Brainflayer

(Link to Brainflayer https://github.com/ryancdotorg/brainflayer)

Brainflayer is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was originally released as part of my DEFCON talk about cracking brainwallets (slidesvideowhy).

The name is a reference to Mind Flayers, a race of monsters from the Dungeons & Dragons role-playing game. They eat brains, psionically enslave people and look like lovecraftian horrors.

The current release is more than four times faster than the DEFCON release, and many features have been added.

Brainflayer’s design is heavily influenced by Unix philosophy. It (mostly) does one thing: hunt for tasty brainwallets. A major feature it does not have is generating candidate passwords/passphrases. There are plenty of other great tools that do that, and brainflayer is happy to have you pipe their output to it.

Unfortunately, brainflayer is not currently multithreaded. If you want to have it keep multiple cores busy, you’ll have to come up with a way to distribute the work yourself (brainflayer’s -n and -k options may help). In my testing, brainflayer benefits significantly from hyperthreading, so you may want to run two copies per physical core. Also worth noting is that brainflayer mmaps its data files in shared memory, so additional brainflayer processes do not use up that much additional RAM.

 

Hopefully you have installed Ubuntu, Updates, Repositories and Moudles if not check out the Install Ubuntu Guide.

Basic Commands
Precompute the bloom filter: hex2blf example.hex example.blf

Run Brainflayer against it: brainflayer -v -b example.blf -i phraselist.txt

Run Brainflayer with adon generator: your_generator | brainflayer -v -b example.blf

Advanced Commands
-m FILE Load the ecmult table from FILE (generated with ecmtabgen) rather than computing it on startup. This will allow multiple brainflayer processes to share the same table in memory, and signifigantly reduce startup time when using a large table.

-f FILE Verify check bloom filter matches against FILE, a list of all hash160s generated with sort -u example.hex | xxd -r -p > example.bin Enough addresses exist on the Bitcoin network to cause false positives in the bloom filter, this option will suppress them.

-t keccak passphrases to be hashed with keccak256 (some ethereum tools)

-t priv raw private keys – this can be used to support arbitrary deterministic wallet schemes via an external program. Any trailing data after the hex encoded private key will be included in brainflayer’s output as well, for reference. See also the -I option if you want to crack a bunch of sequential keys, which has special speed optimizations.

-t warp salts or passwords/passphrases for WarpWallet

-t bwio salts or passwords/passphrases for brainwallet.io

-t bv2 salts or passwords/passphrases for brainv2 – this one is very slow on CPU, however the parameter choices make it a great target for GPUs and FPGAs.

-t rush passwords for password-protected rushwallets – pass the fragment (the part of the url after the #) using -r. Almost all wrong passwords will be rejected even without a bloom filter.

Address types can be specified with the -c option:
-c u uncompressed addresses
-c c compressed addresses
-c cu compressed addresses & uncompressed addresses
-c e ethereum addresses
-c x most signifigant bits of public point’s x coordinate

  • git clone https://github.com/ryancdotorg/brainflayer.git

  • cd brainflayer
  • make (This only has to be done Once)

If you have not yet Built a Bitcoin Address Database then here is a good place to start – BTC Address in Base58 and H160 Sorted by Satoshi Balance (here) to download your CSV file. Thanks to bitkeys.work Bitcoin Private Key Generator | All Bitcoin Address with Balance (bitkeys.work)

On a Windows 10 runing Ubuntu will need to extract file to this location :

  • Ubuntu18.04 LTS : C:\Users\Your_Username\AppData\Local\Packages\CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc\LocalState\rootfs\home\Your_Username
  • Ubuntu20.04 LTS : C:\Users\Your_Username\AppData\Local\Packages\CanonicalGroupLimited.Ubuntu20.04onWindows_79rhkp1fndgsc\LocalState\rootfs\home\Your_Username

Copy Your CVS file to Brainflayer Folder 

  • sudo cp btc_balance_sorted.csv /home/Your_Username/brainflayer/btc_balance_sorted.csv

Copying the file this way into Brainflayer folder Alows Ubuntnu to use it in brainflayer without permission issuse. Make sure you in the root directory.

Make your Bloom File and Bin File

  • sudo cut -d, -f 1 btc_balance_sorted.csv > btc_base58.txt

(The resulting file “btc_base58.txt” will be a huge list of BTC base58 address line by line.)

  • sudo cut -d, -f 4 btc_balance_sorted.csv > btc_h160.txt

(The resulting file “btc_h160.txt” will be a huge list of BTC H160 address line by line.)

