def bip32_crack(parent_xpub: bytes, child_xprv: bytes) -> bytes: parent_xpub = b58decode_check(parent_xpub, 78) assert parent_xpub[45] in (2, 3), "extended parent key is not a public one" child_xprv = b58decode_check(child_xprv, 78) assert child_xprv[45] == 0, "extended child key is not a private one" # check depth assert child_xprv[4] == parent_xpub[4]+1, "wrong child/parent depth relation" # check fingerprint Parent_bytes = parent_xpub[45: ] assert child_xprv[ 5: 9] == h160(Parent_bytes)[:4], "not a child for the provided parent" # check normal derivation child_index = child_xprv[ 9:13] assert child_index[0] < 0x80, "hardened derivation" parent_xprv = child_xprv[ : 4] # version parent_xprv += parent_xpub[ 4: 5] # depth parent_xprv += parent_xpub[ 5: 9] # parent pubkey fingerprint parent_xprv += parent_xpub[ 9:13] # child index parent_chain_code = parent_xpub[13:45] parent_xprv += parent_chain_code # chain code h = HMAC(parent_chain_code, Parent_bytes + child_index, sha512).digest() offset = int.from_bytes(h[:32], 'big') child = int.from_bytes(child_xprv[46:], 'big') parent = (child - offset) % ec.n parent_bytes = b'\x00' + parent.to_bytes(32, 'big') parent_xprv += parent_bytes # private key return b58encode_check(parent_xprv)
def bip32_derive(xkey: octets, path: str) -> bytes: """derive an extended key according to path like "m/44'/0'/1'/0/10" (absolute) or "./0/10" (relative) """ indexes = [] if isinstance(path, list): indexes = path elif isinstance(path, str): steps = path.split('/') if steps[0] not in {'m', '.'}: raise ValueError(f'Invalid derivation path: {path}') if steps[0] == 'm': decoded = b58decode_check(xkey, 78) t = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00' assert decoded[ 4: 13] == t, "Trying to derive absolute path from non-master key" for step in steps[1:]: hardened = False if step[-1] == "'" or step[-1] == "H": hardened = True step = step[:-1] index = int(step) index += 0x80000000 if hardened else 0 indexes.append(index) else: raise TypeError( "list of indexes or string like 'm/44'/0'/1'/0/10' expected") for index in indexes: xkey = bip32_ckd(xkey, index) return xkey
def test_wif(self): # https://en.bitcoin.it/wiki/Wallet_import_format prvkey = 0xC28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D uncompressedKey = b'\x80' + prvkey.to_bytes(32, byteorder='big') uncompressedWIF = b'5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ' wif = b58encode_check(uncompressedKey) self.assertEqual(wif, uncompressedWIF) key = b58decode_check(uncompressedWIF) self.assertEqual(key, uncompressedKey) compressedKey = b'\x80' + prvkey.to_bytes(32, byteorder='big') + b'\x01' compressedWIF = b'KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617' wif = b58encode_check(compressedKey) self.assertEqual(wif, compressedWIF) key = b58decode_check(compressedWIF) self.assertEqual(key, compressedKey) # string compressedWIF = 'KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617' key = b58decode_check(compressedWIF) self.assertEqual(key, compressedKey) # string with leading space compressedWIF = ' KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617' b58decode_check(compressedWIF) self.assertEqual(key, compressedKey) # string with trailing space compressedWIF = 'KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617 ' b58decode_check(compressedWIF) self.assertEqual(key, compressedKey)
