def raw_parse(cls, s): '''Returns a HDPrivateKey from a stream''' # first 4 bytes are the version version = s.read(4) # check that the version is one of the TESTNET or MAINNET # private keys, if not raise a ValueError if version in (TESTNET_XPRV, TESTNET_YPRV, TESTNET_ZPRV): testnet = True elif version in (MAINNET_XPRV, MAINNET_YPRV, MAINNET_ZPRV): testnet = False else: raise ValueError('not an xprv, yprv or zprv: {}'.format(version)) # the next byte is depth depth = byte_to_int(s.read(1)) # next 4 bytes are the parent_fingerprint parent_fingerprint = s.read(4) # next 4 bytes is the child number in big-endian child_number = big_endian_to_int(s.read(4)) # next 32 bytes are the chain code chain_code = s.read(32) # the next byte should be b'\x00' if byte_to_int(s.read(1)) != 0: raise ValueError('private key should be preceded by a zero byte') # last 32 bytes should be the private key in big endian private_key = PrivateKey(secret=big_endian_to_int(s.read(32))) # return an instance of the class return cls( private_key=private_key, chain_code=chain_code, depth=depth, parent_fingerprint=parent_fingerprint, child_number=child_number, testnet=testnet, )
def raw_parse(cls, s): '''Returns a HDPublicKey from a stream''' # first 4 bytes are the version version = s.read(4) # check that the version is one of the TESTNET or MAINNET # public keys, if not raise a ValueError if version in (TESTNET_XPUB, TESTNET_YPUB, TESTNET_ZPUB): testnet = True elif version in (MAINNET_XPUB, MAINNET_YPUB, MAINNET_ZPUB): testnet = False else: raise ValueError('not an xpub, ypub or zpub: {} {}'.format(s, version)) # the next byte is depth depth = byte_to_int(s.read(1)) # next 4 bytes are the parent_fingerprint parent_fingerprint = s.read(4) # next 4 bytes is the child number in big-endian child_number = big_endian_to_int(s.read(4)) # next 32 bytes are the chain code chain_code = s.read(32) # last 33 bytes should be the SEC point = S256Point.parse(s.read(33)) # return an instance of the class return cls( point=point, chain_code=chain_code, depth=depth, parent_fingerprint=parent_fingerprint, child_number=child_number, testnet=testnet, )
def parse(cls, s): # get the length of the entire field length = read_varint(s) # initialize the commands array commands = [] # initialize the number of bytes we've read to 0 count = 0 # loop until we've read length bytes while count < length: # get the current byte current = s.read(1) # increment the bytes we've read count += 1 # convert the current byte to an integer current_byte = current[0] # if the current byte is between 1 and 75 inclusive if current_byte >= 1 and current_byte <= 75: # we have a command set n to be the current byte n = current_byte # add the next n bytes as a command commands.append(s.read(n)) # increase the count by n count += n elif current_byte == 76: # op_pushdata1 data_length = byte_to_int(s.read(1)) commands.append(s.read(data_length)) count += data_length + 1 elif current_byte == 77: # op_pushdata2 data_length = byte_to_int(s.read(2)) commands.append(s.read(data_length)) count += data_length + 2 else: # we have an op code. set the current byte to op_code op_code = current_byte # add the op_code to the list of commands commands.append(op_code) if count != length: raise SyntaxError('parsing script failed') return cls(commands)
def xprv_raw_parse(cls, s): version = s.read(4) if version in (TESTNET_XPRV, TESTNET_YPRV, TESTNET_ZPRV): testnet = True elif version in (MAINNET_XPRV, MAINNET_YPRV, MAINNET_ZPRV): testnet = False else: raise ValueError('not an xprv, yprv or zprv: {}'.format(version)) depth = byte_to_int(s.read(1)) parent_fingerprint = s.read(4) child_number = big_endian_to_int(s.read(4)) chain_code = s.read(32) if byte_to_int(s.read(1)) != 0: raise ValueError('private key should be preceded by a zero byte') private_key = PrivateKey(secret=big_endian_to_int(s.read(32))) return cls( private_key=private_key, chain_code=chain_code, depth=depth, parent_fingerprint=parent_fingerprint, child_number=child_number, testnet=testnet, )
def xpub_raw_parse(cls, s): version = s.read(4) if version in (TESTNET_XPUB, TESTNET_YPUB, TESTNET_ZPUB): testnet = True elif version in (MAINNET_XPUB, MAINNET_YPUB, MAINNET_ZPUB): testnet = False else: raise ValueError('not an xpub, ypub or zpub: {} {}'.format(s, version)) depth = byte_to_int(s.read(1)) parent_fingerprint = s.read(4) child_number = big_endian_to_int(s.read(4)) chain_code = s.read(32) point = S256Point.parse(s.read(33)) return cls( point=point, chain_code=chain_code, depth=depth, parent_fingerprint=parent_fingerprint, child_number=child_number, testnet=testnet, )
