cannot understand the flow paths in the OpenSSL code. The whole library is junk. Someone needs to read the code and annotate it and tell me which branches it is taking. I am too busy to do this right now.

Implementations:
JS: https://github.com/crypto-browserify/EVP_BytesToKey/blob/master/index.js
JAVA: http://stackoverflow.com/a/11786924
Crypto (C++): https://www.cryptopp.com/wiki/OPENSSL_EVP_BytesToKey
Python: http://security.stackexchange.com/a/117654
C#: https://gist.github.com/caspencer/1339719
Original: https://github.com/openssl/openssl/blob/master/crypto/evp/evp_key.c#L74

The process by which the password and salt are turned into the key and IV is not documented, but a look at the source code shows that it calls the OpenSSL-specific EVP_BytesToKey() function, which uses a custom key derivation function with some repeated hashing. This is a non-standard and not-well vetted construct (!) which relies on the MD5 hash function of dubious reputation (!!); that function can be changed on the command-line with the undocumented -md flag (!!!); the “iteration count” is set by the enc command to 1 and cannot be changed (!!!). This means that the first 16 bytes of the key will be equal to MD5(password||salt), and that’s it.

“The first 16 bytes are actually derived using PBKDF1 as defined in PKCS#5 v1.5. The next 16 bytes would be MD5(PBKDF1(PASSWORD, SALT) || PASSWORD || SALT) and the IV would be MD5(MD5(PBKDF1(PASSWORD, SALT) || PASSWORD || SALT) || PASSWORD || SALT)”

openssl enc -aes-256-cbc -pass pass:p@ssword -p -in example_in -out example_out

salt=649722630B619D74
key=F6EEA040C6BDD0EF1429C4CF4FE09FD3EA1C9BDE96B6B41DBFF838E408628BBE
iv =576F54891CADC222492E038F8ECE557A

http://gateway.glop.me/ipfs/QmTm3MJ36RUauRx2AKpgDF6fLWpMwUvdu1txf6WaWwRxED/example_in
http://gateway.glop.me/ipfs/QmRGV3SqTqAQMdTfMawCfAWuKt3Q7mDt1GG8Bqp7vnUcrg/example_out


Anonymous Mon Nov 21 03:16:08 2016 >>b3e2f2015f2230575b [Reply] [x]

EXTRACTED EVP CODE:

Download: http://gateway.glop.me/ipfs/QmZudb4s2nF5JgdeFA1nKzs6MtvaPr58rR4LzddZqYir3s/evp_test.py

It recreates EVP_BytesToKey completely outside of OpenSSL.

Example:
python evp_test.py md5 ‘p@ssword’ ‘64 97 22 63 0B 61 9D 74’

salt=649722630B619D74
key=F6EEA040C6BDD0EF1429C4CF4FE09FD3EA1C9BDE96B6B41DBFF838E408628BBE
iv=576F54891CADC222492E038F8ECE557A

Which is the same as doing.

openssl enc -aes-256-cbc -pass pass:p@ssword -p -in example_in -out example_out

salt=649722630B619D74
key=F6EEA040C6BDD0EF1429C4CF4FE09FD3EA1C9BDE96B6B41DBFF838E408628BBE
iv =576F54891CADC222492E038F8ECE557A

http://gateway.glop.me/ipfs/QmTm3MJ36RUauRx2AKpgDF6fLWpMwUvdu1txf6WaWwRxED/example_in http://gateway.glop.me/ipfs/QmRGV3SqTqAQMdTfMawCfAWuKt3Q7mDt1GG8Bqp7vnUcrg/example_out


Anonymous Mon Nov 21 04:13:16 2016 >>86088fd42ffa2a2007 [Reply] [x]

Friendly reminder. https://www.youtube.com/watch?v=MaB3Zw5_p9c&feature=youtu.be&t=7m06s

Can someone please run this already. It’s really simple but no one has done it. http://gateway.glop.me/ipfs/QmXQXg4gMknboHDUHctmfQqZYucy2YaVESerRRrjsbZVpH/stamps.txt


Anonymous Mon Nov 21 23:02:30 2016 >>db6ae9ff11592f521b [Reply] [x]

>>9e2581f80d

NORMIE DUMP: Tutorial (getting cablegate.zip and other files):
https://www.reddit.com/r/WhereIsAssange/comments/5e55p3/a_simple_blockchain_decoding_tutorial/

Code:

Leads:
Blocks 434304-435711, 383000-383100
http://s6424n4x4bsmqs27.onion/.media/t_8bb6afe8feb8a9836a9b23a505c14809-imagepng
691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
https://blockchain.info/tx/6ad9a4728d3a06dc6452324f67cf5dea9a8bc5b286089e6a04b884135b9dafe0 https://bitcointalk.org/index.php?topic=260881

‘’‘Important’‘’ dates:

18 October: large number of Wikileaks bitcoin transactions
https://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v

26 October (01:21:35): Endchan post on how to use bitcoin data to produce cables.
https://endchan.xyz/pol/res/20366.html#20607

26 October (02:00:00) Bitcoing transaction fees increase dramatically, occurs 39 minutes after the above post.
https://imgur.com/a/steMy

26 Oct: The blockchain is blocked with $10 fees, 43000 unconfirmed transactions appear in the mempool, Bitcoin 0.13.1 is released and a ‘soft fork’ begins:
https://bitcoin.org/en/release/v0.13.1
https://endchan.xyz/pol/res/20366.html#q20647

7 Nov: Absurdly high transaction fees.
https://www.reddit.com/r/Bitcoin/comments/5bizrb/1block_confirmation_fee_estimates_are_absurdly/

Misc attacks:
https://np.reddit.com/r/WhereIsAssange/comments/5dtsnc/blockchaininfo_most_widely_used_site_to_check/
https://np.reddit.com/r/Bitcoin/comments/573lis/it_looks_like_blockchaininfo_has_been_dns_hijacked/


Anonymous Tue Nov 22 01:02:12 2016 >>db0dab7b4ae7420326 [Reply] [x]

[[[ To any NSA and FBI agents reading my message: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden’s example. ]]]

Canary not updated for a week:
Canary - riseup.net
Fingerprints no longer appear:
Certificates - riseup.net
Fingerprints deleted:
update signed cert page · riseupnet/riseup_help@8a8c98e · GitHub
https://twitter.com/riseupnet/status/797142735283257345


Anonymous Wed Nov 23 19:41:18 2016 >>953db33e1b070b57df [Reply] [x]

>>0b65397c83

fees

There were some recent spikes in fees on Oct 27, Nov 7, and yesterday (Nov 22). This is easy to verify and there are several links to sources in this thread. It could be a coincidence, but these increases have taken place when users have found new information and attempted to encode it in the BTC blockchain. This can be verified by looking at the dates of certain posts in this thread. Large fees and a flooded mempol prevent us from encoding messages for others to recreate what was done here. However, there are other cryptocurrencies. I recommend pushing to BTC, Litecoin, and another cryptocurrency that starts with the letter ‘M’.

Look for duplicate OP_RETURN data
This is very important.

if any of the outputs contain “911”, also pay attention.

Some suspect that these transactions are made by BTC bot/scammers. I’ll post some of that information for completeness. I don’t recommend anyone follow this lead directly as the steps posted above are sufficient for users to find all of the messages. Kelly Kolisnik tweeted 1BpjNVeYm6kiER2m7N6FXy3zNZbqEkp1Tm on Nov 21st. That wallet is involved in a 911 transaction which can be seen here: https://blockchain.info/tx/dfd7522529bd9af9556d68af2214a068f6de66b5e11488e84deede26c817bde6 Taking Snowden’s tweeted hash and turning it into a BTC wallet results in 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg. If you look at that wallet, you will see several transactions with 911. https://blockchain.info/address/1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg Note the dates and compare them to the date of the tweet

ICMP packets
It’s good to have firewalls and to use something like Wireshark to track what’s going on. However, I strongly recommend you do all your blockchain work in a computer that’s not connected to the internet. When you find something and want to communicate your findings to others, use redundancy. My advice is to post the information on a darknet site, clearnet site, regular site, BM, and in person to someone in your group. In that order. If you are able to encode messages into the blockchain, that should be the first thing that is done. If you find something sensitive in the blockchain, do not send others any information about what is it, or where it was found. Instead, send them an actual piece of the blockchain that contains it first, and then explain.


Anonymous Wed Nov 23 19:54:26 2016 >>4e5688bfff7670b41b

>>6ad2894ab0
SALTS:
insurance.aes256 DE 18 1B 73 EF F3 5E 39 DA
wlinsurance-20130815-A.aes256 0F 0B DA 00 F0 35 9A 0F C8
wlinsurance-20130815-B.aes256 AB C2 04 75 6B AB 85 BE 30
wlinsurance-20130815-C.aes256 73 6B 46 4C 2F 84 9A C2 A4

INSURANCE SNIPPETS:
http://gateway.glop.me/ipfs/QmUUiWf1KLshZBQWHDt8yVaabHdMjJA2g1md7YS8qsvMci/insurance.aes256.5120
http://gateway.glop.me/ipfs/QmZHmQrNuBL1MJEi3cSn7bYoLShLiqGue5oeqZmcvHtBD6/wlinsurance-20130815-A.aes256.5120
http://gateway.glop.me/ipfs/QmRRAnoHgZGqMrJodHA3Nj6GeQ5j4y1AHUbG8MgVXWshMH/wlinsurance-20130815-B.aes256.5120
http://gateway.glop.me/ipfs/QmPCPmGwyCghyMrVENUB1AEbzkZ9dULE9rBJcVMqc5RG1M/wlinsurance-20130815-C.aes256.5120
http://gateway.glop.me/ipfs/QmNdwpvqWXkYsxPnjoL8rSZZpVDRDNu3YYvddsQ7dLdrEC/2016-06-03_insurance.aes256.5120


Anonymous Wed Nov 23 22:25:47 2016 >>83d81059da9a636225 [Reply] [x]

>>4e5688bfff
>>36a3319908

INSURANCE SNIPPETS:
http://gateway.glop.me/ipfs/QmUUiWf1KLshZBQWHDt8yVaabHdMjJA2g1md7YS8qsvMci/insurance.aes256.5120
http://gateway.glop.me/ipfs/QmZHmQrNuBL1MJEi3cSn7bYoLShLiqGue5oeqZmcvHtBD6/wlinsurance-20130815-A.aes256.5120
http://gateway.glop.me/ipfs/QmRRAnoHgZGqMrJodHA3Nj6GeQ5j4y1AHUbG8MgVXWshMH/wlinsurance-20130815-B.aes256.5120
http://gateway.glop.me/ipfs/QmPCPmGwyCghyMrVENUB1AEbzkZ9dULE9rBJcVMqc5RG1M/wlinsurance-20130815-C.aes256.5120
http://gateway.glop.me/ipfs/QmNdwpvqWXkYsxPnjoL8rSZZpVDRDNu3YYvddsQ7dLdrEC/2016-06-03_insurance.aes256.5120
http://gateway.glop.me/ipfs/QmcDMXxr99Fi583oZKYqFzg8TwomugeV49oFkMrtGHEJ6Z/2016-11-07_WL-Insurance_EC.aes256.5120
http://gateway.glop.me/ipfs/QmPAoxkRcJERJEyj3uXsnKwe819WkqnX2Gp1VgpoaxLtys/2016-11-07_WL-Insurance_UK.aes256.5120
http://gateway.glop.me/ipfs/QmaYUUco1VtVurovbrtboMvu6kvFp9pdz6CEA97ftxojy5/2016-11-07_WL-Insurance_US.aes256.5120


Anonymous Wed Nov 23 22:55:08 2016 >>904c98a184e6db0b19 [Reply] [x]

CODE (ENCODING): http://gateway.glop.me/ipfs/QmXV7haSznR3LQtrVEejrSQueVbZ1u5s6ASGHCfWVnNvbD/bitcoin-insertion-tool.py

http://gateway.glop.me/ipfs/Qmdd3u4FdrMwM5z4MfgCAwnDkXTb6taUXd1FA1Drjmryhh/send-op-return.py

https://21.co/learn/embedding-data-blockchain-op-return/#creating-and-sending-the-transaction


Anonymous Thu Nov 24 00:17:41 2016 >>1071a7d26944d289b8 [Reply] [x]

RIP Wikileaks
2006 - 2016

https://twitter.com/CommunityWL/status/801556815955820544

https://our.wikileaks.org/Main_Page
https://our.wikileaks.org/Category:Investigations
https://our.wikileaks.org/Getting_Started


Anonymous Thu Nov 24 07:48:12 2016 >>45d6ccd831ef582c59 [Reply] [x]

While we wait to get a proper database… here’s a script that will give you a transaction list for each BTC address (it just scrapes blockchain.info):

http://gateway.glop.me/ipfs/QmS6cQ14HgdfR8H2RLStTsYP8oikoMrwYQDLf243rtuoJ8/get_wallet_txs.py
https://codepaste.net/rzo26r

Example:
python get_wallet_txs.py 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE
Will save the list to 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE_tx_list.txt

And here’s a script to find transactions with encoded files. Scans all transactions made by a wallet. Prints tx id and file type. Saves decoded data and a list of tx ids.

https://codepaste.net/dm1hyo
http://gateway.glop.me/ipfs/QmPidNDyo9Zn89BeGsFMErhjQ9zcurkVYCveJC6pC9fKHo/get_files_in_wallet.py

Setup:

Download TrID http://mark0.net/soft-trid-e.html
Do ‘chmod +x trid’
Download tridupdate.py http://mark0.net/download/tridupdate.zip

Do ‘python tridupdate.py’

TrID and get_files_in_wallet.py should be in the same directory.

Example:
python get_files_in_wallet.py 1C3WStWpfCmsoG5WmDeaYSwAeEY1ncWQoh
It should find a PDF. It will save all decoded data from transactions, a list of tx ids and a list of tx ids that include file headers.


Anonymous Thu Nov 24 21:27:06 2016 >>89004de07d4fb1b10a [Reply] [x]

Bug fix: http://gateway.glop.me/ipfs/QmZNLgLEtjyeJjVGrfqowSuoZuETL54LYGPeQiLAkegevY/get_files_in_wallet.py

python get_files_in_wallet.py 3CaaFJF39T9TWiNtCKTnU79A3NvGeWKdqL

1eef3c9474a065b38cfb8b1cac0ce6ef155173811e0fdfb04a54df2a0ef74b40 
100.0% (.FLC) FLIC FLC video (1/1) 
52968900d9963e854a84a6dbda0a87d1511e65ce10d4ccf2a46b72f52509d2eb 
100.0% (.FLC) FLIC FLC video (1/1) 
533bd9226bbe9ef9d7625910da39db27ea0b780d36bc8d13fac4c879aa56fcfe 
c139c0b631d969dd98ed14fd0aa1129957b62689a9198656d157963e54fb04ee 
100.0% (.FLC) FLIC FLC video (1/1) 
1fbcff35263a17061f58d9b41900cc9ac44f879d534729582f666dc289b48794 
100.0% (.FLC) FLIC FLC video (1/1) 
4c729d0c64a40e4eb1624e8f3a499354a30508b643248b9a9531af716c4a5a90 
100.0% (.FLC) FLIC FLC video (1/1) 
7d43580841bc8b8baaa3097f11c83fea454a56535a34a49350b12a9cfdabb7ac 
100.0% (.FLC) FLIC FLC video (1/1) 

Anonymous Thu Nov 24 21:53:36 2016 >>a3540f5558fc690a25 [Reply] [x]

python get_files_in_wallet.py 1KEyVEndor3p6c3NL2UiVhscXPZKb3DfY1

d68a906b0608e8feb6402830b0f2961b296d118cb6c825ace4ebd48db05f3f17 
100.0% (.MP3) MP3 audio (1000/1) 

c0e918dd1b197f04fd15a569fdc377bd9e0a7987b969d14dc295cddba5c60dc1 
100.0% (.DMG) Disk Image (Macintosh) (1000/1) 

8003eef72e31269c0668358189ec9dc6bfc259df86d3e49c7b77ae0e247fc489 
100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 

dcd2d0ca8a4a20ecd4382e10b10058e706f2d1154a9332ea99c7be52aabe4f0e 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

8143f7dfbb9e8e2311a41014358adf057312063786a9280f0193e00e481cf25e 
100.0% (.FLI) FLIC FLI video (1/1) 

c98a14c83d2ca53e54e97db8360f2efb0bfe105d63d811274212ee28b5cbf465 
100.0% (.FLI) FLIC FLI video (1/1) 

8c79839b7d7088efbf56945c08a6cce4db4ac625c527f170143e0854011a0625 
100.0% (.DMG) Disk Image (Macintosh) (1000/1) 

b043983e0556c73a5f48bc680a70a5f842241eb7cc4c5889a71575633ac0d221 
100.0% (.DMG) Disk Image (Macintosh) (1000/1) 

09a86aa780980cd5f66f966c8bf3009d1c028d5caa6a3e373f70e6986ca60144 
100.0% (.INI) Generic INI configuration (1000/1) 

4bb09877350505dd2070f4391acd6251e8c5b4e89da4855de1c964fe99ef819d 
'''100.0% (.GPG) GNU Privacy Guard public keyring (1000/1)''' 

bcea9f0a0306ef20919251a002ce31294e82dfa717f30b3a5c555e12095e83c1 
100.0% (.INI) Generic INI configuration (1000/1) 

9df5abc2ce02d9471deba79b067fd3ca0ffa227f0efaccdf616a145371c68a35 
100.0% (.FLI) FLIC FLI video (1/1) 

c2ce449c33071a6773306928bf65960de98974a6c2afea8d81cc66e63ff70d43 
100.0% (.FLI) FLIC FLI video (1/1) 

100.0% (.) QuickBasic BSAVE binary data (1000/1) 

