API tools faq
paste
Guest User

Untitled

a guest
Nov 25th, 2016
1,588
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.19 KB | None | 0 0
raw download clone embed print report
  1. ------------------------------------------------------
  2. Ok guys, here's my last version of this code.
  3.  
  4. http://gateway.glop.me/ipfs/QmZFkRKoGkv5zBVjsbYvR9miGgvgEsutUnbdNXxcPbrZrZ/jean3.py
  5. https://codepaste.net/q893m5
  6.  
  7. IIRC it does what jean3.py was supposed to do. That means there's only two more scripts left to recreate all the previous steps.
  8.  
  9. Setting up TrID:
  10. -----------------------
  11. Download TrID http://mark0.net/soft-trid-e.html
  12. chmod +x trid
  13. Download tridupdate.py http://mark0.net/download/tridupdate.zip
  14. python tridupdate.py
  15.  
  16. Setting up output:
  17. ---------------------------
  18. mdkir dataout
  19. mv trid dataout/.
  20.  
  21. Then use like this:
  22. ---------------
  23. python jean3.py 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v
  24.  
  25. Results:
  26. ------------
  27. All decoded data will be in the dataout folder. 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v_file_tx_list.txt will have a list of the transactions and the type of file found in them.
  28.  
  29. Misc:
  30. --------
  31. If you want to start at a specific page you can change 'startatpage'. It would also be very easy to start a specific date (use date1 and date2).
  32.  
  33. Cheers
  34.  
  35. ------------------------------------------------------
  36. WL
  37.  
  38. f6046148a74fa880403c630de743f7d01736725d941e744ce0c89baa098287ec
  39. 100.0% (.FLI) FLIC FLI video (1/1) 2016-05-24 21:39:18
  40.  
  41. 042c1cd09ec672e2d504b76e16398c62396fa57ab0004a793dfc68d49d3e4cc9
  42. 100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1) 2016-04-24 07:47:50
  43.  
  44. 83f7a29360abe4e927ae25ad803d2a28d088d119a47941fe0c42445bb2e78730
  45. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-21 06:17:47
  46.  
  47. ad85d76b5fd006cb3f08edda4d80327f425caed83aeb20aaa0c0ed281064484b
  48. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 19:14:05
  49.  
  50. fa3e0d76b55e01c45dd4218a41794f39b3792310cf1a88f3502824e4afc3e867
  51. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-14 02:26:40
  52.  
  53. 6ea5ff73db52591661ff7c0c7eb161594b67b8e129ccc2e1429fe0c71d69e1ff
  54. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 23:05:59
  55.  
  56. 35bfef9b0febbf3b1cefbd8f503e90d997e55d9f3841e45f359529debd6c1bca
  57. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 22:07:46
  58.  
  59. 7fd31fccd96a3e94c21d15b45ae1957c22fe51a1aa6cb18f054bda20966304ac
  60. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-13 04:22:39
  61.  
  62. 78a013b6c857f5535b9133896d4c115d2bbe15995a28a71f63049bf3bdcb1eba
  63. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-04-12 22:23:58
  64.  
  65.  
  66. ------------------------------------------------------
  67. WL
  68.  
  69. c336d08c199ea108cd1c9e8fb3da289fc0887e85cb9fd53cb56a0b8041d05838
  70. 100.0% (.DMG) Disk Image (Macintosh) (1000/1) 2016-07-24 22:30:48
  71.  
  72. fdfd8c3c9b535551945645e212852df757763eedc2b05ae56ec6df1beb511105
  73. 100.0% (.VC) VisiCalc spreadsheet (1000/1) 2016-07-14 08:44:12
  74.  
  75.  
  76. ------------------------------------------------------
  77. WL
  78.  
  79. eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce
  80. 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1) 2016-07-25 03:43:10
  81.  
  82.  
  83. ------------------------------------------------------
  84. From WL
  85.  
  86. http://gateway.glop.me/ipfs/QmbMYBqEwfhT1DMDoqc2aUhJqwhomMYHmWsKnsnnNDdZ5B/2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05
  87.  