def parse(cls, s: BufferedIOBase) -> Script: # get the length of the entire field length = read_varint(s) # initialize the commands array commands = [] # initialize the number of bytes we've read to 0 count = 0 # loop until we've read length bytes while count < length: # get the current byte current = s.read(1) # increment the bytes we've read count += 1 # convert the current byte to an integer current_int = current[0] # if the current byte is between 1 and 75 inclusive if current_int <= 75: # add the next n bytes as a command commands.append(s.read(current_int)) count += current_int elif current == OP_PUSHDATA1: # op_pushdata1 data_length = byte_to_int(s.read(1)) commands.append(s.read(data_length)) count += data_length + 1 elif current == OP_PUSHDATA2: # op_pushdata2 data_length = little_endian_to_int(s.read(2)) commands.append(s.read(data_length)) count += data_length + 2 else: # add the command to the list of commands commands.append(current) if count != length: raise SyntaxError(f'parsing script failed {commands}') return cls(commands)
''' if (silent != 1): print 'DPA1: Recovering delta from T1 = delta + W_0...' current_sample = 0 delta0, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 3, -1, threshold) #current_sample += j delta1, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 2, delta0, threshold) current_sample += j delta2, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 1, delta1, threshold) current_sample += j delta3, j = dpa.dpa_addition(T[:, current_sample:], 0, message_0, 0, delta2, threshold) current_sample += j delta = helper.byte_to_int(delta3, delta2, delta1, delta0) if (silent != 1): print "delta=", hex(delta) ''' * DPA 2 * E_1 = D_0 + T1_1 ''' if (silent != 1): print 'DPA2: Recovering D_0 from E_1 = D_0 + T1_1...' # calculate known T1's T1 = helper.int_to_byte_vec(helper.byte_array_to_int_vec(message_0) + delta) d_0_0, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 3, -1, threshold) current_sample += j d_0_1, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 2, d_0_0, threshold) current_sample += j d_0_2, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 1, d_0_1, threshold) current_sample += j d_0_3, j = dpa.dpa_addition(T[:, current_sample:], 0, T1, 0, d_0_2, threshold)
j = 0 ''' * DPA 1 * T1 = delta + W_0 ''' delta0, _j = dpa.dpa_addition(T[:, j:], 0, message_0, 3, -1, threshold) j += _j delta1, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 2, [delta0], threshold) delta2, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 1, [delta0, delta1], threshold) delta3, _j = dpa.partial_dpa_addition(T[:, j:j + 1], 0, message_0, 0, [delta0, delta1, delta2], threshold) delta = helper.byte_to_int(delta3, delta2, delta1, delta0) # we now recovered delta if (silent != 1): print "delta=", hex(delta) end_time = time.time() [secretSeed, secretIv, secretDelta, secretT1] = helper.load_secret_data(sys.argv[2]) attack_success = helper.compareBytes(secretDelta, [delta]) if silent != 1: GREEN = '\033[92m' RED = '\033[91m' if attack_success: print GREEN, "FOUND CORRECT KEY" else: print RED, "KEY NOT CORRECT" ENDC = '\033[0m'
E1 = helper.int_to_byte_vec(helper.byte_array_to_int_vec(T1) + D_0) nE1 = helper.int_to_byte_vec(~helper.byte_array_to_int_vec(E1)) ''' * DPA 5 * F_0 equals G_1 * ~E_1 & G_1 in Ch ''' F_0_0, j = dpa.dpa_and(T[:, current_sample:], 1, nE1, 3, threshold) current_sample += j F_0_1, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 2, threshold) current_sample += j F_0_2, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 1, threshold) current_sample += j F_0_3, j = dpa.dpa_and(T[:, current_sample:], 0, nE1, 0, threshold) current_sample += j F_0 = helper.byte_to_int(F_0_3, F_0_2, F_0_1, F_0_0) if (silent != 1): print "F_0=", hex(F_0) end_time = time.time() attack_success = helper.compareBytes("0x" + secretIv[2 + 5 * 8:2 + 6 * 8], [F_0]) if silent != 1: GREEN = '\033[92m' RED = '\033[91m' if attack_success: print GREEN, "FOUND CORRECT KEY" else: print RED, "KEY NOT CORRECT" ENDC = '\033[0m' print ENDC