It was one of those Fridays, where I was thankful it was Friday. I had spent the morning dissecting a live phishing campaign, and building some tooling to replicate some of its techniques for use on a future Red Team engagement. That was lots of fun, but the weekend couldn’t come quick enough for me. I was scrolling tweets on twitter when something caught my attention. A 7 year old challenge from @ TodB. I didn’t follow him yet, though I probably should’ve been, that has now been rectified. This tweet had been retweeted by two others I do follow.
I’m not one to let such challenge to go unsolved. Meme cryptocoin $DOGE (which thanks to some odd connection to r/WSB has had its $USD valued increase like crazy this week), a 7 year old puzzle, DEF CON, metasploit, a treasure hunt, it all was irresistible to me.
It began with a link to a Rapid7 blog that linked to an interview that Tod had at DEF CON 22. Included was the promise:
So, take this as a challenge: if you can crack my private key, feel free to take the Dogecoin as a reward
In this interview he was exploiting a vulnerability on old Android versions and exposed the encrypted private key backup of a Dogecoin wallet. So how was I to go about cashing in on this?
All in all, it was a rather simple and straight forward process:
- Transcribe private key backup from the interview video. A few things to note if you try to reproduce this:
- B’s and 8’s look alot alike, escpecially when filmed from a angle.
- It’s easier to see clearly if you turn the video quality up on youtube from 240p to 1080p. (I have no idea why it defaulted so low…)
- I used CyberChef to decode the base64 text to verify what I was working with. The decoded string began with “_salted” or such. - Find out how this wallet was encrypted.
- With a carefully worded search in my favorite search engine I came across this documentation that details multiple methods the wallet could be encrypted and the commands needed to decrypt. - So now I just need to know the correct passphrase to decrypt this wallet. This is where my searching earlier paid off as I came across
btrecovera tool do just what I need, brute force a wallet password.
- I used it the first time withtokens.txtfile that looked like this:%0,4dto just try a simple up to 4 digit long pin. That didn’t work.
- Next I decided to try a basic wordlist, say the 14.2 million words longrockyou.txtwordlist, and the password cracked easily with password being simplyx. Yes, a single lower case X. - Now it was time to decrypt that wallet, I bet
btrecoverwould have done it, but I like learning, and it paid off for me this time to do it manually. Following this doc from step 2, I did:
-openssl enc -d -aes-256-cbc -md md5 -a -in bitcoin-wallet-backup > bitcoin-wallet-backup-decrypteand provided the passwordx
-cat bitcoin-wallet-backup-decryptedupon doing this much of the file was clear text, but some of it was garbled in the middle. See, being CBC, not every block has to be correct to have other parts decrypt properly.
- This is when I had to circle back to verifying my transcription, see the note in Step 1. After doing that, everything came out right. - Now that I had a plainly visible Private Key, it was time to spend the funds.
- I downloaded dogecoin core and started the wallet. And it started synchronizing. It’s still synchronizing. It will probably keep synchronizing for the next 3 months.
- I tried the lite wallet, multidoge. With it I was able to successfully import the private key to a new wallet, but it wouldn’t let me spend the funds until it had synchronized, it’s still synchronizing too.
- Finally, I found an alternative, a browser based wallet that doesn’t synchronize, doesn’t have a fancy GUI, just simple manipulation, signing, and broadcast to an active node to be confirmed. CoinB.in - Now I had to learn a bunch more about Dogecoin, as I haven’t done much with BTC/DOGE/DEFCOIN in a long time. But I was finally able to get a transaction to stick and sweep that wallet clean.
I used CoinB.in to:
- Create New Wallet
- Create New Transaction
- Sign the Transaction
- Broadcast the Transaction
A few notes:
- Nobody is going to mine you transaction into a block if you don’t include a transaction fee for them to take. My first attempt at signing the transaction taking everything to a new wallet was great, except I had a 0 DOGE transaction fee. It sat unconfirmed for a long time.
- RBF, or replace-by-fee isn’t really supported by many nodes. I tried just increasing the fee on the same transaction, but nobody would accept it, I’d get various 409 and other errors.
- CPFP, or Child-Pay-For-Parent transaction, doens’t appear to be a thing ing Dogecoin either. I made a 2nd transaction, from the new wallet with a large transaction fee, 1.5 DOGE, but even though the nodes accepted it, it never got confirmed.
- Finally, a day later, after those transactions had cleared nodes mempools, I was able to submit another transaction duplicating the original, but with a sizable transaction fee for it to gain traction and gain it’s more than 6 confirmations needed to make it binding.
And that’s the story of how I laid claim to 1,337 DOGE from TodB’s stash of 2014.
You can see the wallet’s now empty: https://dogechain.info/address/DECFs5C89tGHBQgpaocBEKKJqwRmEyA2Wc
And I’ll accept any DOGE donations at DUQaiVgtGroqa1TJEAN9guQo3cabYA9qJ5