API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 14th, 2019
694
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.25 KB | None | 0 0
raw download clone embed print report
  1. import sys
  2. import pycurl
  3. import struct
  4. from binascii import unhexlify, crc32
  5. import urllib2
  6.  
  7. transaction = str(sys.argv[1])
  8. data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
  9.  
  10. dataout = b''
  11. atoutput = False
  12. for line in data:
  13. if 'Output Scripts' in line:
  14. atoutput = True
  15. if '</table>' in line:
  16. atoutput = False
  17. if atoutput:
  18. if len(line) > 100:
  19. chunks = line.split(' ')
  20. for c in chunks:
  21. if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
  22. dataout += unhexlify(c.encode('utf8'))
  23.  
  24. length = struct.unpack('<L', dataout[0:4])[0]
  25. checksum = struct.unpack('<L', dataout[4:8])[0]
  26. dataout = dataout[8:8+length]
  27. print dataout
  28.  
  29. usage
  30.  
  31. python script.py transaction_number
  32.  
  33. returns all the data in the output scripts
  34.  
  35. example
  36.  
  37. python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  38.  
  39. Returns,
  40.  
  41. Wikileaks Cablegate Backup
  42.  
  43. cablegate-201012041811.7z
  44.  
  45. Download the following transactions with Satoshi Nakamoto's download tool which
  46. can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
  47.  
  48. Free speech and free enterprise! Thank you Satoshi!
  49. [2:41 AM] Bobb: I am not an expert but I know many of them and can get answers on questions fast
  50. [2:41 AM] iDanoo: ah python
  51. [2:41 AM] claudiacardinale:
  52. HOW TO FIND MESSAGES ON THE BLOCKCHAIN
  53.  
  54. I'll be helping you with a few initial examples. Remember that if you feel like you've been compromised, switch over to codec communication.
  55.  
  56. I'm assuming you already did the example on Jean's latest code dump >>24140 Let's try to do a few more.
  57.  
  58. First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
  59.  
  60. Use Jean's script and do
  61.  
  62. 'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf'
  63.  
  64. Once it is done you will be able to see a pdf was generated in that directory.
  65.  
  66. Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
  67. [2:41 AM] claudiacardinale:
  68. For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
  69.  
  70. If you do
  71.  
  72. python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
  73.  
  74. You will get a key that was leaked.
  75.  
  76. Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again.
  77.  
  78. Using this method we've found several transactions that involve Wikileaks that we don't quite understand.
  79.  
  80.  
  81. One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.
  82.  
  83. For example, the Bitcoin paper transaction.
  84.  
  85. If you do
  86.  
  87. 'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output'
  88.  
  89. and then do,
  90.  
  91. 'file -b output'
  92.  
  93. You will get:
  94.  
  95. 'PDF document, version 1.4'
  96.  
  97. For
  98.  
  99. 'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output'
  100.  
  101. 'file -b output'
  102.  
  103. you should get
  104.  
  105. 'GPG encrypted data'
  106. [2:42 AM] claudiacardinale:
  107. MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS
  108.  
  109. import sys
  110. import pycurl
  111. import struct
  112. from binascii import unhexlify, crc32
  113. import urllib2
  114.  
  115. # usage, python script.py transactionlist.txt > file
  116.  
  117. txlist = str(sys.argv[1])
  118.  
  119. def txdecode(transaction):
  120. data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
  121.  
  122. dataout = b''
  123. atoutput = False
  124. for line in data:
  125. if 'Output Scripts' in line:
  126. atoutput = True
  127. if '</table>' in line:
  128. atoutput = False
  129. if atoutput:
  130. if len(line) > 100:
  131. chunks = line.split(' ')
  132. for c in chunks:
  133. if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
  134. dataout += unhexlify(c.encode('utf8'))
  135.  
  136. length = struct.unpack('<L', dataout[0:4])[0]
  137. checksum = struct.unpack('<L', dataout[4:8])[0]
  138. dataout = dataout[8:8+length]
  139. return dataout
  140.  
  141. f = open(txlist, 'r')
  142.  
  143. alldata = b''
  144. for l in f.readlines():
  145. l = l.rstrip('\n')
  146. alldata += txdecode(str(l))
  147.  
  148. print alldata
  149.  
  150. example:
  151.  
  152. python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  153.  
  154. save the 130 transactions to trans.txt
  155.  
  156. then use the script above and do
  157.  
  158. python newscript.py trans.txt > cables
  159.  
  160. you will get a zipfile with the cables
  161. [2:42 AM] iDanoo: woah
  162. [2:42 AM] claudiacardinale:
  163. GETTING ADDRESSES FROM HASHES
  164.  
  165. # How to get address from hash
  166. # Run the following on bitcoin
  167. from pybitcoin import BitcoinPrivateKey
  168. pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
  169. pk.public_key().address()
  170. # Compressed address will be returned
  171. pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
  172. pk.public_key().address()
  173. # Uncompressed address will be returned
  174.  
  175. snowden
  176. 1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
  177.  
  178. 1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
  179.  
  180. kerry
  181. 1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
  182.  
  183. 1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
  184.  
  185. ecuador
  186. 1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
  187.  
  188. 16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
  189.  
  190. ukfco
  191. 1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
  192.  
  193. 1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
  194. [2:42 AM] claudiacardinale:
  195. Analysis threads (heavily deleted and slid):
  196.  
  197. https://8ch.net/pol/res/7946506.html
  198.  
  199. https://8ch.net/pol/res/7962287.html
  200.  
  201. Post where a 'key' was posted and deletions started taking place:
  202.  
  203. https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html
  204.  
  205. https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
  206. [2:42 AM] claudiacardinale:
  207. Link to original insurance file in case anyone wants to test that one:
  208.  
  209. https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
  210.  
  211. https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
  212. https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
  213.  
  214. https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
  215.  
  216. https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
  217.  
  218. https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
  219.  
  220. openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
  221. openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
  222. openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
  223. openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
  224. openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"
  225. the passwords seem to be telling us that there might be multiple files
  226. coming out of this, or it could be telling us a message like "Use a Tor Onion Router and do this". It might be that the file has to be unlocked over and over.
  227.  
  228. also someone suggested, "take the last 32 or so bytes in the file, flip them, save it and then run 'file -b' on it."
  229.  
  230. UNCRACKED TRANSACTIONS:
  231.  
  232. 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
  233. d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
  234. cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
  235. 2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
  236. 657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
  237. 05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
  238. 623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
  239. 5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!