8c7878202c2c3059ceb13e0afd95271cc95e451fc2b1ff09ef6a533bc5f99450 
100.0% (.FLI) FLIC FLI video (1/1) 

466be482c0d3e4aafefd21b2183b68297610df08228e7c3449f6bc9037d1d3e5 
100.0% (.FLI) FLIC FLI video (1/1) 

68dd95b4c35c9e14225930cff1771d6098df766bc77091a457dd653b07033314 
100.0% (.FLI) FLIC FLI video (1/1) 

7524a456d0257d91e3786a164129a21467ed6345fc814401e1fb84609c3f3679 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

4bd6d1a297c7be1313b1d4fce121447e0ec43cb94ac277477fbf97c522e1e8e6 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

23ff44669130d16e7dedec7eb63373fa78d003aec1058aeb8fe8ceffe3803c54 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

04aa8970c6e5da0a359a34ecab203bfb036dc19dc2a2da065261fe2c00e7a209 
100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1) 

48dd7a482143c3124fcc588b985eca8420e6eb5ddbfe216ff1c067c4f3979e45 
100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1) 

c8485c58ea151cd452b9bbc4a6b84345895f3c31156adf906b7dc3b4f669c222 
100.0% (.FLI) FLIC FLI video (1/1) 

Anonymous Thu Nov 24 22:19:07 2016 >>900a05880f96ebc7de [Reply] [x]

Using Wikileaks’ address

python get_files_in_wallet.py 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v

13bd667802cc58936996dbf5defd2307b716e1f84a9908de0c77f3c1a3b4cde3 
100.0% (.FLI) FLIC FLI video (1/1) 

8218ab03d82ebfa309aceedb484e695bc058f080397d7794826c9efc1d0287b7 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

c06244b1da9edb9da54736c17cf8d92cc754e1cd109c5a9858d7eb107079ff31 
100.0% (.FLI) FLIC FLI video (1/1) 

6571600fac324166a566d4702acbd799e8e4a2f70498989cdffa204578660970 
100.0% (.VC) VisiCalc spreadsheet (1000/1) 

9d765d8074e9b85afa9f2868af61271b2043ddde365d9446c9b5afa5905d6f53 
100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1) 

05fb32e6188df3381b19fd2cb81e5eb4c6ab0ddc885a6b3b6f87f2a5fdf4240e 
100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1) 

4a88c0c359c26fef3cc507463336a1c77d187fbc3bf7bda509fb2f1b5f8762e5 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

97b2ee5fc43d24912da36ba62795884068a1b0086d5c0d3d65bad5ccca637e77 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

d2be0169c5b5fccfd853a2391c6e3fc2e68a9efcbbecc842ecd98a41c58f85a0 
100.0% (.MUX) MUX video (2000/1) 
2016-10-31 01:44:57 
4a88c0c359c26fef3cc507463336a1c77d187fbc3bf7bda509fb2f1b5f8762e5 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

2016-10-13 11:16:34 
97b2ee5fc43d24912da36ba62795884068a1b0086d5c0d3d65bad5ccca637e77 
100.0% (.) QuickBasic BSAVE binary data (1000/1) 

2016-10-11 10:47:33 
d2be0169c5b5fccfd853a2391c6e3fc2e68a9efcbbecc842ecd98a41c58f85a0 
100.0% (.MUX) MUX video (2000/1) 
2016-08-26 23:23:10 
2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05 
100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 

2016-07-25 03:43:10 
eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce 
100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 
2016-07-25 01:08:54 
c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 
100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48 

fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12 

f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec 
100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18 


Anonymous Fri Nov 25 01:06:29 2016 >>e485dd840fe9f7a484 [Reply] [x]

>>900a05880f
>>7fdb66e349
>>ca5a801c99
>>98a6657a0d

http://gateway.glop.me/ipfs/QmZFkRKoGkv5zBVjsbYvR9miGgvgEsutUnbdNXxcPbrZrZ/jean3.py

https://codepaste.net/q893m5

2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05  
100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-08-26 23:23:10 

eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce  
100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10 

fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12 

c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838  
100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48 

f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec  
100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18 

042c1cd09ec672e2d504b76e16398c62396fa57ab0004a793dfc68d49d3e4cc9  
100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 2016-04-24 07:47:50 

83f7a29360abe4e927ae25ad803d2a28d088d119a47941fe0c42445bb2e78730  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-21 06:17:47 

ad85d76b5fd006cb3f08edda4d80327f425caed83aeb20aaa0c0ed281064484b  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 19:14:05 

fa3e0d76b55e01c45dd4218a41794f39b3792310cf1a88f3502824e4afc3e867  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 02:26:40 

6ea5ff73db52591661ff7c0c7eb161594b67b8e129ccc2e1429fe0c71d69e1ff  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 23:05:59 

35bfef9b0febbf3b1cefbd8f503e90d997e55d9f3841e45f359529debd6c1bca  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 22:07:46 

7fd31fccd96a3e94c21d15b45ae1957c22fe51a1aa6cb18f054bda20966304ac  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 04:22:39 

78a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf3bdcb1eba  
100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-12 22:23:58 
2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-08-26 23:23:10 
eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10 
c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48 
fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12 
2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-08-26 23:23:10 
eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10 
eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10 
c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48 
fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12 
f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec 100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18 
042c1cd09ec672e2d504b76e16398c62396fa57ab0004a793dfc68d49d3e4cc9 100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 2016-04-24 07:47:50 
83f7a29360abe4e927ae25ad803d2a28d088d119a47941fe0c42445bb2e78730 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-21 06:17:47 
ad85d76b5fd006cb3f08edda4d80327f425caed83aeb20aaa0c0ed281064484b 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 19:14:05 
fa3e0d76b55e01c45dd4218a41794f39b3792310cf1a88f3502824e4afc3e867 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 02:26:40 
6ea5ff73db52591661ff7c0c7eb161594b67b8e129ccc2e1429fe0c71d69e1ff 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 23:05:59 
35bfef9b0febbf3b1cefbd8f503e90d997e55d9f3841e45f359529debd6c1bca 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 22:07:46 
7fd31fccd96a3e94c21d15b45ae1957c22fe51a1aa6cb18f054bda20966304ac 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 04:22:39 
78a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf3bdcb1eba 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-12 22:23:58 
eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10 
c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48 
fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12 
f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec 100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18 
042c1cd09ec672e2d504b76e16398c62396fa57ab0004a793dfc68d49d3e4cc9 100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 2016-04-24 07:47:50 
83f7a29360abe4e927ae25ad803d2a28d088d119a47941fe0c42445bb2e78730 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-21 06:17:47 
ad85d76b5fd006cb3f08edda4d80327f425caed83aeb20aaa0c0ed281064484b 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 19:14:05 
fa3e0d76b55e01c45dd4218a41794f39b3792310cf1a88f3502824e4afc3e867 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 02:26:40 
6ea5ff73db52591661ff7c0c7eb161594b67b8e129ccc2e1429fe0c71d69e1ff 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 23:05:59 
35bfef9b0febbf3b1cefbd8f503e90d997e55d9f3841e45f359529debd6c1bca 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 22:07:46 
7fd31fccd96a3e94c21d15b45ae1957c22fe51a1aa6cb18f054bda20966304ac 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 04:22:39 
78a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf3bdcb1eba 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-12 22:23:58 
aa3bf652dc745e8a1265c3641858e9a75e4cd3ee85eb843033b4302e2dec5fc7 100.0% (.FLC) FLIC FLC video (1/1) 2016-04-06 05:53:04 
b4c38335541fd578bdc4d45a1a4a47e3baadd2a55ae41c0e5535eb4307d49b24 100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1) 2016-03-18 18:12:19 
b20ad5f8b75bae16a6d1e3de2fb25910be868f936a6e3cc3d997598dced14f89 100.0% (.FLI) FLIC FLI video (1/1) 2016-03-15 21:19:44 
24b0967ecca36dd455b9a96e48d8c0f13a36acdd37290f6baae3c50b7065627e  99.9% (.MP3) MP3 audio (1000/1) 2015-11-28 09:53:31 
32d71a560a965fe17ca5a652202844f5bb580d185e38485aacad8717485b0b8e 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2015-11-20 21:53:12 
03e8a9b1197744012af33c642671ed8eb50fd2d442d4875a3274f730ac2ca951 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2015-11-19 22:16:50 
2a38f95db552a52aefa82565ffd81e885103738da25627f1e894f5892a672325 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2015-11-12 18:27:54 
15d4f6606f7ad966e27f9628acf3c1929eb50cb2fef0ecb949fb8941b94254cc 100.0% (.MP3) MP3 audio (1000/1) 2015-11-06 10:47:37 
13bd667802cc58936996dbf5defd2307b716e1f84a9908de0c77f3c1a3b4cde3 100.0% (.FLI) FLIC FLI video (1/1) 2016-11-21 18:23:36 
8218ab03d82ebfa309aceedb484e695bc058f080397d7794826c9efc1d0287b7 100.0% (.) QuickBasic BSAVE binary data (1000/1) 2016-11-15 19:41:03 
c06244b1da9edb9da54736c17cf8d92cc754e1cd109c5a9858d7eb107079ff31 100.0% (.FLI) FLIC FLI video (1/1) 2016-11-09 18:46:55 

Anonymous Fri Nov 25 18:26:54 2016 >>b92f6d159d2dcc0b16 [Reply] [x]


Even if the keys were released, where would you post any information about the contents of the files. No place exists that is not a controlled, opposition space.

Facebook, Twitter, Reddit? You get the idea. The whole internet is built on backdoored standards. The existing internet is completely corporate controlled and in the hands of the enemy.

We have seen evidence of websites being intercepted and content being removed in real time. They will let some leaks out, but there is not a channel for mass dissemination and media for this type of leak.

  • The insurance files should be downloaded quitely to as many people as possible.
  • We should verify the hashes of the wikileaks files (multiple hashes and verifications). Expecially for the newer files and the saudi file that was modified
  • We should build up or fortify our distribution system for messages
  • We should build up a toolchain for writing messages to the blockchain and retrieving the messages (as a stop gap in case Bitmessage comes under complete exploitation)
  • The enemy has a nuke button and can dump 10 GB per day into bitmessage and make it unusable if needed
  • We should prepare for the private key distribution (which is expected to happen by Christmas if it has not already happened)
  • We should each individually be able to decrypt the files. We should not expect that the files will be allowed on websites or public internet
  • If we cannot post files on Bitmessage and the clearnet is jammed, how will we even distribute the worst of the files? We wont be able to. Each person needs to get the files themselves, decrypt them and may have to do sneakernet or we may have to distribute the worst information on USB sticks.
  • We need tools to posting to the blockchain as a last resort

Sending a message on the blockchain may cost us 10 cents or $5 but if it is important enough, that may be the only way.

In the long term, we need to develop new media platforms and communication platforms that are more resilliant.

  • more difficult to jam
  • more difficult to modify content once published
  • ability to detect jamming if it is occuring.

We need distributed blogging and messaging platforms. We need a safe and secure way of distributing files.



Hi everyone.

I realize that this message might not go through but just in case – this will be my final message sent to BM. Anyone claiming to be updating my situation is lying.

I’ve been working with another person on this since the original thread in October 17. This is our third attempt at spreading the information. I don’t think it will be possible for anyone to upload the keys and the files. It really seems like the only way is for everyone to get them from the blockchain separately. Some of you might think this is not the case but you’ll be able to see it first hand when you try soon. It should be fairly straight forward for everyone to extract the keys and files with the information on this BM.

On our end, we can confirm that the script can be used to extract the following files:
2016 Disk Image, Spreadsheet, BIN, multiple videos, mp3s, emails, pdf documents
2015 Disk Image, Spreadsheet, multiple videos, mp3s
2014 Disk Image, Spreadsheet, multiple videos
2013 several backups in zipfiles
Hash and time stamp text for what seems like all uploads to Wikileaks.org

The following files can be unlocked so far:
2016-06-03_insurance.aes256.torrent
wlinsurance-20130815-A.aes256
wlinsurance-20130815-B.aes256
wlinsurance-20130815-C.aes256

We have not been able to unlock:
2016-11-07_WL-Insurance_US.aes256
2016-11-07_WL-Insurance_UK.aes256
2016-11-07_WL-Insurance_UK.aes256
wikileaks-insurance-20120222.tar.bz2.aes

Allegedly unlocked by others:
2016-06-03_insurance.aes256
wikileaks-insurance-20120222.tar.bz2.aes

There is clearly a lot more information that we haven’t gotten to yet.

The file pieces have to be combined so a bit more code is needed. The Cablegate Backup should be used as an example to do it. Some groups are now going through the same issues we’ve seen. Our experience was that we lose internet connection, we are unable to copy paste or keep anything on our clipboards, all attempts at encoding transactions into BTC get delayed and do not happen, files on computers connected to the Internet are deleted or moved, etc. That is why I think the best way to spread this is to teach others how to do it and possibly to encode what you feel comfortable making permanent in some crypto currency other than BTC.

I expect that in the next few days the media will be forced to cover this. The spin will be that these files cannot be verified, do not come from Wikileaks and that no one can recreate the steps to get them. They will probably push false steps that do not work. From what we have seen, most people will not bother to check and believe it. Because the blockchain is permanent and many have copies, I
do not think that it will be possible to spin this in this way forever. Anyone can do it in their own homes. However, they have been preparing for this for months. Damage control will be very easy for them because there are really no sites that can be used to discuss this anymore. I’m a still a bit concerned because the steps on how to get the information were available since mid October and very few people tried to do it. It was practically impossible for us to try to discuss this with others on any site. Everyone seems to react violently to the suggestion but I am not sure if these were even real responses.

The easiest way to collect the information is on a computer that is not connected to the internet and has no wifi cards. Making a database with relational information of the transactions helps a lot as well. It might be necessary for someone to create a very easy to follow tutorial with code that allows anyone to do this. To this day many people refuse try on their own and simply chose to believe that it is not real. If you care about this, you should spend some time showing people the evidence and guiding them through of process of getting the files themselves.

My personal opinion is that the most crucial thing that should happen when this is finally out in the open is that the people pretending to be Wikileaks should be exposed. It should be clear to everyone that people are paying attention. The people that sold out and did as they were told should also be exposed. I still don’t understand why it was so easy to get most people to play along and allow their sites to be controlled. It is alarming that talking about this is practically forbidden everywhere. During the past few months we have witnessed a possible end of a free internet. People in power have the resources to fool the entire world into agreeing with them through censorship, paid posts, bots, etc. There is not even a way to verify the history of a page anymore since they now control the only site that allowed it. I think this is the perfect opportunity to guarantee that this is stopped and does not happen again. However, everyone should see the information and decide by themselves what they want to do.

Thanks to all of you that helped.


Anonymous Fri Nov 25 23:24:48 2016 >>2f249cbf02eb3ad90a [Reply] [x]

When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.

Confirming that jean3 is able to find the 7-zip headers for the cablegate addresses.

python jean3.py 1NT3ACYygZj9YHYsZo7hp2jGEPiUDMqs53
python jean3.py 1AuoHX7VNGGK5KkkUcBAGG3RuKgMuRdpMB
python jean3.py 1Me9i8XjbdBVZzgcki4NiPdF6VkYf75ykZ

All find 1 file header.

100.0% (.7Z) 7-Zip compressed archive (6000/1)

(First tx is 5c593b7b71063a01f4128c98e36fb407b00a87454e67b39ad5f8820ebc1b2ad5)


Anonymous Sat Nov 26 04:02:34 2016 >>9a8c63712e6799aadb [Reply] [x]

Here are the two gpg keyrings in the WL wallet in case anyone wants play with them.

(From txs 2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05 and eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce)

http://gateway.glop.me/ipfs/QmS3zs98mFmvqGdxRaUCrx3e42UsLXQ6VfRpSXrKrk8SAZ/276.gpg

http://gateway.glop.me/ipfs/Qmao12d6tWh15bA5mUYQ1pcoTaiMcyb85SNyzrsS25wpFa/eb7.gpg

To print all the packets do:

for i in {1..293}; do echo "Trying bytes: ${i}"; tail -c "+${i}" eb7.gpg | gpg --list-packets; done

for i in {1..9993}; do echo "Trying bytes: ${i}"; tail -c "+${i}" 276.gpg | gpg --list-packets; done

and here’s three ‘100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated)’ encoded after the Cablegate backup.

(From txs:
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c)

http://gateway.glop.me/ipfs/QmShQjcUaKagC6hXzXqCdtRyP8pAXfBkjP5C51XsZVZg2e/737.gpg http://gateway.glop.me/ipfs/QmZxXabEusrSK4e9esLGJY7YAqLxxXhXPCyXhNWcnEVQH9/cce.gpg http://gateway.glop.me/ipfs/QmcnVecuQtobYWUkhUHGFLVAzfokQRRYsWKS2jV8bJwsic/d3c.gpg


Anonymous Sun Nov 27 08:17:06 2016 >>d1f7f8e7bb0afad3f4 [Reply] [x]

Alright. They need some major improvement anyway.
http://gateway.glop.me/ipfs/QmRaJsSCgsw43cBQXSU3ndnuaVw9iNeciq4ixGcfCBdsEu/wltr9.py (MAIN SCRIPT)

http://gateway.glop.me/ipfs/QmaGtLezTMWCJKjKv6AzfZFs2rHLJrL9KbNHwqopxgnngq/tx.py

http://gateway.glop.me/ipfs/QmQBYhnAUw7bJPRRoNjpzpv7fdHjwk4nQrCbPbcZBNy2vc/blocktx.py

http://gateway.glop.me/ipfs/QmWqLTocNgPPVny3RgRaQa7i7ceqxzX3TDV3PGqfUcs8Y2/blockrtx.py

http://gateway.glop.me/ipfs/QmZ4UZdg2kXrokUJcTBGMWCKTSYmecBdWkHFAqWNHBtJUA/addrtx.py

Right now they require

  1. local copy of the blockchain (rpc server)
  2. linux(/osx?) machine
  3. trid downloaded and placed in a directory called “triddir”
  4. python 3
    and probably other stuff I’m missing

Usage:
./tx.py [txid] [directory]
./blocktx [block height] [directory]
./blockrtx [block height 1] [block height 2] [directory] (All blocks between height 1 and height 2)
./addrtx [address] [directory]

Each one creates 3 files in [directory]:
resfile: Trid output for all transactions without “Unknown!”
asciifile: Fragments of decoded ascii in output scripts
txfile: txids for each result in resfile

as said below, my scripts handle the 8 bytes thing (i think)


Anonymous Mon Nov 28 04:37:59 2016 >>f724c2b3c41b272ef2 [Reply] [x]

https://8ch.net/tech/res/679042.html just got deleted.
Anyone have a backup? They are trying to delete everything.


