IS HE DEAD? IS HE BEING TORTURED? WILL THEY DROP THE FILES?
Internet has been cut off at the Embassy, 3 hashes have been released, vans are surrounding the embassy, happenings are ready to commence at any moment.
So, basically Assange is already dead. No video showing him alive. His Twitter account claims supporters’ responsibility for a “cyber attack” on USA, giving ammo to Hillary.
Anonymous, who claims responsibility, is a government shill.
WikiLeaks starts posting political shit as if he were actually being role played by someone whose job it was to roleplay as Anonymous. Look at his latest tweets. It’s like he is one of those “anonymous” faggots. Posting that shit about Clinton already being chosen for election. Being against Trump as a pied piper.
CTR is saying that concerns about Assange being dead is “autism gone too far” and is calling those with a real concern as “demoralizers” or shills or CTR themselves. People have bought this from them. Autism hasn’t gone too far. It hasn’t gone far enough.
Now with the OP, they are trying to make it seem like there will be a storming of the embassy, under the guise of getting a Russian agent hacker/“hacktivist”. That’s the excuse when they “go in after Assange.”
They will bring him out in a body bag and the only photos you will see of him will be his dead body, which is currently dead, weeks before this staged invasion of the embassy.
The fake death will be used to justify all the leaks and information up to that point were real and he was actually a Russian terrorist plotter.
Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.
Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.
I would not classify this outage as necessarily big enough. If Assange is in any way intelligent he had servers all over the world, each one totally independent of the others, and each obscured through multiple layers of anonymization. I could see that outage taking out maybe one of the servers, but not all of them at once. Putting them all in one geographic area is amateur hour.
But maybe I’m just overestimating the fuck out of Assange’s level of preparation. If he didn’t take every possible measure to secure himself and his dead man system, he’s a fucking colossal idiot.
Incorrect. It’s not a kill switch. It’s a dead man switch. That means it goes off if nobody talks to it for some interval of time. A kill switch implies someone has to actively trip it - it’s fail “off.” A dead man switch fails “on.” In addition, there would be no key to crack. If you were smart when you wrote the dead man switch code, you’d use a hash fingerprint of the actual entered code to identify whether it’s correct. Only a retard would embed the plaintext interval reset code in the actual program’s source code.
Also, keep in mind that only a truly stupid fuck would write a dead man switch in a scripting language where the source code is the executable code. It would be a binary executable with obfuscated binary code. You’d erase the fuck out of the source code after you got the thing to work. Black box to the max.
That’s my point. Assange knows what is in those insurance files, and if the governments of the world think it’s a big enough deal to threaten fucking drone strikes then he better have his shit locked down better than anyone. The great thing is that cryptography is absolutely a weapon. It is a force equalizer, and it happens to be that it can completely invert the balance of power. There’s a reason that strong crypto is ITAR controlled in the US. The win for all of us is that while you have to physically manufacture a gun, incredibly strong crypto can be transmitted purely digitally and can never be truly restricted.
Not that any of us are truly authority figures on this, but what you say seems to be the most likely explanation. A lot of anons think Soros got his fortune with insider information from the Rothschilds and operates as the visible front for their backchannel operations.
The card has been played. Assange is dead, his organization is being destroyed, and his legacy will die with it. The most major in the list of casualties in the War against the Establishment, but not the last.
During the DDoS attack a few hashes and keys were posted on several sites for a few minutes and then deleted without a trace (pic related is one of them http://i.imgur.com/undefined.png). (DEAD)
Additionally, the Wikileaks site showed “The Insurance files may have just been released” for a few minutes as well. (see http://i.imgur.com/6IMYfUK.png)
I have begun trying some of the candidate keys. I could use some help. I think the least we can do is try them and keep track of the results and what has been tried.
The candidate for C is in pic related as well but it has to be typed down manually. We should also rerun the commands shown there and verify that we get the same result. Moreover, I believe something similar can be done with the hashes tweeted recently.
I’m seeing snippets of info around suggesting the insurance keys actually DID get posted, and the DDOS was an attempt to stop them, but it wasn’t 100% successful.
Apparently the keys were divided into separate parts and given to a variety of people. Nobody had the whole key themselves, but they all had parts of a key.
Which means the keys we’ve been seeing around that haven’t worked, may simply need to be combined with other keys to unlock the files.
That’s what this thread is for: Posting anything you suspect might be part of an insurance key. Anons with the insurance files test out combinations and let us know if anything works.
Archive.is is your friend. Immediately archive any web page, facebook post, twitter, that you think might be a key.
During the DDoS attack a few hashes and keys were posted on several sites for a few minutes and then deleted without a trace.
Additionally, the Wikileaks site showed “The Insurance files may have just been released” for a few minutes as well. (see https://i.imgur.com/6IMYfUK.png)
I have begun trying some of the candidate keys. I could use some help. I think the least we can do is try them and keep track of the results and what has been tried.
There is a key that has been posted numerous times on 8chan, 4chan, reddit and here that gets deleted immediately. Was someone able to take a screenshot?
Information regarding the last password used by Assange:
EDITED TO ADD (9/1): From pp 138-9 of WikiLeaks:
Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’. Can you remember that?”
I think we can all agree that that’s a secure encryption key.
EDITED TO ADD (9/1): WikiLeaks says that the Guardian file and the insurance file are not encrypted with the same key. Which brings us back to the question: how did the encrypted Guardian file get loose?
EDITED TO ADD (9/1): Spiegel has the detailed story.
Anonymous 10/25/2016 (Tue) 05:40:31 Id: 6d577c [Preview]No.20500 [Hide User Posts] [X] del
>>20498 >>20499
Alright, so what I’m currently doing is seeing if he set the DMS to shoot transactions to the Bitcoin Blockhain (giving it permanence).
This is, undoubtedly, the best way to get the keys out without fear of censorship.
I don’t have the insurance files and have no idea how they were encrypted.
However, there are several 64byte keys in the blockchain, sometimes occurring in sequence. Take this sequence for example:
157b55f541c211e4e8fbd6075ee38591166520382496715f061b72dbff7ce2ac
29d702481029f8ec2a53e45b7f1cbbcfe0e5e8f8729ff8dd039d79678af161dd
934fa816c419c7f5f4e4f0f7f81934142a5d84c853e430b630e1c09573f6eeca
ec8310b437f09918c6f9e684ee440db6940860228294c964fb96d2279ff40aa7
371dc468600478afeedb8f1ebffc3a2132e8388d214090b6f0e8fb4637138c89
0e18ead5f2f25880c1736cea07babe401602a24986902f35c44f8b93bc527c1f
40460b8fd234289abedb5dd1d20389a5820d2657fc81ff87e2d9fe6a3b3b9b1c
9bc8b5fcf4186e2954c6ddfd0676e06155a4ac430e3e374c0974024ab525bba1
8cb2d96d888cc47f91a2efd0b26a81b6baec69302b66db8fb86eb48ca7bf6cd2
3ba6f4a1e73d57e3ea302debcc0f2e2f9443b4751fcc036586c4a1a328908b60
9b69e55023e36006c73ef4f01d25831665e1e8b45c4c063e25e4cb38b86eb2f9
From block 435225 @ 2016-10-21 08:27GMT.
This is probably too bigger key for the WL files, I think?
Anyone give me a clue as to what size I should be looking for? I don’t think transactions are definitely sequential and there’s no promise for their inclusion in a block.
If anyone gets hold of the key(s), my recommendation: Send transactions on the Bitcoin blockchain and attach the key(s) as a message (using OP_RETURN). Once on the blockchain, it’ll be INSANELY difficult to reverse/censor. If your transaction doesn’t get through (in the case that they have the capability to censor the blockchain) post them in reverse and then link to transaction.
Maybe this is what Snowden was doing when he tweeted that hash?
eta numeris 392D8A3EEA2527D6AD8B1EBBAB6AD
sin topper D6C4C5CC97F9CB8849D9914E516F9
project runway 847D8D6EA4EDD8583D4A7DC3DEEAE
7FG final request 831CF9C1C534ECDAE63E2C8783EB9
fall of cassandra 2B6DAE482AEDE5BAC99B7D47ABDB3
for you guys looking into the blockchain idea. I found this old article interesting. Maybe it could shine a light on how to interpret what you are seeing in the different blocks.
Then, just copy paste the entire part of the ‘Output Scripts’
f = open('outscripts.txt','r')
from binascii import unhexlify
for ff in f.readlines():
chunks = ff.split(' ')
for c in chunks[1:-3]:
unhexlify(c.encode('utf8'))
This is the output:
"sSEXWikileaks Cablegate Backup
cablegate-201012041811.7z
Download the following transactions with Satoshi Nakamoto’s download tool which
can be found in transaction 6c53cd987119ef797d5adccd
76241247988a0a5ef783572a9972e7371c5fb0cc
Free speech and free enterprise! Thank you Satoshi!
Assange was captured. They want to keep it out of media. So that it does not threaten hillary campaign.
Assange was going to kill himself if they removed him from embassy by force. Rather than be torured for life in the United States. Assange was drugges by his guest before being removed a few hours later.
There are pictures of a man being removed from the embassy with a gitmo bag over his head.
The equador government was threatened with assassination and then with trade sanctions and they caved.
The US govt does not understand the assange key drop mechanism. They were talking about replacing him with body double, to cause double about whether
Ether he was captured.
The wikileaks reddit has been seizes. Links to wikileaks are on sitewide reddit spam list now. Archieve.is was redirected to new site. 8chan and 4chan are under enemy control. There were several DNS domain seizures and IP address hijacking attacks at network backbone level.
I only know fragments of what happened. They have system for real time website interception and real time modification of content of pages and social media. This has been deployed.
The existing internet is completely compromised.
Some of the attacks are wide targeted like DNS. Other attacks are to shut down individual users.
Some of the attacks are deployed at the cable modem level. Inside of cable modem firmware. Some of them are crude like dropping DNS packets. Others are cable modem level redirection of specific IP address for a single server to another IP, to enable man in the middle attacks.
This is a military level cyberwar being conducted by group controlling the infrastructure on the home turf.
IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW
IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2
transaction = str(sys.argv[1])
data = urllib2.urlopen("h ttps://blockchain.info/tx/"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
print dataout
Download the following transactions with Satoshi Nakamoto’s download tool which
can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
Free speech and free enterprise! Thank you Satoshi!
HOW TO FIND MESSAGES ON THE BLOCKCHAIN
I’ll be helping you with a few initial examples. Remember that if you feel like you’ve been compromised, switch over to codec communication.
I’m assuming you already did the example on Jean’s latest code dump >>24140 Let’s try to do a few more.
First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
Once it is done you will be able to see a pdf was generated in that directory.
Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again.
Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand.
One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.
Anonymous 10/28/2016 (Fri) 07:47:15 Id: f958ff [Preview]No.20867 [Hide User Posts] [X] del
MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2
# usage, python script.py transactionlist.txt > file
txlist = str(sys.argv[1])
def txdecode(transaction):
data = urllib2.urlopen("h ttps://blockchain.info/tx/"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
return dataout
f = open(txlist, 'r')
alldata = b''
for l in f.readlines():
l = l.rstrip('\n')
alldata += txdecode(str(l))
print alldata
Anonymous 10/28/2016 (Fri) 07:47:30 Id: f958ff [Preview] No. 20868 [Hide User Posts] [X] del
How to get address from hash
Run the following on bitcoin
from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
pk.public_key().address()
# Compressed address will be returned
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
pk.public_key().address()
# Uncompressed address will be returned
the passwords seem to be telling us that there might be multiple files coming out of this, or it could be telling us a message like “Use a Tor Onion Router and do this”. It might be that the file has to be unlocked over and over.
also someone suggested, “take the last 32 or so bytes in the file, flip them, save it and then run ‘file -b’ on it.”
22 August (2:47 AM): Attempted break-in at Assange’s embassy home; Ecuador questions London’s ‘inadequate response’
7 October: Podestamails leaks first batch
12 October: Wikileaks announces: now publishing on a schedule created by our new impact maximizing publishing algorithm the “Stochastic Terminator”
12 October: Mike Cernovich tweets about getting info that 33K deleted emails exist
15 october (morning): WikiLeaks releases Hillary Clinton’s Goldman Sachs transcripts.
15 october (Lunch): Pamela Anderson visits Assange
15 october: Cut off Assange’s internet access 5:00 pm GMT
15/16 october (dawn): Wikileaks DNS Server was suddenly pointed elsewhere (not confirmed)
16 october (between 11:00pm /11:30 pm GMT): Wikileaks releases 3 pre-commitments (1: Kerry; 2: Ecuador; 3: UK FCO)
17 October (6:33 am GMT): “Wikileaks announces the Julian Assange’s internet link has been intentionally severed by a state party” and that “We have activated the appropriate contingency plans”.
17 october (8:27 pm GMT): on a second tweet (almost 14 hours later) announces that “We can confirm Ecuador cut off Assange’s internet access Saturday (15 october), 5pm GMT, shortly after publication of Clinton’s Goldman Sachs speechs.”
17 october: GUCCIFER_2 tweets: “i’m here and ready for new releases. already changed my location thanks @wikileaks for a good job!”
18 october: a script was activated that made file.wikileaks.org/file publicly visible and set all the file date and time stamps to 01/01/1984 18 october: Wikileaks announces that : “Multiple US sources tell us John Kerry asked Ecuador to stop Assange from publishing Clinton docs during FARC peace negotiations”.(edited)
18 october: Wikileaks announces “The John Kerry private meeting with Ecuador was made on the sidelines of the negotiations which took place pricipally on Sep 26 in Colombia.”
18 october: Wikileaks announces that “A front has released through US Democratic media an elaborate story accusing Julian Assange of paedophillia & taking US$1million from Russia” – publishes all docs about this case
18 October: Ecuador admits to ‘restricting’ Assange communications over US election.
19 october: Craig Murray posts on his blog that “went to see Julian Assange for a whisky in the Ecuador Embassy” (….) “I left Julian after midnight. He is fit, well, sharp and in good spirits”.
20 october: Cryptome tweets “Wrong building for Assange’s EC bolt hole. Orator perch still waving flag. 51°29’56.62" N 0°09’40.51" W”
20 october: Wikileaks annouces “We have a suprise in store for @TimKaine and @DonnaBrazile.”
20 and 21 october: Wikileaks tweets with many spelling mistakes – “HELP HIM” code.
21 October: Dyn DDoS cyberattack
21 October: Wikileaks tweets “Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point”.
21 October: Wikileaks tweets: “The Obama administration should not have attempted to misuse its instruments of state to stop criticism of its ruling party candidate”.
21 October: Wikilekas posts photo of “Armed policed outside Embassy”
22 October: Wikileaks announces Stochastic Terminator Algorithm update (no explanation)
22 October: Gavin MacFadyen death
23 October: Wikileaks tweets “A bloody year for WikiLeaks: Jones/Ratner/Gavin”
23 October: Tweet signed JA (honouring Gavin)
23 October: Wikileaks announces that “We will release a statement tomorrow about Assange. Our editor is safe and still in full command despite reduced communications with staff.”
24 October: WikiLeaks publishes “Editorial Board statement on the status of Julian Assange, Ecuador and the US election”
24 October: Wikileaks publishes video Moore’s video(from June)
24 October: Wikileaks annouces “poll”: “Thousands keep demanding Assange proof of life. Not unreasonable. He’s in a tough spot and is WikiLeaks best known validator. Preference?” – Video option won.
24 october: Wikileaks announces that “While in London for #SHOCircus, Mark Halperin attempts to interview #wikileaks’ founder julian assange (Video with “Assange´s reply: “Everything” about what the MSM is missing about Podesta leaks).
24 october: Assange lawyer @BarnsGreg gives interview to “ABC Radio National2 (Australia)”, and states that spoke with Assange “yesterday”. (interview link not working anymore)
25 October: CISL Conference schedule and posters change (Announcement of Assange “live connection” from London”
25 October: Pamela Anderson tweets photo with toy “For Julian’s cat”
26 October: Assange “speaks” at CISL (Argentina) – phone call.(edited)
26 Oct 2016: (9: 25 am): Kim DotCom insinuating wikileaks has the deleted emails
26 Oct 2016: (12:07 pm): Kim DotCom again insinuating wikileaks has the deleted emails
26 Oct 2016: (12:42 pm) Kim DotCom telling Gowdy and Trump how to legally obtain deleted 33k emails
26 Oct 2016(4:15 PM): Kim DotCom restating legal way to obtain emails so that when the release comes from wikileaks, to convict Hillary, congress / prosecutors can get valid evidence for US .gov
26 Oct 2016: Wikileaks tweets about Pardon for Manning and about Obama lying about Hillary’s server - Podesta leaks starting to show Obama name.
27 october: WikileaksTaskForce tweets: “The video from #Assange’s talk at @CISL_Argentina is legit. It was scheduled sometime ago. #CISL2016”
28 october: Wikileaks annouces that “Sweden has rejected Mr. Assange’s request to be escorted by police to the funeral of Gavin MacFadyen on Monday.”
28 october: Wikileaks releases “statement from Mr. Assange” about swedish decision.
28 October: FBI reopens hillary’s email case
29 October: Wikileaks tweets about John Pilger’s article “on Clinton, Trump, the media, WikiLeaks and war”, where Pilger states that “Assange knows the truth. And let me assure those who are concerned, he is well, and WikiLeaks is operating on all cylinders.”
30 October: Wikileaks announces “We commence PHASE 3 of our US election coverage next week.”
31 October: Wikileaks publish a “poll”: “Who will US president Barack Obama pardon (for distributing documents marked classified) on his way out of office?
Chelsea Manning/Hillary Clinton/Julian Assange/Edward Snowden” 3 nov: Kim tweets “Relax. Julian Assange is not dead. He’s very busy analyzing extremely sensitive leaked emails 20 hrs/day”.
Anonymous 11/07/2016 (Mon) 09:14:46 Id: c2d6cf [Preview]No.21408 [Hide User Posts] [X] del
We have the insurance files. They are in the blockchain.
They tried to do an attack with EC2 and fill up connections to the ports for accepting new transactions, to slow down or stop the key broadcast. The attack failed and people noticed also.
The transactions have been broadcast and executed. The bitcoin transaction pool has filled.
However, they twelve wikileaks admins are kidnapped or gone. We do not know where they are. They have the information about how to combine the information to decrypt the files.
Assange was told he was going to be removed from the embassy. He threatened to kill himself if removed from the embassy. I am sure he triggered the drop.
Someone needs to create a website, where people can put in candidate keys and test decryption on a small block.
NOT A DRILL, WIKILEAKS IS COMPROMISED THEY STOPPED EMAILS FROM GOING OUT
TWITTER
no one has answered since oct 16. the wikileaks chat is completely dead.
they just posted a video (read: NOT A RETWEET) posted by another person and accidentally put a link to the persons profile h ttps://twitter.com/wikileaks/status/795706165971841024
seems like a random fan girl is running the account h ttps://twitter.com/m_cetera
PODESTA
podesta 33 started at 53000. podesta 32 ended at 52481. they skipped 518 that are online 52481-52999. emails 56253-57153 have been online for a while and theres no announcement. something has been extra sketchy since last nights ddos.
