From 754038ad166bfcf62fb6ff4793b69bd4ef5f1e00 Mon Sep 17 00:00:00 2001 From: philsmd Date: Sat, 11 Jun 2022 11:44:05 +0200 Subject: [PATCH] fixes #3090 closes #3091: Added -m 2850x = Bitcoin WIF/P2PKH private key cracking --- OpenCL/inc_ecc_secp256k1.cl | 4 +- OpenCL/inc_ecc_secp256k1.h | 9 +- OpenCL/inc_hash_base58.cl | 647 ++++++++++++++++++++++++++++++++++ OpenCL/inc_hash_base58.h | 24 ++ OpenCL/m28501_a0-pure.cl | 317 +++++++++++++++++ OpenCL/m28501_a1-pure.cl | 395 +++++++++++++++++++++ OpenCL/m28501_a3-pure.cl | 392 ++++++++++++++++++++ OpenCL/m28502_a0-pure.cl | 319 +++++++++++++++++ OpenCL/m28502_a1-pure.cl | 397 +++++++++++++++++++++ OpenCL/m28502_a3-pure.cl | 352 ++++++++++++++++++ charsets/base58.hcchr | 1 + docs/changes.txt | 1 + docs/readme.txt | 1 + include/convert.h | 2 + include/emu_inc_hash_base58.h | 14 + include/types.h | 1 + src/Makefile | 1 + src/convert.c | 24 ++ src/emu_inc_hash_base58.c | 10 + src/modules/module_28501.c | 254 +++++++++++++ src/modules/module_28502.c | 254 +++++++++++++ src/shared.c | 4 + tools/install_modules.sh | 2 + tools/test.pl | 5 + tools/test.sh | 5 + tools/test_modules/m28501.pm | 106 ++++++ tools/test_modules/m28502.pm | 104 ++++++ 27 files changed, 3641 insertions(+), 4 deletions(-) create mode 100644 OpenCL/inc_hash_base58.cl create mode 100644 OpenCL/inc_hash_base58.h create mode 100644 OpenCL/m28501_a0-pure.cl create mode 100644 OpenCL/m28501_a1-pure.cl create mode 100644 OpenCL/m28501_a3-pure.cl create mode 100644 OpenCL/m28502_a0-pure.cl create mode 100644 OpenCL/m28502_a1-pure.cl create mode 100644 OpenCL/m28502_a3-pure.cl create mode 100644 charsets/base58.hcchr create mode 100644 include/emu_inc_hash_base58.h create mode 100644 src/emu_inc_hash_base58.c create mode 100644 src/modules/module_28501.c create mode 100644 src/modules/module_28502.c create mode 100644 tools/test_modules/m28501.pm create mode 100644 tools/test_modules/m28502.pm diff --git a/OpenCL/inc_ecc_secp256k1.cl b/OpenCL/inc_ecc_secp256k1.cl index 04ac5d606..d5cf37f56 100644 --- a/OpenCL/inc_ecc_secp256k1.cl +++ b/OpenCL/inc_ecc_secp256k1.cl @@ -1850,7 +1850,7 @@ DECLSPEC int convert_to_window_naf (PRIVATE_AS u32 *naf, PRIVATE_AS const u32 *k * @param tmps in: a basepoint for the multiplication. * @return Returns the x coordinate with a leading parity/sign (for odd/even y), it is named a compressed coordinate. */ -DECLSPEC void point_mul_xy (PRIVATE_AS u32 *x1, PRIVATE_AS u32 *y1, PRIVATE_AS const u32 *k, GLOBAL_AS const secp256k1_t *tmps) +DECLSPEC void point_mul_xy (PRIVATE_AS u32 *x1, PRIVATE_AS u32 *y1, PRIVATE_AS const u32 *k, SECP256K1_TMPS_TYPE const secp256k1_t *tmps) { u32 naf[SECP256K1_NAF_SIZE] = { 0 }; @@ -1991,7 +1991,7 @@ DECLSPEC void point_mul_xy (PRIVATE_AS u32 *x1, PRIVATE_AS u32 *y1, PRIVATE_AS c * @param tmps in: a basepoint for the multiplication. * @return Returns the x coordinate with a leading parity/sign (for odd/even y), it is named a compressed coordinate. */ -DECLSPEC void point_mul (PRIVATE_AS u32 *r, PRIVATE_AS const u32 *k, GLOBAL_AS const secp256k1_t *tmps) +DECLSPEC void point_mul (PRIVATE_AS u32 *r, PRIVATE_AS const u32 *k, SECP256K1_TMPS_TYPE const secp256k1_t *tmps) { u32 x[8]; u32 y[8]; diff --git a/OpenCL/inc_ecc_secp256k1.h b/OpenCL/inc_ecc_secp256k1.h index 6e52a5d64..dfa272fa4 100644 --- a/OpenCL/inc_ecc_secp256k1.h +++ b/OpenCL/inc_ecc_secp256k1.h @@ -207,6 +207,11 @@ // (32*8 == 256) #define PRIVATE_KEY_LENGTH 8 +// change the type of input/tmps in your