Anonymous Thu Dec 1 00:18:24 2016 >>7e1e5fe2f29eed6875 [Reply] [x]

Does this page look like it was censored? https://blockchain.info/block/000000000000000001f4840a9cc93cb949697f97969e1984f69f789385d00cd7


Anonymous Thu Dec 1 02:44:28 2016 >>9d6b0c1379d6170df0 [Reply] [x]

It’s real. They flat out deleted a block. https://blockchain.info/rawblock/000000000000000001f4840a9cc93cb949697f97969e1984f69f789385d00cd7

{ 
    "hash":"000000000000000001f4840a9cc93cb949697f97969e1984f69f789385d00cd7", 
    "ver":536870912, 
    "prev_block":"000000000000000002670ad664a90b8617c15e9902f360016bf334d6ec9e1c9f", 
    "mrkl_root":"001baa524eceb1b2561ad1b9acf1f62d39671e52a6e217965798893f8cf70014", 
    "time":1480549174, 
    "bits":402908884, 
    "fee":0, 
    "nonce":3679241102, 
    "n_tx":1, 
    "size":238, 
    "block_index":1171372, 
    "main_chain":true, 
    "height":441339, 
    "received_time":1480549174, 
    "relayed_by":"178.62.203.185", 
     
    "tx":[ 

{ 
   "lock_time":0, 
   "ver":1, 
   "size":157, 
   "inputs":[ 
      { 
         "sequence":4294967295, 
         "script":"03fbbb060436633f582f4254432e434f4d2ffabe6d6de98fc4fc3e8afe90f534c7af4231c22662c9111753ff7b433703142f11772062010000000000000002b6789c447a000000000000" 
      } 
   ], 
   "time":1480549174, 
   "tx_index":194265303, 
   "vin_sz":1, 
   "hash":"001baa524eceb1b2561ad1b9acf1f62d39671e52a6e217965798893f8cf70014", 
   "vout_sz":1, 
   "relayed_by":"178.62.203.185", 
   "out":[ 
      { 
         "spent":false, 
         "tx_index":194265303, 
         "type":0, 
         "addr":"3NA8hsjfdgVkmmVS9moHmkZsVCoLxUkvvv", 
         "value":1250000000, 
         "n":0, 
         "script":"a914e083685a1097ce1ea9e91987ab9e94eae33d8a1387" 
      } 
   ] 
}] 
 } 

Anonymous Thu Dec 1 19:55:18 2016 >>aeba2369d2b0130443 [Reply] [x]

jean3.py + ASCII text detection http://gateway.glop.me/ipfs/Qmeiv5XxrcZTanNuL1UCegJMZZfzsVh4fF4x2YGQBUKbY3/jean3.py

Patched newjean3.py (only reads data from unspent addresses) It also detects ASCII text now. http://gateway.glop.me/ipfs/QmXHcwhPK2nLKrBsdhFsZWQE6RFXTgr7jY9oo7QLR4TXU3/newjean3.py


Anonymous Thu Dec 8 20:17:51 2016 >>1ad703db1bf50ae886 [Reply] [x]

https://blockchain.info/tx/624075b5d5d56b619b413966297b441ae727fc019871c22676405dd5d8200cc9 View information about a bitcoin transaction 624075b5d5d56b619b413966297b441ae727fc019871c22676405dd5d8200cc9

OMG
I thnk I found it
hang on
look at this
https://blockchain.info/block/0000000000000000026fb408f6a035e55c126a1409e9c5f5fea7d22610645289

Transactions contained within bitcoin block 435172 >scroll down to roughly

It’s possible that a 7z or other compressed text document with instructions is hidden within a single transaction >And that transaction is spent. >37 7a bc af 27 1c 20 04 0e 15 c8 0f 26 20 20 20 20 20 20 20 62 20 20 20 20 20 20 20 50 c7 af >be 01 20 21 67 73 63 6c 69 6c 69 70 74 72 68 6e 65 74 65 65 74 73 67 68 69 6e 61 65 75 6f 64 >69 6e 65 72 72 69 69 20 01 04 06 20 01 09 26 20 07 0b 01 20 01 21 21 01 20 0c 22 20 08 0d 0a >01 86 66 4f f7 20 20 05 01 19 0c 20 20 20 20 20 20 20 20 20 20 20 20 11 17 20 77 20 6c 20 63 >20 6f 20 64 20 65 20 2e 20 74 20 78 20 74 20 20 20 19 04 20 20 20 20 14 0d 0a 01 20 bd 31 89 >c3 e9 42 d2 01 15 06 01 20 20 20 20 20

That’s a possible 7z encrypted message, albeit a small one https://blockchain.info/address/1E14k7i1wVSytoMfbaCnbmhofVMNsZrpLh

Transactions sent and received from bitcoin address 1E14k7i1wVSytoMfbaCnbmhofVMNsZrpLh. https://blockchain.info/tx/4aadbaa0edd0f0b19d5e8ae0a818e3ac7fde7cd5f6caedcd9cf4e7ac2b9582e9

View information about a bitcoin transaction 4aadbaa0edd0f0b19d5e8ae0a818e3ac7fde7cd5f6caedcd9cf4e7ac2b9582e9


Anonymous Sat Dec 10 15:55:05 2016 >>e175d2ba54095f13de [Reply] [x]

>>93c1dbbf57
>>4d6502130e

list used on the git code


        if "D0CF11E0A1B11AE1".lower() in hexcode: 
            filetype += "DOC Header Found "         # DOC Header 
        if "576F72642E446F63756D656E742E".lower() in hexcode: 
            filetype += "DOC Footer Found "         # DOC Footer 
        if "D0CF11E0A1B11AE1".lower() in hexcode: 
            filetype += "XLS Header Found "         # XLS Header 
        if "FEFFFFFF000000000000000057006F0072006B0062006F006F006B00".lower() in hexcode: 
            filetype += "XLS Footer Found "         # XLS Footer 
        if "D0CF11E0A1B11AE1".lower() in hexcode: 
            filetype += "PPT Header Found "         # PPT Header 
        if "A0461DF0".lower() in hexcode: 
            filetype += "PPT Footer Found "         # PPT Footer 
        if "504B030414".lower() in hexcode: 
            filetype += "ZIP Header Found "         # ZIP Header 
        if "504B050600".lower() in hexcode: 
            filetype += "ZIP Footer Found "         # ZIP Footer 
        if "504B030414000100630000000000".lower() in hexcode: 
            filetype += "ZIPLock Footer Found "     # ZLocked Encrypted 
        if "FFD8FFE000104A464946000101".lower() in hexcode: 
            filetype += "JPG Header Found "         # JPG Header 
        if "474946383961".lower() in hexcode: 
            filetype += "GIF Header Found "         # GIF Header 
        if "474946383761".lower() in hexcode: 
            filetype += "GIF Header Found "         # GIF Header 
        if "2100003B00".lower() in hexcode: 
            filetype += "GIF Footer Found "         # GIF Footer 
        if "25504446".lower() in hexcode: 
            filetype += "PDF Header Found "         # PDF Header 
        if "2623323035".lower() in hexcode: 
            filetype += "PDF Header Found "         # PDF Header 
        if "2525454F46".lower() in hexcode: 
            filetype += "PDF Footer Found "         # PDF Footer 
        if "616E6E6F756E6365".lower() in hexcode: 
            filetype += "Torrent Header Found "     # Torrent Header 
        if "1F8B".lower() in hexcode: 
            filetype += ".TAR.GZ Header Found "     # TAR/GZ Header | Going to have lots of false positives 
        if "0011AF".lower() in hexcode: 
            filetype += "FLI Header Found "         # FLI Header 
        if "504B03040A000200".lower() in hexcode: 
            filetype += "EPUB Header Found "        # EPUB Header 
        if "89504E470D0A1A0A".lower() in hexcode: 
            filetype += "PNG Header Found "         # PNG Header 
        if "6D51514E42".lower() in hexcode: 
            filetype += "8192PGP Header Found "     # 8192 Header 
        if "6D51494E4246672F".lower() in hexcode: 
            filetype += "4096PGP Header Found "     # 4096 Header 
        if "952e3e2e584b7a".lower in hexcode: 
            filetype += "2048PGP Header Found "     # 2048 Header 
        if "526172211A0700".lower() in hexcode: 
            filetype += "Secret Header Found"       # Secret Header 
        if "6D51454E424667".lower() in hexcode: 
            filetype += "RAR Header Found"          # RAR Header 
        if "EFEDFACE".lower() in hexcode: 
            filetype += "UTF8 Header Found"         # UTF8 header 
        if "4F676753".lower() in hexcode: 
            filetype += "OGG Header Found"          # OGG Header 
        if "42494646".lower() in hexcode and "57415645".lower() in hexcode: 
            filetype += "WAV Header Found"          # WAV Header 
        if "42494646".lower() in hexcode and "41564920".lower() in hexcode: 
            filetype += "AVI Header Found"          # AVI Header 
        if "4D546864".lower() in hexcode: 
            filetype += "MIDI Header Found"         # MIDI Header 
        if "377ABCAF271C".lower() in hexcode: 
            filetype += "7z Header Found"           # 7z Header 
        if "0000001706".lower() in hexcode: 
            filetype += "7z Footer Found"           # 7z Footer 


Anonymous Tue Dec 20 03:39:56 2016 >>44c6ae50c69371d4d8 [Reply] [x]

DecentralNet

Abstract

In the current year, most Chans are isolated and are not intended to interoperate with each other. Thus, the content being posted on one chan is easily censored and is not mirrored on any other Chan. The closest thing to a Decentralized Chan that we have is BitMessage. This, however, requires the user to install software and is also subject to spam attacks where an attacker with sufficient resources can flood a channel with irrelevent or even illegal content.

DecentralNet would aim to mitigate a few problems:

  1. User-friendliness (through web-facing nodes)
  2. Spam Attacks (through Pow as Identity)
  3. Censorship (through distributed storage)

Proof-Of-Work As Identity

Currently, BitMessage uses PoW in order to lower spam levels on the network. This is done on a per-post basis which means that in the event of a spam attack, it is almost impossible to block or identify the spammer. Provided the PoW is sufficient, the message is deemed valid.

DecentralNet would not rely on a PoW per message as the basis for mitigating spam, but would rely on PoW per Identity. This means that for each Identity created, there would be a large PoW involved. Messages posted would then have to be tied to an Identity, making it easier to filter out identities that users deem to be posting non-informative content. The Proof Of Work here would be quite large - at the moment, we would be looking at defaulting this to six hours on an average PC (though PoW required can be adjusted by a node operator).

Obviously, this PoW is too much for the average user. However, it is not intended that all, or even most, users will run a node. Instead, we will rely on some nodes providing a web front-end that submits posts from the node’s identity on behalf of the user. From a user point of view, the frontend would operate the same as Chans do today.

Frontend Node

As an example, imagine we had the site decentralchan.org. Decentralchan.org looks the same as most Chan sites today. It also features a Captcha to mitigate spamming.

DecentralChan.org has taken the time (and processing) to generate an identity that allows it to post on the DecentralChan Network. When a post is made, DecentralChan.org proxies it through their identity and posts it onto the DecentralNet. The message posted will be in JSON format to allow for extensibility (fields like Tripcode, Name, Email, etc).

All other identities that post on DecentralNet will also show on DecentralChan.org - provided DecentralChan has not Blacklisted their identities. This allows optional censorship for the Node Operator. If an Identity is frequently posting illegal or insensible content, then that node can choose not to store or propagate its content.

A Node can also specify a data threshold on a particular identity so that if that identity posts too much within a set time period, all further posts are ignored.

Attachments

Because the propsed format is JSON, the client can choose how they wish to attach or view files. To keep data usage low on the network, it is recommended that IPFS is used for file attachments and the IPFS hash of the file given instead. This would prevent duplication on the network.

If this approach is taken, it is recommended that the Front-End Nodes host an IPFS Gateway that allows uploading and downloading. Other Front-End Nodes can then mirror this content.

Others That Wish To Run A Node

Anyone is free to run a node and collect all data posted to the Network. In this way, it is intended that this network would be incredibly difficult to censor in all cases.

However, to post on the Network, a user MUST generate a valid identity.

Possible Use Cases

This framework could be extended to the following Use Cases:

  • Chans
  • Twitter-Like services (through Twitter-like nodes. Node could post on behalf of user or users with sensitive information could generate their own identity, mitigating the trust issue.)
  • Leaks-Like service (each media agency could monitor and mirror a “leaks” channel.)
  • Offline Instant Messaging (a message cache-type channel - useful for services like Tox to replace independent Master-Nodes implementation. A user could choose a Front-End node to interface with for Offline Messaging - or could again generate their own identity if trust is an issue)

==This is all just a proposal. All thoughts and contributions welcome.==

Message me on BitMessage if you have any suggestions/contributions: BM-2cVoCYnYy8k5xrpRNS97YJKG4NB554F8Bq


WE ARE PHASE 4(?) (01/10/2017 - 01/30/2017)

2hu-ch[.]org/t/8f1dd166ffdde9fafd35ef4c8ea9132288119dc7/

Date: Wed Jan 11 00:45:21 2017

>>65157155ed

CLUELESS ONLINE SKEPTIC STARTER PACK:

“We prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.”
-Julian Assange, Nantucket Project, Sept 28 2104

Decode the input of TX cd9104ce6d385428060d33e1d4843b0cdfc78db2f327116eb4f97d8e177a4d82 (output below since clueless skeptics don’t know how computers work):

Wikileaks contact info? [quote author=RHorning link=topic=1735.msg26876#msg26876 date=1291501064]
Basically, bring it on. Let’s encourage Wikileaks to use Bitcoins and I’m willing to face any risk or fallout from that act.
No, don’t “bringit on”.

The project needs to grow gradually so the software can be strengthened along the way.

I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.

We have the hashes for genesis block through block 74000 hardcoded (compiled) into bitcoin, so there’s no reason why we shouldn’t be able to automatically download a compressed zipfile of the block database from anywhere,unpack it, verify it, and start running.

The 74000 checkpoint is not enough to protect you, and does nothing if the download is already past 74000. -checkblocks does more, but is still easily defeated. You still must trust the supplier of the zipfile.

uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.

The data is mostly hashes and keys and signatures that are uncompressible.

Decode the output of TXs (attached for the same reason as above):
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
ee7658b119496dc9ace8d011c36b82f4b69a787399a78f99c5605a6b73d34c69

To see one of the many DMS messages that have gone off since mid October look at the transactions made by 1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM on October 16 and follow the change.

If you don’t understand what any of this means go learn, then come back and say that you didn’t find anything so that every single person with grep and a local copy of the blockchain can laugh at you.


Date: Wed Jan 11 15:08:03 2017

OP_RETURN Starter Pack:

  1. Look for wallets that have been posted here and elsewhere and compile a list of wallets for later use.
  2. python newjean3.py
  3. python op_return.py new_tx_list.txt --save-op-return --reverse-tx
  4. Open resulting “OP_RETURN.dat” in hex editor of your choice (or just use hexdump

Date: Wed Jan 11 18:59:54 2017

alright, i’ve been looking at the OP_RETURN codes from that 1Nq wallet in hex, set to 20 bytes per line and I noticed what I thought was padding…but i had a thought when I woke up today and want to give some context and hopefully bring anyone who isn’t at this point yet up to speed.

The reasoning for padding in transactions being necessary is as follows ( I apologize to anyone who understands already, I just feel this is important to drive home)

Transaction scripts are what determines the destination address of a transaction, 100% of the time.

That means, even if you were to embed data into a transaction script, it would still be sent to an address. That’s the entire reason behind a blockchain being a reliable way to store information.

In the case of a dead man’s switch, or even just an important message, you (or whoever is sending it) would want to ensure that it is sent multiple times, should something happen either with a mempool flood (10/21 etc.) or a DDoS, or any number of things going wrong that might not even be targeted.

Another method of ensuring that a transaction “goes through” is to pay a high transaction fee relative to the amount being sent.

Someone could absolutely send the same data the same way multiple times, even 100 times, and it will go to an address.

This presents another issue.

The issue lies in the idea that if you were to send duplicate data, it would go to the SAME address if it were uniformly sent. Here’s an example:

If you need to send a file, let’s say it’s split into four parts. I’ll call them A, B, C, D. Let’s say you want to send this three times from three different wallets. We’ll just number them 1,2,3.

Wallet 1 sends part A of the file and it goes to an address based on the content of the data, which has been put into the transaction script.

It arrives at wallet 1WTFBBQ.

Remember, the actual data in the script is what determines that it is sent to 1WTFBBQ.

When part B is sent by wallet 1, it lands at the address 1ASDF, again determined by the data in part B of the file, as opposed to just setting a destination address.

The destinations of 1WTFBBQ and 1ASDF are NOT random. They are determined based on the data.

We can safely assume that parts C and D of the file we’re sending will result in two other addresses, again determined by the data.

