brainflayer

BrainflayerisaProof-of-Conceptbrainwalletcrackingtoolthatuseslibsecp256k1forpubkeygeneration.ItwasoriginallyreleasedaspartofmyDEFCONtalkaboutcrackingbrainwallets(slides,video,why).

ThenameisareferencetoMindFlayers,araceofmonstersfromtheDungeons&Dragonsrole-playinggame.Theyeatbrains,psionicallyenslavepeopleandlooklikelovecraftianhorrors.

ThecurrentreleaseismorethanfourtimesfasterthantheDEFCONrelease,andmanyfeatureshavebeenadded.

Ifbrainflayerisusefultoyou,pleasegetintouchtoletmeknow.I'mveryinterestedinanyresearchit'sbeingusedfor,andI'mgenerallyhappytocollaboratewithacademicgroups.

Justbecauseyoucanstealsomeone'smoneydoesn'tmeanyoushould.Stealingwouldmakeyouajerk.Don'tbeajerk.

Nosupportwillbeprovidedatthistime,andImayignoreorcloseissuesrequestingsupportwithoutresponding.

THISSOFTWAREISPROVIDEDBYTHECOPYRIGHTHOLDERSANDCONTRIBUTORS"ASIS"ANDANYEXPRESSORIMPLIEDWARRANTIES,INCLUDING,BUTNOTLIMITEDTO,THEIMPLIEDWARRANTIESOFMERCHANTABILITYANDFITNESSFORAPARTICULARPURPOSEAREDISCLAIMED.INNOEVENTSHALLTHECOPYRIGHTHOLDERORCONTRIBUTORSBELIABLEFORANYDIRECT,INDIRECT,INCIDENTAL,SPECIAL,EXEMPLARY,ORCONSEQUENTIALDAMAGES(INCLUDING,BUTNOTLIMITEDTO,PROCUREMENTOFSUBSTITUTEGOODSORSERVICES;LOSSOFUSE,DATA,ORPROFITS;ORBUSINESSINTERRUPTION)HOWEVERCAUSEDANDONANYTHEORYOFLIABILITY,WHETHERINCONTRACT,STRICTLIABILITY,ORTORT(INCLUDINGNEGLIGENCEOROTHERWISE)ARISINGINANYWAYOUTOFTHEUSEOFTHISSOFTWARE,EVENIFADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGE.

Precomputethebloomfilter:

hex2blfexample.hexexample.blf

RunBrainflayeragainstit:

brainflayer-v-bexample.blf-iphraselist.txt

or

your_generator|brainflayer-v-bexample.blf

Brainflayer'sdesignisheavilyinfluencedbyUnixphilosophy.It(mostly)doesonething:huntfortastybrainwallets.Amajorfeatureitdoesnothaveisgeneratingcandidatepasswords/passphrases.Thereareplentyofothergreattoolsthatdothat,andbrainflayerishappytohaveyoupipetheiroutputtoit.

Unfortunately,brainflayerisnotcurrentlymultithreaded.Ifyouwanttohaveitkeepmultiplecoresbusy,you'llhavetocomeupwithawaytodistributetheworkyourself(brainflayer's-nand-koptionsmayhelp).Inmytesting,brainflayerbenefitssignificantlyfromhyperthreading,soyoumaywanttoruntwocopiesperphysicalcore.Alsoworthnotingisthatbrainflayermmapsitsdatafilesinsharedmemory,soadditionalbrainflayerprocessesdonotuseupthatmuchadditionalRAM.

Whilenotstrictlyrequired,itishighlyrecommendedtousethefollowingoptions:

-mFILELoadtheecmulttablefromFILE(generatedwithecmtabgen)ratherthancomputingitonstartup.Thiswillallowmultiplebrainflayerprocessestosharethesametableinmemory,andsignifigantlyreducestartuptimewhenusingalargetable.

-fFILEVerifycheckbloomfiltermatchesagainstFILE,alistofallhash160sgeneratedwithsort-uexample.hex|xxd-r-p>example.binEnoughaddressesexistontheBitcoinnetworktocausefalsepositivesinthebloomfilter,thisoptionwillsuppressthem.

Brainflayersupportsafewothertypesofinputviathe-toption:

-tkeccakpassphrasestobehashedwithkeccak256(someethereumtools)

-tprivrawprivatekeys-thiscanbeusedtosupportarbitrarydeterministicwalletschemesviaanexternalprogram.Anytrailingdataafterthehexencodedprivatekeywillbeincludedinbrainflayer'soutputaswell,forreference.Seealsothe-Ioptionifyouwanttocrackabunchofsequentialkeys,whichhasspecialspeedoptimizations.

-twarpsaltsorpasswords/passphrasesforWarpWallet

-tbwiosaltsorpasswords/passphrasesforbrainwallet.io

-tbv2saltsorpasswords/passphrasesforbrainv2-thisoneisveryslowonCPU,howevertheparameterchoicesmakeitagreattargetforGPUsandFPGAs.

-trushpasswordsforpassword-protectedrushwallets-passthefragment(thepartoftheurlafterthe#)using-r.Almostallwrongpasswordswillberejectedevenwithoutabloomfilter.

Addresstypescanbespecifiedwiththe-coption:

-cuuncompressedaddresses

-cccompressedaddresses

-ceethereumaddresses

-cxmostsignifigantbitsofpublicpoint'sxcoordinate

It'spossibletocombinetwoormoreofthese,e.g.thedefaultis-cuc.

Anincrementalprivatekeybruteforcemodeisavailableforfansofdirectory.io,try

brainflayer-v-I0000000000000000000000000000000000000000000000000000000000000001-bexample.blf

Seetheoutputofbrainflayer-hformoredetailedusageinfo.

Alsoincludedisblfchk-youcanpipeithexencodedhash160tocheckabloomfilterfilefor.It'sveryfast-itcaneasilycheckmillionsofhash160spersecond.NotentirelysurewhatthisisgoodforbutI'msureyou'llcomeupwithsomething.

ShouldcompileonLinuxwithmakeprovidedyouhavetherequireddevellibsinstalled(atleastopensslandgmparerequiredalongwithlibsecp256k1'sbuilddependencies).Ireallyneedtolearnautotools.Ifyoufileanissueaboutabuildfailureinlibsecp256k1Iwillcloseit.

Dependenciesshouldinstallwith

SupportedbuildtargetiscurrentlyUbuntu20.04onamd64/x86_64.Issueswithbuildingforotherplatformsprobablywon’tbefixed.Inparticular,KaliLinuxisnotsupported.SupportforoperatingsystemsotherthanLinuxwouldrequireextensiverefactoringofBrainflayer'smemoryoptimizationsandisnothappening.

Redistributionofcompiledbrainflayerbinariesisprohibited,andunauthorizedbinariesprobablycontainmalware.

ThebulkofBrainflayerwaswrittenbyRyanCastellucci.NicolasCourtoisandGuangyanSongcontributedthecodeinec_pubkey_fast.cwhichmorethandoublesthespeedofpublickeycomputationscomparedwiththestocksecp256k1libraryfromBitcoin.Thiscodeusesamuchlargertableforecmultiplicationandoptimizedroutinesforecadditionanddoubling.