DNC
wikileaks still shows 27515 emails for the dnc but in reality there are 44052 (16537 emails are not indexed). the election is tomorrow…
US - 014d55394fb4621d5a01bf5eee9f5cddac8dad44
UK - 05e04c04e3315decfbd4f6ab0d2d5dd70586c57c
EC - 8367354076e79ebd8f489e044b61b4f3c8eb13b0
the Precommits
US Kerry - 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809
UK FCO - f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74
EC - eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72
These are the hashes the files they posted produce (along with the commands to generate them): https://twitter.com/wikileaks/status/796085225394536448?lang=en
sha256sum 2016-11-07_WL-Insurance_EC.aes256 → b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995
sha256sum 2016-11-07_WL-Insurance_UK.aes256 → 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
sha256sum 2016-11-07_WL-Insurance_US.aes256 → ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002
Just to be completely clear:
US Kerry - 4bb96075acadc3d80b5ac872874c3037a386f4f595fe99e687439aabd0219809 =/= ab786b76a195cacde2d94506ca512ee950340f1404244312778144f67d4c8002
UK FCO - f33a6de5c627e3270ed3e02f62cd0c857467a780cf6123d2172d80d02a072f74 =/= 655821253135f8eabff54ec62c7f243a27d1d0b7037dc210f59267c43279a340
EC - eae5c9b064ed649ba468f0800abf8b56ae5cfe355b93b1ce90a1b92a48a9ab72 =/= b231ccef70338a857e48984f0fd73ea920eff70ab6b593548b0adcbd1423b995
why those same files have invalid PGP signatures
This can also be easily verified by anyone using ‘gpg’. This is the output:
gpg –verify 2016-11-07_WL-Insurance_EC.aes256 → gpg: verify signatures failed: unexpected data
gpg –verify 2016-11-07_WL-Insurance_UK.aes256 → gpg: verify signatures failed: unexpected data
gpg –verify 2016-11-07_WL-Insurance_US.aes256 → gpg: verify signatures failed: unexpected data
The torrents themselves (the file you use to download these files) are not verified either. You can test this by using Verisign. This is the output:
tl;dr Many people are asking for PGP signed message as proof of Assanges life.
We DON’T have knowledge of any PGP key that is owned strictly by Assange.
We have two keys that might be owned by WikiLeaks: Editorial Office Key and High Security Signing Key(this one might be fake, there is no proof of WL or Assange ever owning it).
On link https://pgp.mit.edu/pks/lookup?op=vindex&search=0x93ED732E92318DBA you can see I managed to sign 0x92318DBA WikiLeaks Editorial Office with my fake key I created. (239D778D 2015-04-10 Fake Wikileaks key for testing fake creation time (Created in Oct 19 2016) Fake@fake.com)
My key is even higher than “WikiLeaks High Security Signing Key”.
If I would use same credentials as WikiLeaks High Security Signing Key, there would be no way to tell which key is more “High Security”. Only differnce would be in fingerprint. But because https://wikileaks.org/wl-high-security-signing-key is 404, there is no way to tell which fingerprint is legit.
I havent found any sources with key that would be used exclusively by Assange. (just one from some mailing list from 1996, probably not used anymore)
Suggestion regarding distribution:
Previous replies have noted that those attempting distribution have been V&. Moving forward, a 2 prong attempt should be made:
If you should come across any keys which successfully open wikileaks insurance files, queue up the printer. The first thing you should do is print off thousands of copies of the keys and how you can use those keys to open the WL insurance files. Print them up, and scatter them in an extremely public location (i.e. Times Square or the most population dense location in your vicinity).
You don’t have to be the one to physically distribute the information, but ensure that whoever you have distributing, make sure that the connection and contact is made in person/offline. If you have access to the keys, trying to distribute on the system controlled by them is playing into their hands.
Beyond printouts, locate ham operators in your area. Ask them to send one unauthorized message containing the DMS keys. This will be broadcast worldwide, and will be impossible to contain.
Once distribution is made to thousands in your area via printouts, attempt distribution online. If those with something to hide have the capabilities available described above this post; it is in our/your best interest that the information is distributed in the classical manner via hard copy. Once that step is accomplished, do battle in their domain. Use your skills to distribute in the most efficient digitally manner.
Note: The first American Revolution was started in bar rooms, with an insurrectionist pamphlet titled “Common Sense” that swayed the public opinion. If they control the digital sphere, let’s push it out in the old-school dumb method.
TO ALL THE NORMIES READING THIS THREAD
USE THIS TIMELINE: https://oxwugzccvk3dk6tj.onion/pol/res/8180723.html#q8192699
LOOK AT THE DATES AND CHECK THE POSTS HAPPENING HERE AT THOSE TIMES
THE KEYS WERE FOUND AND THE FILES UNLOCKED ON OCT 27
WE ARE TRYING TO POST THE INFO WITHOUT GETTING V&
WE ARE WORKING ON TUTORIALS SO THAT OTHERS CAN FIND IT THEMSELVES
THAT WAY WE DON’T HAVE TO EVER POST IT
(FIRST IMPACT OCT 21)
(SECOND IMPACT NOV 9)
(THIRD IMPACT ???)
Happiness doesn’t walk to me, because I’m walking to it
One day,
one step.
Three steps in three days
Three steps forward,
two steps back
Life’s a
ONE
TWO
PUNCH
10/26/2016
Holy crap… this stuff really must be some terrible stuff for them to go that far. BE SUPER AND EXTRA CAREFUL.
We need to make sure this information doesn’t die though!
10/26/2016
My internet is getting cut off and coming back. I’m doing my best to stay on this thread but my laptop is really hot with fans spinning like crazy and my connection is really not reliable. I just lost a lot of progress from a random reboot.
10/27/2016
everyone head into the bunker, we need help down here
BUNKER
10/27/2016
all this information will be deletd soon. we have to push it into the blockchain NOW. this includes all threads posted here.
BUNKER
10/27/2016
posts are still being deleted or stopped. some people flat out cant post in certain places. right now talking about the key posted and removed on 7962287, looking at the blockchain and trying to find the keys hidden in posts that happened during the ddos seem to be the most sensitive. it might mean thats the right way to go.
BUNKER >>10/27/2016
ALPHABETS FOR FUCKS SAKE SHOW YOURSELVES
YOU EITHER WANT TO HELP OR YOU WANT US TO SHUT THIS DOWN
YOU’VE BEEN LEADING US THE RIGHT WAY FOR WEEKS NOW. WHAT THE FUCK IS ALL THE V& BULLSHIT. THERE ARE PEOPLE HERE PUTTING HOURS AND HOURS INTO THIS SHIT. PEOPLE WITH JOBS AND FAMILIES.
BUNKER >>10/27/2016
There is a lot of information in that blockchain, don’t let anyone tell you otherwise. The insurance files can be unlocked. JA is not safe. Don’t let them convince to stop helping. This might be his only hope at this point. A lot of things are going to be deleted and altered to hide all of this. Don’t trust anyone. Trust your gut. Keep looking.
BUNKER
10/27/2016
Take note of the future attacks to the blockchain. Take note of how it’s flooded. Take note of when they do the attacks and where. Take note of the future DDoSs. Make copies of every relevant thread. Take note of what is deleted and what is altered. Take note of when they spread disinformation in order to get you to stop looking. Use the censorship against them. What gets deleted and hidden is what is needed to get to the truth.
Put everything on external hard drives.
Do not work in secret. It will only endanger you. You have to spread the progress or they will silence you.
The truth is in that blockchain. You have enough information to find everything and decrypt it all. Don’t give up.
DONT MAKE THE SAME MISTAKES
WORK IN GROUPS
PUSH PROGRESS
OPSEC GUYS
DONT GIVE UP
HOW TO GET THE KEYS (AND MORE) FROM THE BLOCKCHAIN:
The goal is to make very simple code that is easy to use and understand so that everyone can do this. This is a rough explanation of how it works.
There are two main approaches users are taking to decode messages in the blockchain. Scanning transactions, let’s call this ‘tx scanning’, and scanning blocks, let’s call this ‘block scanning’. The main reason users are not yet able to see meaningful content is because both approaches have to be combined.
TX SCANNING:
When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.
BLOCK SCANNING:
When you scan by block, you will be able to find encoded data more easily but it is harder to extract the tx id and wallets. One benefit of block scanning is that you can explicitly search for file headers and important strings. For example you can directly search for the magic numbers in GPG files. When you find one of these, you can then tx crawl from that starting point in order to get all pieces of the file. More concretely, if you want to find the Cablegate Backup with a block scanner, you could search for the magic number of Zip files. Then, when one is found, you can find the tx id that contains it, and finally tx crawl to get all the pieces. Yet, file headers are just one of the many other patterns that can be used to find important transactions. Examples of others are:
. Magic numbers: Look for the first bytes in different types of file. ‘file’ can be used in UNIX.
. Ability to compress: Compress the decoded output. If the size is reduced, the output is possibly a message or part of a file.
. Text: If the decoded output has text, it might have information.
. Keywords (Very important): Search for relevant keywords, e.g., checksums for files in Wikileaks.org, checksums for the insurance files, hashes, dates, names, time stamps, etc.
. Reversibility: Some messages are in reverse and need to be flipped. This should be tried both before and after decoding.
Both scanners have to be used. The starting points for the searches should be Wikileak’s wallet, important dates (for example, during the DDoS attacks), previous messages and checksum hashes. The Cablegate Backup was a bit simpler than the more recent messages. In that case, only one wallet spent the funds in each transaction, and simply looking at wallet’s next transaction was enough to find all the pieces. Newer messages are bit more complicated. Some of the wallets that receive money make multiple transactions with no encoded data before proceeding with the ‘real’ transaction. Moreover, in a lot of cases, all wallets involved spend the funds (not just one). Therefore, the crawler has to keep track of all wallets that receive funds, and all future transactions of that wallet while using techniques (like those above) to detect encoded data. A transaction tree should be kept and the pieces of each files should be combined in multiple orderings.
If you implement the process described above you will find all the keys, other backups and other files that are not released. One way to test your code is to search for checksum hashes for files that have already been published at a specific date. There are multiple messages in the blockchain that include file hashes and dates. [/spoiler]Use the leads in this thread.[/spoiler]
I recommend you use a local copy of the blockchain and carry out the search on a computer that has no internet access. Work in groups and share the process. Remember to look at other cryptocurrencies as well and to encode your findings into the blockchain yourself.
I might be compromised. So, before I get silenced, I’d like to present some tips for those investigating the blockchain angle (in the case that I am unable to continue my work):
Sort transactions based on TX Fees. The DMS TX(s) will probably have a high fee associated with it to a) ensure its inclusion in the block (against the spamming attacks we’re seeing) and b) draw attention to it. If a transaction contains an OP_RETURN and has an unusually high fee, IT IS WORTH INVESTIGATING.
Look for duplicate OP_RETURN data. Provided there wasn’t a lone machine setup to post the DMS, it would likely be posted twice or more. Create a script to store transactions in a database. Store block number, date, op_return, fee and amount (if any of the outputs contain “911”, also pay attention.)
The DMS will likely NOT come from the Wikileaks address (but might go to it). In the event that the server(s) hosting the DMS got compromised, the attacker would have access to that address’ private key (and thus all of WikiLeaks’ funds).
My computer is sending ICMP packets routinely to addresses in San Francisco and UK. This is one of my reasons to suspect compromise (could these be packing non-erronous data?).
If you don’t hear from me within a week, consider me silenced. Solution to hash below will be posted as Proof of Identity at a later date.
fees
There were some recent spikes in fees on Oct 27, Nov 7, and yesterday (Nov 22). This is easy to verify and there are several links to sources in this thread. It could be a coincidence, but these increases have taken place when users have found new information and attempted to encode it in the BTC blockchain. This can be verified by looking at the dates of certain posts in this thread.
Large fees and a flooded mempol prevent us from encoding messages for others to recreate what was done here. However, there are other cryptocurrencies. I recommend pushing to BTC, Litecoin, and another cryptocurrency that starts with the letter ‘M’.
Look for duplicate OP_RETURN data
This is very important.
if any of the outputs contain “911”, also pay attention.
Some suspect that these transactions are made by BTC bot/scammers. I’ll post some of that information for completeness. I don’t recommend anyone follow this lead directly as the steps posted above are sufficient for users to find all of the messages.
Taking Snowden’s tweeted hash and turning it into a BTC wallet results in 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg. If you look at that wallet, you will see several transactions with 911. https://blockchain.info/address/1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg Note the dates and compare them to the date of the tweet
ICMP packets
It’s good to have firewalls and to use something like Wireshark to track what’s going on. However, I strongly recommend you do all your blockchain work in a computer that’s not connected to the internet. When you find something and want to communicate your findings to others, use redundancy. My advice is to post the information on a darknet site, clearnet site, regular site, BM, and in person to someone in your group. In that order. If you are able to encode messages into the blockchain, that should be the first thing that is done. If you find something sensitive in the blockchain, do not send others any information about what is it, or where it was found. Instead, send them an actual piece of the blockchain that contains it first, and then explain.
that isnt BS at first glance
What seems to be ‘BS’ does not matter. I can confidently tell you that if you are willing to discard information because it does not ‘seem’ real, is vague, or is posted alongside false leads, you will miss the steps on how to do this. All information can be tested. You should not trust what anyone tells you. You can verify what is real and what isn’t. Everything needed to find these messages is already in this thread. If you are unable to find facts in a statement that is not completely factual you will never progress.
arguing
Let’s try to work together. We are all stressed and worried, lacking sleep and so on. When more users start independently finding the keys, we will have a lot of false posters attempting to divide us with arguments and disagreements. We will also have a lot of false updates that are designed to be ‘debunked’ by others. For many it will be enough for them to discard everything completely. If we stay level-headed, focus on provable facts, and work in cooperation, we will finish soon.
the time has come and it’s about to get serious. Circumstances are chaotic due to the nature
of the package. Despite the contents of it, please remain calm. Use the pre-defined distribution
channels with the following changes:
*don’t use ANY infrastructure located in countries inside the NATO / EUROPE bloc
*preferred nodes in Japan, Russia and China. We have a GO from our partners
*Do NOT use Bittorrent at this stage and wait until further instructions
This time, there is going to be a threat to your physical safety, depending how
good your OPSEC is, so please take the necessary precautions and only
proceed with distribution if you are well aware of the implicaitons. Do NOT, under ANY
circumstances participate in the seed command if you’re physically located in
countries within NATO / EUROPE bloc.
Will save the list to 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE_tx_list.txt
>>23091
Script to find transactions with encoded files. Scans all transactions made by a wallet. Prints tx id and file type. Saves decoded data and a list of tx ids.
IF YOU STILL HAVE AN INTERNET CONNECTION DOWNLOAD THE THREAD NOW
BRACE FOR HAPPENING
I REPEAT
THIS IS NOT A DRILL
IT IS HAPPENING RIGHT NOW
here is the up to date blockchain torrent/magnet. Please consider downloading and seeding even if you have it already to help the swarm. Thanks. It’s about 100GB
Once you download copy or move the files to this location, then you can run Bitcoin core to sync it up to the minute: %APPDATA%\Roaming\Bitcoin
or C:\Users\ \AppData\Roaming\Bitcoin
>>23252
Read the fucking thread. Just like the Cablegate backup. The first piece has the file header, then you combine it and get a complete file. If you do not understand this method which has been explained on this thread several times, go learn and then come back. This was designed to be something everyone verifies on their own specifically to circumvent the problems of shills like you. There is no reason for you to ask me for anything. If you have a copy of the blockchain you have the keys, all the files, and hashes and time stamps for all official Wikileaks files. Trust no one and do your own testing.
For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable. -Julian Assange
Anyone that is skeptical of the information you have extracted from the blockchain is only attempting to discredit you. Every person that truly cares about verifying this information does not go online to ask others. Those who want real evidence go and verify it themselves. This is the way the system was meant to be used. You have the blockchain. You have direct access to the information. There is no need for opinions, speculations, reports, or analysis by other parties. The only evidence that matters is the evidence you, the reader, are able to test on your own. The system helps you detect the people that are attempting to influence you. If you need to ask others how to obtain the information you are admitting that you do not want to independently verify this information and are instead dependent on others. This dependence on others is what allows censorship and it is precisely the reason information is encoded in this way. If someone tells you they were not able to find anything you can prove that they are lying. You have a permanent source of information that can not be modified. Use it as it was designed to be used.
When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.
Confirming that jean3 is able to find the 7-zip headers for the cablegate addresses.
This program reads through every file named blk*.dat in the folder to point it at and parses it.
It creates an sqlite3 database with the following schema:
CREATE TABLE BLOCK("
"ID INT PRIMARY KEY NOT NULL,"
"PREV CHAR(64) NOT NULL,"
"MERKLE CHAR(64) NOT NULL,"
"HASH CHAR(64) NOT NULL,"
"NUM INT ,"
"BITS INT NOT NULL,"
"NONCE INT NOT NULL,"
"TIME INT NOT NULL);";
Block header info, including the computed double SHA256 hash for the block.
PREV is previous block hash, MERKLE is the merkle root hash, HASH is this block’s hash.
The other fields are miscellaneous.
"CREATE TABLE TX("
"ID INT PRIMARY KEY NOT NULL,"
"HASH CHAR(64) NOT NULL,"
"FILE TEXT NOT NULL,"
"OFFSET INT NOT NULL);";
Transaction header.
HASH is this transaction’s SHA double hash.
FILE is the .DAT file’s ID that it came from (See the FILE table below to get the file’s name)
OFFSET is the offset in the file it came from.
"CREATE TABLE TX_INPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"PREV CHAR(64) NOT NULL," \
"DATA BLOB NOT NULL," \
"IDX INT ," \
"SEQ INT );";
Input transaction. Here for completeness, not really useful unless you want to verify transactions. (We don’t)
TX is the transaction it’s part of
PREV is the previous transaction
DATA is the raw script data.
IDX and SEQ are misc fields.
"CREATE TABLE TX_OUTPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"DATA BLOB NOT NULL," \
"ADDR TEXT ," \
"VAL BIGINT );";
Output transactions.
TX is the transaction it’s part of.
DATA is the raw script data.
ADDR is the transaction address the program tried to figure out given the script in DATA.
VAL is the bitcoin amount in it’s raw format (integer)
"CREATE TABLE FILE(" \
"ID INT PRIMARY KEY NOT NULL," \
"NAME FILE NOT NULL);";
FILE is the table that simply assigns an ID to each file name for reference in the table above.
These are relational tables to quickly find parent child relationships. i.e. What TX has what INPUT and vice versa.
"CREATE TABLE REL_BLOCK_TX(" \
"ID INT PRIMARY KEY NOT NULL," \
"BLOCK INT NOT NULL," \
"TX INT NOT NULL);";
Table for Block Transactions
"CREATE TABLE REL_TX_INPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"INPUT INT NOT NULL);";
Table for Input Transactions
"CREATE TABLE REL_TX_OUTPUT(" \
"ID INT PRIMARY KEY NOT NULL," \
"TX INT NOT NULL," \
"OUTPUT INT NOT NULL);";
Table for Output Transactions
These two aren’t used yet, but were intended for linking blocks in a chain (not really needed since all we care about are the transactions themselves)
"CREATE TABLE REL_BLOCK_NEXT(" \
"ID INT PRIMARY KEY NOT NULL," \
"BLOCK INT NOT NULL," \
"NEXT INT NOT NULL);";
"CREATE TABLE REL_BLOCK_PREV(" \
"ID INT PRIMARY KEY NOT NULL," \
"BLOCK INT NOT NULL," \
"PREV INT NOT NULL);";
Stop relying on scripts and crappy software. The steps to find every single file in the blockchain have been posted here numerous times >>22945. A lot of you have been staring at the data for over a week now. Here’s another attempt at being even more clear:
Every single file has a hex file header. You can see a list of some here: http://www.garykessler.net/library/file_sigs.html However, this is not the entire list. The lists ‘trid’ and ‘file’ use are not complete either. Yet, you don’t even need these lists. You can simply look at any file of a type you are interested in finding. Yes, any. Open it with a hex editor and look at the file header. If you want to find a zip file, just download any zipfile, look at the header with a hex editor and then search for it. The headers are not going to always be at the beginning of the file. Scan the entire file for headers and footers.