From this we can gather a couple of things:

  1. The destination wallets are very unlikely to be wallets that someone controls

  2. This will show up as “Unspent” when looking at the transaction on blockchain.info or another site of the same sort.

2a) The reason it is Unspent, and will likely remain that way forever, is because the data determining the destination means the person sending it will almost certainly have no control over where it lands, and even if they did, they would have had to generate random wallets until they managed to get the exact destination of the data in order to access the bitcoins (i don’t even want to think about how long this would take),

2b) Because of this, they would never be able to access the coins and are forced to “write off” the lost money, given that it essentially was sent to a black hole.

Based on that, the transactions holding data will likely have extremely small “net losses,” maybe even down to fractions of cents.

At this point, we’ve successfully sent parts A, B, C, and D from wallet 1.

The issue that justifies padding arrives at this point.

The sending wallet has no bearing whatsoever on where the money lands. That is entirely controlled by the script.

Because the data in file A, which will not change, will ALWAYS determine the same destination address.

The same can be applied to parts B, C, D, and so on.

It is not hard to believe that alphabet agencies or black hats have the means to decrypt the private key to a wallet, AND if you choose not to believe that they do right now, they almost certainly will later.

Keep in mind, the idea of storing the data in the blockchain hinges on the idea that it is permanent. You’d want the data to exist exactly the same way long after you’ve died.

So, let’s say you send part A from 100 different wallets. There would be 100 transactions that all went to the same destination wallet.

If your entire plan counted on a single private key being solved, it’s a very shitty plan.

To account for this, you would need to append or prepend randomized data to the data, to literally ensure a random destination, and to further increase the odds of it being completely scrubbed.

If you sent it 100 times with the aforementioned random padding, that’s 100 different destination addresses, and your opposition would need to get into all of them to clean it out.

When looking at the aforementioned hex, which can be found in OP_RETURN_!Nq.dat, there are obviously repeated patterns throughout the op_return data. When I first saw them, I thought they were the padding and trimmed them off.

But what if they’re not? What if it’s actually 15 bytes of data, and 5 bytes of random bullshit to ensure the aforementioned random destination address?

I think that fits a lot more into the idea.

i’m going to keep looking at this stuff and I’ll post updates as I come along.

If anyone has any questions or feels I left something out or did a shitty job explaining something, I’ll gladly try to make it more understandable. My brain is pretty fried from looking at all this stuff so i might be a little off my game.

Regards


Date: Thu Jan 12 04:07:29 2017

>>037630fc8a
you fucking underpaid shill. at least read up before you post.

wikileaks pgp hasn’t been used to sign since oct 4: https://pgp.mit.edu/pks/lookup?search=WikiLeaks+Editorial+Office+High+Security&op=vindex

it’s still the submission key: view-source:https://wikileaks.org/ https://wikileaks.org/#submit_wlkey

http://wlchatc3pjwpli5r.onion is down since oct 16

gpg --search-key “@wikileaks

list of missing people

go work at mechincal turk


Date: Thu Jan 12 07:42:04 2017

Me again. Here’s what happens when you decrypt with the wrong key:

32 byte version:

$ openssl enc -d -aes-256-cbc -in ./2 -p -kfile …/aes-keys/key-71.dat
salt=0F0BDA00F0359A0F
key=FA19DFC21224E9F60A349ED5C5D714F77725124F122B494F1B4D8DC85C4C5728
iv =0A1092E8EB9D56B2B05DB81D2AF1B91D
bad decrypt
140735152268112:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
�>�{�7�:��S<�r

46 byte version:

$ openssl enc -d -aes-256-cbc -in ./2b -p -kfile …/aes-keys/key-71.dat
salt=0F0BDA00F0359A0F
key=FA19DFC21224E9F60A349ED5C5D714F77725124F122B494F1B4D8DC85C4C5728
iv =0A1092E8EB9D56B2B05DB81D2AF1B91D
bad decrypt
140735152268112:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:518:
�&�v���!KY��(4��ɑ���0$肐]c


Date: Thu Jan 12 18:55:16 2017

>>41dacad1d3 >>a10b4f07bb >>9486dc5de3 >>72849af793 >>8580d4f41c >>c5d03b2141

https://zerobin.net/?9e1b7545b08103c6#/8iFBueBgcCxW8dNqRYa6vTFHcy8B1ICM54dM2n/4Sg=

1375010929 0x51F50071 gzip compressed data, has CRC, extra field, has comment, from QDOS, last modified: Thu Nov 30 20:00:44 1995

This is the unix time needed to make that date (http://www.onicos.com/staff/iz/formats/gzip.html) 817761644000

If I change the first value to any number from 0-7, it will give a date that is not valid because gzip did not exist yet (1973-1992, and 2532 for value 0). That means there’s a 20% probability you can guess that bit and have it make a date that is valid.

After that gzip file you find this other one

2293901020 0x88BA26DC gzip compressed data, has CRC, extra field, has comment, from NTFS filesystem (NT), last modified: Wed Aug 27 18:07:32 1997

Again, valid date, this time the unix time is:
872798444

20% probability of guessing the right bit for the first value on the date and it has happened twice in a row at this point. Note that both have CRC and a comment.

Now, what are the odds that on the date Wikileaks loses internet connection, a message is encoded in the blockchain that happens to contian a 256 AES key, which happens to be the encryption used by the insurance files, and happens to decrypt one of them, and happens to output files like these that have valid information.


Date: Sat Jan 14 07:28:19 2017

>>753ecb7d03

It spend some time tonight looking at the oldest transactions I could find. This particular one was made in 2011 16c3ddpaDs9ajhDqhzY7oSPrdHvhR227tP

https://blockchain.info/address/16c3ddpaDs9ajhDqhzY7oSPrdHvhR227tP Keep in mind that this was two years before the Satoshi uploader was encoded in the blockchain. The data in it looks like it was encoded in a complicated way and that some people spent some time investigating it. While looking into that I ran into this script that extracts the data from multiple transactions in two blocks:

https://gist.github.com/shirriff/7461227133c26645abdf

parseImageFromBlock.py Secret

was encoded using yEnc.I cut-and-paste the addresses from the relevant blocks into this code. I then wrote a simple yEnc decoder to convert this to the output file.

The code was written by Ken Shirriff, who as many have posted on these channels, was the first person to publicly write about finding data stored in the blockchain. I kept digging around and found that he has written a lot more code. https://github.com/shirriff/bitcoin-code and it links to another article http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bitcoin.html

In it he goes into very specific details about how transactions work, how they can be created, how data can be stored in them, how you can create transactions with invalid signatures, how valid signatures are created and even how you can track the entire mining process after you create a transaction.

Following the specification, the unsigned transaction can be assembled fairly easily, as shown below.

Here’s the code I used to generate this unsigned transaction. It’s just a matter of packing the data into binary.

Note that transactions can have multiple inputs and outputs in general, so the chain branches out into a tree.

For instance, an escrow system can require two out of three specific users must sign the transaction to spend it. Or various types of contracts can be set up.

I wrote Python scripts to process Bitcoin network traffic, but to keep things simple I’ll just use Wireshark here.

To monitor the progress of my transaction, I had a socket opened to another random peer.

After sending my transaction into the peer-to-peer network, I needed to wait for it to be mined before I could claim victory. Ten minutes later my script received an inv message with a new block (see Wireshark trace below).

Needless to say, my first few transaction attempts weren’t successful - my faulty transactions vanished into the network, never to be seen again.

Something that stood out was his explanation of the signatures used in the blockchain.

The Script language is surprisingly complex, with about 80 different opcodes. It includes arithmetic, bitwise operations, string operations, conditionals, and stack manipulation. The language also includes the necessary cryptographic operations (SHA-256, RIPEMD, etc.) as primitives.

I found signing the transaction to be the hardest part of using Bitcoin manually, with a process that is surprisingly difficult and error-prone. The basic idea is to use the ECDSA elliptic curve algorithm and the private key to generate a digital signature of the transaction, but the details are tricky. The signing process has been described through a 19-step process (more info).

Apparently there’s no solid reason to use RIPEMD-160 hashing to create the address and SHA-256 hashing elsewhere, beyond a vague sense that using a different hash algorithm helps security. Using one round of SHA-256 is subject to a length extension attack, which explains why double-hashing is used.

def pubKeyToAddr(s):
ripemd160 = hashlib.new(‘ripemd160’)
ripemd160.update(hashlib.sha256(s.decode(‘hex’)).digest())
return utils.base58CheckEncode(0, ripemd160.digest())

This particular part of the code seemed very familiar. As some of you might remember, a couple of months ago some users compiled a list of SHA256 checksums and searched for them in the blockchain. Eventually some decided to calculate their SHA256(RIPEMD160(file)) hashes and search for those as well. At the time it seemed odd to a lot of us to use this process to generate a hash. However, now it is clear that the reason was that this is how the Bitcoin scripting language creates signatures. A few of these signatures were found. One example is SHA256(RIPMED160(file)) = 205c59f80299696225633da32ce837cdc0922220 which appears in transaction bdb67f3b003e2c3d06d6b8d314ca7b937f9ae7de20ed34baccaedcac62e6f414

https://blockchain.info/tx/bdb67f3b003e2c3d06d6b8d314ca7b937f9ae7de20ed34baccaedcac62e6f414?show_adv=true. The hash is in the output scripts

OP_DUP OP_HASH160 205c59f80299696225633da32ce837cdc0922220 OP_EQUALVERIFY OP_CHECKSIG

If you follow the address that spent the money you can see that it starts a very long chain of transactions that follow the same pattern https://blockchain.info/address/1eNfCaSPY8ymtivodan4Y9MTw4orxE5zK These appear to be more signatures but it is not clear for what files. In fact, there are even files themselves in some of them https://blockchain.info/tx/2adfb3766613ae91dbb307d9d2a9a98f90dcfc084f62ff8b88167c4fb4cc43f0

The transaction seem to be part of a chain which was taking place at the time back in 2013-04-09. The original SHA256 hash is 0c72e793070d02fb241ac4a528d3c71c1326991fea5043aef09011406df56238. Someone went back and cross referenced with the original to find its file name. It is cablegate-201012041811.7z

https://file.wikileaks.org/file/cablegate/cablegate-201012041811.7z


Date: Sat Jan 14 21:18:01 2017

Here’s some code that prints out the ripemd160 given a sha256 hash:


import hashlib as h 
import sys 
from binascii import unhexlify, hexlify 

sha256hash = sys.argv[1] 
ripemd160hash = h.new('ripemd160', unhexlify(sha256hash)) 
out = ripemd160hash.hexdigest() 
print out 

usage

python shatoripe.py 0c72e793070d02fb241ac4a528d3c71c1326991fea5043aef09011406df56238 205c59f80299696225633da32ce837cdc0922220

you can do it for any file

example

sha256sum cablegate-201012041811.7z 0c72e793070d02fb241ac4a528d3c71c1326991fea5043aef09011406df56238

python shatoripe.py 0c72e793070d02fb241ac4a528d3c71c1326991fea5043aef09011406df56238 205c59f80299696225633da32ce837cdc0922220

then search for 205c59f80299696225633da32ce837cdc0922220 in the blockchain. you can even use grep and search directly in the blk*.dat files.


Date: Sat Jan 14 23:49:30 2017

Probably worth pointing out to anyone who wasn’t already aware that the OpenTimestamps (https://github.com/opentimestamps and https://petertodd.org/2016/opentimestamps-announcement) proofs of some of the WL torrent files (crucial: torrent files, not the downloaded files themselves) have already been verified to be in the blockchain.

TL;DR about OTS — you basically have to use the OTS-client (available at that github link) to find these proofs, because they don’t directly encode hashes of the files themselves — that is to say, the proofs are not really greppable. OTS encodes hashes of multiple files into a merkle tree which is then included in a single transaction, meaning you can “prove” the existence of a theoretically infinite number of files with the data from a single, tiny transaction.

I may be wrong, but if they’re already OTS’d, I feel like there’s little reason to encode them in other formats (raw RIPEMD160(SHA256(…)) of the files themselves, etc).

Original post about this from plebbit: https://www.reddit.com/r/WikiLeaks/comments/5dd5tw/insurance_files_timestamp_proofs_using_bitcoin/

I downloaded OTS-client and walked through the process myself — the timestamp proofs of the .torrent files are definitely there. Also, just for kicks, I searched for the OTS proofs of the downloaded files themselves, but no dice.

Not saying this to discourage looking for proofs in alternative formats, just wanted everyone to be aware.


Date: Sun Jan 15 03:37:56 2017

>>cf0fcf6cb1
>>3882614886

Alright, here’s a full writeup. To follow along, download the OTS client from the Github link in my previous post, and make sure you have a fully-synced local Bitcoin node running with RPC.

The .ots files are encoded as base64 in the plebbit post I linked. So you start by spitting them out as proper .ots files. Do this in the directory containing the .torrent files you want to verify:

$ echo -n 'AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEIYg7BxyoIfznaDtRUSxNmGVkkOGHZTeMrxGfiK9FWssjwECn+cxB1pjJeP/uwzRhxqMsI8SB7U4MeGSLvP0fSahJqAhBeIaKGopy9OXuXIEkWUd69BwjwIEfYO6XYzgoGgUAzHL7nH1/zsAgiWyS++i7k5g75aABDCPEgJ1s54XTqmox0s9moXpgH+NcrbXLI9Uo2xipxwFSAQ6QI8CAc0iMVj0AjyyqAeqOmCiv8my8i7pAbwgIHnjGtfjk50AjwIC8jjDcZEKGr+WS/WtD2yz8doGhnC+4X23St9Vgxg+wjCPAg3GV8OBcAWoNHMHtTgm0KSO3rpGr3fIVZRymk3+VDbMQI8CAzeTBpzTxxzzG6Sn795AY5VbfgtuKFBiTqaqZaShH/NwjwIGd+HRYcs/1zkOLg7g0OfkDTG2pM66M3NUg5Ymy8P3T+CPAgO0dPFWNAsKJSWOV4bbTrPunHzRvhv8ZpCxDyS9dTjcYI8CBlV/HfxtaCbdhWA1qavmhMTqFGH5nU/sYiMf91taKM0AjwICdX7N3wWWYx3eDCFGn1PvWswQYDVwXrZp/3pFXNMZitCP/wEC3cLhmtPEZYWGHFX8AI2DUI8QRYBlxs8AjoBcaj/FjwEgCD3+MNLvkMji4taHR0cHM6Ly9hbGljZS5idGMuY2FsZW5kYXIub3BlbnRpbWVzdGFtcHMub3Jn8BB+v2Vqz09usWndEEHBSY35CPEEWAZcbPAI4yFyq58B490Ag9/jDS75DI4sK2h0dHBzOi8vYm9iLmJ0Yy5jYWxlbmRhci5vcGVudGltZXN0YW1wcy5vcmc=' | base64 --decode > ./2016-06-03_insurance.aes256.torrent.ots

Now we need to make sure this .ots file (which we did not generate ourselves, and therefore cannot implicitly trust) actually verifies the right file. OTS uses sha256 and will tell you the sha256 sum of the file it verifies.

$ sha256sum 2016-06-03_insurance.aes256.torrent 620ec1c72a087f39da0ed4544b13661959243861d94de32bc467e22bd156b2c8 2016-06-03_insurance.aes256.torrent

$ ots info ./2016-06-03_insurance.aes256.torrent.ots File sha256 hash: 620ec1c72a087f39da0ed4544b13661959243861d94de32bc467e22bd156b2c8 (... other output)

Hashes match. So now we proceed to the fun part, where we verify that the file in question existed prior to a certain date:

$ ots verify ./2016-06-03_insurance.aes256.torrent.ots Assuming target filename is './2016-06-03_insurance.aes256.torrent' Got 1 attestation(s) from cache Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT

Here are the rest of the verifications:

$ ots verify wikileaks-insurance-20120222.tar.bz2.aes.torrent.ots Assuming target filename is 'wikileaks-insurance-20120222.tar.bz2.aes.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT

$ ots verify wlinsurance-20130815-A.aes256.torrent.ots Assuming target filename is 'wlinsurance-20130815-A.aes256.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT

$ ots verify wlinsurance-20130815-B.aes256.torrent.ots Assuming target filename is 'wlinsurance-20130815-B.aes256.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT

$ ots verify wlinsurance-20130815-C.aes256.torrent.ots Assuming target filename is 'wlinsurance-20130815-C.aes256.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT

However, there are some interesting points to be made about all of this.

  1. It seems like you have to have the actual .ots file generated on a given date (by the person who originally ran
    ots stamp <file>
  2. in order to verify that a file existed at that date. In other words, I don’t think you can run
    ots stamp <file>

to generate your own .ots file for one of these torrents, and then verify that the torrent existed on October 18, 2016. OTS will simply report today’s date for that .ots file. So .ots files must be distributed by the original stamper for them to be of any use to other parties. IMO this limits the usefulness of this platform in its present state.

  1. All of these OTS timestamps were made at the same time. Maybe just as CIA vans were pulling up in the driveway to bag JA + friends?

  2. The ONLY thing this proves is that the .torrent files in question existed on or before October 18, 2016.

  3. Tinfoil disclaimer: if you believe the angle that the alphabets sacked WL prior to October 18, 2016, modified the torrent files, and created their own .ots timestamps for the modified torrents (in order to get us to accept them as valid), then none of the above information is going to matter to you — it’s just an alphabet ploy to distract and disinfo us.


Date: Sun Jan 15 03:49:58 2017

>>dcc7157c61

The other interesting point I forgot to mention is that, because of the fact that the .ots files have to be distributed by the original stamper in order to verify the files, whoever made the original OTS post on plebbit is probably the same person (or someone connected to the person) who stamped these in the first place.


Date: Sun Jan 15 04:06:55 2017

Today we are:

1.re-examining the gpg files from right after cablegate and then the subkeys and keys from 383000-383100
2. seeing what else can be done with what appears to be a successful decryption of wlinsurance_20130815-A.aes256
3. following transactions from this wallet: https://blockchain.info/address/1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM and others that are associated


Date: Tue Jan 17 17:28:47 2017

tx: Transaction: 5ca6588201864975d240b466bdc4866cb9dc0052fe96a9771e83283203e1a5f5 | Blockchain.com
Input scripts = Data
OP_RETURN = Keys
Run offline block chain
Use this to follow the trails: GitHub - ediskandarov/pyblockchain: ⛓ Blockchain parser for Python


Date: Tue Jan 17 17:58:34 2017

you know blockchain.info is an FBI front, yes?
and i’m actually serious, i will even bump this shill thread to say this.
they track their users and did all sorts of shady and evil shit and if you really were as paranoid as your pretend then you would not trust anything you read on their website.
personally i believe anything they publish is true and their evilness lies in their fight against anonymity, but YOU really should not believe anything they say.


Date: Wed Jan 18 00:40:09 2017

https://2hu-ch.org/t/8f1dd166ffdde9fafd35ef4c8ea9132288119dc7/
http://s6424n4x4bsmqs27.onion/bunker/res/1.html
http://vichandcxw4gm3wy.onion/bunker/res/1.html
http://32ch.org/intsubv/res/88.html
http://oxwugzccvk3dk6tj.onion/tech/res/679042.html
https://lainchan.org/sec/res/3101.html

http://piratepad.net/b8d0a6Oayv
http://piratepad.net/ATIg6jHosR
https://cryptpad.fr/pad/#/1/edit/brbxb0TRfxh7vFTGo47T-g/gXYI9Ko+crpfw0dyPMNBS7qD

Bitmessage

http://gateway.glop.me/ipfs/QmSLGxufdzkNBMGqg1NwUuaCrcethPayN3jPzNYFtSDEkK/ffbbd7d918a09e876a06820498ec9e0c.jpg

Use the text in this image, generate its SHA256 hash value.
Add Chan → Create a new chan → chan name: [hash]


Date: Wed Jan 18 02:18:46 2017

Alright so I’m looking at the unspent output hex from transaction b2d9c88b629efe61fa63240c79cd05031d131fa02edddef01b2e94d414bc5b73 (https://www.blocktrail.com/BTC/tx/b2d9c88b629efe61fa63240c79cd05031d131fa02edddef01b2e94d414bc5b73?txoutIdx=0)

Here it is:
a6eee5351f8b0800d63e02f2830c10864e4794b8

first thing that stuck out to me was the gzip header (1f8b0800) so i got to looking into the exact structure of gzip headers. http://www.forensicswiki.org/wiki/Gzip

The first two bytes of 0x1f 0x8b obviously check out, as do x08 (indicated deflate compressed data compression method) and 0x00 (Reserved flag).

Where I run into issues is with the bytes d63e02f2. The next four bytes after the flags are SUPPOSED to be a POSIX timestamp. Those do not contain letters as far as I know.

“Unix time (also known as POSIX time or Epoch time) is a system for describing instants in time, defined as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC)”

That means that while it looks like a header, either the data has been obfuscated, the next part of the header is elsewhere, or it’s a false positive.

After reading the SH conversation, I decided to gpg --list-packets b2d9.gpg

Here is my output.

$ gpg --list-packets b2d9.gpg 
:encrypted data packet: 
        length: 4007998751 
gpg: assuming IDEA encrypted data 
gpg: gpg-agent is not available in this session 
:unknown packet: type 57, length 15 
dump: 8e a7 a9 EOF 
gpg: WARNING: message was not integrity protected 

That’s some fucking gpg data.

i’m still looking into the transaction chain, but I think this is the real deal, folks.

any input or guidance is thoroughly appreciated – we don’t have much time.


Date: Wed Jan 18 02:19:23 2017

I decided to go one byte at a time and see how far into the output I have to go to start getting bytes in the dump from the list-packets output.

This hex string a6eee5351f8b0800d63e02f2830c10864e is the first point of dumped data.

here is the output:

$ gpg --list-packets b2d9head.gpg 
:encrypted data packet: 
        length: 4007998751 
gpg: assuming IDEA encrypted data 
gpg: gpg-agent is not available in this session 
:unknown packet: type 57, length 15 
dump: EOF 
gpg: WARNING: message was not integrity protected 

I am beginning to think that the data at the end might serve no purpose, but I’m going to continue adding bytes to see what comes out. If this is the end of the file, that means that theoretically, the transactions leading up to it would hold the header and “guts” of the gpg file.

That doesn’t explain the gzip header (I still think that’s not coincidental), but i’m taking it one step at a time here.


Date: Wed Jan 18 20:27:51 2017

To everyone reading who has not found Wikileaks data in the blockchains. Take the time to contact technically-inclined people. It will save you a lot of time.

Contact people you know directly. Don’t try doing it through posts online.

Use information coming directly from Wikileaks. Don’t send them links to online posts. The only posts that remain online about this are on sites that are very difficult to parse and will make him/her associate your message with sites/groups of dubious reputation.

Focus on simple, provable facts. There is no reason to waste time explaning what happened on October 17, Julian’s situation or even the insurance files. Instead, explain how Wikileaks has used Bitcoin and Namecoin to backup it’s data for years.

This is a good start:

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Julian explaining it himself:

“We prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.”
-Julian Assange, Nantucket Project, Sept 28 2104

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Article explaining Bitcoin’s reaction when they found the Cablegate backup in the blockchain:

“The project needs to grow gradually so the software can be strengthened along the way,” Nakamoto said. "I make this appeal to WikiLeaks not to try to use bitcoin.
His final post read: “It would have been nice to get this attention in any other context. WikiLeaks has kicked the hornet’s nest and the swarm is headed towards us.”
During the Q&A, Assange referred to bitcoin as “an extremely important innovation” that uses technology that breaks George Orwell’s dictum “he who controls the present controls the past and he who controls the past controls the future”.

https://uk.news.yahoo.com/wikileaks-avoided-bitcoin-prevent-government-destroying-cryptocurrency-175614267.html

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Wikileaks twitter account on using Bitcoin/Namecoin:

"Namecoin and Bitcoin will be revolutionary http://is.gd/8zKOTT see “Orwell’s Dictum” http://is.gd/2hsOWh"; https://twitter.com/wikileaks/status/78906603948093440

“Uncensorable “.bit” domains that rival ICANN may cause panic in brand protection agencies http://www.ipwatchdog.com/2014/09/24/why-brands-need-to-pay-attention-to-unregulated-domains/id=51348/#bitcoin #namecoinhttps://twitter.com/wikileaks/status/514991885111554048

“WikiLeaks receives over $2.9 million in bitcoins so far http://www.newsbtc.com/2016/11/29/wikileaks-receives-over-2-9-milllion-in-bitcoin-donations-so-far/#BTC #bitcoinhttps://twitter.com/wikileaks/status/803823999302172673

“Bitcoin ‘co-creator’ police raid: example of vulgar Australian “tall poppy syndrome”? Already pushed by AU journos” https://twitter.com/wikileaks/status/674443973029588992

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

The conversation between Bitcoin developers about the Cablegate upload (encoded in transaction cd9104ce6d385428060d33e1d4843b0cdfc78db2f327116eb4f97d8e177a4d82):

Wikileaks contact info? [quote author=RHorning link=topic=1735.msg26876#msg26876 date=1291501064]
Basically, bring it on. Let’s encourage Wikileaks to use Bitcoins and I’m willing to face any risk or fallout from that act.
No, don’t “bringit on”.
The project needs to grow gradually so the software can be strengthened along the way.
I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.
We have the hashes for genesis block through block 74000 hardcoded (compiled) into bitcoin, so there’s no reason why we shouldn’t be able to automatically download a compressed zipfile of the block database from anywhere,unpack it, verify it, and start running.
The 74000 checkpoint is not enough to protect you, and does nothing if the download is already past 74000. -checkblocks does more, but is still easily defeated. You still must trust the supplier of the zipfile.
uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.
The data is mostly hashes and keys and signatures that are uncompressible.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

This information is enough to prove to anyone that Wikileaks has encoded all their information into multiple blockchains for years. The next question they will ask is how to extract files from the blockchain.

At this point you should explain the process at the fundamental level, in other words, you simply turn the hexadecimal values into binaries. Pointing them to existing libraries or articles online will only confuse them. If they understand this simple fact they will be able to quickly do it themselves.

You should show him/her some examples. Some simple ones are the Bitcoin PDF, the Cablegate 7z file, the Bitcoin developer conversations from June 2013 and any image recently encoded (one example is e2e5b9cf04d93ae5fc1b54e9208b92b668823e014b251f57510e4702661fa1a6).

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Another important step is obtaining the blockchains. They will ask how or attempt to sync their copy of Bitcoin/Namecoin. This can take days in some cases. In order to quickly dive into the data a person can simply download the blk*.dat files directly from a Torrent or can use a copy you provide. It is possible to download blk*.dat files directly by searching for their names directly. Multiple torrents will show up.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Finally, when this person has the blockchain data, remind him/her that the blk*.dat files already contain all the information. They will be able to quickly start analyzing it from the command line. A technically-savvy user should be able to find all the information in Bitcoin/Namecoin in one to two hours using a modern computer.


Date: Tue Jan 24 00:38:05 2017

Some of the results (from an incomplete copy of the blockchain). Note that these are not false positives. I checked most of them and did not find false positives (with the exception of JPG and GZIP which have small headers). You can find the date of a blk.dat file by going here http://web.archive.org/web/*/https://bitcoinstrings.com/blk00500.txt and changing blk**.txt to the blkdat file you want to know the date for (there’s probably an easier way to do this but I don’t know it). If you have a full copy of the blockchain you should help by running all the grep commands on the first post and posting the results. You can run them all at once using multiple tabs in your terminal.

grep -obUaP “\x2d\x2d\x2d\x2d\x2d\x42\x45\x47\x49\x4e\x20\x50\x47\x50” blk*dat
blk00190.dat:99748107:-----BEGIN PGP
blk00229.dat:104125007:-----BEGIN PGP
blk00248.dat:52061234:-----BEGIN PGP
blk00248.dat:52075551:-----BEGIN PGP
blk00249.dat:52385830:-----BEGIN PGP
blk00249.dat:52592631:-----BEGIN PGP
blk00250.dat:58601281:-----BEGIN PGP
blk00250.dat:58617802:-----BEGIN PGP
blk00251.dat:48265743:-----BEGIN PGP
blk00251.dat:48275087:-----BEGIN PGP
blk00270.dat:133231137:-----BEGIN PGP
blk00270.dat:133236475:-----BEGIN PGP
blk00276.dat:63634781:-----BEGIN PGP
blk00277.dat:98628881:-----BEGIN PGP
blk00277.dat:98640781:-----BEGIN PGP
blk00277.dat:127610512:-----BEGIN PGP
blk00345.dat:110960174:-----BEGIN PGP

grep -obUaP “\x53\x49\x47\x4E\x45\x44\x20\x4D\x45\x53\x53\x41\x47\x45\x2D\x2D\x2D\x2D\x2D” blk*dat
blk00248.dat:52061249:SIGNED MESSAGE-----
blk00250.dat:58601296:SIGNED MESSAGE-----
blk00251.dat:48265758:SIGNED MESSAGE-----
blk00270.dat:133231152:SIGNED MESSAGE-----

HTML:
grep -obUaP “\x44\x4f\x43\x54\x59\x50\x45\x20\x68\x74\x6d” blk*dat
blk00190.dat:117499253:DOCTYPE htm
blk00193.dat:76028240:DOCTYPE htm

ZIP files: https://ghostbin.com/paste/r3r78

MP3s: https://ghostbin.com/paste/4f5rd

GZIP files: https://ghostbin.com/paste/n9vz8

JPG images: https://ghostbin.com/paste/3gpsb

PNG images: https://ghostbin.com/paste/uehug

Microsoft files: https://ghostbin.com/paste/8bfu7

MP4s:
grep -obUaP “\x66\x74\x79\x70” blk*dat
blk00074.dat:72637697:ftyp
blk00086.dat:28715509:ftyp
blk00086.dat:57219411:ftyp
blk00089.dat:5562601:ftyp
blk00095.dat:14049706:ftyp
blk00110.dat:17295104:ftyp
blk00145.dat:24758132:ftyp
blk00151.dat:130784689:ftyp
blk00224.dat:117715295:ftyp
blk00381.dat:2578920:ftyp


Date: Wed Jan 25 09:39:56 2017

There is a chain of transactions in the blockchain with a lot of controversial data. If you follow it you can find the Bitcoin paper, the Satoshi uploader/downloader, a leaked key, an illegal prime number, the Cablegate backup and a lot more. There are four GPG files that take place after Cablegate and have not been publicly opened. You can find the passphrases to decrypt them if you scan the entire blockchain but there’s another way to access them if you’re lazy.

To get them convert the hex values in the output scripts to binaries. You can do this from a local copy or from any site that dispalys the data. In November blockchain.info switched some of the data to ‘unable to decode’ but you can still get the information.

This is a script that goes to blockchain.info and converts the output script data to binaries.

http://gateway.glop.me/ipfs/QmWgm4Hy2ybQsUBbFQL2dzXomKmNbjho53JjzRP3dtTAPf/jean.py

$ python jean.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > file1.gpg
$ python jean.py d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635 > file2.gpg
$ python jean.py cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c > file3.gpg
$ python jean.py ee7658b119496dc9ace8d011c36b82f4b69a787399a78f99c5605a6b73d34c69 > file4.gpg

$ gpg --list-packets file*.gpg
:symkey enc packet: version 4, cipher 3, s2k 3, hash 2
salt 43b7a256d8476b18, count 65536 (96)
gpg: CAST5 encrypted data
:encrypted data packet:
length: unknown
gpg: encrypted with 1 passphrase

$ ./trid file*.gpg
100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated) (3001/2)

Here are the files themselves.

http://gateway.glop.me/ipfs/QmQ82rcHp8cvSnzTwpQ2R1cVrFunLeTvsReQ9ac9jjZeDa/file1.gpg
http://gateway.glop.me/ipfs/QmTaeHy4YirGZLekge9FnmbEKF8j1B88i9G1YwMRRkr3pS/file2.gpg
http://gateway.glop.me/ipfs/Qme4tEKxeCv6MYpm7ckbVwXVScYDEJyrwsLkL4WED9ZviV/file3.gpg
http://gateway.glop.me/ipfs/QmUy6dBcz6Mr8YgkSxhma3mce6tX4i9h8R1PgdKS8myW7e/file4.gpg

You can use John the Ripper to get the passphrases. http://openwall.com/john/

Here’s an example.

Make a gpg file with ‘test’ as the password.

$ gpg --output test.gpg --force-mdc --symmetric file

$ ./gpg2john test.gpg > testhash

$ ./john --fork=4 testhash
Using default input encoding: UTF-8
Loaded 1 password hash (gpg, OpenPGP / GnuPG Secret Key [32/64])
Use the “–show” option to display all of the cracked passwords reliably
Session completed

$ ./john --show testhash
?:test

You can run them on file*.gpg but because they don’t have MDC you will get a list of passwords from the cracked hash. One of them works. In order to do this you need to tell john to not stop after the first cracked password by using -keep-guessing. If you have a powerful computer you can make fork=N a bigger number.

$ ./john -keep-guessing --fork=4 gpghash

To print all the passwords you’ve found so far you can do.

f = open(‘john.pot’,‘r’)
lines = f.readlines()
for l in lines:
print l.split(‘:’)[1].rstrip(‘\n’)

$ python printpasses.py
test
another
password

To test them you can use this:

#!/bin/bash
file=$1
candidate=$2

text=$(echo “${candidate}”
gpg --batch --passphrase-fd 0 --decrypt “$file” 2>/dev/null)
| true
if [ ! -z “$text” ]; then
echo “Confirmed Passphrase: "${candidate}"”
fi

$ ./test.sh test.gpg wrong
$ ./test.sh test.gpg test
Confirmed Passphrase: “test”

There are a lot more files after this. Grab it all before the fork the shit out of it.


Misc Collected Code

/*https://www.cryptopp.com/wiki/OPENSSL_EVP_BytesToKey
OpenSSL uses a function called EVP_BytesToKey extensively in its utilities. Its a key derivation algorithm used to digest passwords and pass-phrases into bytes for keying material and other parameters, like initialization vectors. The following can be used to interoperate with OpenSSL's key derivation algorithm. OpenSSL's documentation for the function can be found at EVP_BytesToKey.
Be usre to use the correct hash when enlisting OpenSSL's EVP_BytesToKey. Early versions of EVP_BytesToKey used MD5, and those versions include OpenSSL 1.0.2 and earlier. OpenSSL 1.1.0 and later use SHA-256 as the hash.
Unless you have a specific need, you should not use OPENSSL_EVP_BytesToKey. Rather, you should use a password derivation function like HKDF or PBKDF2.
OPENSSL_EVP_BytesToKey is not part of the Crypto++ library. If you want it, then paste it into a file like misc.h. OPENSSL_EVP_BytesToKey is a header-only definition so you don't need to modify source files. If you want to add it to the library, be sure its in the CryptoPP namespace.
PEM Pack Usage
The PEM Pack uses OPENSSL_EVP_BytesToKey to read and write keys produced by OpenSSL that are password protected. Below is from pem-wr.cpp:
SecByteBlock _key(ksize), _iv(vsize), _salt(vsize);
...