kernel (e.g. PRIVATE_AS / CONSTANT_AS): +#ifndef SECP256K1_TMPS_TYPE +#define SECP256K1_TMPS_TYPE GLOBAL_AS +#endif + typedef struct secp256k1 { u32 xy[SECP256K1_PRE_COMPUTED_XY_SIZE]; // pre-computed points: (x1,y1,-y1),(x3,y3,-y3),(x5,y5,-y5),(x7,y7,-y7) @@ -217,8 +222,8 @@ typedef struct secp256k1 DECLSPEC u32 transform_public (PRIVATE_AS secp256k1_t *r, PRIVATE_AS const u32 *x, const u32 first_byte); DECLSPEC u32 parse_public (PRIVATE_AS secp256k1_t *r, PRIVATE_AS const u32 *k); -DECLSPEC void point_mul_xy (PRIVATE_AS u32 *x1, PRIVATE_AS u32 *y1, PRIVATE_AS const u32 *k, GLOBAL_AS const secp256k1_t *tmps); -DECLSPEC void point_mul (PRIVATE_AS u32 *r, PRIVATE_AS const u32 *k, GLOBAL_AS const secp256k1_t *tmps); +DECLSPEC void point_mul_xy (PRIVATE_AS u32 *x1, PRIVATE_AS u32 *y1, PRIVATE_AS const u32 *k, SECP256K1_TMPS_TYPE const secp256k1_t *tmps); +DECLSPEC void point_mul (PRIVATE_AS u32 *r, PRIVATE_AS const u32 *k, SECP256K1_TMPS_TYPE const secp256k1_t *tmps); DECLSPEC void set_precomputed_basepoint_g (PRIVATE_AS secp256k1_t *r); diff --git a/OpenCL/inc_hash_base58.cl b/OpenCL/inc_hash_base58.cl new file mode 100644 index 000000000..d0a1839a3 --- /dev/null +++ b/OpenCL/inc_hash_base58.cl @@ -0,0 +1,647 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +/** + * Based on bitcoin/libbase58 implementation + * by Luke Dashjr + * adapted by b0lek to run on GPUs as part of hashcat + */ + +#include "inc_vendor.h" +#include "inc_common.h" +#include "inc_types.h" +#include "inc_platform.h" +#include "inc_hash_sha256.h" +#include "inc_hash_base58.h" + +// (sizeof (u32) * 8): + +#define B58_BITS 32 + +// ((((u64) 1) << B58_BITS) - 1): + +#define B58_MASK 0xffffffff + +CONSTANT_VK u8 B58_DIGITS_ORDERED[] = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; + +CONSTANT_VK u32 B58_DIGITS_MAP[256] = +{ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, -1, -1, -1, -1, -1, -1, + -1, 9, 10, 11, 12, 13, 14, 15, 16, -1, 17, 18, 19, 20, 21, -1, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, -1, 44, 45, 46, + 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +}; + +DECLSPEC bool is_valid_base58 (PRIVATE_AS const u32 *data, PRIVATE_AS const u32 offset, PRIVATE_AS const u32 len) +{ + for (u32 i = offset; i < len; i++) + { + const u32 div = (i / 4); + const u32 shift = (i % 4) * 8; + + const u32 b = (data[div] >> shift) & 0xff; + + const u32 c = B58_DIGITS_MAP[b]; + + // Invalid base58 digit + + if (c == (u32) -1) return false; + } + + return true; +} + +DECLSPEC bool b58dec (PRIVATE_AS u8 *bin, PRIVATE_AS u32 *binszp, PRIVATE_AS const u8 *b58, PRIVATE_AS const u32 b58sz) +{ + u32 binsz = *binszp; + + const u8 *b58u = (u8*) b58; + u8 *binu = (u8*) bin; + + u32 outisz = (binsz + sizeof (u32) - 1) / sizeof (u32); + + u32 outi[200]; + + u8 bytesleft = binsz % sizeof (u32); + + u32 zero_mask = bytesleft ? (B58_MASK << (bytesleft * 8)) : 0; + + unsigned zerocount = 0; + + for (u32 i = 0; i < outisz; i++) + { + outi[i] = 0; + } + + // Leading zeros, just count + + u32 i = 0; + + for (; i < b58sz && b58u[i] == '1'; i++) + { + ++zerocount; + } + + for (; i < b58sz; i++) + { + u32 c = B58_DIGITS_MAP[b58u[i]]; + + // Invalid base58 digit + + if (c == (u32) -1) return false; + + for (u32 j = outisz; j--; ) + { + u64 t = ((u64) outi[j]) * 58 + c; + + c = t >> B58_BITS; + + outi[j] = t & B58_MASK; + } + + // Output number too big (carry to the next int32) + + if (c != 0) return false; + + // Output number too big (last int32 filled