  88. http://gateway.glop.me/ipfs/QmVBkPhcgGsCiNSn8Tkq4AL44bSFpj2SmyTXkT4wZW1fes/eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce
  89.  
  90. 2016-08-26 23:23:10
  91. 2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05
  92. 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1)
  93.  
  94. 2016-07-25 03:43:10
  95. eb75ada9646771a94d8c46d86f52923e2c0d2302bae73a0dda14ac842836f4ce
  96. 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1)
  97. 2016-07-25 01:08:54
  98.  
  99. ------------------------------------------------------
  100. from WL
  101.  
  102. 2767c5a7386aa02b973e88304bdc12d91583146c94f90e91075042a164c93d05
  103. 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1)
  104. 2016-08-26 11:01:38
  105.  
  106.  
  107. ------------------------------------------------------
  108. To everyone reading this. Please back up the script and save this information as soon as possible. I lost my connection and had to go to another computer to send this message.
  109.  
  110. ------------------------------------------------------
  111. tx ids. You can download it and analyze it. We will have to combine some of them soon.
  112.  
  113. Latest Wikileaks files:
  114.  
  115. 13bd667802cc58936996dbf5defd2307b716e1f84a9908de0c77f3c1a3b4cde3
  116. 100.0% (.FLI) FLIC FLI video (1/1)
  117.  
  118. 8218ab03d82ebfa309aceedb484e695bc058f080397d7794826c9efc1d0287b7
  119. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  120.  
  121. c06244b1da9edb9da54736c17cf8d92cc754e1cd109c5a9858d7eb107079ff31
  122. 100.0% (.FLI) FLIC FLI video (1/1)
  123.  
  124. 6571600fac324166a566d4702acbd799e8e4a2f70498989cdffa204578660970
  125. 100.0% (.VC) VisiCalc spreadsheet (1000/1)
  126.  
  127. 9d765d8074e9b85afa9f2868af61271b2043ddde365d9446c9b5afa5905d6f53
  128. 100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1)
  129.  
  130. 05fb32e6188df3381b19fd2cb81e5eb4c6ab0ddc885a6b3b6f87f2a5fdf4240e
  131. 100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1)
  132.  
  133. 4a88c0c359c26fef3cc507463336a1c77d187fbc3bf7bda509fb2f1b5f8762e5
  134. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  135.  
  136. 97b2ee5fc43d24912da36ba62795884068a1b0086d5c0d3d65bad5ccca637e77
  137. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  138.  
  139. d2be0169c5b5fccfd853a2391c6e3fc2e68a9efcbbecc842ecd98a41c58f85a0
  140. 100.0% (.MUX) MUX video (2000/1)
  141.  
  142. ------------------------------------------------------
  143. Are these files or file hashes? What can we do with this data?
  144.  
  145. ------------------------------------------------------
  146. Bug fix: http://gateway.glop.me/ipfs/QmZNLgLEtjyeJjVGrfqowSuoZuETL54LYGPeQiLAkegevY/get_files_in_wallet.py
  147.  
  148. Lot of stuff in here...
  149.  
  150. python get_files_in_wallet.py 3CaaFJF39T9TWiNtCKTnU79A3NvGeWKdqL
  151.  
  152. 1eef3c9474a065b38cfb8b1cac0ce6ef155173811e0fdfb04a54df2a0ef74b40
  153. 100.0% (.FLC) FLIC FLC video (1/1)
  154.  
  155. 52968900d9963e854a84a6dbda0a87d1511e65ce10d4ccf2a46b72f52509d2eb
  156. 100.0% (.FLC) FLIC FLC video (1/1)
  157.  
  158. c139c0b631d969dd98ed14fd0aa1129957b62689a9198656d157963e54fb04ee
  159. 100.0% (.FLC) FLIC FLC video (1/1)
  160.  
  161. 1fbcff35263a17061f58d9b41900cc9ac44f879d534729582f666dc289b48794
  162. 100.0% (.FLC) FLIC FLC video (1/1)
  163.  