  • ./hex2blf btc_h160.txt btcaddress.blf

(The resulting file “btcaddress.blf” will be a list of BTC H160 address for much quicker lookup)

  • sort -u btc_h160.txt | xxd -r -p > btc_h160.bin

(The resulting file “btc_h160.bin” we be a list of all hash160s generated verify check bloom filter matches that cause false positives in the bloom filter, this option will suppress them)

 

 

 

 

Examples:

Standard Commands

  • (Run brainflayer -v Visual -b bloomfilter -i includefile -o Outputfile)
    ./brainflayer -v -b btcaddress.blf -i wordlist.txt -o found.txt
  • (Run brainflayer -t salts/passwordsWarpWallet -b bloomfilter -i includefile -o Outputfile)
    ./brainflayer -t warp -v -b btcaddress.blf -i wordlist.txt -o found.txt
  • (Run brainflayer -t salts/passwordsWarpWalletbrainwallet.io -b bloomfilter -i includefile -o Outputfile)
    ./brainflayer -t bwio -v -b btcaddress.blf -i wordlist.txt -o found.txt
  • (Run brainflayer -v Visual -c Compressionboth -b bloomfilter -f VerifycheckbloomFile -o Outputfile)
    ./brainflayer -v -c cu -b btcaddress.blf -f btc_h160.bin -o found.txt
  • (Run brainflayer -v Visual -c Compressionboth -t rawprivatekeys -b bloomfilter -f VerifycheckbloomFile -o Outputfile)
    ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -f btc_h160.bin -o found.txt

Incremental Private Key Brute Force Mode

  • (Run brainflayer -v Visual -I StartingRange -b bloomfilter -o Outputfile)
    ./brainflayer -v -I 0000000000000000000000000000000000000000000000000000000000000001 -b btcaddress.blf -o found.txt
  • (Run brainflayer -v Visual -c Compressionboth -I StartingRange -b bloomfilter -f VerifycheckbloomFile -o Outputfile)
    ./brainflayer -v -c cu -I 1000000000000000000000000000000000000000000000000000000000000000 -b btcaddress.blf -f btc_h160.bin -o found.txt

First install Crunch Run Command : sudo apt-get install crunch

Example Crunch Commands:

crunch 1 64 abcdefghijklmopqrstuvwxyz | ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -o found.txt

crunch 1 64 abcdefghijklmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890\!\@\#\$\%\^\&\*\(\)\-\_\+\=\~\’\[\]\{\}\:\;\<\>\,\.\?\/ | ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -o found.txt

crunch 51 51 abcdefghijklmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890\!\@\#\$\%\^\&\*\(\)\-\_\+\=\~\’\[\]\{\}\:\;\<\>\,\.\?\/ -t 5@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -o found.txt

crunch 34 34 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 -t @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ./brainflayer -v -b btcaddress.blf -o found.txt

 

Find random private keys in hex

Copy Random Hex to Brainflayer folder:

sudo cp randomhex /home/Your_Name/brainflayer/randomhex

RandomHex Commands

1st Time on windows run:  sudo chmod +x
sudo chmod +x ./randomhex | ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -f btc_h160.bin -o found.txt

Every time after
./randomhex | ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -f btc_h160.bin -o found.txt

Both Compressed and Uncompressed
./randomhex | ./brainflayer -v -c cu -t priv -x -b btcaddress.blf -o found.txt

Compressed
./randomhex | ./brainflayer -v -c c -t priv -x -b btcaddress.blf -o found.txt

Uncompressed
./randomhex | ./brainflayer -v -c u -t priv -x -b btcaddress.blf -o found.txt

Random With Starting Range

./randomhex | ./brainflayer -v -c cu -I 1000000000000000000000000000000000000000000000000000000000000000 -b btcaddress.blf -f btc_h160.bin -o found.txt

 

RandomHex Download (Here)

MiniKey for brute-force bitcoin mini private keys.

Copy MiniKey to Brainflayer folder:

sudo cp minpks /home/Your_Name/brainflayer/minpks

1st Time on windows run:  sudo chmod +x

Or Move MiniKey to Brainflayer folder:

sudo mv minpks /home/Your_Name/brainflayer/minpks

1st Time on windows run:  sudo chmod +x

MiniKey Commands

./minpks | ./brainflayer -c uc -a -v -b btcaddress.blf -o found.txt

./minpks | ./brainflayer -v -c cu -b btcaddress.blf -f btc_h160.bin -o found.txt

 

MiniKey Download (Here)