Yes footers. Files also have footers! You can find the ending of a file by looking for its hex footer. Here are some examples: http://www.datadoctor.biz/data_recovery_programming_book_chapter14-page2.html Again, this is not a complete list. If you want to see what the footer of a file looks like, open one with a hex editor.
JUST TO MAKE SURE WE’RE BEING COMPLETELY CLEAR HERE:
If you find 37 7A BC AF 27 1C, you just found the beginning of a 7-zip file. If you find 89 50 4E 47 0D 0A 1A 0A, you just found the beginning of a PNG file. These are just examples. There are a lot more file headers to look out for.
If you find 50 4B 05 06 00, you just found the end of a zip file. If you find 25 25 45 4F 46 you just found the end of a pdf file. There are more footers and you can make your own list by looking at different files. These are just examples. There are a lot more file footers to look out for.
Stop looking at only the beginning of decoded data. trid and file both do this (and badly). It can be anywhere in the transaction!
Don’t rely on software to do this. Simply search for those hex values in the decoded data!
If you are one of those normies that don’t understand why the steps can’t be posted online in a detailed way that everyone can follow, please read this http://www.thecubablog.com/uncategorized/staff/the-us-has-a-way-to-shut-down-wikileaks-the-infamous-sdn-list/ THAT WAS WRITTEN IN 2010. If you are still ‘skeptical’ and want to test internet censorship you can do the following experiment: 1. find one of the censored sites 2. go to the site 3. post the link and some of the text on a normie site NOT HERE 4. enjoy your v&!
For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable’. -Julian Assange, Nantucket Project, Sept 28 2104
Wikileaks needs to change in order to survive and thrive through the next few months… If necessary of course, if I’m not able to continue or the Ecuadorian people are unreasonably blamed for Wikileaks’ publications, I will have to resign as editor, but our publications will continue. The part of the necessary defense of Wikileaks, we have engaged in a new project to recruit people across the world to defend our publication - and we’ll give details of that as the weeks go by… …we will issue guidelines about how you can promote Wikileaks publications without censorship. - Julian Assange, Wikileaks 10 Years Press Conference, Oct 4th 2016
We need to start having a serious conversation about alternative channels and redundancy.
It’s not clear if this thread will last too long. The admins here have been great and remove illegal content and spam when they attack this site but we can’t count on them to do this forever.
So far, regarding what we’ve been using:
BM: >>23911 Logless BM bunker >>21839 [chan] wikileaks [name] BM-2cVFHKC263sXfXYF7JU3n4FPLY9HD5H7SC
Both are effectively jammed when good progress is made. They are extremely slow and unreliable. BM-2cVFHKC263sXfXYF7JU3n4FPLY9HD5H7SC got spammed with illegal content recently.
clearnet:
A lot of threads on clearnet boards are still alive. A lot have been deleted. We have also had problems with illegal content. I don’t think it is a good idea to post links here as this thread can be googled. We can’t discuss these without an alternative to BM that is not logged.
darknet/i2p:
Most of these threads are unreachable today. It is a good idea to make backups on sites like these but we can’t count on them to spread information to others. These also can’t be posted anywhere, including logged chats otherwise we pretty much turn them into clearnet threads. We can’t discuss these directly on any channel.
Archive.org/is/fo: has been unreliable since Oct 17 when we first saw stuff disappearing from it.
Twitter/halfchan/fullchan/plebbit/etc: Completely unusable. Unless we come up with a way to embed the information into something that looks like harmless posts, it is all deleted, buried or shilled instantly.
Tox: you give out your IP while using this.
We need a BM and fastposting alternatives (that are not logged). Does anyone have any suggestions? In order to keep this stuff alive we are going to have to start backing up all the information/progress/leads into several sites. We can’t discuss clearnet sites until we have a way to communicate like we did with BM.
If we don’t start creating new backups all of this work will disappear as soon as this thread dies.
I’ll be helping you with a few initial examples. Remember that if you feel like you’ve been compromised, switch over to codec communication. 546f782038363945304438434436414146433136454237393142353039303442394144443346454131443343304639453539443236334439374638383431454139323339324144453236333145434536
I’m assuming you already did the example on Jean’s latest code dump >>24140 Let’s try to do a few more.
First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
Now, ff you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again.
Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand.
posts are still being deleted or stopped. some people flat out cant post in certain places. right now talking about the key posted and removed on 7962287, looking at the blockchain and trying to find the keys hidden in posts that happened during the ddos seem to be the most sensitive. it might mean thats the right way to go.
IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW
IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2
transaction = str(sys.argv[1])
data = urllib2.urlopen("[https://blockchain.info/tx/](https://archive.is/o/K1eZq/https://blockchain.info/tx/)"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
print dataout
Download the following transactions with Satoshi Nakamoto’s download tool which
can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
Free speech and free enterprise! Thank you Satoshi!
HOW TO FIND MESSAGES ON THE BLOCKCHAIN
I’ll be helping you with a few initial examples. Remember that if you feel like you’ve been compromised, switch over to codec communication.
I’m assuming you already did the example on Jean’s latest code dump >>24140 Let’s try to do a few more.
First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
Once it is done you will be able to see a pdf was generated in that directory.
Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again.
Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand.
One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.
MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2
# usage, python script.py transactionlist.txt > file
txlist = str(sys.argv[1])
def txdecode(transaction):
data = urllib2.urlopen("[https://blockchain.info/tx/](https://archive.is/o/K1eZq/https://blockchain.info/tx/)"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
return dataout
f = open(txlist, 'r')
alldata = b''
for l in f.readlines():
l = l.rstrip('\n')
alldata += txdecode(str(l))
print alldata
the passwords seem to be telling us that there might be multiple files coming out of this, or it could be telling us a message like “Use a Tor Onion Router and do this”. It might be that the file has to be unlocked over and over.
also someone suggested, “take the last 32 or so bytes in the file, flip them, save it and then run ‘file -b’ on it.”
Take note of the future attacks to the blockchain. Take note of how it’s flooded. Take note of when they do the attacks and where. Take note of the future DDoSs. Make copies of every relevant thread. Take note of what is deleted and what is altered. Take note of when they spread disinformation in order to get you to stop looking. Use the censorship against them. What gets deleted and hidden is what is needed to get to the truth.
Put everything on external hard drives.
Do not work in secret. It will only endanger you. You have to spread the progress or they will silence you.
The truth is in that blockchain. You have enough information to find everything and decrypt it all. Don’t give up.
Download the following transactions with Satoshi Nakamoto’s download tool which can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc Free speech and free enterprise! Thank you Satoshi!"
DECODING FILES:
A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
Once it is done you will be able to see a pdf was generated in that directory.
Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
If you do
python jean.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
You will get a key that was leaked.
Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show ‘Escrow’. Go to that address and see its transactions. You will then find another message. Keep doing this and you’ll eventually find the cable dump again. This is the process of ‘following the change’.
Using this method we’ve found several transactions that involve Wikileaks that we don’t quite understand. One good strategy is to generate a file from a transaction and then look at its ‘magic numbers’ to figure out what it could be.
Some of them are:
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
I might be compromised. So, before I get silenced, I’d like to present some tips for those investigating the blockchain angle (in the case that I am unable to continue my work):
Sort transactions based on TX Fees. The DMS TX(s) will probably have a high fee associated with it to a) ensure its inclusion in the block (against the spamming attacks we’re seeing) and b) draw attention to it. If a transaction contains an OP_RETURN and has an unusually high fee, IT IS WORTH INVESTIGATING.
Look for duplicate OP_RETURN data. Provided there wasn’t a lone machine setup to post the DMS, it would likely be posted twice or more. Create a script to store transactions in a database. Store block number, date, op_return, fee and amount (if any of the outputs contain “911”, also pay attention.)
The DMS will likely NOT come from the Wikileaks address (but might go to it). In the event that the server(s) hosting the DMS got compromised, the attacker would have access to that address’ private key (and thus all of WikiLeaks’ funds).
This address might be worth investigating: htt ps://blockchain.info/address/1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM?offset=100&filter=0
Many OP_RETURNs and all on the 10/16/2016 within a period of a few hours. I have not had the chance to investigate further.
My computer is sending ICMP packets routinely to addresses in San Francisco and UK. This is one of my reasons to suspect compromise (could these be packing non-erronous data?).
For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable’. -Julian Assange, Nantucket Project, Sept 28 2104
Wikileaks needs to change in order to survive and thrive through the next few months… If necessary of course, if I’m not able to continue or the Ecuadorian people are unreasonably blamed for Wikileaks’ publications, I will have to resign as editor, but our publications will continue. The part of the necessary defense of Wikileaks, we have engaged in a new project to recruit people across the world to defend our publication - and we’ll give details of that as the weeks go by… …we will issue guidelines about how you can promote Wikileaks publications without censorship. - Julian Assange, Wikileaks 10 Years Press Conference, Oct 4th 2016
The project was originally named Rubberhose, as it was designed to be resistant to attacks by people willing to use torture on those who knew the encryption keys. This is a reference to the rubber-hose cryptanalysis euphemism.
It was written in 1997–2000 by Julian Assange, Suelette Dreyfus, and Ralf Weinmann.[
This program reads through every file named blk*.dat in the folder to point it at and parses it.
It creates an sqlite3 database with the following schema:
CREATE TABLE BLOCK("
“ID INT PRIMARY KEY NOT NULL,”
“PREV CHAR(64) NOT NULL,”
“MERKLE CHAR(64) NOT NULL,”
“HASH CHAR(64) NOT NULL,”
“NUM INT ,”
“BITS INT NOT NULL,”
“NONCE INT NOT NULL,”
“TIME INT NOT NULL);”;
Block header info, including the computed double SHA256 hash for the block.
PREV is previous block hash, MERKLE is the merkle root hash, HASH is this block’s hash.
The other fields are miscellaneous.
“CREATE TABLE TX(”
“ID INT PRIMARY KEY NOT NULL,”
“HASH CHAR(64) NOT NULL,”
“FILE TEXT NOT NULL,”
“OFFSET INT NOT NULL);”;
Transaction header.
HASH is this transaction’s SHA double hash.
FILE is the .DAT file’s ID that it came from (See the FILE table below to get the file’s name)
OFFSET is the offset in the file it came from.
HOW TO GET THE KEYS (AND MORE) FROM THE BLOCKCHAIN:
The goal is to make very simple code that is easy to use and understand so that everyone can do this. This is a rough explanation of how it works.
There are two main approaches users are taking to decode messages in the blockchain. Scanning transactions, let’s call this ‘tx scanning’, and scanning blocks, let’s call this ‘block scanning’. The main reason users are not yet able to see meaningful content is because both approaches have to be combined.
TX SCANNING:
When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.
BLOCK SCANNING:
When you scan by block, you will be able to find encoded data more easily but it is harder to extract the tx id and wallets. One benefit of block scanning is that you can explicitly search for file headers and important strings. For example you can directly search for the magic numbers in GPG files. When you find one of these, you can then tx crawl from that starting point in order to get all pieces of the file. More concretely, if you want to find the Cablegate Backup with a block scanner, you could search for the magic number of Zip files. Then, when one is found, you can find the tx id that contains it, and finally tx crawl to get all the pieces. Yet, file headers are just one of the many other patterns that can be used to find important transactions. Examples of others are:
. Magic numbers: Look for the first bytes in different types of file. ‘file’ can be used in UNIX.
. Ability to compress: Compress the decoded output. If the size is reduced, the output is possibly a message or part of a file.
. Text: If the decoded output has text, it might have information.
. Keywords (Very important): Search for relevant keywords, e.g., checksums for files in Wikileaks.org, checksums for the insurance files, hashes, dates, names, time stamps, etc.
. Reversibility: Some messages are in reverse and need to be flipped. This should be tried both before and after decoding.
Both scanners have to be used. The starting points for the searches should be Wikileak’s wallet, important dates (for example, during the DDoS attacks), previous messages and checksum hashes. The Cablegate Backup was a bit simpler than the more recent messages. In that case, only one wallet spent the funds in each transaction, and simply looking at wallet’s next transaction was enough to find all the pieces. Newer messages are bit more complicated. Some of the wallets that receive money make multiple transactions with no encoded data before proceeding with the ‘real’ transaction. Moreover, in a lot of cases, all wallets involved spend the funds (not just one). Therefore, the crawler has to keep track of all wallets that receive funds, and all future transactions of that wallet while using techniques (like those above) to detect encoded data. A transaction tree should be kept and the pieces of each files should be combined in multiple orderings.
If you implement the process described above you will find all the keys, other backups and other files that are not released. One way to test your code is to search for checksum hashes for files that have already been published at a specific date. There are multiple messages in the blockchain that include file hashes and dates. [/spoiler]Use the leads in this thread.[/spoiler]
I recommend you use a local copy of the blockchain and carry out the search on a computer that has no internet access. Work in groups and share the process. Remember to look at other cryptocurrencies as well and to encode your findings into the blockchain yourself.
1Gii1VoJksAKrL34Gd4sLF1bUTQdUq1qe1 and i dont know if this is old news but this should be JA’s address… There’s a DMS at the beginning of the txs
First being oldest. 1Fpdrx7Q7fVgf19imhXeDwNEhBAQV1a6Gp
for example this is one of the 4 txs… its cryptic so “im dead when back” and likely implies something to do with the hex
If you look at the oldest tx on Gii, you’ll see what looks like a dms… Y is for key. It’s always been here but it needs to be disarmed. Thats basically what it is.
The account basically returns what is sent to it… which is what this ‘QdUq1qe1’
just to make sure im not wasting my time, is it a waste of time to be looking at https://blockchain.info/address/135zDqhbNcmPk3gbyeJmH75yiLdVZechsK?offset=10800&filter=4, batches of transactions ~20 each(sometimes significantly more such as the 57 on the 21) at same time. literally thousands of transactions in a row with same file size
throuugh 300 some odd pages, other than the first few, there are only 3 file sizes
and average bitcoin transaction is ~.001 over 84444 transactions
There news that some groups are starting to find torrent headers in the blockchain. Some advice regarding that.
Check the file structure.
A torrent file is a bencoded dictionary with the following keys:
announce—the URL of the tracker
info—this maps to a dictionary whose keys are dependent on whether one or more files are being shared:
name—suggested filename where the file is to be saved (if one file)/suggested directory name where the files are to be saved (if multiple files)
piece length—number of bytes per piece. This is commonly 28 KiB = 256 KiB = 262,144 B.
pieces—a hash list, i.e., a concatenation of each piece’s SHA-1 hash. As SHA-1 returns a 160-bit hash, pieces will be a string whose length is a multiple of 160-bits. If the torrent contains multiple files, the pieces are formed by concatenating the files in the order they appear in the files dictionary (i.e. all pieces in the torrent are the full piece length except for the last piece, which may be shorter).
length—size of the file in bytes (only when one file is being shared)
files—a list of dictionaries each corresponding to a file (only when multiple files are being shared). Each dictionary has the following keys:
path—a list of strings corresponding to subdirectory names, the last of which is the actual file name
length—size of the file in bytes.
Check the tracker information.
Multiple trackers
BEP-0012[4] extends BitTorrent to support multiple trackers.
A new key, announce-list, is placed in the top-most dictionary (i.e. with announce and info)
{
…
‘announce-list’: [[‘’][‘’]]
…
}
If it a single file or Multi file torrent
Single file[edit]
Here is what a de-bencoded torrent file (with piece length 256 KiB = 262144 bytes) for a file debian-503-amd64-CD-1.iso (whose size is 678 301 696 bytes) might look like:
{
‘announce’: 'http://bttracker.debian.org:6969/announce‘,
‘info’:
{
‘name’: ‘debian-503-amd64-CD-1.iso’,
‘piece length’: 262144,
‘length’: 678301696,
‘pieces’: ‘841ae846bc5b6d7bd6e9aa3dd9e551559c82abc1…d14f1631d776008f83772ee170c42411618190a4’
}
}
Check the trackers to see if the files are valid.
Trackers themselves should be verified by Verisgn or any other tool for tracker verification.
If the file is downloaded, keep it and post it here. If the torrent was incomplete or corrupted it might be possible to fix it with file recovery software.
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "DOC Header Found " # DOC Header
if "576F72642E446F63756D656E742E".lower() in hexcode:
filetype += "DOC Footer Found " # DOC Footer
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "XLS Header Found " # XLS Header
if "FEFFFFFF000000000000000057006F0072006B0062006F006F006B00".lower() in hexcode:
filetype += "XLS Footer Found " # XLS Footer
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "PPT Header Found " # PPT Header
if "A0461DF0".lower() in hexcode:
filetype += "PPT Footer Found " # PPT Footer
if "504B030414".lower() in hexcode:
filetype += "ZIP Header Found " # ZIP Header
if "504B050600".lower() in hexcode:
filetype += "ZIP Footer Found " # ZIP Footer
if "504B030414000100630000000000".lower() in hexcode:
filetype += "ZIPLock Footer Found " # ZLocked Encrypted
if "FFD8FFE000104A464946000101".lower() in hexcode:
filetype += "JPG Header Found " # JPG Header
if "474946383961".lower() in hexcode:
filetype += "GIF Header Found " # GIF Header
if "474946383761".lower() in hexcode:
filetype += "GIF Header Found " # GIF Header
if "2100003B00".lower() in hexcode:
filetype += "GIF Footer Found " # GIF Footer
if "25504446".lower() in hexcode:
filetype += "PDF Header Found " # PDF Header
if "2623323035".lower() in hexcode:
filetype += "PDF Header Found " # PDF Header
if "2525454F46".lower() in hexcode:
filetype += "PDF Footer Found " # PDF Footer
if "616E6E6F756E6365".lower() in hexcode:
filetype += "Torrent Header Found " # Torrent Header
if "1F8B".lower() in hexcode:
filetype += ".TAR.GZ Header Found " # TAR/GZ Header | Going to have lots of false positives
if "0011AF".lower() in hexcode:
filetype += "FLI Header Found " # FLI Header
if "504B03040A000200".lower() in hexcode:
filetype += "EPUB Header Found " # EPUB Header
if "89504E470D0A1A0A".lower() in hexcode:
filetype += "PNG Header Found " # PNG Header
if "6D51514E42".lower() in hexcode:
filetype += "8192PGP Header Found " # 8192 Header
if "6D51494E4246672F".lower() in hexcode:
filetype += "4096PGP Header Found " # 4096 Header
if "952e3e2e584b7a".lower in hexcode:
filetype += "2048PGP Header Found " # 2048 Header
if "526172211A0700".lower() in hexcode:
filetype += "Secret Header Found" # Secret Header
if "6D51454E424667".lower() in hexcode:
filetype += "RAR Header Found" # RAR Header
if "EFEDFACE".lower() in hexcode:
filetype += "UTF8 Header Found" # UTF8 header
if "4F676753".lower() in hexcode:
filetype += "OGG Header Found" # OGG Header
if "42494646".lower() in hexcode and "57415645".lower() in hexcode:
filetype += "WAV Header Found" # WAV Header
if "42494646".lower() in hexcode and "41564920".lower() in hexcode:
filetype += "AVI Header Found" # AVI Header
if "4D546864".lower() in hexcode:
filetype += "MIDI Header Found" # MIDI Header
if "377ABCAF271C".lower() in hexcode:
filetype += "7z Header Found" # 7z Header
if "0000001706".lower() in hexcode:
filetype += "7z Footer Found" # 7z Footer
need to search each output script individually with trid that was sent TO the wikileaks address by some address, and in particular the time frame of 10/17 to 10/29
his dead man’s switch was “check in by the end of the day on friday”
lowest number of transactions + highest fees + 0.0000000001 amounts paid (or close to 0 as possible because it is blackholed money since the data dictates the destination address and you don’t have the priv key for the destination address)
and yes output scripts less than 40 are significant as well, because they do not un-hash (so to speak) to a valid address
also any output hex that is an ODD number is suspect
you can hide small shit, like keys or a text document inside a zip file (really small 2kb footprint)
the output script looks like this
“OP_DUP OP_HASH160 9f2fe1c79fefbc6166a906fc4fdadc61a08709fa OP_EQUALVERIFY OP_CHECKSIG”
if you take the hex string portion only:
9f2fe1c79fefbc6166a906fc4fdadc61a08709fa
and use it on this website: http://bitcoinvalued.com/tools.php
put that string into the top right field. hit convert
Result: BitCoin address: 1FWhoQ3scrAPh7M7uy4jsk7VCNTe3vZeVL
This 9f2fe1 string is the hash160 of wallet 1FWhoQ3
what has happened here is that the wallet 1FWhoQ3scrAPh7M7uy4jsk7VCNTe3vZeVL has received part of the UTXO (unspent transaction) from the sender
this transaction proves that
hell it was confirmed 20000 times or whatever
“27401 Confirmations”
so now the 1FWhoQ wallet may spend what they received - they are now able to spend it without throwing red flags
1FWhoQ has to put the right shit in the input scripts (bunch of version and shit and that’s the input script and is basically automated by the wallet and cannot fuck up because it has to have the wallet’s key to be able to spend the transaction out of the wallet)
and also 1FWhoQ will put the recipient’s HASH160 into the output scripts
there will be one output script per recipient address
so if i wanted to send a file to the blockchain, i would have to send it to the addresses that my data dictates. because the data is in a particular order that creates the original file.
so if the first 20 bytes were ABCDABCDABCDABCDABCDABCD then it would send to this address: BitCoin address: 1NDUKKcNpLnAwcozASKSa11
and that is because 1NDUKK’s hash160 value is ABCDABCDABCDABCDABCDABCD
if I don’t own 1NDUKKcNpLnAwcozASKSa11, then I’m basically throwing money away because i can’t send it out from the 1NDUKK wallet because i don’t own that wallet because i don’t have the private key and that is the most major part of the input script that allows the confirmations to occur(edited)
therefore the amount I send will be very, very small. but i may allow a big transaction fee (as a bounty) to make sure that transaction is confirmed and included in the blockchain quickly
and the way bitcoin works, when I send it, I have to send from only sources of unspent transactions. If I wanted to give you 1BTC and I had 10BTC, but I didn’t have any unspent transaction in my wallet that was exactly 1BTC, then I’d have to send you chunks (for example 0.3 and 0.25 and 0.21 and 0.24) or i’d send you an amount larger than what i’m trying to send you if my smallest unspent transaction was one that i had received that was 2BTC. So my 10BTC wallet might be filled with four transactions → 2BTC + 5BTC + 0.5BTC + 2.5BTC
and if i had to send you 2BTC, I’d want my 1BTC in change. so i have to include that as a recipient. i can choose to have it come back to my own wallet (if my wallet software allows and handles that properly) or i could give it another wallet that my wallet software auto
For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable. -Julian Assange, Nantucket Project, Sept 28 2104 https://youtube.com/watch?v=MaB3Zw5_p9c [Embed]&feature=youtu.be&t=7m06s
HOLDING GROUPS
If you are in a holding group you should slowly begin contact with the new seekers. You should assume that every user you speak to is a shill. If you are receiving intel from previous groups you should assume all information is not valid. The shilling that will take place in the next few days will be more advanced than what we have previously seen. Use CQC to gain new leads, use GW to prove your identity. If you have followed this project you should know how to engage and disable bots. This will be important.
OPERATION SKYE
You should assume your current medium of communication is compromised and monitored. Redundancy and constant change of channels is essential. If you are in a decoy Outer Heaven, make sure to have it completely briefed. The BM bunker will not be reliable this week. Make arrangements to mantain communication within your unit. Use Codec Communciation when discussing sensitive details.
AS OF 10:31:13 UTC wikileaks.org is constantly being modified. Keep track of changes as these will lead newer groups to the encoded information.
Plans for the Internet blackout have been confirmed by multiple sources.
Distribution of backups and new findings should take place outside the Internet. Make arrangement so your unit is able to access another net.
IF the keys for the decoy insurance files are released by ‘Wikileaks’ you should break radio silence and commence distribution of the real data.
IF the Internet goes down, you should break radio silence and commence physical distribution of the real data.
IF we experience a prolonged Internet blackout in the US, we will have to delegate certain task to our allies. Get Google Translate ready. You will need it.
IF the information has not reached the public once the Internet is restored, FOXALIVE will be released. This is our last measure and we should everything we can to avoid it.
Remember, if Arsenal Gear is deployed in the next few days, we lose the Internet forever.
Wikileaks contact info? [quote author=RHorning link=topic=1735.msg26876#msg26876 date=1291501064]
Basically, bring it on. Let’s encourage Wikileaks to use Bitcoins and I’m willing to face any risk or fallout from that act.
[/quote]
No, don’t “bringit on”.
The project needs to grow gradually so the software can be strengthened along the way.
I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.
We have the hashes for genesis block through block 74000 hardcoded (compiled) into bitcoin, so there’s no reason why we shouldn’t be able to automatically download a compressed zipfile of the block database from anywhere,unpack it, verify it, and start running.
[/quote]
The 74000 checkpoint is not enough to protect you, and does nothing if the download is already past 74000. -checkblocks does more, but is still easily defeated. You still must trust the supplier of the zipfile.
uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.
The data is mostly hashes and keys and signatures that are uncompressible.
WikiLeaks @wikileaks 13m13 minutes ago
Today:
-Truck drives into Berlin Christmas crowd replaying Nice
-Russian envoy shot over Allepo in Turkey
-3 shot at Zurich Islamic centre
Major sites down during these past few days.
Internet outages in US, Moscow and Japan.
Record breaking packet loss these past two days for major ISPs.
Russian ambassador to Turkey shot.
Obama publicly hinted at cyber war during the past few days.
Wikileaks posted a new bogus insurance file.
Electoral college vote currently taking place.
BM kill
fullchan video captcha and high shill activity
clearnet shill spamming multiple sites down
darknet sites permanently down since last night
torrent sites down, some permanently closed
>>118
if you read the threads inside that png you will able to see everything that happened that was saved before deletion.
rushed summary:
oct 17: strange activity is noticed at the embassy, first responders investigate, periscope is killed, twitter goes full orwell, archive.org is changed to no longer save sites properly.something that is instantly deleted is posted several times on pleddit, halfchan, fullchan, onion links and darkweb. it is all wiped. people regroup in several places since there is no way to post without threads being deleted or sites going down. a lot end up here.
oct 21: as the director of wikileaks is dying a huge ddos takes down most sites. blockchain is attacked. lot of stuff gets deleted.
oct 24: someone finds the wikileaks backups in the blockchain and posts instructions and code to decode the data.
oct 27: the deletions get too severe. sites begin being flooded with illegal content or going down. people create their own private channel to discuss progress. the keys and all hidden data in the blockchain are found. the group pushes the information into a few cryptocurrencies. blockchain is flooded. mempool graphs now have a giant spike on oct 27. soft fork for bitcoin begins. onion threads with the info get instantly wiped. everyone involved goes silent except one of two people. this group is then referred to as ‘group 1’. first finding of the keys as ‘first impact’.
few days later: one of the people following the progress of group 1 starts teaching others how to retrace the steps.
late oct: people figure out that unlocking the data gets you xkeyscored’d making you lose internet connection and makes sites get attacked if the stuff is not deleted.
early nov: focus changes to teaching others how to find the information on airgapped computers to avoid deletion and sacrificing public channels of communication. threads that have progress start being flooded with illegal content every morning.
nov 8: wikileaks.org begins being changed. some files are deleted. checksum hashes start not matching older backups.
some point in nov: irs asks bitcoin to give them the identities of all transactions. copies of the blockchain start showing ‘undecodable’ or empty transactions not seen before.
mid nov: ‘group 2’ doxxes the people pretending to be wikileaks and tried to spread more detailed instructions for getting the files. posts did not last more than a few minutes. it seems like they tried to push to blockchain but apparently the data did not make it in. group 2 goes silent. they start calling this day the ‘second impact’.
>>119
nov 25: third impact. files are found by a new group that seems to not be american. they post instructions all the place but they don’t last more than a few hours. they tried to encode data into cryptocurrencies but it is not clear if it made it. this day is the second spike visible on the mempool graph.
at some point after this people agree to stop using the endchan thread for this because admins have to deal with too much illegal content floods and site going down. it becomes clear that any channel used to discuss this is ‘sacrificed’, in other words, it starts going down a lot, they flip the mods, deletion, illegal spams, etc. this thread is created for that reason. you can figure out what is special about this thread if you read the logs in the png. most progress after this point is exclusively on channels with no logs on darkweb. most of these eventually go down. the endchan thread is eventually locked. everyone that posted is blocked to this day. it is then deleted.
dec: planning for d-day begins. all holding groups spend all of december teaching others how to find the files.
mid dec: someone allegedly speaking on behalf of appelbaum posts links to code he wrote to find and repair keys in memory. new teams are told to use it. obama starts talking about a cyber war with russia.
dec 18: files are found in japan. a meshnet using ps3s is created to spread the files but it does not seem to last too long.
dec 19: d-day. happenings all over the world. most ISPs, torrent communities and major sites go down. wikileaks releases a new insurance file. uk, ec, and us insurance files from before no longer show on wikileaks.org unless you have IPs from specific countries. it is one of the biggest internet outages in history and it is not reported in a single news site that i have been able to find. holding groups go silent. some members are now trying to find their old teams.
tl;dr blockchain has backups for all wikileaks files since 2013. it also has checksum hashes and upload proofs for all files. there is a lot of stuff in there that triggers xkeyscore or echelon and is virtually impossible to share or even talk about. three months have been spent trying to teach others how to recreate the steps. there is a noticeable pattern. group finds it, start teaching others how to do it, then everything is deleted and people go silent. then a new group finds the breadcrums and starts over. it’s not clear what happened yesterday or what will happen next but there are people from all the world trying to investigate. at this point and there is no part of the internet where it is allowed.
Holy shit. Looking at the graph it is indisputable that they are fucking with the blockchain Nov 22-27 7x as many transactions that is not possible in normal context.
If what you say is true the blockchain may become contraband. Comments?
>>124
because xkeyscore exists and if you find the files or try to share them while you’re online you internet is instakill. doesnt matter how many proxies and underwater vpns you have there’s plenty of hardware backdoors to fuck your shit up. if you try to post them you will just insta ded that site. not even the max level shills can explain how deep af darkweb sites that are made just for this go down as soon as that content hits them. everyone ended up in here not because they wanted to hide but cause they flat out could not make a thread that lasted more than 2 minutes on any other site. this aint no game. and when this thread is found and flooded all evidence of this shit will disappear from normies forever. thats why most people in this shit are from other countries now.
>>124
yes and they are found again every other week. if you follow the old endchan thread it tells you how to get them.
>>145
keys and other files are in the blockchain. hard to explain to others how to do it. inforamtion cant be posted directly because kill the site its posted on. halfchan would be a great channel for this because they have good number and organize pretty well. however the mods seem to be flipped. hopefully someone figures out how get them to join this cause as well. same goes for fullchan. it’s just really hard with flipped mods.
about reaching out to normal people. what i have seen (for me) that works best is to start with:
the quote about how he embeds everything into the blockchain from the hologram interview (normies like videos, so send youtube link with the timestamp)
the quote from oct 4 (his last message) about wikileaks changing, him stepping down and finding a way to avoid censhorship (again, timestamp video)
then showing that cablegate is in the blockchain
explaining why the blockchain ‘cannot be changed’
then showing the timing of the ddos, internet cut, the fact that the director gavin was dying during the ddos, and how the blockchain got flooded on oct 21st and oct 27st.
this was my personal experience over the last two months. everyone is different so you can build your own strategy. i have tried to start with tech people by showing them one of the gpg files sent by wikileaks on the blockchain and they dont give a fuck until they quotes and read ruberhose. people dont care about proof of life, him missing or anything. some trump people care about how the emails are not completely there, they stopped before 10 weeks and that the deleted emails never came out.
For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.
-Julian Assange, Nantucket Project, Sept 28 2104 https://youtube.com/watch?v=MaB3Zw5_p9c [Embed]&feature=youtu.be&t=7m06s
Wikileaks needs to change in order to survive and thrive through the next few months… If necessary of course, if I’m not able to continue or the Ecuadorian people are unreasonably blamed for Wikileaks’ publications, I will have to resign as editor, but our publications will continue. The part of the necessary defense of Wikileaks, we have engaged in a new project to recruit people across the world to defend our publication - and we’ll give details of that as the weeks go by… …we will issue guidelines about how you can promote Wikileaks publications without censorship.
there is data in input and output scripts
make sure you don’t have this line in your code
length = struct.unpack(‘<L’, dataout[0:4])[0]
checksum = struct.unpack(‘<L’, dataout[4:8])[0]
dataout = dataout[8:8+length]
At that point you will have found the upload evidence for all 10 million documents.
Finally, use the instructions in the deleted endchan thread and you’ll find all the leaks that haven’t gotten out.
If you do this and are able to figure out a way to spread the information (maybe an interpretative dance that can be used to get the info somehow) then congratulations you just saved the world.
Remember that in order for this to finally reach the public you will have to collaborate with people you would never talk to on the Internet. We will have a flood of normies trying to learn. We all should do our best to teach them. We also have to teach them how to deal with shills, OPSEC, and permanent logging.
If you are a normie and somewhat organized you could greatly help by going through the threads in docs.png and creating an image with important posts and information about what is going on.
For publishers for example, so that, as an example we are starting to use Bitcoin, Wikileaks, stuffing our, cryptographic keys of stuff that we publish, so, we prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.
-Julian Assange, Nantucket Project, Sept 28 2104 https://youtube.com/watch?v=MaB3Zw5_p9c [Embed]&feature=youtu.be&t=7m06s
Regarding Assange getting his Internet back, few things to consider:
A good step towards proof of life would be him signing anything with his public key.
The opposition has all kinds of excuses for why he might not be able to do this.
However, if Assange got his Internet back, the first thing he would do is read the new leak submissions.
In order for him to read any leak submission, he needs access to his private key. Every submission is made using the Wikileaks public key. https://wikileaks.org/#submit_wlkey
If Assange or someone else is able to read submissions, they can sign a file and proof that someone has access to his key.
If Assange or someone else has access to the key and don’t use it to sign anything, they are not interested in showing that Wikileaks is still reliable as a safe, anonymous submission system.
If Assange or someone else had lost access to the Wikileaks public key, they would have revoked it and changed the public key required to submit any leaks to them.
If Assange or someone else do not make any statement regarding the status of the key and keep the submission instructions and visible (on Twitter and every html page on the site) public key, then they still have access to it or do not care about submissions.
In simpler terms:
If they still have access to the key, then they can sign with it.
If they don’t have it, then they would have revoked and changed it the moment the lost it.
If they didn’t know they lost it, then Wikileaks has not cared about leak submissions or communications since October 16.
None of the current outcomes are compatible with the statements and actions made by Wikileaks and Assange regarding this issue in their 10 year history.
you’ll get something like this:
salt=1918B41E8B10FAE7
key=8A8F02AE3133122E132762B20A9E04121A1B4B7D60DEDEA3097B759BE554A1F0
iv =588F3CEAC295D353EC66DDF6805C5710
1.) LARPERS. They know nothing, they know they know nothing, but are using others works to spread their larp. Concrete LARP is “key can’t be uploaded or insta-nuke”. That’s simply not true.
Post the sdn list >>635 on a site outside the this thread. Post it in plaintext or better yet the content of those sites. Then post a link to that thread. Or even better, post the steps to get the GPG files after cablegate in here >>760. Show how badass you are by posting it and proving how pathetic the people on this thread really are. Or just post these steps >>345 on a normal site. Go ahead. Do it and prove that it’s not real. Here’s a new link in case you’re an idiot and can’t find it:
2.) The people the LARPers are basing their larp off of. Real work being done in the blockchain. Has born little to no fruit so far, and none of which is keys (new keys, anyway). These people can’t really explain it, at least not all of it, because they just are running someone elses code.
There’s evidence of thousands of files in the blockchain in this thread. If you don’t understand it. Leave the thread, use google and come back. Every wikileaks file has a transaction in the blockchain >>88 This public and there’s nothing you can do about it.
3.) The people who write the code. These people are the most knowledgeable, however, not one person who has written the code leaves comments, or gives a detailed guide.
This is the only ‘comment’ you need
unhexlify Return the binary data represented by the hexadecimal string.
Do that to the blockchain.
Data comes out.
End of explanation.
4.) People who want a detailed guide before fucking their PC over.
Every person that uses bitcoin already has this data on their computer. Reading it does not ‘fuck’ a PC over.
4a.) People who try to follow a mixture of bullshit (LARP) and legitimate code.
Try
Learn how to use a computer. Then shill.
5.) People who will not follow the steps, but proclaim it all to be 100% gospel.
Those people don’t even know how to find this thread and left when ‘countdown meme’ didn’t work out.
5a.) People who will not follow the steps, but are asking for more information, while stating without information it is bullshit.
Those people don’t even bother finding a thread on a shitty site that no one visits. The only people who come here to say it’s bullshit are shills. Do you go into magic crystal stores to tell them it’s pseudo-science?
5b.) Its bullshit.
I don’t see people going into michael jackson is alive threads and telling them is bullshit. Somehow there’s a lot of people here.
5c.) You’re a shill
Or part of the mental botnet of being a skeptic that doesn’t believe anything until it’s on CNN or you can google it while somehow simultaneously knowing that it’s all bullshit.
6.) Observers.
Most people here. In fact, the people that understand this don’t ever post, run the shit on their computers in private and then decide it’s not worth making public.
7.) Pizzagate fags.
These people don’t understand how encryption works. If they did, they would have already found all the evidence they need. They are still rocking Windows and playing vidya on breaks.
The only people here are, curious people, people trying to teach others how to do this, and shills. That’s it. Simple.
The story the media is running is that the protest “erupted” around October 29 due to one of the cables on Wikileaks: https://wikileaks.org/plusd/cables/07SEOUL2178_a.html That cable has been online since 2010. In fact, the unredcated cables have also been online since 2010 >>683 You can check for that cable in the blockchain (uploaded in 2013) or in the encrypted unredacted cables file (2010).
Now consider the fact that keys were first released on Oct 27, and then again in Nov 25. Why would South Korea suddenly erupt into a protest where two million people took to the streets on Oct 29 because of a document that has been available since 2011?
They were not protesting a five year old document. That five year old cable is the only thing the media was able to find that is already public. The insurance files were unlocked two days before the protests began. On November some of them came here to recreated the steps. That group (which had people from many countries) was successful on Nov 25.