  164. 4c729d0c64a40e4eb1624e8f3a499354a30508b643248b9a9531af716c4a5a90
  165. 100.0% (.FLC) FLIC FLC video (1/1)
  166.  
  167. 7d43580841bc8b8baaa3097f11c83fea454a56535a34a49350b12a9cfdabb7ac
  168. 100.0% (.FLC) FLIC FLC video (1/1)
  169.  
  170. python get_files_in_wallet.py 1KEyVEndor3p6c3NL2UiVhscXPZKb3DfY1
  171.  
  172. d68a906b0608e8feb6402830b0f2961b296d118cb6c825ace4ebd48db05f3f17
  173. 100.0% (.MP3) MP3 audio (1000/1)
  174.  
  175. c0e918dd1b197f04fd15a569fdc377bd9e0a7987b969d14dc295cddba5c60dc1
  176. 100.0% (.DMG) Disk Image (Macintosh) (1000/1)
  177.  
  178. 8003eef72e31269c0668358189ec9dc6bfc259df86d3e49c7b77ae0e247fc489
  179. 100.0% (.BS/BIN) PrintFox (C64) bitmap (1000/1)
  180.  
  181. dcd2d0ca8a4a20ecd4382e10b10058e706f2d1154a9332ea99c7be52aabe4f0e
  182. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  183.  
  184. 8143f7dfbb9e8e2311a41014358adf057312063786a9280f0193e00e481cf25e
  185. 100.0% (.FLI) FLIC FLI video (1/1)
  186.  
  187. c98a14c83d2ca53e54e97db8360f2efb0bfe105d63d811274212ee28b5cbf465
  188. 100.0% (.FLI) FLIC FLI video (1/1)
  189.  
  190. 8c79839b7d7088efbf56945c08a6cce4db4ac625c527f170143e0854011a0625
  191. 100.0% (.DMG) Disk Image (Macintosh) (1000/1)
  192.  
  193. b043983e0556c73a5f48bc680a70a5f842241eb7cc4c5889a71575633ac0d221
  194. 100.0% (.DMG) Disk Image (Macintosh) (1000/1)
  195.  
  196. 09a86aa780980cd5f66f966c8bf3009d1c028d5caa6a3e373f70e6986ca60144
  197. 100.0% (.INI) Generic INI configuration (1000/1)
  198.  
  199. 4bb09877350505dd2070f4391acd6251e8c5b4e89da4855de1c964fe99ef819d
  200. '''100.0% (.GPG) GNU Privacy Guard public keyring (1000/1)'''
  201.  
  202. bcea9f0a0306ef20919251a002ce31294e82dfa717f30b3a5c555e12095e83c1
  203. 100.0% (.INI) Generic INI configuration (1000/1)
  204.  
  205. 9df5abc2ce02d9471deba79b067fd3ca0ffa227f0efaccdf616a145371c68a35
  206. 100.0% (.FLI) FLIC FLI video (1/1)
  207.  
  208. c2ce449c33071a6773306928bf65960de98974a6c2afea8d81cc66e63ff70d43
  209. 100.0% (.FLI) FLIC FLI video (1/1)
  210.  
  211. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  212.  
  213. 8c7878202c2c3059ceb13e0afd95271cc95e451fc2b1ff09ef6a533bc5f99450
  214. 100.0% (.FLI) FLIC FLI video (1/1)
  215.  
  216. 466be482c0d3e4aafefd21b2183b68297610df08228e7c3449f6bc9037d1d3e5
  217. 100.0% (.FLI) FLIC FLI video (1/1)
  218.  
  219. 68dd95b4c35c9e14225930cff1771d6098df766bc77091a457dd653b07033314
  220. 100.0% (.FLI) FLIC FLI video (1/1)
  221.  
  222. 7524a456d0257d91e3786a164129a21467ed6345fc814401e1fb84609c3f3679
  223. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  224.  