def address_from_xpub(xpub: bytes, version: Optional[bytes] = None): xpub = b58decode_check(xpub, 78) assert xpub[45] in (2, 3), "extended key is not a public one" # bitcoin: address version can be derived from xkey version # altcoin: address version cannot be derived from xkey version # if xkey version bytes have not been specialized # FIXME use BIP44 here if version is None: xversion = xpub[:4] i = PUBLIC.index(xversion) version = ADDRESS[i] return address_from_pubkey(xpub[45:], version)
def prvkey_from_wif(wif: octets) -> Tuple[int, bool]: """Wallet Import Format to (bytes) private key""" payload = b58decode_check(wif) assert payload[0] == 0x80, "not a WIF" if len(payload) == ec.psize + 2: # compressed WIF # must have a trailing 0x01 assert payload[ec.psize + 1] == 0x01, "not a WIF" return octets2int(payload[1:-1]), True elif len(payload) == ec.psize + 1: # uncompressed WIF return octets2int(payload[1:]), False raise ValueError("not a WIF")
def prvkey_from_wif(wif: WIF) -> bytes: """Wallet Import Format to (bytes) private key""" payload = b58decode_check(wif) assert payload[0] == 0x80, "not a WIF" if len(payload) == ec.bytesize + 2: # compressed WIF # must have a trailing 0x01 assert payload[ec.bytesize + 1] == 0x01, "not a WIF" return bytes_from_Scalar(ec, payload[1:-1]), True elif len(payload) == ec.bytesize + 1: # uncompressed WIF return bytes_from_Scalar(ec, payload[1:]), False raise ValueError("not a WIF")
def bip32_xpub_from_xprv(xprv: bytes) -> bytes: """Neutered Derivation (ND) Computation of the extended public key corresponding to an extended private key (“neutered” as it removes the ability to sign transactions) """ xprv = b58decode_check(xprv, 78) assert xprv[45] == 0, "extended key is not a private one" i = PRIVATE.index(xprv[:4]) # serialization data xpub = PUBLIC[i] # version # unchanged serialization data xpub += xprv[4:5] # depth xpub += xprv[5:9] # parent pubkey fingerprint xpub += xprv[9:13] # child index xpub += xprv[13:45] # chain code p = xprv[46:] P = pointMultiply(ec, p, ec.G) xpub += bytes_from_Point(ec, P, True) # public key return b58encode_check(xpub)
def hash160_from_address(addr: octets) -> bytes: payload = b58decode_check(addr, 21) # FIXME: this is mainnet only assert payload[0] == 0x00, "not an address" return payload[1:]
def bip32_ckd(xparentkey: octets, index: Union[octets, int]) -> bytes: """Child Key Derivation (CDK) Key derivation is normal if the extended parent key is public or child_index is less than 0x80000000. Key derivation is hardened if the extended parent key is private and child_index is not less than 0x80000000. """ if isinstance(index, int): index = index.to_bytes(4, 'big') elif isinstance(index, str): # hex string index = bytes.fromhex(index) if len(index) != 4: raise ValueError(f"a 4 bytes int is required, not {len(index)}") xparent = b58decode_check(xparentkey, 78) version = xparent[:4] # serialization data xkey = version # version xkey += (xparent[4] + 1).to_bytes(1, 'big') # (increased) depth if (version in PUBLIC): if xparent[45] not in (2, 3): # not a compressed public key raise ValueError("version/key mismatch in extended parent key") Parent_bytes = xparent[45:] Parent = octets2point(ec, Parent_bytes) xkey += h160(Parent_bytes)[:4] # parent pubkey fingerprint if index[0] >= 0x80: raise ValueError("no private/hardened derivation from pubkey") xkey += index # child index parent_chain_code = xparent[13:45] # normal derivation # actual extended key (key + chain code) derivation h = HMAC(parent_chain_code, Parent_bytes + index, sha512).digest() offset = int.from_bytes(h[:32], 'big') Offset = pointMult(ec, offset, ec.G) Child = ec.add(Parent, Offset) Child_bytes = point2octets(ec, Child, True) xkey += h[32:] # chain code xkey += Child_bytes # public key elif (version in PRIVATE): if xparent[45] != 0: # not a private key raise ValueError("version/key mismatch in extended parent key") parent = int.from_bytes(xparent[46:], 'big') Parent = pointMult(ec, parent, ec.G) Parent_bytes = point2octets(ec, Parent, True) xkey += h160(Parent_bytes)[:4] # parent pubkey fingerprint xkey += index # child index # actual extended key (key + chain code) derivation parent_chain_code = xparent[13:45] if (index[0] < 0x80): # normal derivation h = HMAC(parent_chain_code, Parent_bytes + index, sha512).digest() else: # hardened derivation h = HMAC(parent_chain_code, xparent[45:] + index, sha512).digest() offset = int.from_bytes(h[:32], 'big') child = (parent + offset) % ec.n child_bytes = b'\x00' + child.to_bytes(32, 'big') xkey += h[32:] # chain code xkey += child_bytes # private key else: raise ValueError("invalid extended key version") return b58encode_check(xkey)
def bip32_child_index(xkey: octets) -> bytes: xkey = b58decode_check(xkey, 78) if xkey[4] == 0: raise ValueError("master key provided") return xkey[9:13]
def bip32_ckd(xparentkey: bytes, index: Union[bytes, int]) -> bytes: """Child Key Derivation (CDK) Key derivation is normal if the extended parent key is public or child_index is less than 0x80000000. Key derivation is hardened if the extended parent key is private and child_index is not less than 0x80000000. """ if isinstance(index, int): index = index.to_bytes(4, 'big') elif isinstance(index, bytes): assert len(index) == 4 else: raise TypeError("a 4 bytes int is required") xparent = b58decode_check(xparentkey, 78) version = xparent[:4] # serialization data xkey = version # version xkey += (xparent[4] + 1).to_bytes(1, 'big') # (increased) depth if (version in PUBLIC): assert xparent[45] in (2, 3), \ "version/key mismatch in extended parent key" Parent_bytes = xparent[45:] Parent = tuple_from_Point(ec, Parent_bytes) xkey += h160(Parent_bytes)[:4] # parent pubkey fingerprint assert index[0] < 0x80, \ "no private/hardened derivation from pubkey" xkey += index # child index parent_chain_code = xparent[13:45] ## normal derivation # actual extended key (key + chain code) derivation h = HMAC(parent_chain_code, Parent_bytes + index, sha512).digest() offset = int.from_bytes(h[:32], 'big') Offset = ec.pointMultiply(offset, ec.G) Child = ec.pointAdd(Parent, Offset) Child_bytes = bytes_from_Point(ec, Child, True) xkey += h[32:] # chain code xkey += Child_bytes # public key elif (version in PRIVATE): assert xparent[45] == 0, "version/key mismatch in extended parent key" parent = int.from_bytes(xparent[46:], 'big') Parent = ec.pointMultiply(parent, ec.G) Parent_bytes = bytes_from_Point(ec, Parent, True) xkey += h160(Parent_bytes)[:4] # parent pubkey fingerprint xkey += index # child index # actual extended key (key + chain code) derivation parent_chain_code = xparent[13:45] if (index[0] < 0x80): ## normal derivation h = HMAC(parent_chain_code, Parent_bytes + index, sha512).digest() else: ## hardened derivation h = HMAC(parent_chain_code, xparent[45:] + index, sha512).digest() offset = int.from_bytes(h[:32], 'big') child = (parent + offset) % ec.order child_bytes = b'\x00' + child.to_bytes(32, 'big') xkey += h[32:] # chain code xkey += child_bytes # private key else: raise ValueError("invalid extended key version") return b58encode_check(xkey)
