Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import sys
- import pycurl
- import struct
- from binascii import unhexlify, crc32
- import urllib2
- transaction = str(sys.argv[1])
- data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
- dataout = b''
- atoutput = False
- for line in data:
- if 'Output Scripts' in line:
- atoutput = True
- if '</table>' in line:
- atoutput = False
- if atoutput:
- if len(line) > 100:
- chunks = line.split(' ')
- for c in chunks:
- if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
- dataout += unhexlify(c.encode('utf8'))
- length = struct.unpack('<L', dataout[0:4])[0]
- checksum = struct.unpack('<L', dataout[4:8])[0]
- dataout = dataout[8:8+length]
- print dataout
- usage
- python script.py transaction_number
- returns all the data in the output scripts
- example
- python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
- Returns,
- Wikileaks Cablegate Backup
- cablegate-201012041811.7z
- Download the following transactions with Satoshi Nakamoto's download tool which
- can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
- Free speech and free enterprise! Thank you Satoshi!
- [2:41 AM] Bobb: I am not an expert but I know many of them and can get answers on questions fast
- [2:41 AM] iDanoo: ah python
- [2:41 AM] claudiacardinale:
- HOW TO FIND MESSAGES ON THE BLOCKCHAIN
- I'll be helping you with a few initial examples. Remember that if you feel like you've been compromised, switch over to codec communication.
- I'm assuming you already did the example on Jean's latest code dump >>24140 Let's try to do a few more.
- First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
- Use Jean's script and do
- 'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf'
- Once it is done you will be able to see a pdf was generated in that directory.
- Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
- [2:41 AM] claudiacardinale:
- For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
- If you do
- python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
- You will get a key that was leaked.
- Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again.
- Using this method we've found several transactions that involve Wikileaks that we don't quite understand.
- One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.
- For example, the Bitcoin paper transaction.
- If you do
- 'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output'
- and then do,
- 'file -b output'
- You will get:
- 'PDF document, version 1.4'
- For
- 'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output'
- 'file -b output'
- you should get
- 'GPG encrypted data'
- [2:42 AM] claudiacardinale:
- MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS
- import sys
- import pycurl
- import struct
- from binascii import unhexlify, crc32
- import urllib2
- # usage, python script.py transactionlist.txt > file
- txlist = str(sys.argv[1])
- def txdecode(transaction):
- data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
- dataout = b''
- atoutput = False
- for line in data:
- if 'Output Scripts' in line:
- atoutput = True
- if '</table>' in line:
- atoutput = False
- if atoutput:
- if len(line) > 100:
- chunks = line.split(' ')
- for c in chunks:
- if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
- dataout += unhexlify(c.encode('utf8'))
- length = struct.unpack('<L', dataout[0:4])[0]
- checksum = struct.unpack('<L', dataout[4:8])[0]
- dataout = dataout[8:8+length]
- return dataout
- f = open(txlist, 'r')
- alldata = b''
- for l in f.readlines():
- l = l.rstrip('\n')
- alldata += txdecode(str(l))
- print alldata
- example:
- python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
- save the 130 transactions to trans.txt
- then use the script above and do
- python newscript.py trans.txt > cables
- you will get a zipfile with the cables
- [2:42 AM] iDanoo: woah
- [2:42 AM] claudiacardinale:
- GETTING ADDRESSES FROM HASHES
- # How to get address from hash
- # Run the following on bitcoin
- from pybitcoin import BitcoinPrivateKey
- pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
- pk.public_key().address()
- # Compressed address will be returned
- pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
- pk.public_key().address()
- # Uncompressed address will be returned
- snowden
- 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
- 1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
- kerry
- 1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
- 1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
- ecuador
- 1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
- 16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
- ukfco
- 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
- 1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
- [2:42 AM] claudiacardinale:
- Analysis threads (heavily deleted and slid):
- https://8ch.net/pol/res/7946506.html
- https://8ch.net/pol/res/7962287.html
- Post where a 'key' was posted and deletions started taking place:
- https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html
- https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
- [2:42 AM] claudiacardinale:
- Link to original insurance file in case anyone wants to test that one:
- https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
- https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
- https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
- https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
- https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
- https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
- openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
- openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
- openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
- openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
- openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"
- the passwords seem to be telling us that there might be multiple files
- coming out of this, or it could be telling us a message like "Use a Tor Onion Router and do this". It might be that the file has to be unlocked over and over.
- also someone suggested, "take the last 32 or so bytes in the file, flip them, save it and then run 'file -b' on it."
- UNCRACKED TRANSACTIONS:
- 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
- d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
- cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
- 2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
- 657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
- 05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
- 623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
- 5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement