Exemplo n.º 1
0
 def raw_parse(cls, s):
     '''Returns a HDPrivateKey from a stream'''
     # first 4 bytes are the version
     version = s.read(4)
     # check that the version is one of the TESTNET or MAINNET
     #  private keys, if not raise a ValueError
     if version in (TESTNET_XPRV, TESTNET_YPRV, TESTNET_ZPRV):
         testnet = True
     elif version in (MAINNET_XPRV, MAINNET_YPRV, MAINNET_ZPRV):
         testnet = False
     else:
         raise ValueError('not an xprv, yprv or zprv: {}'.format(version))
     # the next byte is depth
     depth = byte_to_int(s.read(1))
     # next 4 bytes are the parent_fingerprint
     parent_fingerprint = s.read(4)
     # next 4 bytes is the child number in big-endian
     child_number = big_endian_to_int(s.read(4))
     # next 32 bytes are the chain code
     chain_code = s.read(32)
     # the next byte should be b'\x00'
     if byte_to_int(s.read(1)) != 0:
         raise ValueError('private key should be preceded by a zero byte')
     # last 32 bytes should be the private key in big endian
     private_key = PrivateKey(secret=big_endian_to_int(s.read(32)))
     # return an instance of the class
     return cls(
         private_key=private_key,
         chain_code=chain_code,
         depth=depth,
         parent_fingerprint=parent_fingerprint,
         child_number=child_number,
         testnet=testnet,
     )
Exemplo n.º 2
0
 def raw_parse(cls, s):
     '''Returns a HDPublicKey from a stream'''
     # first 4 bytes are the version
     version = s.read(4)
     # check that the version is one of the TESTNET or MAINNET
     #  public keys, if not raise a ValueError
     if version in (TESTNET_XPUB, TESTNET_YPUB, TESTNET_ZPUB):
         testnet = True
     elif version in (MAINNET_XPUB, MAINNET_YPUB, MAINNET_ZPUB):
         testnet = False
     else:
         raise ValueError('not an xpub, ypub or zpub: {} {}'.format(s, version))
     # the next byte is depth
     depth = byte_to_int(s.read(1))
     # next 4 bytes are the parent_fingerprint
     parent_fingerprint = s.read(4)
     # next 4 bytes is the child number in big-endian
     child_number = big_endian_to_int(s.read(4))
     # next 32 bytes are the chain code
     chain_code = s.read(32)
     # last 33 bytes should be the SEC
     point = S256Point.parse(s.read(33))
     # return an instance of the class
     return cls(
         point=point,
         chain_code=chain_code,
         depth=depth,
         parent_fingerprint=parent_fingerprint,
         child_number=child_number,
         testnet=testnet,
     )
Exemplo n.º 3
0
 def parse(cls, s):
     # get the length of the entire field
     length = read_varint(s)
     # initialize the commands array
     commands = []
     # initialize the number of bytes we've read to 0
     count = 0
     # loop until we've read length bytes
     while count < length:
         # get the current byte
         current = s.read(1)
         # increment the bytes we've read
         count += 1
         # convert the current byte to an integer
         current_byte = current[0]
         # if the current byte is between 1 and 75 inclusive
         if current_byte >= 1 and current_byte <= 75:
             # we have a command set n to be the current byte
             n = current_byte
             # add the next n bytes as a command
             commands.append(s.read(n))
             # increase the count by n
             count += n
         elif current_byte == 76:
             # op_pushdata1
             data_length = byte_to_int(s.read(1))
             commands.append(s.read(data_length))
             count += data_length + 1
         elif current_byte == 77:
             # op_pushdata2
             data_length = byte_to_int(s.read(2))
             commands.append(s.read(data_length))
             count += data_length + 2
         else:
             # we have an op code. set the current byte to op_code
             op_code = current_byte
             # add the op_code to the list of commands
             commands.append(op_code)
     if count != length:
         raise SyntaxError('parsing script failed')
     return cls(commands)
Exemplo n.º 4
0
def xprv_raw_parse(cls, s):
    version = s.read(4)
    if version in (TESTNET_XPRV, TESTNET_YPRV, TESTNET_ZPRV):
        testnet = True
    elif version in (MAINNET_XPRV, MAINNET_YPRV, MAINNET_ZPRV):
        testnet = False
    else:
        raise ValueError('not an xprv, yprv or zprv: {}'.format(version))
    depth = byte_to_int(s.read(1))
    parent_fingerprint = s.read(4)
    child_number = big_endian_to_int(s.read(4))
    chain_code = s.read(32)
    if byte_to_int(s.read(1)) != 0:
        raise ValueError('private key should be preceded by a zero byte')
    private_key = PrivateKey(secret=big_endian_to_int(s.read(32)))
    return cls(
        private_key=private_key,
        chain_code=chain_code,
        depth=depth,
        parent_fingerprint=parent_fingerprint,
        child_number=child_number,
        testnet=testnet,
    )
Exemplo n.º 5
0
def xpub_raw_parse(cls, s):
    version = s.read(4)
    if version in (TESTNET_XPUB, TESTNET_YPUB, TESTNET_ZPUB):
        testnet = True
    elif version in (MAINNET_XPUB, MAINNET_YPUB, MAINNET_ZPUB):
        testnet = False
    else:
        raise ValueError('not an xpub, ypub or zpub: {} {}'.format(s, version))
    depth = byte_to_int(s.read(1))
    parent_fingerprint = s.read(4)
    child_number = big_endian_to_int(s.read(4))
    chain_code = s.read(32)
    point = S256Point.parse(s.read(33))
    return cls(
        point=point,
        chain_code=chain_code,
        depth=depth,
        parent_fingerprint=parent_fingerprint,
        child_number=child_number,
        testnet=testnet,
    )
Exemplo n.º 6
0
 def parse(cls, s: BufferedIOBase) -> Script:
     # get the length of the entire field
     length = read_varint(s)
     # initialize the commands array
     commands = []
     # initialize the number of bytes we've read to 0
     count = 0
     # loop until we've read length bytes
     while count < length:
         # get the current byte
         current = s.read(1)
         # increment the bytes we've read
         count += 1
         # convert the current byte to an integer
         current_int = current[0]
         # if the current byte is between 1 and 75 inclusive
         if current_int <= 75:
             # add the next n bytes as a command
             commands.append(s.read(current_int))
             count += current_int
         elif current == OP_PUSHDATA1:
             # op_pushdata1
             data_length = byte_to_int(s.read(1))
             commands.append(s.read(data_length))
             count += data_length + 1
         elif current == OP_PUSHDATA2:
             # op_pushdata2
             data_length = little_endian_to_int(s.read(2))
             commands.append(s.read(data_length))
             count += data_length + 2
         else:
             # add the command to the list of commands
             commands.append(current)
     if count != length:
         raise SyntaxError(f'parsing script failed {commands}')
     return cls(commands)
Exemplo n.º 7
0
'''
if (silent != 1): print 'DPA1: Recovering delta from T1 = delta + W_0...'
current_sample = 0
delta0, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 3, -1,
                             threshold)
#current_sample += j
delta1, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 2, delta0,
                             threshold)
current_sample += j
delta2, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 1, delta1,
                             threshold)
current_sample += j
delta3, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 0, delta2,
                             threshold)
current_sample += j
delta = helper.byte_to_int(delta3, delta2, delta1, delta0)
if (silent != 1): print "delta=", hex(delta)
'''
 * DPA 2
 * E_1 = D_0 + T1_1
'''
if (silent != 1): print 'DPA2: Recovering D_0 from E_1 = D_0 + T1_1...'
# calculate known T1's
T1 = helper.int_to_byte_vec(helper.byte_array_to_int_vec(message_0) + delta)
d_0_0, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 3, -1, threshold)
current_sample += j
d_0_1, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 2, d_0_0, threshold)
current_sample += j
d_0_2, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 1, d_0_1, threshold)
current_sample += j
d_0_3, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 0, d_0_2, threshold)
j = 0
'''
 * DPA 1
 * T1 = delta + W_0
'''
delta0, _j = dpa.dpa_addition(T[:, j:], 0, message_0, 3, -1, threshold)
j += _j
delta1, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 2, [delta0],
                                      threshold)
delta2, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 1,
                                      [delta0, delta1], threshold)
delta3, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 0,
                                      [delta0, delta1, delta2], threshold)

delta = helper.byte_to_int(delta3, delta2, delta1, delta0)
# we now recovered delta
if (silent != 1): print "delta=", hex(delta)
end_time = time.time()
[secretSeed, secretIv, secretDelta,
 secretT1] = helper.load_secret_data(sys.argv[2])

attack_success = helper.compareBytes(secretDelta, [delta])
if silent != 1:
    GREEN = '\033[92m'
    RED = '\033[91m'
    if attack_success:
        print GREEN, "FOUND CORRECT KEY"
    else:
        print RED, "KEY NOT CORRECT"
    ENDC = '\033[0m'
E1 = helper.int_to_byte_vec(helper.byte_array_to_int_vec(T1) + D_0)
nE1 = helper.int_to_byte_vec(~helper.byte_array_to_int_vec(E1))
'''
 * DPA 5
 * F_0 equals G_1
 * ~E_1 & G_1 in Ch
'''
F_0_0, j = dpa.dpa_and(T[:, current_sample:], 1, nE1, 3, threshold)
current_sample += j
F_0_1, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 2, threshold)
current_sample += j
F_0_2, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 1, threshold)
current_sample += j
F_0_3, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 0, threshold)
current_sample += j
F_0 = helper.byte_to_int(F_0_3, F_0_2, F_0_1, F_0_0)
if (silent != 1): print "F_0=", hex(F_0)

end_time = time.time()

attack_success = helper.compareBytes("0x" + secretIv[2 + 5 * 8:2 + 6 * 8],
                                     [F_0])
if silent != 1:
    GREEN = '\033[92m'
    RED = '\033[91m'
    if attack_success:
        print GREEN, "FOUND CORRECT KEY"
    else:
        print RED, "KEY NOT CORRECT"
    ENDC = '\033[0m'
    print ENDC