def raw_parse(cls, s):
'''Returns a HDPrivateKey from a stream'''
# first 4 bytes are the version
version = s.read(4)
# check that the version is one of the TESTNET or MAINNET
# private keys, if not raise a ValueError
if version in (TESTNET_XPRV, TESTNET_YPRV, TESTNET_ZPRV):
testnet = True
elif version in (MAINNET_XPRV, MAINNET_YPRV, MAINNET_ZPRV):
testnet = False
else:
raise ValueError('not an xprv, yprv or zprv: {}'.format(version))
# the next byte is depth
depth = byte_to_int(s.read(1))
# next 4 bytes are the parent_fingerprint
parent_fingerprint = s.read(4)
# next 4 bytes is the child number in big-endian
child_number = big_endian_to_int(s.read(4))
# next 32 bytes are the chain code
chain_code = s.read(32)
# the next byte should be b'\x00'
if byte_to_int(s.read(1)) != 0:
raise ValueError('private key should be preceded by a zero byte')
# last 32 bytes should be the private key in big endian
private_key = PrivateKey(secret=big_endian_to_int(s.read(32)))
# return an instance of the class
return cls(
private_key=private_key,
chain_code=chain_code,
depth=depth,
parent_fingerprint=parent_fingerprint,
child_number=child_number,
testnet=testnet,
)
def raw_parse(cls, s):
'''Returns a HDPublicKey from a stream'''
# first 4 bytes are the version
version = s.read(4)
# check that the version is one of the TESTNET or MAINNET
# public keys, if not raise a ValueError
if version in (TESTNET_XPUB, TESTNET_YPUB, TESTNET_ZPUB):
testnet = True
elif version in (MAINNET_XPUB, MAINNET_YPUB, MAINNET_ZPUB):
testnet = False
else:
raise ValueError('not an xpub, ypub or zpub: {} {}'.format(s, version))
# the next byte is depth
depth = byte_to_int(s.read(1))
# next 4 bytes are the parent_fingerprint
parent_fingerprint = s.read(4)
# next 4 bytes is the child number in big-endian
child_number = big_endian_to_int(s.read(4))
# next 32 bytes are the chain code
chain_code = s.read(32)
# last 33 bytes should be the SEC
point = S256Point.parse(s.read(33))
# return an instance of the class
return cls(
point=point,
chain_code=chain_code,
depth=depth,
parent_fingerprint=parent_fingerprint,
child_number=child_number,
testnet=testnet,
)
def parse(cls, s):
# get the length of the entire field
length = read_varint(s)
# initialize the commands array
commands = []
# initialize the number of bytes we've read to 0
count = 0
# loop until we've read length bytes
while count < length:
# get the current byte
current = s.read(1)
# increment the bytes we've read
count += 1
# convert the current byte to an integer
current_byte = current[0]
# if the current byte is between 1 and 75 inclusive
if current_byte >= 1 and current_byte <= 75:
# we have a command set n to be the current byte
n = current_byte
# add the next n bytes as a command
commands.append(s.read(n))
# increase the count by n
count += n
elif current_byte == 76:
# op_pushdata1
data_length = byte_to_int(s.read(1))
commands.append(s.read(data_length))
count += data_length + 1
elif current_byte == 77:
# op_pushdata2
data_length = byte_to_int(s.read(2))
commands.append(s.read(data_length))
count += data_length + 2
else:
# we have an op code. set the current byte to op_code
op_code = current_byte
# add the op_code to the list of commands
commands.append(op_code)
if count != length:
raise SyntaxError('parsing script failed')
return cls(commands)
def xprv_raw_parse(cls, s):
version = s.read(4)
if version in (TESTNET_XPRV, TESTNET_YPRV, TESTNET_ZPRV):
testnet = True
elif version in (MAINNET_XPRV, MAINNET_YPRV, MAINNET_ZPRV):
testnet = False
else:
raise ValueError('not an xprv, yprv or zprv: {}'.format(version))
depth = byte_to_int(s.read(1))
parent_fingerprint = s.read(4)
child_number = big_endian_to_int(s.read(4))
chain_code = s.read(32)
if byte_to_int(s.read(1)) != 0:
raise ValueError('private key should be preceded by a zero byte')
private_key = PrivateKey(secret=big_endian_to_int(s.read(32)))
return cls(
private_key=private_key,
chain_code=chain_code,
depth=depth,
parent_fingerprint=parent_fingerprint,
child_number=child_number,
testnet=testnet,
)
def xpub_raw_parse(cls, s):
version = s.read(4)
if version in (TESTNET_XPUB, TESTNET_YPUB, TESTNET_ZPUB):
testnet = True
elif version in (MAINNET_XPUB, MAINNET_YPUB, MAINNET_ZPUB):
testnet = False
else:
raise ValueError('not an xpub, ypub or zpub: {} {}'.format(s, version))
depth = byte_to_int(s.read(1))