A newly released Wikileaks cable from the US embassy in Seoul described him as having “complete control over the body and soul of the president in her formative years” in 2007.
http://www.usatoday.com/story/news/world/2016/12/09/profile-south-korea-park-geun-hye/95186340/
“In 2007, a leaked diplomatic cable published by WikiLeaks revealed the U.S. Embassy in Seoul had noted Choi was often referred to as “Korea’s Rasputin” and that there were bizarre rumors circulating that Choi “had complete control over Park’s body and soul during her formative years and that his children accumulated enormous wealth as a result.” Park was forced to deny she had a child by Choi.”
http://www.wsj.com/articles/a-presidential-scandal-transfixes-south-korea-1480112351
"Opponents depicted her as having fallen under the control of a “Korean Rasputin,” according to a hacked U.S. diplomatic cable from the embassy in Seoul published by WikiLeaks. The cable cited widespread rumors “that the late pastor had complete control over Park’s body and soul during her formative years.” "
The EVP_BytesToKey key derivative algorithm uses md5. It is trivial to break the key for the first block. >AES decrypts in blocks 256 bytes at a time. take one of the insurance files, copy the first 256 bytes, make a new tiny file and use the key on that. if the data is compressible or has runs on zeros or consant values or has some known values in it, then the key is right
Change RPC user/pass in code (txindex = 1 must also be set in bitcoin.conf).
Use with:
python block-opreturn-finder.py blocks 434304 435711 # Oct 15 through Oct 25
Anonymous Wed Nov 16 23:48:02 2016 >>cf7ef0caf8c183f294 [Reply] [x]
SITE FUCKERY:
For one example, go to Index of /torrent/
Ctr+F ‘09-Nov-438498967 06:00’, which is not the format the use for dates.
Look at the file. You can download a copy of this file from Oct 21 2016 here: https://archive.org/details/SaudiArabiaDatabaseFromWikileaks
and from June 2015 here: https://archive.is/TdJ4t
You can then use the ‘diff’ to compare the files. The output is ‘the binaries differ’.
That torrent file timestamp was corrupted as back as Jul 25 http://archive.is/09Gu5
podesta 33 started at 53000. podesta 32 ended at 52481. they skipped 518 that are online 52481-52999. duplicates everywhere doing empty search gives you less emails than there are online.
wikileaks still shows 27515 emails for the dnc but in reality there are 44052 (16537 emails are not indexed) TWITTER FUCKERY:
video posted with accidental link https://twitter.com/wikileaks/status/795706165971841024
seems like a random fan girl is running the account https://twitter.com/m_cetera
Anonymous Wed Nov 16 23:56:22 2016 >>b35f20b30ce3ce8499 [Reply] [x]
BLOCKCHAIN ATTACKS:
I know the mempool was flooded a day or two afterwards (40000 transactions as opposed to the usual 4000 or so), but this could’ve been an attack to thwart and discourage adoption of Bitcoin 0.13.1 (SegWit) by those that don’t support it. (The timing here is suspicious.)
10/26
43000 unconfirmed transactions in the mempool. $10 fees.
Anonymous Thu Nov 17 03:03:09 2016 >>cf504945762c54791f [Reply] [x]
The Litecoin blockchain scrape is now ready (blocks 1078900-1089000)
strings opreturns.txt:
.3V6
KH%i
<G3c"p&>
T=R7
y+y?
3-H-r
n5`/t
H@W99)
{0Z&
C"^U
hello!
hello!
&WJ#
rClZz
i;ki
$zt"W
"I_?_
8 9R
)Q*z
Tq$y-
hello!
hello!
hello!
hello!
hello!
hello!
hello!
hello!
hello!
hello!
china
12345678901234567890
Yager 's Block App
Better late than never
Just do it
Say hello to eveyone
Letter is first block app
uHzl#
**db
5U s
ahBxL
e"Mh%R
3?S$
012345678901234567890123456789012345678
The original output file is uploaded here:
h ttp://gateway.glop.me/ipfs/Qma14B5qkrWLBqJDDBqWJkqrAbQN44m1AkhVQE3M3z84H2/opreturns.txt.gz
Remove the usleep() calls to make it dump faster, but it’s
not worth it because the program will spit it out way
too much information. The next version will actually
do something with the information, but for now this is
a good starting point.
*/
Anonymous Mon Nov 21 01:33:57 2016 >>5d11da0757232e1b41 [Reply] [x]
EVP_BYTESTOKEY CODE:
I cannot understand the flow paths in the OpenSSL code. The whole library is junk. Someone needs to read the code and annotate it and tell me which branches it is taking. I am too busy to do this right now.
The process by which the password and salt are turned into the key and IV is not documented, but a look at the source code shows that it calls the OpenSSL-specific EVP_BytesToKey() function, which uses a custom key derivation function with some repeated hashing. This is a non-standard and not-well vetted construct (!) which relies on the MD5 hash function of dubious reputation (!!); that function can be changed on the command-line with the undocumented -md flag (!!!); the “iteration count” is set by the enc command to 1 and cannot be changed (!!!). This means that the first 16 bytes of the key will be equal to MD5(password||salt), and that’s it.
“The first 16 bytes are actually derived using PBKDF1 as defined in PKCS#5 v1.5. The next 16 bytes would be MD5(PBKDF1(PASSWORD, SALT) || PASSWORD || SALT) and the IV would be MD5(MD5(PBKDF1(PASSWORD, SALT) || PASSWORD || SALT) || PASSWORD || SALT)”
Anonymous Tue Nov 22 01:02:12 2016 >>db0dab7b4ae7420326 [Reply] [x]
[[[ To any NSA and FBI agents reading my message: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden’s example. ]]]
There were some recent spikes in fees on Oct 27, Nov 7, and yesterday (Nov 22). This is easy to verify and there are several links to sources in this thread. It could be a coincidence, but these increases have taken place when users have found new information and attempted to encode it in the BTC blockchain. This can be verified by looking at the dates of certain posts in this thread. Large fees and a flooded mempol prevent us from encoding messages for others to recreate what was done here. However, there are other cryptocurrencies. I recommend pushing to BTC, Litecoin, and another cryptocurrency that starts with the letter ‘M’.
Look for duplicate OP_RETURN data
This is very important.
if any of the outputs contain “911”, also pay attention.
Some suspect that these transactions are made by BTC bot/scammers. I’ll post some of that information for completeness. I don’t recommend anyone follow this lead directly as the steps posted above are sufficient for users to find all of the messages. Kelly Kolisnik tweeted 1BpjNVeYm6kiER2m7N6FXy3zNZbqEkp1Tm on Nov 21st. That wallet is involved in a 911 transaction which can be seen here: https://blockchain.info/tx/dfd7522529bd9af9556d68af2214a068f6de66b5e11488e84deede26c817bde6 Taking Snowden’s tweeted hash and turning it into a BTC wallet results in 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg. If you look at that wallet, you will see several transactions with 911. https://blockchain.info/address/1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg Note the dates and compare them to the date of the tweet
ICMP packets
It’s good to have firewalls and to use something like Wireshark to track what’s going on. However, I strongly recommend you do all your blockchain work in a computer that’s not connected to the internet. When you find something and want to communicate your findings to others, use redundancy. My advice is to post the information on a darknet site, clearnet site, regular site, BM, and in person to someone in your group. In that order. If you are able to encode messages into the blockchain, that should be the first thing that is done. If you find something sensitive in the blockchain, do not send others any information about what is it, or where it was found. Instead, send them an actual piece of the blockchain that contains it first, and then explain.
Anonymous Wed Nov 23 19:54:26 2016 >>4e5688bfff7670b41b
>>6ad2894ab0
SALTS:
insurance.aes256 DE 18 1B 73 EF F3 5E 39 DA
wlinsurance-20130815-A.aes256 0F 0B DA 00 F0 35 9A 0F C8
wlinsurance-20130815-B.aes256 AB C2 04 75 6B AB 85 BE 30
wlinsurance-20130815-C.aes256 73 6B 46 4C 2F 84 9A C2 A4
Example:
python get_wallet_txs.py 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE
Will save the list to 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE_tx_list.txt
And here’s a script to find transactions with encoded files. Scans all transactions made by a wallet. Prints tx id and file type. Saves decoded data and a list of tx ids.
TrID and get_files_in_wallet.py should be in the same directory.
Example:
python get_files_in_wallet.py 1C3WStWpfCmsoG5WmDeaYSwAeEY1ncWQoh
It should find a PDF. It will save all decoded data from transactions, a list of tx ids and a list of tx ids that include file headers.
Anonymous Thu Nov 24 21:27:06 2016 >>89004de07d4fb1b10a [Reply] [x]
Anonymous Fri Nov 25 18:26:54 2016 >>b92f6d159d2dcc0b16 [Reply] [x]
Even if the keys were released, where would you post any information about the contents of the files. No place exists that is not a controlled, opposition space.
Facebook, Twitter, Reddit? You get the idea. The whole internet is built on backdoored standards. The existing internet is completely corporate controlled and in the hands of the enemy.
We have seen evidence of websites being intercepted and content being removed in real time. They will let some leaks out, but there is not a channel for mass dissemination and media for this type of leak.
The insurance files should be downloaded quitely to as many people as possible.
We should verify the hashes of the wikileaks files (multiple hashes and verifications). Expecially for the newer files and the saudi file that was modified
We should build up or fortify our distribution system for messages
We should build up a toolchain for writing messages to the blockchain and retrieving the messages (as a stop gap in case Bitmessage comes under complete exploitation)
The enemy has a nuke button and can dump 10 GB per day into bitmessage and make it unusable if needed
We should prepare for the private key distribution (which is expected to happen by Christmas if it has not already happened)
We should each individually be able to decrypt the files. We should not expect that the files will be allowed on websites or public internet
If we cannot post files on Bitmessage and the clearnet is jammed, how will we even distribute the worst of the files? We wont be able to. Each person needs to get the files themselves, decrypt them and may have to do sneakernet or we may have to distribute the worst information on USB sticks.
We need tools to posting to the blockchain as a last resort
Sending a message on the blockchain may cost us 10 cents or $5 but if it is important enough, that may be the only way.
In the long term, we need to develop new media platforms and communication platforms that are more resilliant.
more difficult to jam
more difficult to modify content once published
ability to detect jamming if it is occuring.
We need distributed blogging and messaging platforms. We need a safe and secure way of distributing files.
Hi everyone.
I realize that this message might not go through but just in case – this will be my final message sent to BM. Anyone claiming to be updating my situation is lying.
I’ve been working with another person on this since the original thread in October 17. This is our third attempt at spreading the information. I don’t think it will be possible for anyone to upload the keys and the files. It really seems like the only way is for everyone to get them from the blockchain separately. Some of you might think this is not the case but you’ll be able to see it first hand when you try soon. It should be fairly straight forward for everyone to extract the keys and files with the information on this BM.
On our end, we can confirm that the script can be used to extract the following files:
2016 Disk Image, Spreadsheet, BIN, multiple videos, mp3s, emails, pdf documents
2015 Disk Image, Spreadsheet, multiple videos, mp3s
2014 Disk Image, Spreadsheet, multiple videos
2013 several backups in zipfiles
Hash and time stamp text for what seems like all uploads to Wikileaks.org
The following files can be unlocked so far:
2016-06-03_insurance.aes256.torrent
wlinsurance-20130815-A.aes256
wlinsurance-20130815-B.aes256
wlinsurance-20130815-C.aes256
We have not been able to unlock:
2016-11-07_WL-Insurance_US.aes256
2016-11-07_WL-Insurance_UK.aes256
2016-11-07_WL-Insurance_UK.aes256
wikileaks-insurance-20120222.tar.bz2.aes
Allegedly unlocked by others:
2016-06-03_insurance.aes256
wikileaks-insurance-20120222.tar.bz2.aes
There is clearly a lot more information that we haven’t gotten to yet.
The file pieces have to be combined so a bit more code is needed. The Cablegate Backup should be used as an example to do it. Some groups are now going through the same issues we’ve seen. Our experience was that we lose internet connection, we are unable to copy paste or keep anything on our clipboards, all attempts at encoding transactions into BTC get delayed and do not happen, files on computers connected to the Internet are deleted or moved, etc. That is why I think the best way to spread this is to teach others how to do it and possibly to encode what you feel comfortable making permanent in some crypto currency other than BTC.
I expect that in the next few days the media will be forced to cover this. The spin will be that these files cannot be verified, do not come from Wikileaks and that no one can recreate the steps to get them. They will probably push false steps that do not work. From what we have seen, most people will not bother to check and believe it. Because the blockchain is permanent and many have copies, I
do not think that it will be possible to spin this in this way forever. Anyone can do it in their own homes. However, they have been preparing for this for months. Damage control will be very easy for them because there are really no sites that can be used to discuss this anymore. I’m a still a bit concerned because the steps on how to get the information were available since mid October and very few people tried to do it. It was practically impossible for us to try to discuss this with others on any site. Everyone seems to react violently to the suggestion but I am not sure if these were even real responses.
The easiest way to collect the information is on a computer that is not connected to the internet and has no wifi cards. Making a database with relational information of the transactions helps a lot as well. It might be necessary for someone to create a very easy to follow tutorial with code that allows anyone to do this. To this day many people refuse try on their own and simply chose to believe that it is not real. If you care about this, you should spend some time showing people the evidence and guiding them through of process of getting the files themselves.
My personal opinion is that the most crucial thing that should happen when this is finally out in the open is that the people pretending to be Wikileaks should be exposed. It should be clear to everyone that people are paying attention. The people that sold out and did as they were told should also be exposed. I still don’t understand why it was so easy to get most people to play along and allow their sites to be controlled. It is alarming that talking about this is practically forbidden everywhere. During the past few months we have witnessed a possible end of a free internet. People in power have the resources to fool the entire world into agreeing with them through censorship, paid posts, bots, etc. There is not even a way to verify the history of a page anymore since they now control the only site that allowed it. I think this is the perfect opportunity to guarantee that this is stopped and does not happen again. However, everyone should see the information and decide by themselves what they want to do.
Thanks to all of you that helped.
Anonymous Fri Nov 25 23:24:48 2016 >>2f249cbf02eb3ad90a [Reply] [x]
When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the ‘Cablegate Backup’. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by ‘tx crawling’. To do this, follow these steps:
. For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
. For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
. Continue doing this until you are not able to see the pattern repeat itself.
Confirming that jean3 is able to find the 7-zip headers for the cablegate addresses.
Each one creates 3 files in [directory]:
resfile: Trid output for all transactions without “Unknown!”
asciifile: Fragments of decoded ascii in output scripts
txfile: txids for each result in resfile
as said below, my scripts handle the 8 bytes thing (i think)
Anonymous Mon Nov 28 04:37:59 2016 >>f724c2b3c41b272ef2 [Reply] [x]
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "DOC Header Found " # DOC Header
if "576F72642E446F63756D656E742E".lower() in hexcode:
filetype += "DOC Footer Found " # DOC Footer
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "XLS Header Found " # XLS Header
if "FEFFFFFF000000000000000057006F0072006B0062006F006F006B00".lower() in hexcode:
filetype += "XLS Footer Found " # XLS Footer
if "D0CF11E0A1B11AE1".lower() in hexcode:
filetype += "PPT Header Found " # PPT Header
if "A0461DF0".lower() in hexcode:
filetype += "PPT Footer Found " # PPT Footer
if "504B030414".lower() in hexcode:
filetype += "ZIP Header Found " # ZIP Header
if "504B050600".lower() in hexcode:
filetype += "ZIP Footer Found " # ZIP Footer
if "504B030414000100630000000000".lower() in hexcode:
filetype += "ZIPLock Footer Found " # ZLocked Encrypted
if "FFD8FFE000104A464946000101".lower() in hexcode:
filetype += "JPG Header Found " # JPG Header
if "474946383961".lower() in hexcode:
filetype += "GIF Header Found " # GIF Header
if "474946383761".lower() in hexcode:
filetype += "GIF Header Found " # GIF Header
if "2100003B00".lower() in hexcode:
filetype += "GIF Footer Found " # GIF Footer
if "25504446".lower() in hexcode:
filetype += "PDF Header Found " # PDF Header
if "2623323035".lower() in hexcode:
filetype += "PDF Header Found " # PDF Header
if "2525454F46".lower() in hexcode:
filetype += "PDF Footer Found " # PDF Footer
if "616E6E6F756E6365".lower() in hexcode:
filetype += "Torrent Header Found " # Torrent Header
if "1F8B".lower() in hexcode:
filetype += ".TAR.GZ Header Found " # TAR/GZ Header | Going to have lots of false positives
if "0011AF".lower() in hexcode:
filetype += "FLI Header Found " # FLI Header
if "504B03040A000200".lower() in hexcode:
filetype += "EPUB Header Found " # EPUB Header
if "89504E470D0A1A0A".lower() in hexcode:
filetype += "PNG Header Found " # PNG Header
if "6D51514E42".lower() in hexcode:
filetype += "8192PGP Header Found " # 8192 Header
if "6D51494E4246672F".lower() in hexcode:
filetype += "4096PGP Header Found " # 4096 Header
if "952e3e2e584b7a".lower in hexcode:
filetype += "2048PGP Header Found " # 2048 Header
if "526172211A0700".lower() in hexcode:
filetype += "Secret Header Found" # Secret Header
if "6D51454E424667".lower() in hexcode:
filetype += "RAR Header Found" # RAR Header
if "EFEDFACE".lower() in hexcode:
filetype += "UTF8 Header Found" # UTF8 header
if "4F676753".lower() in hexcode:
filetype += "OGG Header Found" # OGG Header
if "42494646".lower() in hexcode and "57415645".lower() in hexcode:
filetype += "WAV Header Found" # WAV Header
if "42494646".lower() in hexcode and "41564920".lower() in hexcode:
filetype += "AVI Header Found" # AVI Header
if "4D546864".lower() in hexcode:
filetype += "MIDI Header Found" # MIDI Header
if "377ABCAF271C".lower() in hexcode:
filetype += "7z Header Found" # 7z Header
if "0000001706".lower() in hexcode:
filetype += "7z Footer Found" # 7z Footer
Anonymous Tue Dec 20 03:39:56 2016 >>44c6ae50c69371d4d8 [Reply] [x]
DecentralNet
Abstract
In the current year, most Chans are isolated and are not intended to interoperate with each other. Thus, the content being posted on one chan is easily censored and is not mirrored on any other Chan. The closest thing to a Decentralized Chan that we have is BitMessage. This, however, requires the user to install software and is also subject to spam attacks where an attacker with sufficient resources can flood a channel with irrelevent or even illegal content.
DecentralNet would aim to mitigate a few problems:
User-friendliness (through web-facing nodes)
Spam Attacks (through Pow as Identity)
Censorship (through distributed storage)
Proof-Of-Work As Identity
Currently, BitMessage uses PoW in order to lower spam levels on the network. This is done on a per-post basis which means that in the event of a spam attack, it is almost impossible to block or identify the spammer. Provided the PoW is sufficient, the message is deemed valid.
DecentralNet would not rely on a PoW per message as the basis for mitigating spam, but would rely on PoW per Identity. This means that for each Identity created, there would be a large PoW involved. Messages posted would then have to be tied to an Identity, making it easier to filter out identities that users deem to be posting non-informative content. The Proof Of Work here would be quite large - at the moment, we would be looking at defaulting this to six hours on an average PC (though PoW required can be adjusted by a node operator).
Obviously, this PoW is too much for the average user. However, it is not intended that all, or even most, users will run a node. Instead, we will rely on some nodes providing a web front-end that submits posts from the node’s identity on behalf of the user. From a user point of view, the frontend would operate the same as Chans do today.
Frontend Node
As an example, imagine we had the site decentralchan.org. Decentralchan.org looks the same as most Chan sites today. It also features a Captcha to mitigate spamming.
DecentralChan.org has taken the time (and processing) to generate an identity that allows it to post on the DecentralChan Network. When a post is made, DecentralChan.org proxies it through their identity and posts it onto the DecentralNet. The message posted will be in JSON format to allow for extensibility (fields like Tripcode, Name, Email, etc).
All other identities that post on DecentralNet will also show on DecentralChan.org - provided DecentralChan has not Blacklisted their identities. This allows optional censorship for the Node Operator. If an Identity is frequently posting illegal or insensible content, then that node can choose not to store or propagate its content.
A Node can also specify a data threshold on a particular identity so that if that identity posts too much within a set time period, all further posts are ignored.
Attachments
Because the propsed format is JSON, the client can choose how they wish to attach or view files. To keep data usage low on the network, it is recommended that IPFS is used for file attachments and the IPFS hash of the file given instead. This would prevent duplication on the network.
If this approach is taken, it is recommended that the Front-End Nodes host an IPFS Gateway that allows uploading and downloading. Other Front-End Nodes can then mirror this content.
Others That Wish To Run A Node
Anyone is free to run a node and collect all data posted to the Network. In this way, it is intended that this network would be incredibly difficult to censor in all cases.
However, to post on the Network, a user MUST generate a valid identity.
Possible Use Cases
This framework could be extended to the following Use Cases:
Chans
Twitter-Like services (through Twitter-like nodes. Node could post on behalf of user or users with sensitive information could generate their own identity, mitigating the trust issue.)
Leaks-Like service (each media agency could monitor and mirror a “leaks” channel.)
Offline Instant Messaging (a message cache-type channel - useful for services like Tox to replace independent Master-Nodes implementation. A user could choose a Front-End node to interface with for Offline Messaging - or could again generate their own identity if trust is an issue)
==This is all just a proposal. All thoughts and contributions welcome.==
Message me on BitMessage if you have any suggestions/contributions: BM-2cVoCYnYy8k5xrpRNS97YJKG4NB554F8Bq
“We prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.”
-Julian Assange, Nantucket Project, Sept 28 2104
Decode the input of TX cd9104ce6d385428060d33e1d4843b0cdfc78db2f327116eb4f97d8e177a4d82 (output below since clueless skeptics don’t know how computers work):
Wikileaks contact info? [quote author=RHorning link=topic=1735.msg26876#msg26876 date=1291501064]
Basically, bring it on. Let’s encourage Wikileaks to use Bitcoins and I’m willing to face any risk or fallout from that act.
No, don’t “bringit on”.
The project needs to grow gradually so the software can be strengthened along the way.
I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.
We have the hashes for genesis block through block 74000 hardcoded (compiled) into bitcoin, so there’s no reason why we shouldn’t be able to automatically download a compressed zipfile of the block database from anywhere,unpack it, verify it, and start running.
The 74000 checkpoint is not enough to protect you, and does nothing if the download is already past 74000. -checkblocks does more, but is still easily defeated. You still must trust the supplier of the zipfile.
uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.
The data is mostly hashes and keys and signatures that are uncompressible.
Decode the output of TXs (attached for the same reason as above):
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
ee7658b119496dc9ace8d011c36b82f4b69a787399a78f99c5605a6b73d34c69
To see one of the many DMS messages that have gone off since mid October look at the transactions made by 1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM on October 16 and follow the change.
If you don’t understand what any of this means go learn, then come back and say that you didn’t find anything so that every single person with grep and a local copy of the blockchain can laugh at you.
Date: Wed Jan 11 15:08:03 2017
OP_RETURN Starter Pack:
Look for wallets that have been posted here and elsewhere and compile a list of wallets for later use.
Open resulting “OP_RETURN.dat” in hex editor of your choice (or just use hexdump
Date: Wed Jan 11 18:59:54 2017
alright, i’ve been looking at the OP_RETURN codes from that 1Nq wallet in hex, set to 20 bytes per line and I noticed what I thought was padding…but i had a thought when I woke up today and want to give some context and hopefully bring anyone who isn’t at this point yet up to speed.
The reasoning for padding in transactions being necessary is as follows ( I apologize to anyone who understands already, I just feel this is important to drive home)
Transaction scripts are what determines the destination address of a transaction, 100% of the time.
That means, even if you were to embed data into a transaction script, it would still be sent to an address. That’s the entire reason behind a blockchain being a reliable way to store information.
In the case of a dead man’s switch, or even just an important message, you (or whoever is sending it) would want to ensure that it is sent multiple times, should something happen either with a mempool flood (10/21 etc.) or a DDoS, or any number of things going wrong that might not even be targeted.
Another method of ensuring that a transaction “goes through” is to pay a high transaction fee relative to the amount being sent.
Someone could absolutely send the same data the same way multiple times, even 100 times, and it will go to an address.
This presents another issue.
The issue lies in the idea that if you were to send duplicate data, it would go to the SAME address if it were uniformly sent. Here’s an example:
If you need to send a file, let’s say it’s split into four parts. I’ll call them A, B, C, D. Let’s say you want to send this three times from three different wallets. We’ll just number them 1,2,3.
Wallet 1 sends part A of the file and it goes to an address based on the content of the data, which has been put into the transaction script.
It arrives at wallet 1WTFBBQ.
Remember, the actual data in the script is what determines that it is sent to 1WTFBBQ.
When part B is sent by wallet 1, it lands at the address 1ASDF, again determined by the data in part B of the file, as opposed to just setting a destination address.
The destinations of 1WTFBBQ and 1ASDF are NOT random. They are determined based on the data.
We can safely assume that parts C and D of the file we’re sending will result in two other addresses, again determined by the data.
From this we can gather a couple of things:
The destination wallets are very unlikely to be wallets that someone controls
This will show up as “Unspent” when looking at the transaction on blockchain.info or another site of the same sort.
2a) The reason it is Unspent, and will likely remain that way forever, is because the data determining the destination means the person sending it will almost certainly have no control over where it lands, and even if they did, they would have had to generate random wallets until they managed to get the exact destination of the data in order to access the bitcoins (i don’t even want to think about how long this would take),
2b) Because of this, they would never be able to access the coins and are forced to “write off” the lost money, given that it essentially was sent to a black hole.
Based on that, the transactions holding data will likely have extremely small “net losses,” maybe even down to fractions of cents.
At this point, we’ve successfully sent parts A, B, C, and D from wallet 1.
The issue that justifies padding arrives at this point.
The sending wallet has no bearing whatsoever on where the money lands. That is entirely controlled by the script.
Because the data in file A, which will not change, will ALWAYS determine the same destination address.
The same can be applied to parts B, C, D, and so on.
It is not hard to believe that alphabet agencies or black hats have the means to decrypt the private key to a wallet, AND if you choose not to believe that they do right now, they almost certainly will later.
Keep in mind, the idea of storing the data in the blockchain hinges on the idea that it is permanent. You’d want the data to exist exactly the same way long after you’ve died.
So, let’s say you send part A from 100 different wallets. There would be 100 transactions that all went to the same destination wallet.
If your entire plan counted on a single private key being solved, it’s a very shitty plan.
To account for this, you would need to append or prepend randomized data to the data, to literally ensure a random destination, and to further increase the odds of it being completely scrubbed.
If you sent it 100 times with the aforementioned random padding, that’s 100 different destination addresses, and your opposition would need to get into all of them to clean it out.
When looking at the aforementioned hex, which can be found in OP_RETURN_!Nq.dat, there are obviously repeated patterns throughout the op_return data. When I first saw them, I thought they were the padding and trimmed them off.
But what if they’re not? What if it’s actually 15 bytes of data, and 5 bytes of random bullshit to ensure the aforementioned random destination address?
I think that fits a lot more into the idea.
i’m going to keep looking at this stuff and I’ll post updates as I come along.
If anyone has any questions or feels I left something out or did a shitty job explaining something, I’ll gladly try to make it more understandable. My brain is pretty fried from looking at all this stuff so i might be a little off my game.
Regards
Date: Thu Jan 12 04:07:29 2017
>>037630fc8a
you fucking underpaid shill. at least read up before you post.
If I change the first value to any number from 0-7, it will give a date that is not valid because gzip did not exist yet (1973-1992, and 2532 for value 0). That means there’s a 20% probability you can guess that bit and have it make a date that is valid.
After that gzip file you find this other one
2293901020 0x88BA26DC gzip compressed data, has CRC, extra field, has comment, from NTFS filesystem (NT), last modified: Wed Aug 27 18:07:32 1997
Again, valid date, this time the unix time is:
872798444
20% probability of guessing the right bit for the first value on the date and it has happened twice in a row at this point. Note that both have CRC and a comment.
Now, what are the odds that on the date Wikileaks loses internet connection, a message is encoded in the blockchain that happens to contian a 256 AES key, which happens to be the encryption used by the insurance files, and happens to decrypt one of them, and happens to output files like these that have valid information.
It spend some time tonight looking at the oldest transactions I could find. This particular one was made in 2011 16c3ddpaDs9ajhDqhzY7oSPrdHvhR227tP
https://blockchain.info/address/16c3ddpaDs9ajhDqhzY7oSPrdHvhR227tP Keep in mind that this was two years before the Satoshi uploader was encoded in the blockchain. The data in it looks like it was encoded in a complicated way and that some people spent some time investigating it. While looking into that I ran into this script that extracts the data from multiple transactions in two blocks:
was encoded using yEnc.I cut-and-paste the addresses from the relevant blocks into this code. I then wrote a simple yEnc decoder to convert this to the output file.
In it he goes into very specific details about how transactions work, how they can be created, how data can be stored in them, how you can create transactions with invalid signatures, how valid signatures are created and even how you can track the entire mining process after you create a transaction.
Following the specification, the unsigned transaction can be assembled fairly easily, as shown below.
Here’s the code I used to generate this unsigned transaction. It’s just a matter of packing the data into binary.
Note that transactions can have multiple inputs and outputs in general, so the chain branches out into a tree.
For instance, an escrow system can require two out of three specific users must sign the transaction to spend it. Or various types of contracts can be set up.
I wrote Python scripts to process Bitcoin network traffic, but to keep things simple I’ll just use Wireshark here.
To monitor the progress of my transaction, I had a socket opened to another random peer.
After sending my transaction into the peer-to-peer network, I needed to wait for it to be mined before I could claim victory. Ten minutes later my script received an inv message with a new block (see Wireshark trace below).
Needless to say, my first few transaction attempts weren’t successful - my faulty transactions vanished into the network, never to be seen again.
Something that stood out was his explanation of the signatures used in the blockchain.
The Script language is surprisingly complex, with about 80 different opcodes. It includes arithmetic, bitwise operations, string operations, conditionals, and stack manipulation. The language also includes the necessary cryptographic operations (SHA-256, RIPEMD, etc.) as primitives.
I found signing the transaction to be the hardest part of using Bitcoin manually, with a process that is surprisingly difficult and error-prone. The basic idea is to use the ECDSA elliptic curve algorithm and the private key to generate a digital signature of the transaction, but the details are tricky. The signing process has been described through a 19-step process (more info).
Apparently there’s no solid reason to use RIPEMD-160 hashing to create the address and SHA-256 hashing elsewhere, beyond a vague sense that using a different hash algorithm helps security. Using one round of SHA-256 is subject to a length extension attack, which explains why double-hashing is used.
This particular part of the code seemed very familiar. As some of you might remember, a couple of months ago some users compiled a list of SHA256 checksums and searched for them in the blockchain. Eventually some decided to calculate their SHA256(RIPEMD160(file)) hashes and search for those as well. At the time it seemed odd to a lot of us to use this process to generate a hash. However, now it is clear that the reason was that this is how the Bitcoin scripting language creates signatures. A few of these signatures were found. One example is SHA256(RIPMED160(file)) = 205c59f80299696225633da32ce837cdc0922220 which appears in transaction bdb67f3b003e2c3d06d6b8d314ca7b937f9ae7de20ed34baccaedcac62e6f414
The transaction seem to be part of a chain which was taking place at the time back in 2013-04-09. The original SHA256 hash is 0c72e793070d02fb241ac4a528d3c71c1326991fea5043aef09011406df56238. Someone went back and cross referenced with the original to find its file name. It is cablegate-201012041811.7z
Here’s some code that prints out the ripemd160 given a sha256 hash:
import hashlib as h
import sys
from binascii import unhexlify, hexlify
sha256hash = sys.argv[1]
ripemd160hash = h.new('ripemd160', unhexlify(sha256hash))
out = ripemd160hash.hexdigest()
print out
TL;DR about OTS — you basically have to use the OTS-client (available at that github link) to find these proofs, because they don’t directly encode hashes of the files themselves — that is to say, the proofs are not really greppable. OTS encodes hashes of multiple files into a merkle tree which is then included in a single transaction, meaning you can “prove” the existence of a theoretically infinite number of files with the data from a single, tiny transaction.
I may be wrong, but if they’re already OTS’d, I feel like there’s little reason to encode them in other formats (raw RIPEMD160(SHA256(…)) of the files themselves, etc).
I downloaded OTS-client and walked through the process myself — the timestamp proofs of the .torrent files are definitely there. Also, just for kicks, I searched for the OTS proofs of the downloaded files themselves, but no dice.
Not saying this to discourage looking for proofs in alternative formats, just wanted everyone to be aware.
Alright, here’s a full writeup. To follow along, download the OTS client from the Github link in my previous post, and make sure you have a fully-synced local Bitcoin node running with RPC.
The .ots files are encoded as base64 in the plebbit post I linked. So you start by spitting them out as proper .ots files. Do this in the directory containing the .torrent files you want to verify:
Now we need to make sure this .ots file (which we did not generate ourselves, and therefore cannot implicitly trust) actually verifies the right file. OTS uses sha256 and will tell you the sha256 sum of the file it verifies.
$ ots info ./2016-06-03_insurance.aes256.torrent.ots File sha256 hash: 620ec1c72a087f39da0ed4544b13661959243861d94de32bc467e22bd156b2c8 (... other output)
Hashes match. So now we proceed to the fun part, where we verify that the file in question existed prior to a certain date:
$ ots verify ./2016-06-03_insurance.aes256.torrent.ots Assuming target filename is './2016-06-03_insurance.aes256.torrent' Got 1 attestation(s) from cache Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT
Here are the rest of the verifications:
$ ots verify wikileaks-insurance-20120222.tar.bz2.aes.torrent.ots Assuming target filename is 'wikileaks-insurance-20120222.tar.bz2.aes.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT
$ ots verify wlinsurance-20130815-A.aes256.torrent.ots Assuming target filename is 'wlinsurance-20130815-A.aes256.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT
$ ots verify wlinsurance-20130815-B.aes256.torrent.ots Assuming target filename is 'wlinsurance-20130815-B.aes256.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT
$ ots verify wlinsurance-20130815-C.aes256.torrent.ots Assuming target filename is 'wlinsurance-20130815-C.aes256.torrent' Success! Bitcoin attests data existed as of Tue Oct 18 17:45:12 2016 EDT
However, there are some interesting points to be made about all of this.
It seems like you have to have the actual .ots file generated on a given date (by the person who originally ran ots stamp <file>
in order to verify that a file existed at that date. In other words, I don’t think you can run ots stamp <file>
to generate your own .ots file for one of these torrents, and then verify that the torrent existed on October 18, 2016. OTS will simply report today’s date for that .ots file. So .ots files must be distributed by the original stamper for them to be of any use to other parties. IMO this limits the usefulness of this platform in its present state.
All of these OTS timestamps were made at the same time. Maybe just as CIA vans were pulling up in the driveway to bag JA + friends?
The ONLY thing this proves is that the .torrent files in question existed on or before October 18, 2016.
Tinfoil disclaimer: if you believe the angle that the alphabets sacked WL prior to October 18, 2016, modified the torrent files, and created their own .ots timestamps for the modified torrents (in order to get us to accept them as valid), then none of the above information is going to matter to you — it’s just an alphabet ploy to distract and disinfo us.
The other interesting point I forgot to mention is that, because of the fact that the .ots files have to be distributed by the original stamper in order to verify the files, whoever made the original OTS post on plebbit is probably the same person (or someone connected to the person) who stamped these in the first place.
Date: Sun Jan 15 04:06:55 2017
Today we are:
1.re-examining the gpg files from right after cablegate and then the subkeys and keys from 383000-383100
2. seeing what else can be done with what appears to be a successful decryption of wlinsurance_20130815-A.aes256
3. following transactions from this wallet: https://blockchain.info/address/1NquF1c4AuKx9YJtP9SsjGqhazfa72yPBM and others that are associated
you know blockchain.info is an FBI front, yes?
and i’m actually serious, i will even bump this shill thread to say this.
they track their users and did all sorts of shady and evil shit and if you really were as paranoid as your pretend then you would not trust anything you read on their website.
personally i believe anything they publish is true and their evilness lies in their fight against anonymity, but YOU really should not believe anything they say.
Here it is:
a6eee5351f8b0800d63e02f2830c10864e4794b8
first thing that stuck out to me was the gzip header (1f8b0800) so i got to looking into the exact structure of gzip headers. http://www.forensicswiki.org/wiki/Gzip
The first two bytes of 0x1f 0x8b obviously check out, as do x08 (indicated deflate compressed data compression method) and 0x00 (Reserved flag).
Where I run into issues is with the bytes d63e02f2. The next four bytes after the flags are SUPPOSED to be a POSIX timestamp. Those do not contain letters as far as I know.
“Unix time (also known as POSIX time or Epoch time) is a system for describing instants in time, defined as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC)”
That means that while it looks like a header, either the data has been obfuscated, the next part of the header is elsewhere, or it’s a false positive.
After reading the SH conversation, I decided to gpg --list-packets b2d9.gpg
Here is my output.
$ gpg --list-packets b2d9.gpg
:encrypted data packet:
length: 4007998751
gpg: assuming IDEA encrypted data
gpg: gpg-agent is not available in this session
:unknown packet: type 57, length 15
dump: 8e a7 a9 EOF
gpg: WARNING: message was not integrity protected
That’s some fucking gpg data.
i’m still looking into the transaction chain, but I think this is the real deal, folks.
any input or guidance is thoroughly appreciated – we don’t have much time.
Date: Wed Jan 18 02:19:23 2017
I decided to go one byte at a time and see how far into the output I have to go to start getting bytes in the dump from the list-packets output.
This hex string a6eee5351f8b0800d63e02f2830c10864e is the first point of dumped data.
here is the output:
$ gpg --list-packets b2d9head.gpg
:encrypted data packet:
length: 4007998751
gpg: assuming IDEA encrypted data
gpg: gpg-agent is not available in this session
:unknown packet: type 57, length 15
dump: EOF
gpg: WARNING: message was not integrity protected
I am beginning to think that the data at the end might serve no purpose, but I’m going to continue adding bytes to see what comes out. If this is the end of the file, that means that theoretically, the transactions leading up to it would hold the header and “guts” of the gpg file.
That doesn’t explain the gzip header (I still think that’s not coincidental), but i’m taking it one step at a time here.
Date: Wed Jan 18 20:27:51 2017
To everyone reading who has not found Wikileaks data in the blockchains. Take the time to contact technically-inclined people. It will save you a lot of time.
Contact people you know directly. Don’t try doing it through posts online.
Use information coming directly from Wikileaks. Don’t send them links to online posts. The only posts that remain online about this are on sites that are very difficult to parse and will make him/her associate your message with sites/groups of dubious reputation.
Focus on simple, provable facts. There is no reason to waste time explaning what happened on October 17, Julian’s situation or even the insurance files. Instead, explain how Wikileaks has used Bitcoin and Namecoin to backup it’s data for years.
This is a good start:
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Julian explaining it himself:
“We prove that we have published stuff at a particular time by stuffing it in Bitcoin, in the blockchain, and then, if someone were to come and try to modify the material that we have published, to take a particular part, that would be detectable.”