  225. 4bd6d1a297c7be1313b1d4fce121447e0ec43cb94ac277477fbf97c522e1e8e6
  226. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  227.  
  228. 23ff44669130d16e7dedec7eb63373fa78d003aec1058aeb8fe8ceffe3803c54
  229. 100.0% (.) QuickBasic BSAVE binary data (1000/1)
  230.  
  231. 04aa8970c6e5da0a359a34ecab203bfb036dc19dc2a2da065261fe2c00e7a209
  232. 100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1)
  233.  
  234. 48dd7a482143c3124fcc588b985eca8420e6eb5ddbfe216ff1c067c4f3979e45
  235. 100.0% (.PGC) PGN (Portable Gaming Notation) Compressed format (1000/1)
  236.  
  237. c8485c58ea151cd452b9bbc4a6b84345895f3c31156adf906b7dc3b4f669c222
  238. 100.0% (.FLI) FLIC FLI video (1/1)
  239.  
  240.  
  241. ------------------------------------------------------
  242. 4bb09877350505dd2070f4391acd6251e8c5b4e89da4855de1c964fe99ef819d
  243. 100.0% (.GPG) GNU Privacy Guard public keyring (1000/1)
  244.  
  245.  
  246. ------------------------------------------------------
  247. There was a small bug in the code. Here's the patched version: http://gateway.glop.me/ipfs/QmaUkf14k4gPYyTeCYzgW44THkRdBYTSra9oumbxAGQevN/get_files_in_wallet.py
  248.  
  249. The first address has 6 'FLIC videos'
  250.  
  251. Collecting data from file: 1eef3c9474a065b38cfb8b1cac0ce6ef155173811e0fdfb04a54df2a0ef74b40
  252. 100.0% (.FLC) FLIC FLC video (1/1)
  253.  
  254. Collecting data from file: 52968900d9963e854a84a6dbda0a87d1511e65ce10d4ccf2a46b72f52509d2eb
  255. 100.0% (.FLC) FLIC FLC video (1/1)
  256. 533bd9226bbe9ef9d7625910da39db27ea0b780d36bc8d13fac4c879aa56fcfe
  257.  
  258. Collecting data from file: c139c0b631d969dd98ed14fd0aa1129957b62689a9198656d157963e54fb04ee
  259. 100.0% (.FLC) FLIC FLC video (1/1)
  260.  
  261.  
  262. Collecting data from file: 1fbcff35263a17061f58d9b41900cc9ac44f879d534729582f666dc289b48794
  263. 100.0% (.FLC) FLIC FLC video (1/1)
  264.  
  265. Collecting data from file: 4c729d0c64a40e4eb1624e8f3a499354a30508b643248b9a9531af716c4a5a90
  266. 100.0% (.FLC) FLIC FLC video (1/1)
  267.  
  268. Collecting data from file: 7d43580841bc8b8baaa3097f11c83fea454a56535a34a49350b12a9cfdabb7ac
  269. 100.0% (.FLC) FLIC FLC video (1/1)
  270. Page 2 ...
  271. 46 transactions found
  272. 6 file headers found
  273. List saved in file 3CaaFJF39T9TWiNtCKTnU79A3NvGeWKdqL_tx_list.txt
  274. Txs with file headers saved in 3CaaFJF39T9TWiNtCKTnU79A3NvGeWKdqL_file_tx_list.txt
  275.  
  276.  
  277. ------------------------------------------------------
  278. Can someone run these? It's not letting me:
  279.  
  280. python get_files_in_wallet.py 3CaaFJF39T9TWiNtCKTnU79A3NvGeWKdqL
  281. python get_files_in_wallet.py 1KEyVEndor3p6c3NL2UiVhscXPZKb3DfY1
  282. python get_files_in_wallet.py 1KEYVENdoRGdbgzXUW8eJVzNp5yoTGG7hg
  283.  
  284.  
  285. ------------------------------------------------------
  286. python get_files_in_wallet.py 16jv3REqedeiTK8dzygyirNLWiP5gAc2KX
  287.  