parent_fingerprint = s.read(4)
child_number = big_endian_to_int(s.read(4))
chain_code = s.read(32)
point = S256Point.parse(s.read(33))
return cls(
point=point,
chain_code=chain_code,
depth=depth,
parent_fingerprint=parent_fingerprint,
child_number=child_number,
testnet=testnet,
)
def parse(cls, s: BufferedIOBase) -> Script:
# get the length of the entire field
length = read_varint(s)
# initialize the commands array
commands = []
# initialize the number of bytes we've read to 0
count = 0
# loop until we've read length bytes
while count < length:
# get the current byte
current = s.read(1)
# increment the bytes we've read
count += 1
# convert the current byte to an integer
current_int = current[0]
# if the current byte is between 1 and 75 inclusive
if current_int <= 75:
# add the next n bytes as a command
commands.append(s.read(current_int))
count += current_int
elif current == OP_PUSHDATA1:
# op_pushdata1
data_length = byte_to_int(s.read(1))
commands.append(s.read(data_length))
count += data_length + 1
elif current == OP_PUSHDATA2:
# op_pushdata2
data_length = little_endian_to_int(s.read(2))
commands.append(s.read(data_length))
count += data_length + 2
else:
# add the command to the list of commands
commands.append(current)
if count != length:
raise SyntaxError(f'parsing script failed {commands}')
return cls(commands)
'''
if (silent != 1): print 'DPA1: Recovering delta from T1 = delta + W_0...'
current_sample = 0
delta0, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 3, -1,
threshold)
#current_sample += j
delta1, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 2, delta0,
threshold)
current_sample += j
delta2, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 1, delta1,
threshold)
current_sample += j
delta3, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 0, delta2,
threshold)
current_sample += j
delta = helper.byte_to_int(delta3, delta2, delta1, delta0)
if (silent != 1): print "delta=", hex(delta)
'''
* DPA 2
* E_1 = D_0 + T1_1
'''
if (silent != 1): print 'DPA2: Recovering D_0 from E_1 = D_0 + T1_1...'
# calculate known T1's
T1 = helper.int_to_byte_vec(helper.byte_array_to_int_vec(message_0) + delta)
d_0_0, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 3, -1, threshold)
current_sample += j
d_0_1, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 2, d_0_0, threshold)
current_sample += j
d_0_2, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 1, d_0_1, threshold)
current_sample += j
d_0_3, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 0, d_0_2, threshold)
j = 0
'''
* DPA 1
* T1 = delta + W_0
'''
delta0, _j = dpa.dpa_addition(T[:, j:], 0, message_0, 3, -1, threshold)
j += _j
delta1, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 2, [delta0],
threshold)
delta2, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 1,
[delta0, delta1], threshold)
delta3, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 0,
[delta0, delta1, delta2], threshold)
delta = helper.byte_to_int(delta3, delta2, delta1, delta0)
# we now recovered delta
if (silent != 1): print "delta=", hex(delta)
end_time = time.time()
[secretSeed, secretIv, secretDelta,
secretT1] = helper.load_secret_data(sys.argv[2])
attack_success = helper.compareBytes(secretDelta, [delta])
if silent != 1:
GREEN = '\033[92m'
RED = '\033[91m'
if attack_success:
print GREEN, "FOUND CORRECT KEY"
else:
print RED, "KEY NOT CORRECT"
ENDC = '\033[0m'
E1 = helper.int_to_byte_vec(helper.byte_array_to_int_vec(T1) + D_0)
nE1 = helper.int_to_byte_vec(~helper.byte_array_to_int_vec(E1))
'''
* DPA 5
* F_0 equals G_1
* ~E_1 & G_1 in Ch
'''
F_0_0, j = dpa.dpa_and(T[:, current_sample:], 1, nE1, 3, threshold)
current_sample += j
F_0_1, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 2, threshold)
current_sample += j
F_0_2, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 1, threshold)
current_sample += j
F_0_3, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 0, threshold)
current_sample += j
F_0 = helper.byte_to_int(F_0_3, F_0_2, F_0_1, F_0_0)
if (silent != 1): print "F_0=", hex(F_0)
end_time = time.time()
attack_success = helper.compareBytes("0x" + secretIv[2 + 5 * 8:2 + 6 * 8],
[F_0])
if silent != 1:
GREEN = '\033[92m'
RED = '\033[91m'
if attack_success:
print GREEN, "FOUND CORRECT KEY"
else:
print RED, "KEY NOT CORRECT"
ENDC = '\033[0m'
print ENDC