Weak::MD5 md5;
int ret = OPENSSL_EVP_BytesToKey(md5, _salt.data(), _pword, _plen, 1, _key.data(), _key.size(), NULL, 0);
if(ret != static_cast<int>(ksize))
    throw Exception(Exception::OTHER_ERROR, "PEM_CipherForAlgorithm: EVP_BytesToKey failed");*/



// From crypto/evp/evp_key.h. Signature changed a bit to match Crypto++.
int OPENSSL_EVP_BytesToKey(HashTransformation& hash,
                           const unsigned char *salt, const unsigned char* data, int dlen,
                           unsigned int count, unsigned char *key, unsigned int ksize,
                           unsigned char *iv, unsigned int vsize)
{
    unsigned int niv,nkey,nhash;
    unsigned int addmd=0,i;
    
    nkey=ksize;
    niv=vsize;
    nhash=hash.DigestSize();
    
    SecByteBlock digest(hash.DigestSize());
    
    if (data == NULL) return (0);
    
    for (;;)
    {
        hash.Restart();
        
        if(addmd++)
            hash.Update(digest.data(), digest.size());
        
        hash.Update(data, dlen);
        
        if (salt != NULL)
            hash.Update(salt, OPENSSL_PKCS5_SALT_LEN);
        
        hash.TruncatedFinal(digest.data(), digest.size());
        
        for (i=1; i<count; i++)
        {
            hash.Restart();
            hash.Update(digest.data(), digest.size());
            hash.TruncatedFinal(digest.data(), digest.size());
        }
        
        i=0;
        if (nkey)
        {
            for (;;)
            {
                if (nkey == 0) break;
                if (i == nhash) break;
                if (key != NULL)
                    *(key++)=digest[i];
                nkey--;
                i++;
            }
        }
        if (niv && (i != nhash))
        {
            for (;;)
            {
                if (niv == 0) break;
                if (i == nhash) break;
                if (iv != NULL)
                    *(iv++)=digest[i];
                niv--;
                i++;
            }
        }
        if ((nkey == 0) && (niv == 0)) break;
    }
    
    return ksize;
}

using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;

namespace OpenSslCompat
{
    /// <summary>
    /// Derives a key from a password using an OpenSSL-compatible version of the PBKDF1 algorithm.
    /// </summary>
    /// <remarks>
    /// based on the OpenSSL EVP_BytesToKey method for generating key and iv
    /// http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
    /// </remarks>
    public class OpenSslCompatDeriveBytes : DeriveBytes
    {
        private readonly byte[] _data;
        private readonly HashAlgorithm _hash;
        private readonly int _iterations;
        private readonly byte[] _salt;
        private byte[] _currentHash;
        private int _hashListReadIndex;
        private List<byte> _hashList;

        /// <summary>
        /// Initializes a new instance of the <see cref="OpenSslCompat.OpenSslCompatDeriveBytes"/> class specifying the password, key salt, hash name, and iterations to use to derive the key.
        /// </summary>
        /// <param name="password">The password for which to derive the key.</param>
        /// <param name="salt">The key salt to use to derive the key.</param>
        /// <param name="hashName">The name of the hash algorithm for the operation. (e.g. MD5 or SHA1)</param>
        /// <param name="iterations">The number of iterations for the operation.</param>
        public OpenSslCompatDeriveBytes(string password, byte[] salt, string hashName, int iterations)
            : this(new UTF8Encoding(false).GetBytes(password), salt, hashName, iterations)
        {
        }

        /// <summary>
        /// Initializes a new instance of the <see cref="OpenSslCompat.OpenSslCompatDeriveBytes"/> class specifying the password, key salt, hash name, and iterations to use to derive the key.
        /// </summary>
        /// <param name="password">The password for which to derive the key.</param>
        /// <param name="salt">The key salt to use to derive the key.</param>
        /// <param name="hashName">The name of the hash algorithm for the operation. (e.g. MD5 or SHA1)</param>
        /// <param name="iterations">The number of iterations for the operation.</param>
        public OpenSslCompatDeriveBytes(byte[] password, byte[] salt, string hashName, int iterations)
        {
            if (iterations <= 0)
                throw new ArgumentOutOfRangeException("iterations", iterations, "iterations is out of range. Positive number required");

            _data = password;
            _salt = salt;
            _hash = HashAlgorithm.Create(hashName);
            _iterations = iterations;
        }

        /// <summary>
        /// Returns a pseudo-random key from a password, salt and iteration count.
        /// </summary>
        /// <param name="cb">The number of pseudo-random key bytes to generate.</param>
        /// <returns>A byte array filled with pseudo-random key bytes.</returns>
        public override byte[] GetBytes(int cb)
        {
            if (cb <= 0)
                throw new ArgumentOutOfRangeException("cb", cb, "cb is out of range. Positive number required.");

            if (_currentHash == null)
            {
                _hashList = new List<byte>();
                _currentHash = new byte[0];
                _hashListReadIndex = 0;

                int preHashLength = _data.Length + ((_salt != null) ? _salt.Length : 0);
                var preHash = new byte[preHashLength];

                Buffer.BlockCopy(_data, 0, preHash, 0, _data.Length);
                if (_salt != null)
                    Buffer.BlockCopy(_salt, 0, preHash, _data.Length, _salt.Length);

                _currentHash = _hash.ComputeHash(preHash);

                for (int i = 1; i < _iterations; i++)
                {
                    _currentHash = _hash.ComputeHash(_currentHash);
                }

                _hashList.AddRange(_currentHash);
            }

            while (_hashList.Count < (cb + _hashListReadIndex))
            {
                int preHashLength = _currentHash.Length + _data.Length + ((_salt != null) ? _salt.Length : 0);
                var preHash = new byte[preHashLength];

                Buffer.BlockCopy(_currentHash, 0, preHash, 0, _currentHash.Length);
                Buffer.BlockCopy(_data, 0, preHash, _currentHash.Length, _data.Length);
                if (_salt != null)
                    Buffer.BlockCopy(_salt, 0, preHash, _currentHash.Length + _data.Length, _salt.Length);

                _currentHash = _hash.ComputeHash(preHash);

                for (int i = 1; i < _iterations; i++)
                {
                    _currentHash = _hash.ComputeHash(_currentHash);
                }

                _hashList.AddRange(_currentHash);
            }

            byte[] dst = new byte[cb];
            _hashList.CopyTo(_hashListReadIndex, dst, 0, cb);
            _hashListReadIndex += cb;

            return dst;
        }

        /// <summary>
        /// Resets the state of the operation.
        /// </summary>
        public override void Reset()
        {
            _hashListReadIndex = 0;
            _currentHash = null;
            _hashList = null;
        }
    }
}
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.List;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.bouncycastle.util.encoders.Base64;

/**
 * Class created for StackOverflow by owlstead.
 * This is open source, you are free to copy and use for any purpose.
 */
public class OpenSSLDecryptor {
    private static final Charset ASCII = Charset.forName("ASCII");
    private static final int INDEX_KEY = 0;
    private static final int INDEX_IV = 1;
    private static final int ITERATIONS = 1;

    private static final int ARG_INDEX_FILENAME = 0;
    private static final int ARG_INDEX_PASSWORD = 1;

    private static final int SALT_OFFSET = 8;
    private static final int SALT_SIZE = 8;
    private static final int CIPHERTEXT_OFFSET = SALT_OFFSET + SALT_SIZE;

    private static final int KEY_SIZE_BITS = 256;

    /**
     * Thanks go to Ola Bini for releasing this source on his blog.
     * The source was obtained from <a href="http://olabini.com/blog/tag/evp_bytestokey/">here</a> .
     */
    public static byte[][] EVP_BytesToKey(int key_len, int iv_len, MessageDigest md,
            byte[] salt, byte[] data, int count) {
        byte[][] both = new byte[2][];
        byte[] key = new byte[key_len];
        int key_ix = 0;
        byte[] iv = new byte[iv_len];
        int iv_ix = 0;
        both[0] = key;
        both[1] = iv;
        byte[] md_buf = null;
        int nkey = key_len;
        int niv = iv_len;
        int i = 0;
        if (data == null) {
            return both;
        }
        int addmd = 0;
        for (;;) {
            md.reset();
            if (addmd++ > 0) {
                md.update(md_buf);
            }
            md.update(data);
            if (null != salt) {
                md.update(salt, 0, 8);
            }
            md_buf = md.digest();
            for (i = 1; i < count; i++) {
                md.reset();
                md.update(md_buf);
                md_buf = md.digest();
            }
            i = 0;
            if (nkey > 0) {
                for (;;) {
                    if (nkey == 0)
                        break;
                    if (i == md_buf.length)
                        break;
                    key[key_ix++] = md_buf[i];
                    nkey--;
                    i++;
                }
            }
            if (niv > 0 && i != md_buf.length) {
                for (;;) {
                    if (niv == 0)
                        break;
                    if (i == md_buf.length)
                        break;
                    iv[iv_ix++] = md_buf[i];
                    niv--;
                    i++;
                }
            }
            if (nkey == 0 && niv == 0) {
                break;
            }
        }
        for (i = 0; i < md_buf.length; i++) {
            md_buf[i] = 0;
        }
        return both;
    }


    public static void main(String[] args) {
        try {
            // --- read base 64 encoded file ---

            File f = new File(args[ARG_INDEX_FILENAME]);
            List<String> lines = Files.readAllLines(f.toPath(), ASCII);
            StringBuilder sb = new StringBuilder();
            for (String line : lines) {
                sb.append(line.trim());
            }
            String dataBase64 = sb.toString();
            byte[] headerSaltAndCipherText = Base64.decode(dataBase64);

            // --- extract salt & encrypted ---

            // header is "Salted__", ASCII encoded, if salt is being used (the default)
            byte[] salt = Arrays.copyOfRange(
                    headerSaltAndCipherText, SALT_OFFSET, SALT_OFFSET + SALT_SIZE);
            byte[] encrypted = Arrays.copyOfRange(
                    headerSaltAndCipherText, CIPHERTEXT_OFFSET, headerSaltAndCipherText.length);

            // --- specify cipher and digest for EVP_BytesToKey method ---

            Cipher aesCBC = Cipher.getInstance("AES/CBC/PKCS5Padding");
            MessageDigest md5 = MessageDigest.getInstance("MD5");

            // --- create key and IV  ---

            // the IV is useless, OpenSSL might as well have use zero's
            final byte[][] keyAndIV = EVP_BytesToKey(
                    KEY_SIZE_BITS / Byte.SIZE,
                    aesCBC.getBlockSize(),
                    md5,
                    salt,
                    args[ARG_INDEX_PASSWORD].getBytes(ASCII),
                    ITERATIONS);
            SecretKeySpec key = new SecretKeySpec(keyAndIV[INDEX_KEY], "AES");
            IvParameterSpec iv = new IvParameterSpec(keyAndIV[INDEX_IV]);

            // --- initialize cipher instance and decrypt ---

            aesCBC.init(Cipher.DECRYPT_MODE, key, iv);
            byte[] decrypted = aesCBC.doFinal(encrypted);

            String answer = new String(decrypted, ASCII);
            System.out.println(answer);
        } catch (BadPaddingException e) {
            // AKA "something went wrong"
            throw new IllegalStateException(
                    "Bad password, algorithm, mode or padding;" +
                    " no salt, wrong number of iterations or corrupted ciphertext.");
        } catch (IllegalBlockSizeException e) {
            throw new IllegalStateException(
                    "Bad algorithm, mode or corrupted (resized) ciphertext.");
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

}

var md5 = require('create-hash/md5')
module.exports = EVP_BytesToKey
function EVP_BytesToKey (password, salt, keyLen, ivLen) {
  if (!Buffer.isBuffer(password)) {
    password = new Buffer(password, 'binary')
  }
  if (salt && !Buffer.isBuffer(salt)) {
    salt = new Buffer(salt, 'binary')
  }
  keyLen = keyLen / 8
  ivLen = ivLen || 0
  var ki = 0
  var ii = 0
  var key = new Buffer(keyLen)
  var iv = new Buffer(ivLen)
  var addmd = 0
  var md_buf
  var i
  var bufs = []
  while (true) {
    if (addmd++ > 0) {
      bufs.push(md_buf)
    }
    bufs.push(password)
    if (salt) {
      bufs.push(salt)
    }
    md_buf = md5(Buffer.concat(bufs))
    bufs = []
    i = 0
    if (keyLen > 0) {
      while (true) {
        if (keyLen === 0) {
          break
        }
        if (i === md_buf.length) {
          break
        }
        key[ki++] = md_buf[i]
        keyLen--
        i++
      }
    }
    if (ivLen > 0 && i !== md_buf.length) {
      while (true) {
        if (ivLen === 0) {
          break
        }
        if (i === md_buf.length) {
          break
        }
        iv[ii++] = md_buf[i]
        ivLen--
        i++
      }
    }
    if (keyLen === 0 && ivLen === 0) {
      break
    }
  }
  for (i = 0; i < md_buf.length; i++) {
    md_buf[i] = 0
  }
  return {
    key: key,
    iv: iv
  }
}

import hashlib, binascii
from passlib.utils.pbkdf2 import pbkdf1

def hasher(algo, data):
    hashes = {'md5': hashlib.md5, 'sha256': hashlib.sha256,
    'sha512': hashlib.sha512}
    h = hashes[algo]()
    h.update(data)

    return h.digest()

# pwd and salt must be bytes objects
def openssl_kdf(algo, pwd, salt, key_size, iv_size):
    if algo == 'md5':
        temp = pbkdf1(pwd, salt, 1, 16, 'md5')
    else:
        temp = b''

    fd = temp    
    while len(fd) < key_size + iv_size:
        temp = hasher(algo, temp + pwd + salt)
        fd += temp

    key = fd[0:key_size]
    iv = fd[key_size:key_size+iv_size]

    print('salt=' + binascii.hexlify(salt).decode('ascii').upper())
    print('key=' + binascii.hexlify(key).decode('ascii').upper())
    print('iv=' + binascii.hexlify(iv).decode('ascii').upper())

    return key, iv

#openssl_kdf('md5', b'test', b'\xF6\x81\x8C\xAE\x13\x18\x72\xBD', 32, 16)
# generates the same output as:
#openssl enc -aes-256-cbc -P -pass pass:test -S F6818CAE131872BD 

#openssl_kdf('sha256', b'test', b'\xF6\x81\x8C\xAE\x13\x18\x72\xBD', 32, 16)
#generates the same output as:
#openssl enc -aes-256-cbc -P -pass pass:test -S F6818CAE131872BD -md SHA256
#http://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase/29139

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
#endif
#include <ctype.h>

#undef SIZE
#undef BSIZE
#define SIZE    (512)
#define BSIZE   (8*1024)

static int set_hex(char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);

typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_LIST,
    OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
    OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
    OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
    OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER
} OPTION_CHOICE;

const OPTIONS enc_options[] = {
    {"help", OPT_HELP, '-', "Display this summary"},
    {"ciphers", OPT_LIST, '-', "List ciphers"},
    {"in", OPT_IN, '<', "Input file"},
    {"out", OPT_OUT, '>', "Output file"},
    {"pass", OPT_PASS, 's', "Passphrase source"},
    {"e", OPT_E, '-', "Encrypt"},
    {"d", OPT_D, '-', "Decrypt"},
    {"p", OPT_P, '-', "Print the iv/key"},
    {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
    {"v", OPT_V, '-', "Verbose output"},
    {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
    {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
    {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
    {"debug", OPT_DEBUG, '-', "Print debug info"},
    {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
    {"base64", OPT_A, '-', "Same as option -a"},
    {"A", OPT_UPPER_A, '-',
     "Used with -[base64|a] to specify base64 buffer as a single line"},
    {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
    {"k", OPT_K, 's', "Passphrase"},
    {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
    {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
    {"S", OPT_UPPER_S, 's', "Salt, in hex"},
    {"iv", OPT_IV, 's', "IV in hex"},
    {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
    {"none", OPT_NONE, '-', "Don't encrypt"},
    {"", OPT_CIPHER, '-', "Any supported cipher"},
#ifdef ZLIB
    {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
    {NULL}
};

int enc_main(int argc, char **argv)
{
    static char buf[128];
    static const char magic[] = "Salted__";
    ENGINE *e = NULL;
    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
        NULL, *wbio = NULL;
    EVP_CIPHER_CTX *ctx = NULL;
    const EVP_CIPHER *cipher = NULL, *c;
    const EVP_MD *dgst = NULL;
    char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
    char *infile = NULL, *outfile = NULL, *prog;
    char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
    char mbuf[sizeof magic - 1];
    OPTION_CHOICE o;
    int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
    int enc = 1, printkey = 0, i, k;
    int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
    int ret = 1, inl, nopad = 0;
    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
    unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
    long n;
#ifdef ZLIB
    int do_zlib = 0;
    BIO *bzl = NULL;
#endif