  288. Collecting data from file: cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
  289. 100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated) (3001/2)
  290. d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
  291.  
  292. Collecting data from file: d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
  293. 100.0% (.PGP/GPG) PGP symmetric key encrypted message (salted+iterated) (3001/2)
  294.  
  295. 2 transactions found
  296. 2 file headers found
  297.  
  298. ------------------------------------------------------
  299. Script to find transactions with encoded files. Scans all transactions made by a wallet. Prints tx id and file type. Saves decoded data and a list of tx ids.
  300.  
  301. https://codepaste.net/dm1hyo
  302. http://gateway.glop.me/ipfs/QmPidNDyo9Zn89BeGsFMErhjQ9zcurkVYCveJC6pC9fKHo/get_files_in_wallet.py
  303.  
  304. Setup:
  305.  
  306. Download TrID http://mark0.net/soft-trid-e.html
  307. Do 'chmod +x trid'
  308. Download tridupdate.py http://mark0.net/download/tridupdate.zip
  309.  
  310. Do 'python tridupdate.py'
  311.  
  312. TrID and get_files_in_wallet.py should be in the same directory.
  313.  
  314. Example:
  315.  
  316. python get_files_in_wallet.py 1C3WStWpfCmsoG5WmDeaYSwAeEY1ncWQoh
  317.  
  318. It should find a PDF. It will save all decoded data from transactions, a list of tx ids and a list of tx ids that include file headers.
  319.  
  320.  
  321. ------------------------------------------------------
  322. While we wait to get a proper database... here's a script that will give you a transaction list for each BTC address (it just scrapes blockchain.info):
  323.  
  324. http://gateway.glop.me/ipfs/QmS6cQ14HgdfR8H2RLStTsYP8oikoMrwYQDLf243rtuoJ8/get_wallet_txs.py
  325. https://codepaste.net/rzo26r
  326.  
  327. Example:
  328.  
  329. python get_wallet_txs.py 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE
  330.  
  331. Will save the list to 1JVQw1siukrxGFTZykXFDtcf6SExJVuTVE_tx_list.txt
  332.  
  333. ------------------------------------------------------
  334. TrID - you can get the .exe or a python ( I used the exe) and there's a db w/ 5k known. I've applied it to the 383000 - 383100 range already, quite a few hits, no time to go through yet. Have at it.
  335.  
  336. ------------------------------------------------------
  337. Is there an alternative to magic file in UNIX? We should probably write our own code. I've heard that some file headers are not even in the beginning of the transaction, so we should probably search for them at all parts of the file.
  338.  
  339. We already know some important ones like PGP, GPG, PDF, CSV, 7z, and so on.
  340.  
  341. ------------------------------------------------------
  342. Anyone using a Windows box (Better be in a VM and disconnected from network while you are doing any of this work):
  343.  
  344. Check out TrIDNet program at mark0.net/soft-tridnet-e.html
  345.  
  346. This program recognizes pretty much every single file type possible. Make sure you download the RAR file of XML defs to use with it.
  347.  
  348. ------------------------------------------------------
  349. The file begins with
  350.  
  351. "<80>W3<90>..."
  352.  
  353. Is there any html or email header that has W3 in it?
  354.  
  355. ------------------------------------------------------
  356. I put this file into a i386 disassembler and got the following output:
  357.  
  358. http://gateway.glop.me/ipfs/QmchNnbkucF5rp5VseBYEtY5dufLwL4ULBuL7oyvuxZ76X/asm_out.txt
  359.  
  360. Theres only the data section so I dont know if its a false positive. It's also only 5kb of size. Also I don't know x86 assembly so I can't really interpret it.
  361.  
  362. ------------------------------------------------------
  363. Email backup?
  364.  