def test_mainnet(self): # bitcoin core derivation style mprv = b'xprv9s21ZrQH143K2ZP8tyNiUtgoezZosUkw9hhir2JFzDhcUWKz8qFYk3cxdgSFoCMzt8E2Ubi1nXw71TLhwgCfzqFHfM5Snv4zboSebePRmLS' # m/0'/0'/463' addr1 = b'1DyfBWxhVLmrJ7keyiHeMbt7N3UdeGU4G5' indexes = [0x80000000, 0x80000000, 0x80000000 + 463] addr = address_from_xpub( bip32_xpub_from_xprv(bip32_derive(mprv, indexes))) self.assertEqual(addr, addr1) path = "m/0'/0'/463'" addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(mprv, path))) self.assertEqual(addr, addr1) # m/0'/0'/267' addr2 = b'11x2mn59Qy43DjisZWQGRResjyQmgthki' indexes = [0x80000000, 0x80000000, 0x80000000 + 267] addr = address_from_xpub( bip32_xpub_from_xprv(bip32_derive(mprv, indexes))) self.assertEqual(addr, addr2) path = "m/0'/0'/267'" addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(mprv, path))) self.assertEqual(addr, addr2) xkey_version = PRIVATE[0] seed = "bfc4cbaad0ff131aa97fa30a48d09ae7df914bcc083af1e07793cd0a7c61a03f65d622848209ad3366a419f4718a80ec9037df107d8d12c19b83202de00a40ad" seed = bytes.fromhex(seed) xprv = bip32_mprv_from_seed(seed, xkey_version) xpub = b'xpub661MyMwAqRbcFMYjmw8C6dJV97a4oLss6hb3v9wTQn2X48msQB61RCaLGtNhzgPCWPaJu7SvuB9EBSFCL43kTaFJC3owdaMka85uS154cEh' self.assertEqual(bip32_xpub_from_xprv(xprv), xpub) ind = [0, 0] addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(xprv, ind))) self.assertEqual(addr, b'1FcfDbWwGs1PmyhMVpCAhoTfMnmSuptH6g') ind = [0, 1] addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(xprv, ind))) self.assertEqual(addr, b'1K5GjYkZnPFvMDTGaQHTrVnd8wjmrtfR5x') ind = [0, 2] addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(xprv, ind))) self.assertEqual(addr, b'1PQYX2uN7NYFd7Hq22ECMzfDcKhtrHmkfi') ind = [1, 0] addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(xprv, ind))) self.assertEqual(addr, b'1BvSYpojWoWUeaMLnzbkK55v42DbizCoyq') ind = [1, 1] addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(xprv, ind))) self.assertEqual(addr, b'1NXB59hF4QzYpFrB7o6usLBjbk2D3ZqxAL') ind = [1, 2] addr = address_from_xpub(bip32_xpub_from_xprv(bip32_derive(xprv, ind))) self.assertEqual(addr, b'16NLYkKtvYhW1Jp86tbocku3gxWcvitY1w') # version/key mismatch in extended parent key bmprv = b58decode_check(mprv) bad_mprv = b58encode_check(bmprv[0:45] + b'\x01' + bmprv[46:]) self.assertRaises(ValueError, bip32_ckd, bad_mprv, 1) #bip32_ckd(bad_mprv, 1) # version/key mismatch in extended parent key mpub = bip32_xpub_from_xprv(mprv) bmpub = b58decode_check(mpub) bad_mpub = b58encode_check(bmpub[0:45] + b'\x00' + bmpub[46:]) self.assertRaises(ValueError, bip32_ckd, bad_mpub, 1) #bip32_ckd(bad_mpub, 1) # no private/hardened derivation from pubkey self.assertRaises(ValueError, bip32_ckd, mpub, 0x80000000)
def hash_160_from_address(addr): return b58decode_check(addr)[1:21]
print("\n*** [7] Base58 encoding") wif = b58encode(addr) print(wif) assert wif == b'KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617', "failure" assert b58encode_check( ExtKey ) == b'KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617', "failure" print("\n****** WIF to private key ******") print("\n*** [1] Base58 WIF") print(wif) compressed = len(wif) - 51 print("compressed" if (compressed == 1) else "uncompressed") print("\n*** [2] Base58 decoding") addr = b58decode(wif) print(addr.hex()) print("\n*** [3] Extended key (checksum verified)") ExtKey, checksum = addr[:-4], addr[-4:] verified = (sha256(sha256(ExtKey).digest()).digest()[:4] == checksum) print(ExtKey.hex() + " (" + ("true" if verified else "false") + ")") print(b58decode_check(wif).hex()) print("\n*** [4] Private key") p2 = ExtKey[1:-1].hex() if compressed else ExtKey[1:].hex() assert int(p2, 16) == p, "failure" print(p2)