-
Notifications
You must be signed in to change notification settings - Fork 8
/
vanity.c
201 lines (161 loc) · 5.19 KB
/
vanity.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#include <fcntl.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <time.h>
#include <openssl/sha.h>
uint32_t find_vanity(uint8_t* vanity, int vlen, uint8_t* key, int keylen, uint32_t limit) {
time_t start = time(NULL);
// 5 to 8 are the timestamp (the interesting bit!)
uint32_t timestamp = (key[4] << 24) + (key[5] << 16) + (key[6] << 8) + key[7];
// maybe make this actually variable...
unsigned int total = timestamp-limit;
unsigned int counter = 0;
while(timestamp > limit) {
// reduce by one
timestamp -= 1;
key[4] = (timestamp >> 24) & 0xff;
key[5] = (timestamp >> 16) & 0xff;
key[6] = (timestamp >> 8) & 0xff;
key[7] = (timestamp) & 0xff;
// calculate hash with new data
uint8_t digest[20];
SHA1(key, keylen, digest);
// see if it's a vanity one
int i;
for(i = 0; i < vlen; i++) {
if(digest[19-i] != vanity[vlen-1-i])
break;
// if we're here, we found one! yay!
if(i == vlen-1)
return timestamp;
}
if((++counter % 10000000) == 0) {
char buf[200];
time_t diff = time(NULL) - start +1;
time_t ye = timestamp;
struct tm* tmp = localtime(&ye);
strftime(buf, sizeof(buf), "%F", tmp);
printf("[~] At %s, %d%% at %u kps\n", buf, (int)(((double) counter)/(total)*100), counter / diff);
}
}
return 0;
}
void readkey(int fd, uint8_t** key, int* keylen) {
uint8_t buf[3];
{
// make sure the first packet is a pubkey or seckey packet
read(fd, buf, 3);
if((buf[0] & 0x3f) >> 2 != 6 && (buf[0] & 0x3f) >> 2 != 5) {
printf("[!] packet is not a pubkey or seckey!\n");
exit(2);
}
*keylen = (buf[1] << 8) + (buf[2]);
// take into account the three bytes already read
*keylen += 3;
// assuming we work with 4096 keys at most
*key = (uint8_t*) malloc(sizeof(uint8_t)**keylen);
// copy first three bytes from buf
memcpy(*key, buf, 3);
// read rest of the key
read(fd, *key+3, (*keylen)-3);
if((*key)[3] != 0x04) {
printf("[!] version number != 4\n");
exit(2);
}
}
}
int main(int argc, char** argv) {
int fd = -1;
if(argc != 5) {
printf("Usage: $0 keyring.pub keyring.sec timelimit vanitybytes\n");
return 1;
}
printf("[+] Reading public key from %s\n", argv[1]);
if ((fd = open(argv[1], O_RDONLY, 0)) == -1) {
printf("[-] open() failed");
return 2;
}
int keylen;
uint8_t *key;
readkey(fd, &key, &keylen);
close(fd);
printf("[*] Public Key Packet Size: %d\n", keylen);
{
// 20 bytes digest
uint8_t digest[20];
SHA1(key, keylen, digest);
printf("[*] original figerprint: 0x");
int i;
for(i = 0; i < 20; i++)
printf("%02x", digest[i]);
printf("\n");
}
uint8_t* vanity = (uint8_t*) argv[4];
int vlen = strlen(argv[4]);
printf("[*] Searching for: 0x...");
int i;
for(i = 0; i < vlen; i++)
printf("%02x", vanity[i]);
printf("\n");
uint32_t limit; {
limit = strtol(argv[3], 0, 10);
char buf[200];
time_t ye = limit;
struct tm* tmp = localtime(&ye);
strftime(buf, sizeof(buf), "%F", tmp);
printf("[*] Searching down to %s\n", buf);
}
uint32_t timestamp = find_vanity(vanity, vlen, key, keylen, limit);
if(!timestamp) {
printf("[!] No key found in reasonable time range, giving up :(\n");
return 1;
}
printf("[+] got it!\n");
printf("[*] timestamp: ");
for(i = 0; i < 4; i++)
printf("%02x", key[4+i]);
printf("\n");
{
// 20 bytes digest
uint8_t digest[20];
SHA1(key, keylen, digest);
printf("[*] new fingerprint: 0x");
int i;
for(i = 0; i < 20; i++)
printf("%02x", digest[i]);
printf("\n");
}
printf("[+] Writing new public key to result.pub\n");
if ((fd = open("result.pub", O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR | S_IWUSR)) == -1) {
printf("[-] open() failed");
return 2;
}
write(fd, key, keylen);
write(fd, "\xb4\x22""fake uid, replace with a valid one", 36);
close(fd);
printf("[+] Reading secret key from %s\n", argv[2]);
if ((fd = open(argv[2], O_RDONLY, 0)) == -1) {
printf("[-] open() failed");
return 2;
}
readkey(fd, &key, &keylen);
close(fd);
printf("[*] Secret Key Packet Size: %d\n", keylen);
key[4] = (timestamp >> 24) & 0xff;
key[5] = (timestamp >> 16) & 0xff;
key[6] = (timestamp >> 8) & 0xff;
key[7] = (timestamp) & 0xff;
printf("[+] Writing new secret key to result.sec\n");
if ((fd = open("result.sec", O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR | S_IWUSR)) == -1) {
printf("[-] open() failed");
return 2;
}
write(fd, key, keylen);
write(fd, "\xb4\x22""fake uid, replace with a valid one", 36);
close(fd);
printf("[+] All done!\n");
return 0;
}