  365. "Evolution uses the following file types:
  366. 8086 relocatable (Microsoft)
  367. ASCII English text, with very long lines
  368. ASCII mail text
  369. ASCII mail text, with very long lines
  370. ASCII text
  371. ASCII text, with no line terminators
  372. Berkeley DB 1.85 (Hash, version 2, native byte-order)
  373. Berkeley DB (Hash, version 8, native byte-order)
  374. data
  375. empty
  376. HTML document text
  377. ISO-8859 mail text, with very long lines
  378. Non-ISO extended-ASCII text
  379. Non-ISO extended-ASCII text, with no line terminators
  380. SQLite 3.x database
  381. UTF-8 Unicode English text
  382. vCalendar calendar file
  383. XML document text"
  384.  
  385.  
  386. ------------------------------------------------------
  387. dc88c8a9fe6cd63d12da51e2306682b8e3159750823cb2f748e03f9e928d96d5: 8086 relocatable (Microsoft)
  388.  
  389. ------------------------------------------------------
  390. I'm I think I'm seeing a file header in this transaction.
  391.  
  392. dc88c8a9fe6cd63d12da51e2306682b8e3159750823cb2f748e03f9e928d96d5
  393.  
  394.  
  395. ------------------------------------------------------
  396. ??
  397.  
  398. ------------------------------------------------------
  399. Bingo here.
  400.  
  401. ------------------------------------------------------
  402. If you have a local copy of the blockchain please respond to this message.
  403.  
  404. ------------------------------------------------------
  405. How to put data into the blockchain.
  406.  
  407. CODE (ENCODING):
  408. http://gateway.glop.me/ipfs/QmXV7haSznR3LQtrVEejrSQueVbZ1u5s6ASGHCfWVnNvbD/bitcoin-insertion-tool.py
  409. http://gateway.glop.me/ipfs/Qmdd3u4FdrMwM5z4MfgCAwnDkXTb6taUXd1FA1Drjmryhh/send-op-return.py
  410. https://21.co/learn/embedding-data-blockchain-op-return/#creating-and-sending-the-transaction
  411.  
  412.  
  413. ------------------------------------------------------
  414. Adding more SNIPPETS and CODE:
  415.  
  416. INSURANCE SNIPPETS (First 5.1MB, can be used to test keys):
  417. http://gateway.glop.me/ipfs/QmUUiWf1KLshZBQWHDt8yVaabHdMjJA2g1md7YS8qsvMci/insurance.aes256.5120
  418. http://gateway.glop.me/ipfs/QmZHmQrNuBL1MJEi3cSn7bYoLShLiqGue5oeqZmcvHtBD6/wlinsurance-20130815-A.aes256.5120
  419. http://gateway.glop.me/ipfs/QmRRAnoHgZGqMrJodHA3Nj6GeQ5j4y1AHUbG8MgVXWshMH/wlinsurance-20130815-B.aes256.5120
  420. http://gateway.glop.me/ipfs/QmPCPmGwyCghyMrVENUB1AEbzkZ9dULE9rBJcVMqc5RG1M/wlinsurance-20130815-C.aes256.5120
  421. http://gateway.glop.me/ipfs/QmNdwpvqWXkYsxPnjoL8rSZZpVDRDNu3YYvddsQ7dLdrEC/2016-06-03_insurance.aes256.5120
  422. http://gateway.glop.me/ipfs/QmcDMXxr99Fi583oZKYqFzg8TwomugeV49oFkMrtGHEJ6Z/2016-11-07_WL-Insurance_EC.aes256.5120
  423. "http://gateway.glop.me/ipfs/QmPAoxkRcJERJEyj3uXsnKwe819WkqnX2Gp1VgpoaxLtys/2016-11-07_WL-Insurance_UK.aes256.5120">http://gateway.glop.me/ipfs/QmPAoxkRcJERJEyj3uXsnKwe819WkqnX2Gp1VgpoaxLtys/2016-11-07_WL-Insurance_UK.aes256.5120
  424. http://gateway.glop.me/ipfs/QmaYUUco1VtVurovbrtboMvu6kvFp9pdz6CEA97ftxojy5/2016-11-07_WL-Insurance_US.aes256.5120
  425.  