    /* first check the program name */
    prog = opt_progname(argv[0]);
    if (strcmp(prog, "base64") == 0)
        base64 = 1;
#ifdef ZLIB
    else if (strcmp(prog, "zlib") == 0)
        do_zlib = 1;
#endif
    else {
        cipher = EVP_get_cipherbyname(prog);
        if (cipher == NULL && strcmp(prog, "enc") != 0) {
            BIO_printf(bio_err, "%s is not a known cipher\n", prog);
            goto end;
        }
    }

    prog = opt_init(argc, argv, enc_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
 opthelp:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            opt_help(enc_options);
            ret = 0;
            goto end;
        case OPT_LIST:
            BIO_printf(bio_err, "Supported ciphers:\n");
            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
                                   show_ciphers, bio_err);
            BIO_printf(bio_err, "\n");
            goto end;
        case OPT_E:
            enc = 1;
            break;
        case OPT_IN:
            infile = opt_arg();
            break;
        case OPT_OUT:
            outfile = opt_arg();
            break;
        case OPT_PASS:
            passarg = opt_arg();
            break;
        case OPT_ENGINE:
            e = setup_engine(opt_arg(), 0);
            break;
        case OPT_D:
            enc = 0;
            break;
        case OPT_P:
            printkey = 1;
            break;
        case OPT_V:
            verbose = 1;
            break;
        case OPT_NOPAD:
            nopad = 1;
            break;
        case OPT_SALT:
            nosalt = 0;
            break;
        case OPT_NOSALT:
            nosalt = 1;
            break;
        case OPT_DEBUG:
            debug = 1;
            break;
        case OPT_UPPER_P:
            printkey = 2;
            break;
        case OPT_UPPER_A:
            olb64 = 1;
            break;
        case OPT_A:
            base64 = 1;
            break;
        case OPT_Z:
#ifdef ZLIB
            do_zlib = 1;
#endif
            break;
        case OPT_BUFSIZE:
            p = opt_arg();
            i = (int)strlen(p) - 1;
            k = i >= 1 && p[i] == 'k';
            if (k)
                p[i] = '\0';
            if (!opt_long(opt_arg(), &n)
                    || n < 0 || (k && n >= LONG_MAX / 1024))
                goto opthelp;
            if (k)
                n *= 1024;
            bsize = (int)n;
            break;
        case OPT_K:
            str = opt_arg();
            break;
        case OPT_KFILE:
            in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
            if (in == NULL)
                goto opthelp;
            i = BIO_gets(in, buf, sizeof buf);
            BIO_free(in);
            in = NULL;
            if (i <= 0) {
                BIO_printf(bio_err,
                           "%s Can't read key from %s\n", prog, opt_arg());
                goto opthelp;
            }
            while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
                buf[i] = '\0';
            if (i <= 0) {
                BIO_printf(bio_err, "%s: zero length password\n", prog);
                goto opthelp;
            }
            str = buf;
            break;
        case OPT_UPPER_K:
            hkey = opt_arg();
            break;
        case OPT_UPPER_S:
            hsalt = opt_arg();
            break;
        case OPT_IV:
            hiv = opt_arg();
            break;
        case OPT_MD:
            if (!opt_md(opt_arg(), &dgst))
                goto opthelp;
            break;
        case OPT_CIPHER:
            if (!opt_cipher(opt_unknown(), &c))
                goto opthelp;
            cipher = c;
            break;
        case OPT_NONE:
            cipher = NULL;
            break;
        }
    }

    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
        BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
        goto end;
    }

    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
        BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
        goto end;
    }

    if (dgst == NULL)
        dgst = EVP_sha256();

    /* It must be large enough for a base64 encoded line */
    if (base64 && bsize < 80)
        bsize = 80;
    if (verbose)
        BIO_printf(bio_err, "bufsize=%d\n", bsize);

#ifdef ZLIB
    if (!do_zlib)
#endif
        if (base64) {
            if (enc)
                outformat = FORMAT_BASE64;
            else
                informat = FORMAT_BASE64;
        }

    strbuf = app_malloc(SIZE, "strbuf");
    buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");

    if (infile == NULL) {
        unbuffer(stdin);
        in = dup_bio_in(informat);
    } else
        in = bio_open_default(infile, 'r', informat);
    if (in == NULL)
        goto end;

    if (!str && passarg) {
        if (!app_passwd(passarg, NULL, &pass, NULL)) {
            BIO_printf(bio_err, "Error getting password\n");
            goto end;
        }
        str = pass;
    }

    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
        if (1) {
#ifndef OPENSSL_NO_UI
            for (;;) {
                char prompt[200];

                BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:",
                             OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
                             (enc) ? "encryption" : "decryption");
                strbuf[0] = '\0';
                i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
                if (i == 0) {
                    if (strbuf[0] == '\0') {
                        ret = 1;
                        goto end;
                    }
                    str = strbuf;
                    break;
                }
                if (i < 0) {
                    BIO_printf(bio_err, "bad password read\n");
                    goto end;
                }
            }
        } else {
#endif
            BIO_printf(bio_err, "password required\n");
            goto end;
        }
    }

    out = bio_open_default(outfile, 'w', outformat);
    if (out == NULL)
        goto end;

    if (debug) {
        BIO_set_callback(in, BIO_debug_callback);
        BIO_set_callback(out, BIO_debug_callback);
        BIO_set_callback_arg(in, (char *)bio_err);
        BIO_set_callback_arg(out, (char *)bio_err);
    }

    rbio = in;
    wbio = out;

#ifdef ZLIB
    if (do_zlib) {
        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
            goto end;
        if (debug) {
            BIO_set_callback(bzl, BIO_debug_callback);
            BIO_set_callback_arg(bzl, (char *)bio_err);
        }
        if (enc)
            wbio = BIO_push(bzl, wbio);
        else
            rbio = BIO_push(bzl, rbio);
    }
#endif

    if (base64) {
        if ((b64 = BIO_new(BIO_f_base64())) == NULL)
            goto end;
        if (debug) {
            BIO_set_callback(b64, BIO_debug_callback);
            BIO_set_callback_arg(b64, (char *)bio_err);
        }
        if (olb64)
            BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
        if (enc)
            wbio = BIO_push(b64, wbio);
        else
            rbio = BIO_push(b64, rbio);
    }

    if (cipher != NULL) {
        /*
         * Note that str is NULL if a key was passed on the command line, so
         * we get no salt in that case. Is this a bug?
         */
        if (str != NULL) {
            /*
             * Salt handling: if encrypting generate a salt and write to
             * output BIO. If decrypting read salt from input BIO.
             */
            unsigned char *sptr;
            size_t str_len = strlen(str);

            if (nosalt)
                sptr = NULL;
            else {
                if (enc) {
                    if (hsalt) {
                        if (!set_hex(hsalt, salt, sizeof salt)) {
                            BIO_printf(bio_err, "invalid hex salt value\n");
                            goto end;
                        }
                    } else if (RAND_bytes(salt, sizeof salt) <= 0)
                        goto end;
                    /*
                     * If -P option then don't bother writing
                     */
                    if ((printkey != 2)
                        && (BIO_write(wbio, magic,
                                      sizeof magic - 1) != sizeof magic - 1
                            || BIO_write(wbio,
                                         (char *)salt,
                                         sizeof salt) != sizeof salt)) {
                        BIO_printf(bio_err, "error writing output file\n");
                        goto end;
                    }
                } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
                           || BIO_read(rbio,
                                       (unsigned char *)salt,
                                       sizeof salt) != sizeof salt) {
                    BIO_printf(bio_err, "error reading input file\n");
                    goto end;
                } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
                    BIO_printf(bio_err, "bad magic number\n");
                    goto end;
                }

                sptr = salt;
            }

            if (!EVP_BytesToKey(cipher, dgst, sptr,
                                (unsigned char *)str,
                                str_len, 1, key, iv)) {
                BIO_printf(bio_err, "EVP_BytesToKey failed\n");
                goto end;
            }
            /*
             * zero the complete buffer or the string passed from the command
             * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
             */
            if (str == strbuf)
                OPENSSL_cleanse(str, SIZE);
            else
                OPENSSL_cleanse(str, str_len);
        }
        if (hiv != NULL) {
            int siz = EVP_CIPHER_iv_length(cipher);
            if (siz == 0) {
                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
            } else if (!set_hex(hiv, iv, sizeof iv)) {
                BIO_printf(bio_err, "invalid hex iv value\n");
                goto end;
            }
        }
        if ((hiv == NULL) && (str == NULL)
            && EVP_CIPHER_iv_length(cipher) != 0) {
            /*
             * No IV was explicitly set and no IV was generated during
             * EVP_BytesToKey. Hence the IV is undefined, making correct
             * decryption impossible.
             */
            BIO_printf(bio_err, "iv undefined\n");
            goto end;
        }
        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
            BIO_printf(bio_err, "invalid hex key value\n");
            goto end;
        }

        if ((benc = BIO_new(BIO_f_cipher())) == NULL)
            goto end;

        /*
         * Since we may be changing parameters work on the encryption context
         * rather than calling BIO_set_cipher().
         */

        BIO_get_cipher_ctx(benc, &ctx);

        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
            BIO_printf(bio_err, "Error setting cipher %s\n",
                       EVP_CIPHER_name(cipher));
            ERR_print_errors(bio_err);
            goto end;
        }

        if (nopad)
            EVP_CIPHER_CTX_set_padding(ctx, 0);

        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
            BIO_printf(bio_err, "Error setting cipher %s\n",
                       EVP_CIPHER_name(cipher));
            ERR_print_errors(bio_err);
            goto end;
        }

        if (debug) {
            BIO_set_callback(benc, BIO_debug_callback);
            BIO_set_callback_arg(benc, (char *)bio_err);
        }

        if (printkey) {
            if (!nosalt) {
                printf("salt=");
                for (i = 0; i < (int)sizeof(salt); i++)
                    printf("%02X", salt[i]);
                printf("\n");
            }
            if (EVP_CIPHER_key_length(cipher) > 0) {
                printf("key=");
                for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
                    printf("%02X", key[i]);
                printf("\n");
            }
            if (EVP_CIPHER_iv_length(cipher) > 0) {
                printf("iv =");
                for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
                    printf("%02X", iv[i]);
                printf("\n");
            }
            if (printkey == 2) {
                ret = 0;
                goto end;
            }
        }
    }

    /* Only encrypt/decrypt as we write the file */
    if (benc != NULL)
        wbio = BIO_push(benc, wbio);

    for (;;) {
        inl = BIO_read(rbio, (char *)buff, bsize);
        if (inl <= 0)
            break;
        if (BIO_write(wbio, (char *)buff, inl) != inl) {
            BIO_printf(bio_err, "error writing output file\n");
            goto end;
        }
    }
    if (!BIO_flush(wbio)) {
        BIO_printf(bio_err, "bad decrypt\n");
        goto end;
    }

    ret = 0;
    if (verbose) {
        BIO_printf(bio_err, "bytes read   :%8"PRIu64"\n", BIO_number_read(in));
        BIO_printf(bio_err, "bytes written:%8"PRIu64"\n", BIO_number_written(out));
    }
 end:
    ERR_print_errors(bio_err);
    OPENSSL_free(strbuf);
    OPENSSL_free(buff);
    BIO_free(in);
    BIO_free_all(out);
    BIO_free(benc);
    BIO_free(b64);
#ifdef ZLIB
    BIO_free(bzl);
#endif
    release_engine(e);
    OPENSSL_free(pass);
    return (ret);
}

static void show_ciphers(const OBJ_NAME *name, void *bio_)
{
    BIO *bio = bio_;
    static int n;

    if (!islower((unsigned char)*name->name))
        return;

    BIO_printf(bio, "-%-25s", name->name);
    if (++n == 3) {
        BIO_printf(bio, "\n");
        n = 0;
    } else
        BIO_printf(bio, " ");
}

static int set_hex(char *in, unsigned char *out, int size)
{
    int i, n;
    unsigned char j;

    n = strlen(in);
    if (n > (size * 2)) {
        BIO_printf(bio_err, "hex string is too long\n");
        return (0);
    }
    memset(out, 0, size);
    for (i = 0; i < n; i++) {
        j = (unsigned char)*in;
        *(in++) = '\0';
        if (j == 0)
            break;
        if (!isxdigit(j)) {
            BIO_printf(bio_err, "non-hex digit\n");
            return (0);
        }
        j = (unsigned char)OPENSSL_hexchar2int(j);
        if (i & 1)
            out[i / 2] |= j;
        else
            out[i / 2] = (j << 4);
    }
    return (1);
}

from sys import exit, argv
from os import system
from pycoin.services.blockchain_info import spendables_for_address
from pycoin.tx import script, Tx
from pycoin.tx.tx_utils import sign_tx
from pycoin.tx.TxOut import TxOut, standard_tx_out_script
from binascii import hexlify

## This is the address and key you generated before
bitcoin_address = "ADDRESS"
bitcoin_private_key = "PRIVATE_KEY"

## The fee that will be given to the miner in bitcoin
bitcoin_fee = 10000 # In satoshis

## Get the message
if(len(argv) is not 2):
    exit("usage: python3 send-op-return.py \"MESSAGE\"")
raw_message = argv[1]
if(len(raw_message) > 80):
    exit("Message must be 80 characters or less")
message = hexlify(raw_message.encode()).decode('utf8')

## Get the spendable outputs we are going to use to pay the fee
spendables = spendables_for_address(bitcoin_address)
bitcoin_sum = sum(spendable.coin_value for spendable in spendables)
if(bitcoin_sum < bitcoin_fee):
    exit("Not enough satoshis to cover the fee. found: {sum} need: {fee}"
    .format(sum=bitcoin_sum,fee=bitcoin_fee))

## Create the inputs we are going to use
inputs = [spendable.tx_in() for spendable in spendables]

## If we will have change left over create an output to send it back
outputs = []
if (bitcoin_sum > bitcoin_fee):
    change_output_script = standard_tx_out_script(bitcoin_address)
    outputs.append(TxOut(bitcoin_sum - bitcoin_fee, change_output_script))

## Build the OP_RETURN output with our message
op_return_output_script = script.tools.compile("OP_RETURN %s" % message)
outputs.append(TxOut(0, op_return_output_script))

## Create the transaction and sign it with the private key
tx = Tx(version=1, txs_in=inputs, txs_out=outputs)
tx.set_unspents(spendables)
signed_tx = sign_tx(tx, wifs=[bitcoin_private_key])

## Send the signed transaction to the network through bitcoind
## Note: that os.system() prints the response for us
system("bitcoin-cli sendrawtransaction %s" % tx.as_hex())
import sys
import urllib2  
import commands 
import struct
from binascii import unhexlify, crc32

# usage, python script.py address
addr = str(sys.argv[1])

def txdecode(transaction):

    data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true") 
    dataout = b''
    atoutput = False

    for line in data:
            if 'Output Scripts' in line:
                atoutput = True
            if '</table>' in line:
                atoutput = False
            if atoutput:
                if len(line) > 100:
                    chunks = line.split(' ')
                    for c in chunks:
                        if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                            dataout += unhexlify(c.encode('utf8'))

    length = struct.unpack('<L', dataout[0:4])[0]
    checksum = struct.unpack('<L', dataout[4:8])[0]
    dataout = dataout[8:8+length]

    return dataout

print 'Reading '+addr+"'s transactions..."
offset = 0
startatpage = 0 #17
offset = startatpage*50
data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0") 

pagecalc = offset/50
if pagecalc == 0:
    pagecalc = 1

page = pagecalc
files = 0
keep_reading = True
tx_list = []
f = open('dataout/'+addr+"_tx_list.txt", 'w')

while (keep_reading):
    tx_exist = False

    if keep_reading:
        print 'Page', page, '...'
        data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0") 
    for line in data:
        chunks = line.split('><')
        if 'hash-link' in line:
            tx_exist = True
            ll = chunks[4].split(' ')
            lll = ll[2][10:10+64]

            date1 = ll[4].split('>')[1]
            date2 = ll[5].split('<')[0]
            print date1, date2

            print lll
            f.write(str(lll)+'\n')
            
            decoded_data = txdecode(str(lll))
            fd = open('dataout/'+str(lll),"wb")
            fd.write(decoded_data)
            fd.close()

            status, output = commands.getstatusoutput("dataout/trid dataout/"+str(lll))
            if 'Unknown!' not in output:

                ff = open('dataout/'+addr+"_file_tx_list.txt", 'a')
                files += 1
                outputlines = output.split('\n')
                for i in range(6,len(outputlines)):
                    print outputlines[i]
                ff.write(str(lll)+' '+outputlines[6]+' '+date1+' '+date2+'\n')
                ff.close()

    page += 1
    offset += 50
    if tx_exist == False:
        keep_reading = False

print len(tx_list), 'transactions found'
print files, 'file headers found'
print 'List saved in file', addr+"_tx_list.txt"
print 'Txs with file headers saved in', addr+"_file_tx_list.txt"
f.close()
import sys
import urllib2  
import commands 
import struct
from binascii import unhexlify, crc32

# usage, python script.py address
addr = str(sys.argv[1])

def txdecode(transaction):

    data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true") 
    dataout = b''
    atoutput = False

    for line in data:
            if 'Output Scripts' in line:
                atoutput = True
            if '</table>' in line:
                atoutput = False
            if atoutput:
                if len(line) > 100:
                    chunks = line.split(' ')
                    for c in chunks:
                        if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                            dataout += unhexlify(c.encode('utf8'))

    length = struct.unpack('<L', dataout[0:4])[0]
    checksum = struct.unpack('<L', dataout[4:8])[0]
    dataout = dataout[8:8+length]

    return dataout

print 'Reading '+addr+"'s transactions..."
offset = 0
startatpage = 0 #17
offset = startatpage*50
data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0") 

pagecalc = offset/50
if pagecalc == 0:
    pagecalc = 1

page = pagecalc
files = 0
keep_reading = True
tx_list = []
f = open('dataout/'+addr+"_tx_list.txt", 'w')

while (keep_reading):
    tx_exist = False

    if keep_reading:
        print 'Page', page, '...'
        data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0") 
    for line in data:
        chunks = line.split('><')
        if 'hash-link' in line:
            tx_exist = True
            ll = chunks[4].split(' ')
            #print 'll', len(ll)
            if len(ll) == 1:
                continue
            #print ll
            #print 'll2', len(ll[2])
            lll = ll[2][10:10+64]

            date1 = ll[4].split('>')[1]
            date2 = ll[5].split('<')[0]
            print date1, date2

            print lll
            f.write(str(lll)+'\n')
            
            decoded_data = txdecode(str(lll))
            fd = open('dataout/'+str(lll),"wb")
            fd.write(decoded_data)
            fd.close()

            status, output = commands.getstatusoutput("dataout/trid dataout/"+str(lll))
            if 'Unknown!' not in output:

                ff = open('dataout/'+addr+"_file_tx_list.txt", 'a')
                files += 1
                outputlines = output.split('\n')
                for i in range(6,len(outputlines)):
                    print outputlines[i]
                ff.write(str(lll)+' '+outputlines[6]+' '+date1+' '+date2+'\n')
                ff.close()

    page += 1
    offset += 50
    if tx_exist == False:
        keep_reading = False

print len(tx_list), 'transactions found'
print files, 'file headers found'
print 'List saved in file', addr+"_tx_list.txt"
print 'Txs with file headers saved in', addr+"_file_tx_list.txt"
f.close()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# File insertion tool for Bitcoin
# Requires git://github.com/jgarzik/python-bitcoinrpc.git
#
# (c) 2013 Satoshi Nakamoto All Rights Reserved
#
# UNAUTHORIZED DUPLICATION AND/OR USAGE OF THIS PROGRAM IS PROHIBITED BY US AND INTERNATIONAL COPYRIGHT LAW

import io
import jsonrpc
import os
import random
import struct
import sys
from binascii import crc32,hexlify,unhexlify
from decimal import Decimal

if len(sys.argv) < 5:
    print("Usage: %s <file> <dest addr> <dest amount> {<fee-per-kb>} Set BTCRPCURL=http://user:pass@localhost:portnum")
    sys.exit()