-Julian Assange, Nantucket Project, Sept 28 2104
Article explaining Bitcoin’s reaction when they found the Cablegate backup in the blockchain:
“The project needs to grow gradually so the software can be strengthened along the way,” Nakamoto said. "I make this appeal to WikiLeaks not to try to use bitcoin.
His final post read: “It would have been nice to get this attention in any other context. WikiLeaks has kicked the hornet’s nest and the swarm is headed towards us.”
During the Q&A, Assange referred to bitcoin as “an extremely important innovation” that uses technology that breaks George Orwell’s dictum “he who controls the present controls the past and he who controls the past controls the future”.
The conversation between Bitcoin developers about the Cablegate upload (encoded in transaction cd9104ce6d385428060d33e1d4843b0cdfc78db2f327116eb4f97d8e177a4d82):
Wikileaks contact info? [quote author=RHorning link=topic=1735.msg26876#msg26876 date=1291501064]
Basically, bring it on. Let’s encourage Wikileaks to use Bitcoins and I’m willing to face any risk or fallout from that act.
No, don’t “bringit on”.
The project needs to grow gradually so the software can be strengthened along the way.
I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.
We have the hashes for genesis block through block 74000 hardcoded (compiled) into bitcoin, so there’s no reason why we shouldn’t be able to automatically download a compressed zipfile of the block database from anywhere,unpack it, verify it, and start running.
The 74000 checkpoint is not enough to protect you, and does nothing if the download is already past 74000. -checkblocks does more, but is still easily defeated. You still must trust the supplier of the zipfile.
uncompressed data using a protocol (bitcoin P2P) that wasn’t designed for bulk data transfer.
The data is mostly hashes and keys and signatures that are uncompressible.
This information is enough to prove to anyone that Wikileaks has encoded all their information into multiple blockchains for years. The next question they will ask is how to extract files from the blockchain.
At this point you should explain the process at the fundamental level, in other words, you simply turn the hexadecimal values into binaries. Pointing them to existing libraries or articles online will only confuse them. If they understand this simple fact they will be able to quickly do it themselves.
You should show him/her some examples. Some simple ones are the Bitcoin PDF, the Cablegate 7z file, the Bitcoin developer conversations from June 2013 and any image recently encoded (one example is e2e5b9cf04d93ae5fc1b54e9208b92b668823e014b251f57510e4702661fa1a6).
Another important step is obtaining the blockchains. They will ask how or attempt to sync their copy of Bitcoin/Namecoin. This can take days in some cases. In order to quickly dive into the data a person can simply download the blk*.dat files directly from a Torrent or can use a copy you provide. It is possible to download blk*.dat files directly by searching for their names directly. Multiple torrents will show up.
Finally, when this person has the blockchain data, remind him/her that the blk*.dat files already contain all the information. They will be able to quickly start analyzing it from the command line. A technically-savvy user should be able to find all the information in Bitcoin/Namecoin in one to two hours using a modern computer.
Date: Tue Jan 24 00:38:05 2017
Some of the results (from an incomplete copy of the blockchain). Note that these are not false positives. I checked most of them and did not find false positives (with the exception of JPG and GZIP which have small headers). You can find the date of a blk.dat file by going here http://web.archive.org/web/*/https://bitcoinstrings.com/blk00500.txt and changing blk**.txt to the blkdat file you want to know the date for (there’s probably an easier way to do this but I don’t know it). If you have a full copy of the blockchain you should help by running all the grep commands on the first post and posting the results. You can run them all at once using multiple tabs in your terminal.
There is a chain of transactions in the blockchain with a lot of controversial data. If you follow it you can find the Bitcoin paper, the Satoshi uploader/downloader, a leaked key, an illegal prime number, the Cablegate backup and a lot more. There are four GPG files that take place after Cablegate and have not been publicly opened. You can find the passphrases to decrypt them if you scan the entire blockchain but there’s another way to access them if you’re lazy.
To get them convert the hex values in the output scripts to binaries. You can do this from a local copy or from any site that dispalys the data. In November blockchain.info switched some of the data to ‘unable to decode’ but you can still get the information.
This is a script that goes to blockchain.info and converts the output script data to binaries.
$ ./john --fork=4 testhash
Using default input encoding: UTF-8
Loaded 1 password hash (gpg, OpenPGP / GnuPG Secret Key [32/64])
Use the “–show” option to display all of the cracked passwords reliably
Session completed
$ ./john --show testhash
?:test
You can run them on file*.gpg but because they don’t have MDC you will get a list of passwords from the cracked hash. One of them works. In order to do this you need to tell john to not stop after the first cracked password by using -keep-guessing. If you have a powerful computer you can make fork=N a bigger number.
$ ./john -keep-guessing --fork=4 gpghash
To print all the passwords you’ve found so far you can do.
f = open(‘john.pot’,‘r’)
lines = f.readlines()
for l in lines:
print l.split(‘:’)[1].rstrip(‘\n’)
$ python printpasses.py
test
another
password
To test them you can use this:
#!/bin/bash
file=$1
candidate=$2
text=$(echo “${candidate}”
gpg --batch --passphrase-fd 0 --decrypt “$file” 2>/dev/null)
| true
if [ ! -z “$text” ]; then
echo “Confirmed Passphrase: "${candidate}"”
fi
/*https://www.cryptopp.com/wiki/OPENSSL_EVP_BytesToKey
OpenSSL uses a function called EVP_BytesToKey extensively in its utilities. Its a key derivation algorithm used to digest passwords and pass-phrases into bytes for keying material and other parameters, like initialization vectors. The following can be used to interoperate with OpenSSL's key derivation algorithm. OpenSSL's documentation for the function can be found at EVP_BytesToKey.
Be usre to use the correct hash when enlisting OpenSSL's EVP_BytesToKey. Early versions of EVP_BytesToKey used MD5, and those versions include OpenSSL 1.0.2 and earlier. OpenSSL 1.1.0 and later use SHA-256 as the hash.
Unless you have a specific need, you should not use OPENSSL_EVP_BytesToKey. Rather, you should use a password derivation function like HKDF or PBKDF2.
OPENSSL_EVP_BytesToKey is not part of the Crypto++ library. If you want it, then paste it into a file like misc.h. OPENSSL_EVP_BytesToKey is a header-only definition so you don't need to modify source files. If you want to add it to the library, be sure its in the CryptoPP namespace.
PEM Pack Usage
The PEM Pack uses OPENSSL_EVP_BytesToKey to read and write keys produced by OpenSSL that are password protected. Below is from pem-wr.cpp:
SecByteBlock _key(ksize), _iv(vsize), _salt(vsize);
...
Weak::MD5 md5;
int ret = OPENSSL_EVP_BytesToKey(md5, _salt.data(), _pword, _plen, 1, _key.data(), _key.size(), NULL, 0);
if(ret != static_cast<int>(ksize))
throw Exception(Exception::OTHER_ERROR, "PEM_CipherForAlgorithm: EVP_BytesToKey failed");*/
// From crypto/evp/evp_key.h. Signature changed a bit to match Crypto++.
int OPENSSL_EVP_BytesToKey(HashTransformation& hash,
const unsigned char *salt, const unsigned char* data, int dlen,
unsigned int count, unsigned char *key, unsigned int ksize,
unsigned char *iv, unsigned int vsize)
{
unsigned int niv,nkey,nhash;
unsigned int addmd=0,i;
nkey=ksize;
niv=vsize;
nhash=hash.DigestSize();
SecByteBlock digest(hash.DigestSize());
if (data == NULL) return (0);
for (;;)
{
hash.Restart();
if(addmd++)
hash.Update(digest.data(), digest.size());
hash.Update(data, dlen);
if (salt != NULL)
hash.Update(salt, OPENSSL_PKCS5_SALT_LEN);
hash.TruncatedFinal(digest.data(), digest.size());
for (i=1; i<count; i++)
{
hash.Restart();
hash.Update(digest.data(), digest.size());
hash.TruncatedFinal(digest.data(), digest.size());
}
i=0;
if (nkey)
{
for (;;)
{
if (nkey == 0) break;
if (i == nhash) break;
if (key != NULL)
*(key++)=digest[i];
nkey--;
i++;
}
}
if (niv && (i != nhash))
{
for (;;)
{
if (niv == 0) break;
if (i == nhash) break;
if (iv != NULL)
*(iv++)=digest[i];
niv--;
i++;
}
}
if ((nkey == 0) && (niv == 0)) break;
}
return ksize;
}
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;
namespace OpenSslCompat
{
/// <summary>
/// Derives a key from a password using an OpenSSL-compatible version of the PBKDF1 algorithm.
/// </summary>
/// <remarks>
/// based on the OpenSSL EVP_BytesToKey method for generating key and iv
/// http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
/// </remarks>
public class OpenSslCompatDeriveBytes : DeriveBytes
{
private readonly byte[] _data;
private readonly HashAlgorithm _hash;
private readonly int _iterations;
private readonly byte[] _salt;
private byte[] _currentHash;
private int _hashListReadIndex;
private List<byte> _hashList;
/// <summary>
/// Initializes a new instance of the <see cref="OpenSslCompat.OpenSslCompatDeriveBytes"/> class specifying the password, key salt, hash name, and iterations to use to derive the key.
/// </summary>
/// <param name="password">The password for which to derive the key.</param>
/// <param name="salt">The key salt to use to derive the key.</param>
/// <param name="hashName">The name of the hash algorithm for the operation. (e.g. MD5 or SHA1)</param>
/// <param name="iterations">The number of iterations for the operation.</param>
public OpenSslCompatDeriveBytes(string password, byte[] salt, string hashName, int iterations)
: this(new UTF8Encoding(false).GetBytes(password), salt, hashName, iterations)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenSslCompat.OpenSslCompatDeriveBytes"/> class specifying the password, key salt, hash name, and iterations to use to derive the key.
/// </summary>
/// <param name="password">The password for which to derive the key.</param>
/// <param name="salt">The key salt to use to derive the key.</param>
/// <param name="hashName">The name of the hash algorithm for the operation. (e.g. MD5 or SHA1)</param>
/// <param name="iterations">The number of iterations for the operation.</param>
public OpenSslCompatDeriveBytes(byte[] password, byte[] salt, string hashName, int iterations)
{
if (iterations <= 0)
throw new ArgumentOutOfRangeException("iterations", iterations, "iterations is out of range. Positive number required");
_data = password;
_salt = salt;
_hash = HashAlgorithm.Create(hashName);
_iterations = iterations;
}
/// <summary>
/// Returns a pseudo-random key from a password, salt and iteration count.
/// </summary>
/// <param name="cb">The number of pseudo-random key bytes to generate.</param>
/// <returns>A byte array filled with pseudo-random key bytes.</returns>
public override byte[] GetBytes(int cb)
{
if (cb <= 0)
throw new ArgumentOutOfRangeException("cb", cb, "cb is out of range. Positive number required.");
if (_currentHash == null)
{
_hashList = new List<byte>();
_currentHash = new byte[0];
_hashListReadIndex = 0;
int preHashLength = _data.Length + ((_salt != null) ? _salt.Length : 0);
var preHash = new byte[preHashLength];
Buffer.BlockCopy(_data, 0, preHash, 0, _data.Length);
if (_salt != null)
Buffer.BlockCopy(_salt, 0, preHash, _data.Length, _salt.Length);
_currentHash = _hash.ComputeHash(preHash);
for (int i = 1; i < _iterations; i++)
{
_currentHash = _hash.ComputeHash(_currentHash);
}
_hashList.AddRange(_currentHash);
}
while (_hashList.Count < (cb + _hashListReadIndex))
{
int preHashLength = _currentHash.Length + _data.Length + ((_salt != null) ? _salt.Length : 0);
var preHash = new byte[preHashLength];
Buffer.BlockCopy(_currentHash, 0, preHash, 0, _currentHash.Length);
Buffer.BlockCopy(_data, 0, preHash, _currentHash.Length, _data.Length);
if (_salt != null)
Buffer.BlockCopy(_salt, 0, preHash, _currentHash.Length + _data.Length, _salt.Length);
_currentHash = _hash.ComputeHash(preHash);
for (int i = 1; i < _iterations; i++)
{
_currentHash = _hash.ComputeHash(_currentHash);
}
_hashList.AddRange(_currentHash);
}
byte[] dst = new byte[cb];
_hashList.CopyTo(_hashListReadIndex, dst, 0, cb);
_hashListReadIndex += cb;
return dst;
}
/// <summary>
/// Resets the state of the operation.
/// </summary>
public override void Reset()
{
_hashListReadIndex = 0;
_currentHash = null;
_hashList = null;
}
}
}
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Base64;
/**
* Class created for StackOverflow by owlstead.
* This is open source, you are free to copy and use for any purpose.
*/
public class OpenSSLDecryptor {
private static final Charset ASCII = Charset.forName("ASCII");
private static final int INDEX_KEY = 0;
private static final int INDEX_IV = 1;
private static final int ITERATIONS = 1;
private static final int ARG_INDEX_FILENAME = 0;
private static final int ARG_INDEX_PASSWORD = 1;
private static final int SALT_OFFSET = 8;
private static final int SALT_SIZE = 8;
private static final int CIPHERTEXT_OFFSET = SALT_OFFSET + SALT_SIZE;
private static final int KEY_SIZE_BITS = 256;
/**
* Thanks go to Ola Bini for releasing this source on his blog.
* The source was obtained from <a href="http://olabini.com/blog/tag/evp_bytestokey/">here</a> .
*/
public static byte[][] EVP_BytesToKey(int key_len, int iv_len, MessageDigest md,
byte[] salt, byte[] data, int count) {
byte[][] both = new byte[2][];
byte[] key = new byte[key_len];
int key_ix = 0;
byte[] iv = new byte[iv_len];
int iv_ix = 0;
both[0] = key;
both[1] = iv;
byte[] md_buf = null;
int nkey = key_len;
int niv = iv_len;
int i = 0;
if (data == null) {
return both;
}
int addmd = 0;
for (;;) {
md.reset();
if (addmd++ > 0) {
md.update(md_buf);
}
md.update(data);
if (null != salt) {
md.update(salt, 0, 8);
}
md_buf = md.digest();
for (i = 1; i < count; i++) {
md.reset();
md.update(md_buf);
md_buf = md.digest();
}
i = 0;
if (nkey > 0) {
for (;;) {
if (nkey == 0)
break;
if (i == md_buf.length)
break;
key[key_ix++] = md_buf[i];
nkey--;
i++;
}
}
if (niv > 0 && i != md_buf.length) {
for (;;) {
if (niv == 0)
break;
if (i == md_buf.length)
break;
iv[iv_ix++] = md_buf[i];
niv--;
i++;
}
}
if (nkey == 0 && niv == 0) {
break;
}
}
for (i = 0; i < md_buf.length; i++) {
md_buf[i] = 0;
}
return both;
}
public static void main(String[] args) {
try {
// --- read base 64 encoded file ---
File f = new File(args[ARG_INDEX_FILENAME]);
List<String> lines = Files.readAllLines(f.toPath(), ASCII);
StringBuilder sb = new StringBuilder();
for (String line : lines) {
sb.append(line.trim());
}
String dataBase64 = sb.toString();
byte[] headerSaltAndCipherText = Base64.decode(dataBase64);
// --- extract salt & encrypted ---
// header is "Salted__", ASCII encoded, if salt is being used (the default)
byte[] salt = Arrays.copyOfRange(
headerSaltAndCipherText, SALT_OFFSET, SALT_OFFSET + SALT_SIZE);
byte[] encrypted = Arrays.copyOfRange(
headerSaltAndCipherText, CIPHERTEXT_OFFSET, headerSaltAndCipherText.length);
// --- specify cipher and digest for EVP_BytesToKey method ---
Cipher aesCBC = Cipher.getInstance("AES/CBC/PKCS5Padding");
MessageDigest md5 = MessageDigest.getInstance("MD5");
// --- create key and IV ---
// the IV is useless, OpenSSL might as well have use zero's
final byte[][] keyAndIV = EVP_BytesToKey(
KEY_SIZE_BITS / Byte.SIZE,
aesCBC.getBlockSize(),
md5,
salt,
args[ARG_INDEX_PASSWORD].getBytes(ASCII),
ITERATIONS);
SecretKeySpec key = new SecretKeySpec(keyAndIV[INDEX_KEY], "AES");
IvParameterSpec iv = new IvParameterSpec(keyAndIV[INDEX_IV]);
// --- initialize cipher instance and decrypt ---
aesCBC.init(Cipher.DECRYPT_MODE, key, iv);
byte[] decrypted = aesCBC.doFinal(encrypted);
String answer = new String(decrypted, ASCII);
System.out.println(answer);
} catch (BadPaddingException e) {
// AKA "something went wrong"
throw new IllegalStateException(
"Bad password, algorithm, mode or padding;" +
" no salt, wrong number of iterations or corrupted ciphertext.");
} catch (IllegalBlockSizeException e) {
throw new IllegalStateException(
"Bad algorithm, mode or corrupted (resized) ciphertext.");
} catch (GeneralSecurityException e) {
throw new IllegalStateException(e);
} catch (IOException e) {
throw new IllegalStateException(e);
}
}
}
var md5 = require('create-hash/md5')
module.exports = EVP_BytesToKey
function EVP_BytesToKey (password, salt, keyLen, ivLen) {
if (!Buffer.isBuffer(password)) {
password = new Buffer(password, 'binary')
}
if (salt && !Buffer.isBuffer(salt)) {
salt = new Buffer(salt, 'binary')
}
keyLen = keyLen / 8
ivLen = ivLen || 0
var ki = 0
var ii = 0
var key = new Buffer(keyLen)
var iv = new Buffer(ivLen)
var addmd = 0
var md_buf
var i
var bufs = []
while (true) {
if (addmd++ > 0) {
bufs.push(md_buf)
}
bufs.push(password)
if (salt) {
bufs.push(salt)
}
md_buf = md5(Buffer.concat(bufs))
bufs = []
i = 0
if (keyLen > 0) {
while (true) {
if (keyLen === 0) {
break
}
if (i === md_buf.length) {
break
}
key[ki++] = md_buf[i]
keyLen--
i++
}
}
if (ivLen > 0 && i !== md_buf.length) {
while (true) {
if (ivLen === 0) {
break
}
if (i === md_buf.length) {
break
}
iv[ii++] = md_buf[i]
ivLen--
i++
}
}
if (keyLen === 0 && ivLen === 0) {
break
}
}
for (i = 0; i < md_buf.length; i++) {
md_buf[i] = 0
}
return {
key: key,
iv: iv
}
}
import hashlib, binascii
from passlib.utils.pbkdf2 import pbkdf1
def hasher(algo, data):
hashes = {'md5': hashlib.md5, 'sha256': hashlib.sha256,
'sha512': hashlib.sha512}
h = hashes[algo]()
h.update(data)
return h.digest()
# pwd and salt must be bytes objects
def openssl_kdf(algo, pwd, salt, key_size, iv_size):
if algo == 'md5':
temp = pbkdf1(pwd, salt, 1, 16, 'md5')
else:
temp = b''
fd = temp
while len(fd) < key_size + iv_size:
temp = hasher(algo, temp + pwd + salt)
fd += temp
key = fd[0:key_size]
iv = fd[key_size:key_size+iv_size]
print('salt=' + binascii.hexlify(salt).decode('ascii').upper())
print('key=' + binascii.hexlify(key).decode('ascii').upper())
print('iv=' + binascii.hexlify(iv).decode('ascii').upper())
return key, iv
#openssl_kdf('md5', b'test', b'\xF6\x81\x8C\xAE\x13\x18\x72\xBD', 32, 16)
# generates the same output as:
#openssl enc -aes-256-cbc -P -pass pass:test -S F6818CAE131872BD
#openssl_kdf('sha256', b'test', b'\xF6\x81\x8C\xAE\x13\x18\x72\xBD', 32, 16)
#generates the same output as:
#openssl enc -aes-256-cbc -P -pass pass:test -S F6818CAE131872BD -md SHA256
#http://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase/29139
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
#endif
#include <ctype.h>
#undef SIZE
#undef BSIZE
#define SIZE (512)
#define BSIZE (8*1024)
static int set_hex(char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_LIST,
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"ciphers", OPT_LIST, '-', "List ciphers"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
{"v", OPT_V, '-', "Verbose output"},
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
{"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
{"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
{"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Same as option -a"},
{"A", OPT_UPPER_A, '-',
"Used with -[base64|a] to specify base64 buffer as a single line"},
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Read passphrase from file"},
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
{"iv", OPT_IV, 's', "IV in hex"},
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int enc_main(int argc, char **argv)
{
static char buf[128];
static const char magic[] = "Salted__";
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher = NULL, *c;
const EVP_MD *dgst = NULL;
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof magic - 1];
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k;
int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
int ret = 1, inl, nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
long n;
#ifdef ZLIB
int do_zlib = 0;
BIO *bzl = NULL;
#endif
/* first check the program name */
prog = opt_progname(argv[0]);
if (strcmp(prog, "base64") == 0)
base64 = 1;
#ifdef ZLIB
else if (strcmp(prog, "zlib") == 0)
do_zlib = 1;
#endif
else {
cipher = EVP_get_cipherbyname(prog);
if (cipher == NULL && strcmp(prog, "enc") != 0) {
BIO_printf(bio_err, "%s is not a known cipher\n", prog);
goto end;
}
}
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(enc_options);
ret = 0;
goto end;
case OPT_LIST:
BIO_printf(bio_err, "Supported ciphers:\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, bio_err);
BIO_printf(bio_err, "\n");
goto end;
case OPT_E:
enc = 1;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_D:
enc = 0;
break;
case OPT_P:
printkey = 1;
break;
case OPT_V:
verbose = 1;
break;
case OPT_NOPAD:
nopad = 1;
break;
case OPT_SALT:
nosalt = 0;
break;
case OPT_NOSALT:
nosalt = 1;
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_UPPER_P:
printkey = 2;
break;
case OPT_UPPER_A:
olb64 = 1;
break;
case OPT_A:
base64 = 1;
break;
case OPT_Z:
#ifdef ZLIB
do_zlib = 1;
#endif
break;
case OPT_BUFSIZE:
p = opt_arg();
i = (int)strlen(p) - 1;
k = i >= 1 && p[i] == 'k';
if (k)
p[i] = '\0';
if (!opt_long(opt_arg(), &n)
|| n < 0 || (k && n >= LONG_MAX / 1024))
goto opthelp;
if (k)
n *= 1024;
bsize = (int)n;
break;
case OPT_K:
str = opt_arg();
break;
case OPT_KFILE:
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL)
goto opthelp;
i = BIO_gets(in, buf, sizeof buf);
BIO_free(in);
in = NULL;
if (i <= 0) {
BIO_printf(bio_err,
"%s Can't read key from %s\n", prog, opt_arg());
goto opthelp;
}
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
buf[i] = '\0';
if (i <= 0) {
BIO_printf(bio_err, "%s: zero length password\n", prog);
goto opthelp;
}
str = buf;
break;
case OPT_UPPER_K:
hkey = opt_arg();
break;
case OPT_UPPER_S:
hsalt = opt_arg();
break;
case OPT_IV:
hiv = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_arg(), &dgst))
goto opthelp;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &c))
goto opthelp;
cipher = c;
break;
case OPT_NONE:
cipher = NULL;
break;
}
}
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
goto end;
}
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
goto end;
}
if (dgst == NULL)
dgst = EVP_sha256();
/* It must be large enough for a base64 encoded line */
if (base64 && bsize < 80)
bsize = 80;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
#ifdef ZLIB
if (!do_zlib)
#endif
if (base64) {
if (enc)
outformat = FORMAT_BASE64;
else
informat = FORMAT_BASE64;
}
strbuf = app_malloc(SIZE, "strbuf");
buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
if (infile == NULL) {
unbuffer(stdin);
in = dup_bio_in(informat);
} else
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (!str && passarg) {
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
if (1) {
#ifndef OPENSSL_NO_UI
for (;;) {
char prompt[200];
BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
if (i == 0) {
if (strbuf[0] == '\0') {
ret = 1;
goto end;
}
str = strbuf;
break;
}
if (i < 0) {
BIO_printf(bio_err, "bad password read\n");
goto end;
}
}
} else {
#endif
BIO_printf(bio_err, "password required\n");
goto end;
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, (char *)bio_err);
BIO_set_callback_arg(out, (char *)bio_err);
}
rbio = in;
wbio = out;
#ifdef ZLIB
if (do_zlib) {
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (debug) {
BIO_set_callback(bzl, BIO_debug_callback);
BIO_set_callback_arg(bzl, (char *)bio_err);
}
if (enc)
wbio = BIO_push(bzl, wbio);
else
rbio = BIO_push(bzl, rbio);
}
#endif
if (base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, (char *)bio_err);
}
if (olb64)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
if (enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
if (cipher != NULL) {
/*
* Note that str is NULL if a key was passed on the command line, so
* we get no salt in that case. Is this a bug?