  426. CODE:
  427. http://gateway.glop.me/ipfs/QmSU67Ei3TerNe32CcZTgd48jKqsVvBTgera1qBWFjKK9V/jean.py
  428. http://gateway.glop.me/ipfs/QmburFHeUtM3wdrEj3rmUuBkx6iDmYpreyGCvHijgJhZnh/jean_b.py
  429. http://gateway.glop.me/ipfs/QmafUK8hYKztKD3hNNzF4EsW3N5nUcNvHZ4auEidjLkqJd/jean2.py
  430. http://gateway.glop.me/ipfs/QmaVdcqSowfbr58295ipeZxUU97FmqLXBadBgjcXwuqXa9/block-opreturn-finder.py
  431. http://gateway.glop.me/ipfs/QmRWjFfGzhtxMLdrHXeCAPFvqyrQPRebpEzpNANfhfTMxA/block-reader.c
  432. https://codepaste.net/gh3mui
  433. https://codepaste.net/f1ca5s
  434. https://codepaste.net/2kk75e
  435. https://codepaste.net/4yn1vy
  436. https://codepaste.net/bao7qh&nbsp; ---> (New, C code for local blockchain copies)
  437.  
  438.  
  439. ------------------------------------------------------
  440. (Please note that jean3.py is still missing. A bit more code is needed to detect files, crawl, and merge them)
  441.  
  442. https://www.reddit.com/r/WhereIsAssange/comments/5e55p3/a_simple_blockchain_decoding_tutorial/
  443.  
  444. CODE:
  445. http://gateway.glop.me/ipfs/QmSU67Ei3TerNe32CcZTgd48jKqsVvBTgera1qBWFjKK9V/jean.py
  446. http://gateway.glop.me/ipfs/QmburFHeUtM3wdrEj3rmUuBkx6iDmYpreyGCvHijgJhZnh/jean_b.py
  447. http://gateway.glop.me/ipfs/QmafUK8hYKztKD3hNNzF4EsW3N5nUcNvHZ4auEidjLkqJd/jean2.py
  448. http://gateway.glop.me/ipfs/QmaVdcqSowfbr58295ipeZxUU97FmqLXBadBgjcXwuqXa9/block-opreturn-finder.py
  449. http://gateway.glop.me/ipfs/QmRWjFfGzhtxMLdrHXeCAPFvqyrQPRebpEzpNANfhfTMxA/block-reader.c
  450. https://codepaste.net/gh3mui
  451. https://codepaste.net/f1ca5s
  452. https://codepaste.net/2kk75e
  453. https://codepaste.net/4yn1vy
  454.  
  455. NOT TESTED:
  456. https://github.com/maximilliangeorge/wikileaks-block-collector
  457.  
  458. SALTS:
  459. insurance.aes256 DE 18 1B 73 EF F3 5E 39 DA
  460. wlinsurance-20130815-A.aes256 0F 0B DA 00 F0 35 9A 0F C8
  461. wlinsurance-20130815-B.aes256 AB C2 04 75 6B AB 85 BE 30
  462. wlinsurance-20130815-C.aes256 73 6B 46 4C 2F 84 9A C2 A4
  463.  
  464.  
  465. INSURANCE SNIPPETS:
  466. http://gateway.glop.me/ipfs/QmUUiWf1KLshZBQWHDt8yVaabHdMjJA2g1md7YS8qsvMci/insurance.aes256.5120
  467. http://gateway.glop.me/ipfs/QmZHmQrNuBL1MJEi3cSn7bYoLShLiqGue5oeqZmcvHtBD6/wlinsurance-20130815-A.aes256.5120
  468. http://gateway.glop.me/ipfs/QmRRAnoHgZGqMrJodHA3Nj6GeQ5j4y1AHUbG8MgVXWshMH/wlinsurance-20130815-B.aes256.5120
  469. http://gateway.glop.me/ipfs/QmPCPmGwyCghyMrVENUB1AEbzkZ9dULE9rBJcVMqc5RG1M/wlinsurance-20130815-C.aes256.5120
  470. http://gateway.glop.me/ipfs/QmNdwpvqWXkYsxPnjoL8rSZZpVDRDNu3YYvddsQ7dLdrEC/2016-06-03_insurance.aes256.5120
  471.  