COIN = 100000000

def unhexstr(str):
    return unhexlify(str.encode('utf8'))

#proxy = jsonrpc.ServiceProxy(os.environ['BTCRPCURL'])

def select_txins(value):
    #unspent = list(proxy.listunspent()) #HACK #TODO: replicate listunspent
    #unspent = [101, 101, 101] #HACK
    #random.shuffle(unspent) #HACK

    r = []
    total = 0
    for tx in range(10):#unspent: #HACK
        total += 101#tx['amount'] #HACK
        r.append(tx)

        if total >= value:
            break

    if total < value:
        return None
    else:
        return (r, total)

def varint(n):
    if n < 0xfd:
        return bytes([n])
    elif n < 0xffff:
        return b'\xfd' + struct.pack('<H',n)
    else:
        assert False

def packtxin(prevout, scriptSig, seq=0xffffffff):

    print prevout[0][::-1] 
    print struct.pack('<L',prevout[1])
    print prevout[0][::-1] + struct.pack('<L',prevout[1])

    print struct.pack('<L',prevout[1])
    print varint(len(scriptSig))
    print scriptSig
    print struct.pack('<L', seq)
    return prevout[0][::-1] + struct.pack('<L',prevout[1]) + varint(len(scriptSig)) + scriptSig + struct.pack('<L', seq)

def packtxout(value, scriptPubKey):
    return struct.pack('<Q',int(value*COIN)) + varint(len(scriptPubKey)) + scriptPubKey

def packtx(txins, txouts, locktime=0):
    r = b'\x01\x00\x00\x00' # version
    r += varint(len(txins))

    for txin in txins:
        vout = 948 #HACK
        txid = [20134930, b'20134930']#HACK
        #r += packtxin((unhexstr(txin['txid']),txin['vout']), b'')
        r += packtxin((txid,vout), b'')

    r += varint(len(txouts))

    for (value, scriptPubKey) in txouts:
        r += packtxout(value, scriptPubKey)

    r += struct.pack('<L', locktime)
    return r

OP_CHECKSIG = b'\xac' #ascii dash w/ line down ¬
OP_CHECKMULTISIG = b'\xae' #ascii reg trademark
OP_PUSHDATA1 = b'\x4c' #ascii upper L
OP_DUP = b'\x76' #ascii lower v
OP_HASH160 = b'\xa9' #ascii copyright symbol
OP_EQUALVERIFY = b'\x88' #ascii e with circumflex ê
def pushdata(data):
    assert len(data) < OP_PUSHDATA1[0]
    return bytes([len(data)]) + data

def pushint(n):
    assert 0 < n <= 16
    return bytes([0x51 + n-1])


def addr2bytes(s):
    digits58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
    n = 0
    for c in s:
        n *= 58
        if c not in digits58:
            raise ValueError
        n += digits58.index(c)

    h = '%x' % n
    if len(h) % 2:
        h = '0' + h

    for c in s:
        if c == digits58[0]:
            h = '00' + h
        else:
            break
    return unhexstr(h)[1:-4] # skip version and checksum

def checkmultisig_scriptPubKey_dump(fd):
    data = fd.read(65*3)
    if not data:
        return None

    r = pushint(1)

    n = 0
    while data:
        chunk = data[0:65]
        data = data[65:]

        if len(chunk) < 33:
            chunk += b'\x00'*(33-len(chunk))
        elif len(chunk) < 65:
            chunk += b'\x00'*(65-len(chunk))

        r += pushdata(chunk)
        n += 1

    r += pushint(n) + OP_CHECKMULTISIG
    return r


(txins, change) = select_txins(0)

txouts = []

data = open(sys.argv[1],'rb').read()
data = struct.pack('<L', len(data)) + struct.pack('<L', crc32(data)) + data
fd = io.BytesIO(data)

while True:
    scriptPubKey = checkmultisig_scriptPubKey_dump(fd)

    if scriptPubKey is None:
        break

    value = Decimal(1/COIN)
    txouts.append((value, scriptPubKey))
    print value
    print scriptPubKey

    change -= value

# dest output
out_value = Decimal(sys.argv[3])
change -= out_value
txouts.append((out_value, OP_DUP + OP_HASH160 + pushdata(addr2bytes(sys.argv[2])) + OP_EQUALVERIFY + OP_CHECKSIG)) # fee,v,copy,#byte,wal,ecirc,linedown

# change output
#change_addr = proxy.getnewaddress()
change_addr = sys.argv[2]
txouts.append([change, OP_DUP + OP_HASH160 + pushdata(addr2bytes(change_addr)) + OP_EQUALVERIFY + OP_CHECKSIG])

#tx = packtx(txins, txouts)

#print tx
#signed_tx = proxy.signrawtransaction(hexlify(tx).decode('utf8'))

FEEPERKB = Decimal(0.001)
try:
    FEEPERKB = Decimal(sys.argv[4])
except IndexError:
    pass
#fee = Decimal(len(signed_tx['hex'])/1000) * FEEPERKB
#change -= fee
#txouts[-1][0] = change

#tx = packtx(txins, txouts)
#print tx
#signed_tx = proxy.signrawtransaction(hexlify(tx).decode('utf8'))
#assert signed_tx['complete']

#print('Size: %d  Fee: %2.8f' % (len(signed_tx['hex'])/2,fee))

#if False:
#print(proxy.sendrawtransaction(signed_tx['hex']))
#else:
#print(signed_tx)

<?php
/* 
originals

$data01 = '304402200b78e195f1eb150a52ade3e1e0c593b2534ed3bf4236de4fedb5c8fe7171f3bf02202d63b6c3bd58aa91183a50afb445561854b4bebb6977500f85e61a75b0aa740301';
$data02 = '3044022073b206116f06c1667d359da366cf3d7a0ad2bb14c7ccc9e872c137b589d42dc6022016440185b5eb2ca5bb84ca6adbcb68434b420160b7c8517e2089f28e7daa97bd01';
$data03 = '3044022069735c3c8eba0eed4762640f83e1139f698521e4fe0a421ad4e2a1b7c24d1e7602206a3d5652f61870d8d4494198f689ccc21ef27572818d55827c7edf53d8dba8cc01';
$data04 = '304402206408391a928ecf44c9b8ee4cf4416ba1a3805141a03547ad77389c28901eb49802205399635e9e4a250f3afd10d5b719652526fbe2b3ec14cffca60016fa4f07041501';
$data05 = '3045022100842a9c266b64634961d1ae8405d8608cc8dc0025d9b60dc1e8eed2643ceb761802202291583129caee5690ac70ce349bb1bb7ba1b016bdd7ffce74c6a0a902f80dc701';
$data06 = '3045022100a2ee9e08eab3b3f4bbb544dfb07d313d95fe9c943e9e33833f5cdb92cd6a3e83022048552c5b183de059ad5cff176e4b4e7560a44b258291ff6e7a24a94333361d2d01';
$data07 = '3045022100a5e4d444bddcc5f6970c209fb8939ff96b18ba1098eb233022ab34a834d26ee90220364320ddd66356a5b25e4cf77f0561e2e44812b950c1581d65c6fc3ecd21c2d401';
$data08 = '3045022100d54e7244a5666143eb7b8cebe2551c026eb2cd58ef23d65ca03a75a9bc0369ce022053dee45d3bc3cb94f140c72a59be5eb8c5173ea91a697603bc331ac5446c52bb01';
$data09 = '3045022100cd9e314cc66bd9c10f1aee42fff530d2ee7cebcd64279d3b1851d017cb19ba510220755f402b4d1e0c58a75ebb6e73f0b6a753805bbc9baf019dae6772cec28ca2c101';
$data0a = '3045022100a3f0a41b56b6be5088f853c0dd1d02c08e5463668834678018c11b834540da600220324d7e6f56e5694cd10e65a94cb58a6fad041e8a1e733d330673bb071b33c96501';
$data0b = '3045022100f25616d3caaebdd2139c64fbf95bd779117cb55da16921033d18e2007c61178502203d1cff644a58016197690a7aef240a6e78324b40463058825cd9833bc67ab74c01';
$data0c = '30440220758eae761e81beda2b14d7850f1ec5810504c3ecfe2837243c2e8f858d7cbb9f022010ec4a77e2de279fe5c90323a85ce842b027f680ca56e02f1572dca9da95e1e201';
$data0d = '3045022100acc8206356bdb5b66691fb64334c10cdfe4dce84900939f404c3dcaf7af2d30f02205fda4b50fee4e55a992b4970d88a4b46724771df216f598dbab3d49b5471241c01';
$data0u = '8d1ec2350813b2a071353e16b41e884647405d3d';

sanitized
$data01 = '0b78e195f1eb150a52ade3e1e0c593b2534ed3bf4236de4fedb5c8fe7171f3bf02202d63b6c3bd58aa91183a50afb445561854b4bebb6977500f85e61a75b0aa7403';
$data02 = '73b206116f06c1667d359da366cf3d7a0ad2bb14c7ccc9e872c137b589d42dc6022016440185b5eb2ca5bb84ca6adbcb68434b420160b7c8517e2089f28e7daa97bd';
$data03 = '69735c3c8eba0eed4762640f83e1139f698521e4fe0a421ad4e2a1b7c24d1e7602206a3d5652f61870d8d4494198f689ccc21ef27572818d55827c7edf53d8dba8cc';
$data04 = '6408391a928ecf44c9b8ee4cf4416ba1a3805141a03547ad77389c28901eb49802205399635e9e4a250f3afd10d5b719652526fbe2b3ec14cffca60016fa4f070415';
$data05 = '842a9c266b64634961d1ae8405d8608cc8dc0025d9b60dc1e8eed2643ceb761802202291583129caee5690ac70ce349bb1bb7ba1b016bdd7ffce74c6a0a902f80dc7';
$data06 = 'a2ee9e08eab3b3f4bbb544dfb07d313d95fe9c943e9e33833f5cdb92cd6a3e83022048552c5b183de059ad5cff176e4b4e7560a44b258291ff6e7a24a94333361d2d';
$data07 = 'a5e4d444bddcc5f6970c209fb8939ff96b18ba1098eb233022ab34a834d26ee90220364320ddd66356a5b25e4cf77f0561e2e44812b950c1581d65c6fc3ecd21c2d4';
$data08 = 'd54e7244a5666143eb7b8cebe2551c026eb2cd58ef23d65ca03a75a9bc0369ce022053dee45d3bc3cb94f140c72a59be5eb8c5173ea91a697603bc331ac5446c52bb';
$data09 = 'cd9e314cc66bd9c10f1aee42fff530d2ee7cebcd64279d3b1851d017cb19ba510220755f402b4d1e0c58a75ebb6e73f0b6a753805bbc9baf019dae6772cec28ca2c1';
$data0a = 'a3f0a41b56b6be5088f853c0dd1d02c08e5463668834678018c11b834540da600220324d7e6f56e5694cd10e65a94cb58a6fad041e8a1e733d330673bb071b33c965';
$data0b = 'f25616d3caaebdd2139c64fbf95bd779117cb55da16921033d18e2007c61178502203d1cff644a58016197690a7aef240a6e78324b40463058825cd9833bc67ab74c';
$data0c = '758eae761e81beda2b14d7850f1ec5810504c3ecfe2837243c2e8f858d7cbb9f022010ec4a77e2de279fe5c90323a85ce842b027f680ca56e02f1572dca9da95e1e2';
$data0d = 'acc8206356bdb5b66691fb64334c10cdfe4dce84900939f404c3dcaf7af2d30f02205fda4b50fee4e55a992b4970d88a4b46724771df216f598dbab3d49b5471241c';
$data0u = '8d1ec2350813b2a071353e16b41e884647405d3d';

383001 tx input scripts
$data01 = '3045022100db85978851fc1c116be5459c024536adf12141b01357f55685d75d5c05ef64f502206af345340bec396d4dad6111a866752e944021f475256a188177e662d67f24be01';
$data02 = '304402203190da1f48c896ae7bac8f61224705590d380d13fb42e8e5cb8b40dc402e512202202e56f86ace2766b6e190f3399288dfbb2b8f099f50177b4ca676e6adb9106cff01';
$data03 = '5221022f9157064fd87af7ca750bd55587fa1e955fca4eb9458a91578d56e4f310d7692103da3216c41dc749f54361aba410e21e2ed1f2a841af0c59d63e0eb5cde304c6a1210383f7dec1f7933de23e5035d4e6fc4c3b159a049b386a85e93d6909e7c9c8ee6d53ae';
$data04 = '30450221009f16c1ea8aac0b85578bd0403f4d45ec4f72dc67088a41eec5499c04d19ebcb002203cf3a26c80ff2bec6e3560e7af8074fb42c7ba69fb71bda0e01878030dbb632f01';
$data05 = '3044022021ce08fd862d3ac97c81411abb800aeb6b52d0293e457869714200d2ea9696a4022076a43f28cdc19d8c9f7183a28b4391f6a65f29f907c125e2b23336a7019eb08d01';
$data06 = '522103f3638776606782bab353e3440c12f1ef337371f214c2788fbf841f7586b5363921028103ae38dd1d662a405fdad68eb8331f1d48108dda4c5dd0b27374c8aa4c7b522103d993afa569fa740912d993d8d1579692dbc11ce4c269d69a3c26b7e9de49368a53ae';
$data07 = '3045022100d1d04bab821b174951a2e533a25c847f3775a637eb1d85fd1d40fd178605d18a022010e6000ee93c18082fd799ac92742b9754a6689b1c84dd43b150e217a567bf2e01';
$data08 = '3045022100abd4c74ee55998dbc2b318a63ceffcba3919e120b003f33377b1bf3576fa79df022028d080761fde957beb8d698db5100089df8f409209c6e6e9e2dc909173291e2d01';
$data09 = '522103b6712a1d0a37216ccfaabe168469a7bf5e8afdd79885642d18bbfc27697870e0210350b7854505779c93f35bbec8493ee4f102773fae9d73717f218479d0dd478bea21038319e8c61248e4a8c6d3f3b13b36051fcd23da530152a2a582874bdbe5e7b1d853ae';
383001 tx ouput scripts
$data01 = '95b5ec02bb4b8387f1979e6abffea76393789b3a';
$data02 = 'a5aebd4e2d7307e62c02db2c1222de587d1daa9d';
$data03 = 'bb6a592554847926e6c11b6c043129cb12c0a94f';
$data04 = '5914d0d63b3707cc7b1a75b5d901b425b1cfcfec';
$data05 = '65d13093ffbe639a7c1cadcd371602b0d3997012';
// ca3044870b86fef3f3e8d559c81368646f8393667cadd1a4fc3eb8b212ac3fbe output
$data01 = '95a80c0499c9027180dfd6a107cc9f5377417e75';
$data02 = 'e9120b09f138f525345a82adfc3ee472e4ebfe9b';
$data03 = '877232c33de55958bd0e419241282d79e7862f0f';
$data04 = 'e8abc4498f7712a77c341438384887f064caf0a2';
$data05 = '43598250c4cc895c815bcb5ec4ef144daf573ba5';
$data06 = '260a3abdbf224ad3e7ea165f9cd9a1f4e7519293';
$data07 = '7566b650244fec26ac97f46a390642c98f41fbc5';
*/
$data01 = '9726d786f9431c1edafad4234fed65b2d7e28df3';
$data02 = '35023e820869d6ce25867bd981ccdca18308f1a1';

$hexchars = array();
$binchars = array();
$vararray = array();
array_push($vararray, "data01", "data02");
//, "data03", "data04", "data05", "data06", "data07"); //, "data08", "data09", "data0a", "data0b", "data0c", "data0d");

$x = 0;

function getdata($scriptvar, &$hexchars, &$binchars) {
	while ($x < strlen($scriptvar)) {
		$y = 0;
		$y = $x + 1;
		$thishex = $scriptvar[$x] . $scriptvar[$y];
		$thisbin = chr(hexdec($thishex));
		array_push($hexchars, $thishex);
		array_push($binchars, $thisbin);
		$x++;
		$x++;
	}
}

//$cx = 0;
//$cy = $cx + 1;
//$dx = $cx + 4;
//$dy = $dx + 1;
//$csh = $data01[0] . $data01[1] . $data01[2] . $data01[3];
//$dlh = $data01[4] . $data01[5] . $data01[6] . $data01[7];
//$csd = hexdec($csh);
//$dld = hexdec($dlh);
        

//echo "checksum is: " . $csh . " or " . $csd . "\n";
//echo "datalen is: " . $dlh . " or " . $dld . "\n";

foreach ($vararray as $thisvar) {
	getdata($$thisvar, $hexchars, $binchars);
}

//echo "hexchars are:\n";
//print_r($hexchars);

$filename = './383073-outfile';
$handle = fopen($filename, "w+");
if (!$handle) {
	echo "could not access file " . $filename . "\n";
	exit;
}

// $rbinchars = array_reverse($binchars);

foreach ($binchars as $binchar) {
	//write the $binchar;
	$boolwrite = fwrite($handle, $binchar);
	if (!$boolwrite) {
		echo "could not write character\n";
	}
}
fclose($handle);

?>