*/
if (str != NULL) {
/*
* Salt handling: if encrypting generate a salt and write to
* output BIO. If decrypting read salt from input BIO.
*/
unsigned char *sptr;
size_t str_len = strlen(str);
if (nosalt)
sptr = NULL;
else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof salt) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
sptr = salt;
}
if (!EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str,
str_len, 1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
}
/*
* zero the complete buffer or the string passed from the command
* line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
*/
if (str == strbuf)
OPENSSL_cleanse(str, SIZE);
else
OPENSSL_cleanse(str, str_len);
}
if (hiv != NULL) {
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
/*
* No IV was explicitly set and no IV was generated during
* EVP_BytesToKey. Hence the IV is undefined, making correct
* decryption impossible.
*/
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
goto end;
/*
* Since we may be changing parameters work on the encryption context
* rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(benc, BIO_debug_callback);
BIO_set_callback_arg(benc, (char *)bio_err);
}
if (printkey) {
if (!nosalt) {
printf("salt=");
for (i = 0; i < (int)sizeof(salt); i++)
printf("%02X", salt[i]);
printf("\n");
}
if (EVP_CIPHER_key_length(cipher) > 0) {
printf("key=");
for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
printf("%02X", key[i]);
printf("\n");
}
if (EVP_CIPHER_iv_length(cipher) > 0) {
printf("iv =");
for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
printf("%02X", iv[i]);
printf("\n");
}
if (printkey == 2) {
ret = 0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio = BIO_push(benc, wbio);
for (;;) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read :%8"PRIu64"\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8"PRIu64"\n", BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
OPENSSL_free(strbuf);
OPENSSL_free(buff);
BIO_free(in);
BIO_free_all(out);
BIO_free(benc);
BIO_free(b64);
#ifdef ZLIB
BIO_free(bzl);
#endif
release_engine(e);
OPENSSL_free(pass);
return (ret);
}
static void show_ciphers(const OBJ_NAME *name, void *bio_)
{
BIO *bio = bio_;
static int n;
if (!islower((unsigned char)*name->name))
return;
BIO_printf(bio, "-%-25s", name->name);
if (++n == 3) {
BIO_printf(bio, "\n");
n = 0;
} else
BIO_printf(bio, " ");
}
static int set_hex(char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;
n = strlen(in);
if (n > (size * 2)) {
BIO_printf(bio_err, "hex string is too long\n");
return (0);
}
memset(out, 0, size);
for (i = 0; i < n; i++) {
j = (unsigned char)*in;
*(in++) = '\0';
if (j == 0)
break;
if (!isxdigit(j)) {
BIO_printf(bio_err, "non-hex digit\n");
return (0);
}
j = (unsigned char)OPENSSL_hexchar2int(j);
if (i & 1)
out[i / 2] |= j;
else
out[i / 2] = (j << 4);
}
return (1);
}
from sys import exit, argv
from os import system
from pycoin.services.blockchain_info import spendables_for_address
from pycoin.tx import script, Tx
from pycoin.tx.tx_utils import sign_tx
from pycoin.tx.TxOut import TxOut, standard_tx_out_script
from binascii import hexlify
## This is the address and key you generated before
bitcoin_address = "ADDRESS"
bitcoin_private_key = "PRIVATE_KEY"
## The fee that will be given to the miner in bitcoin
bitcoin_fee = 10000 # In satoshis
## Get the message
if(len(argv) is not 2):
exit("usage: python3 send-op-return.py \"MESSAGE\"")
raw_message = argv[1]
if(len(raw_message) > 80):
exit("Message must be 80 characters or less")
message = hexlify(raw_message.encode()).decode('utf8')
## Get the spendable outputs we are going to use to pay the fee
spendables = spendables_for_address(bitcoin_address)
bitcoin_sum = sum(spendable.coin_value for spendable in spendables)
if(bitcoin_sum < bitcoin_fee):
exit("Not enough satoshis to cover the fee. found: {sum} need: {fee}"
.format(sum=bitcoin_sum,fee=bitcoin_fee))
## Create the inputs we are going to use
inputs = [spendable.tx_in() for spendable in spendables]
## If we will have change left over create an output to send it back
outputs = []
if (bitcoin_sum > bitcoin_fee):
change_output_script = standard_tx_out_script(bitcoin_address)
outputs.append(TxOut(bitcoin_sum - bitcoin_fee, change_output_script))
## Build the OP_RETURN output with our message
op_return_output_script = script.tools.compile("OP_RETURN %s" % message)
outputs.append(TxOut(0, op_return_output_script))
## Create the transaction and sign it with the private key
tx = Tx(version=1, txs_in=inputs, txs_out=outputs)
tx.set_unspents(spendables)
signed_tx = sign_tx(tx, wifs=[bitcoin_private_key])
## Send the signed transaction to the network through bitcoind
## Note: that os.system() prints the response for us
system("bitcoin-cli sendrawtransaction %s" % tx.as_hex())
import sys
import urllib2
import commands
import struct
from binascii import unhexlify, crc32
# usage, python script.py address
addr = str(sys.argv[1])
def txdecode(transaction):
data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
return dataout
print 'Reading '+addr+"'s transactions..."
offset = 0
startatpage = 0 #17
offset = startatpage*50
data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")
pagecalc = offset/50
if pagecalc == 0:
pagecalc = 1
page = pagecalc
files = 0
keep_reading = True
tx_list = []
f = open('dataout/'+addr+"_tx_list.txt", 'w')
while (keep_reading):
tx_exist = False
if keep_reading:
print 'Page', page, '...'
data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")
for line in data:
chunks = line.split('><')
if 'hash-link' in line:
tx_exist = True
ll = chunks[4].split(' ')
lll = ll[2][10:10+64]
date1 = ll[4].split('>')[1]
date2 = ll[5].split('<')[0]
print date1, date2
print lll
f.write(str(lll)+'\n')
decoded_data = txdecode(str(lll))
fd = open('dataout/'+str(lll),"wb")
fd.write(decoded_data)
fd.close()
status, output = commands.getstatusoutput("dataout/trid dataout/"+str(lll))
if 'Unknown!' not in output:
ff = open('dataout/'+addr+"_file_tx_list.txt", 'a')
files += 1
outputlines = output.split('\n')
for i in range(6,len(outputlines)):
print outputlines[i]
ff.write(str(lll)+' '+outputlines[6]+' '+date1+' '+date2+'\n')
ff.close()
page += 1
offset += 50
if tx_exist == False:
keep_reading = False
print len(tx_list), 'transactions found'
print files, 'file headers found'
print 'List saved in file', addr+"_tx_list.txt"
print 'Txs with file headers saved in', addr+"_file_tx_list.txt"
f.close()
import sys
import urllib2
import commands
import struct
from binascii import unhexlify, crc32
# usage, python script.py address
addr = str(sys.argv[1])
def txdecode(transaction):
data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) > 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
return dataout
print 'Reading '+addr+"'s transactions..."
offset = 0
startatpage = 0 #17
offset = startatpage*50
data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")
pagecalc = offset/50
if pagecalc == 0:
pagecalc = 1
page = pagecalc
files = 0
keep_reading = True
tx_list = []
f = open('dataout/'+addr+"_tx_list.txt", 'w')
while (keep_reading):
tx_exist = False
if keep_reading:
print 'Page', page, '...'
data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")
for line in data:
chunks = line.split('><')
if 'hash-link' in line:
tx_exist = True
ll = chunks[4].split(' ')
#print 'll', len(ll)
if len(ll) == 1:
continue
#print ll
#print 'll2', len(ll[2])
lll = ll[2][10:10+64]
date1 = ll[4].split('>')[1]
date2 = ll[5].split('<')[0]
print date1, date2
print lll
f.write(str(lll)+'\n')
decoded_data = txdecode(str(lll))
fd = open('dataout/'+str(lll),"wb")
fd.write(decoded_data)
fd.close()
status, output = commands.getstatusoutput("dataout/trid dataout/"+str(lll))
if 'Unknown!' not in output:
ff = open('dataout/'+addr+"_file_tx_list.txt", 'a')
files += 1
outputlines = output.split('\n')
for i in range(6,len(outputlines)):
print outputlines[i]
ff.write(str(lll)+' '+outputlines[6]+' '+date1+' '+date2+'\n')
ff.close()
page += 1
offset += 50
if tx_exist == False:
keep_reading = False
print len(tx_list), 'transactions found'
print files, 'file headers found'
print 'List saved in file', addr+"_tx_list.txt"
print 'Txs with file headers saved in', addr+"_file_tx_list.txt"
f.close()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# File insertion tool for Bitcoin
# Requires git://github.com/jgarzik/python-bitcoinrpc.git
#
# (c) 2013 Satoshi Nakamoto All Rights Reserved
#
# UNAUTHORIZED DUPLICATION AND/OR USAGE OF THIS PROGRAM IS PROHIBITED BY US AND INTERNATIONAL COPYRIGHT LAW
import io
import jsonrpc
import os
import random
import struct
import sys
from binascii import crc32,hexlify,unhexlify
from decimal import Decimal
if len(sys.argv) < 5:
print("Usage: %s <file> <dest addr> <dest amount> {<fee-per-kb>} Set BTCRPCURL=http://user:pass@localhost:portnum")
sys.exit()
COIN = 100000000
def unhexstr(str):
return unhexlify(str.encode('utf8'))
#proxy = jsonrpc.ServiceProxy(os.environ['BTCRPCURL'])
def select_txins(value):
#unspent = list(proxy.listunspent()) #HACK #TODO: replicate listunspent
#unspent = [101, 101, 101] #HACK
#random.shuffle(unspent) #HACK
r = []
total = 0
for tx in range(10):#unspent: #HACK
total += 101#tx['amount'] #HACK
r.append(tx)
if total >= value:
break
if total < value:
return None
else:
return (r, total)
def varint(n):
if n < 0xfd:
return bytes([n])
elif n < 0xffff:
return b'\xfd' + struct.pack('<H',n)
else:
assert False
def packtxin(prevout, scriptSig, seq=0xffffffff):
print prevout[0][::-1]
print struct.pack('<L',prevout[1])
print prevout[0][::-1] + struct.pack('<L',prevout[1])
print struct.pack('<L',prevout[1])
print varint(len(scriptSig))
print scriptSig
print struct.pack('<L', seq)
return prevout[0][::-1] + struct.pack('<L',prevout[1]) + varint(len(scriptSig)) + scriptSig + struct.pack('<L', seq)
def packtxout(value, scriptPubKey):
return struct.pack('<Q',int(value*COIN)) + varint(len(scriptPubKey)) + scriptPubKey
def packtx(txins, txouts, locktime=0):
r = b'\x01\x00\x00\x00' # version
r += varint(len(txins))
for txin in txins:
vout = 948 #HACK
txid = [20134930, b'20134930']#HACK
#r += packtxin((unhexstr(txin['txid']),txin['vout']), b'')
r += packtxin((txid,vout), b'')
r += varint(len(txouts))
for (value, scriptPubKey) in txouts:
r += packtxout(value, scriptPubKey)
r += struct.pack('<L', locktime)
return r
OP_CHECKSIG = b'\xac' #ascii dash w/ line down ¬
OP_CHECKMULTISIG = b'\xae' #ascii reg trademark
OP_PUSHDATA1 = b'\x4c' #ascii upper L
OP_DUP = b'\x76' #ascii lower v
OP_HASH160 = b'\xa9' #ascii copyright symbol
OP_EQUALVERIFY = b'\x88' #ascii e with circumflex ê
def pushdata(data):
assert len(data) < OP_PUSHDATA1[0]
return bytes([len(data)]) + data
def pushint(n):
assert 0 < n <= 16
return bytes([0x51 + n-1])
def addr2bytes(s):
digits58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
n = 0
for c in s:
n *= 58
if c not in digits58:
raise ValueError
n += digits58.index(c)
h = '%x' % n
if len(h) % 2:
h = '0' + h
for c in s:
if c == digits58[0]:
h = '00' + h
else:
break
return unhexstr(h)[1:-4] # skip version and checksum
def checkmultisig_scriptPubKey_dump(fd):
data = fd.read(65*3)
if not data:
return None
r = pushint(1)
n = 0
while data:
chunk = data[0:65]
data = data[65:]
if len(chunk) < 33:
chunk += b'\x00'*(33-len(chunk))
elif len(chunk) < 65:
chunk += b'\x00'*(65-len(chunk))
r += pushdata(chunk)
n += 1
r += pushint(n) + OP_CHECKMULTISIG
return r
(txins, change) = select_txins(0)
txouts = []
data = open(sys.argv[1],'rb').read()
data = struct.pack('<L', len(data)) + struct.pack('<L', crc32(data)) + data
fd = io.BytesIO(data)
while True:
scriptPubKey = checkmultisig_scriptPubKey_dump(fd)
if scriptPubKey is None:
break
value = Decimal(1/COIN)
txouts.append((value, scriptPubKey))
print value
print scriptPubKey
change -= value
# dest output
out_value = Decimal(sys.argv[3])
change -= out_value
txouts.append((out_value, OP_DUP + OP_HASH160 + pushdata(addr2bytes(sys.argv[2])) + OP_EQUALVERIFY + OP_CHECKSIG)) # fee,v,copy,#byte,wal,ecirc,linedown
# change output
#change_addr = proxy.getnewaddress()
change_addr = sys.argv[2]
txouts.append([change, OP_DUP + OP_HASH160 + pushdata(addr2bytes(change_addr)) + OP_EQUALVERIFY + OP_CHECKSIG])
#tx = packtx(txins, txouts)
#print tx
#signed_tx = proxy.signrawtransaction(hexlify(tx).decode('utf8'))
FEEPERKB = Decimal(0.001)
try:
FEEPERKB = Decimal(sys.argv[4])
except IndexError:
pass
#fee = Decimal(len(signed_tx['hex'])/1000) * FEEPERKB
#change -= fee
#txouts[-1][0] = change
#tx = packtx(txins, txouts)
#print tx
#signed_tx = proxy.signrawtransaction(hexlify(tx).decode('utf8'))
#assert signed_tx['complete']
#print('Size: %d Fee: %2.8f' % (len(signed_tx['hex'])/2,fee))
#if False:
#print(proxy.sendrawtransaction(signed_tx['hex']))
#else:
#print(signed_tx)