  472. BITCOIN LEADS:
  473. Blocks 434304-435711, 383000-383100
  474. http://s6424n4x4bsmqs27.onion/.media/t_8bb6afe8feb8a9836a9b23a505c14809-imagepng
  475. 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
  476. 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
  477. d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
  478. cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
  479. 2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
  480. 657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
  481. 05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
  482. 623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
  483. 5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
  484. https://blockchain.info/tx/6ad9a4728d3a06dc6452324f67cf5dea9a8bc5b286089e6a04b884135b9dafe0
  485. https://bitcointalk.org/index.php?topic=260881
  486.  
  487. HOW TO GET THE KEYS (AND MORE) FROM THE BLOCKCHAIN:
  488.  
  489. The goal is to make very simple code that is easy to use and understand so that everyone can do this. This is a rough explanation of how it works.
  490.  
  491. There are two main approaches users are taking to decode messages in the blockchain. Scanning transactions, let's call this 'tx scanning', and scanning blocks, let's call this 'block scanning'. The main reason users are not yet able to see meaningful content is because both approaches have to be combined.
  492.  
  493. TX SCANNING:
  494. When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the 'Cablegate Backup'. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by 'tx crawling'. To do this, follow these steps:
  495. . For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx).
  496. . For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds.
  497. . Continue doing this until you are not able to see the pattern repeat itself.
  498.  
  499. BLOCK SCANNING:
  500. When you scan by block, you will be able to find encoded data more easily but it is harder to extract the tx id and wallets. One benefit of block scanning is that you can explicitly search for file headers and important strings. For example you can directly search for the magic numbers in GPG files. When you find one of these, you can then tx crawl from that starting point in order to get all pieces of the file. More concretely, if you want to find the Cablegate Backup with a block scanner, you could search for the magic number of Zip files. Then, when one is found, you can find the tx id that contains it, and finally tx crawl to get all the pieces. Yet, file headers are just one of the many other patterns that can be used to find important transactions. Examples of others are:
  501. . Magic numbers: Look for the first bytes in different types of file. 'file' can be used in UNIX.
  502. . Ability to compress: Compress the decoded output. If the size is reduced, the output is possibly a message or part of a file.
  503. . Text: If the decoded output has text, it might have information.
  504. . Keywords (Very important): Search for relevant keywords, e.g., checksums for files in Wikileaks.org, checksums for the insurance files, hashes, dates, names, time stamps, etc.
  505. . Reversibility: Some messages are in reverse and need to be flipped. This should be tried both before and after decoding.
  506.  
  507. Both scanners have to be used. The starting points for the searches should be Wikileak's wallet, important dates (for example, during the DDoS attacks), previous messages and checksum hashes. The Cablegate Backup was a bit simpler than the more recent messages. In that case, only one wallet spent the funds in each transaction, and simply looking at wallet's next transaction was enough to find all the pieces. Newer messages are bit more complicated. Some of the wallets that receive money make multiple transactions with no encoded data before proceeding with the 'real' transaction. Moreover, in a lot of cases, all wallets involved spend the funds (not just one). Therefore, the crawler has to keep track of all wallets that receive funds, and all future transactions of that wallet while using techniques (like those above) to detect encoded data. A transaction tree should be kept and the pieces of each files should be combined in multiple orderings.
  508.  
  509. If you implement the process described above you will find all the keys, other backups and other files that are not released. One way to test your code is to search for checksum hashes for files that have already been published at a specific date. **There are multiple messages in the blockchain that include file hashes and date**s.
  510.  
  511. I recommend you use a local copy of the blockchain and carry out the search on a computer that has no internet access. Work in groups and share the process. Remember to look at other cryptocurrencies as well and to encode your findings into the blockchain yourself.
  512.  
  513. Good luck!
  514.  
  515. http://sli.mg/RT1V6o
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!