too far) + + if (outi[0] & zero_mask) return false; + } + + u32 j = 0; + + if (bytesleft) + { + for (u32 i = bytesleft; i > 0; i--) + { + *(binu++) = (outi[0] >> (8 * (i - 1))) & 0xff; + } + + j++; + } + + for (; j < outisz; j++) + { + for (u32 i = sizeof (*outi); i > 0; i--) + { + *(binu++) = (outi[j] >> (8 * (i - 1))) & 0xff; + } + } + + // Count canonical base58 byte count + + binu = (u8*) bin; + + for (u32 i = 0; i < binsz; i++) + { + if (binu[i]) break; + + --*binszp; + } + + *binszp += zerocount; + + return true; +} + +// special function to handle only input of 51 characters +// attention: we use BE (big endian) here as output + +DECLSPEC bool b58dec_51 (PRIVATE_AS u32 *out, PRIVATE_AS const u32 *data) +{ + // data length must be 51 and must be checked before calling the function + + for (u32 i = 0; i < 51; i++) + { + const u32 div = (i / 4); + const u32 shift = (i % 4) * 8; + + const u32 b = (data[div] >> shift) & 0xff; + + u32 c = B58_DIGITS_MAP[b]; + + // checked with is_valid_base58 (): + // if (c == (u32) -1) return false; + + // test speed with (manual or automatic) #pragma unroll + + for (u32 j = 0; j < 10; j++) + { + const u32 pos = 9 - j; + + const u64 t = ((u64) out[pos]) * 58 + c; + + c = t >> 32; // upper u32 + + out[pos] = t; // lower u32 (& 0xffffffff) + } + } + + + // fix byte alignment: + // #pragma unroll + + for (u32 i = 0; i < 10; i++) // offset of: 3 bytes + { + out[i] = (out[i + 0] << 24) | (out[i + 1] >> 8); + } + + return true; +} + +// special function to handle only input of 52 characters +// attention: we use BE (big endian) here as output + +DECLSPEC bool b58dec_52 (PRIVATE_AS u32 *out, PRIVATE_AS const u32 *data) +{ + // data length must be 52 and must be checked before calling the function + + for (u32 i = 0; i < 52; i++) + { + const u32 div = (i / 4); + const u32 shift = (i % 4) * 8; + + const u32 b = (data[div] >> shift) & 0xff; + + u32 c = B58_DIGITS_MAP[b]; + + // checked with is_valid_base58 (): + // if (c == (u32) -1) return false; + + // test speed with (manual or automatic) #pragma unroll + + for (u32 j = 0; j < 10; j++) + { + const u32 pos = 9 - j; + + const u64 t = ((u64) out[pos]) * 58 + c; + + c = t >> 32; // upper u32 + + out[pos] = t; // lower u32 (& 0xffffffff) + } + } + + + // fix byte alignment: + // #pragma unroll + + for (u32 i = 0; i < 10; i++) // offset of: 2 bytes + { + out[i] = (out[i + 0] << 16) | (out[i + 1] >> 16); + } + + return true; +} + +// maximum 256 bytes as input, mininum 4 bytes (checksum) + +DECLSPEC bool b58check (PRIVATE_AS const u8 *bin, PRIVATE_AS const u32 binsz) +{ + u32 data[64] = { 0 }; // 64 * 4 = 256 bytes (should be enough) + + u8 *datac = (u8*) data; + u8 *binc = (u8*) bin; + + if (binsz < 4) return false; + if (binsz > 256) return false; + + for (u32 i = 0; i < binsz - 4; i++) + { + datac[i] = binc[i]; + } + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update_swap (&ctx, data, binsz-4); + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) // 32 / 4 + { + data[i] = ctx.h[i]; + } + + for (u32 i = 8; i < 16; i++) // clear bytes: needed for sha256_update () + { + data[i] = 0; + } + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + ctx.h[0] = hc_swap32_S (ctx.h[0]); + + u8 * ph4 = (u8*) ctx.h; + u8 * sum = (u8*) (binc + (binsz - 4)); // offset: binsz - 4, last 4 bytes + + if (ph4[0] != sum[0]) return false; + if (ph4[1] != sum[1]) return false; + if (ph4[2] != sum[2]) return false; + if (ph4[3] != sum[3]) return false; + + return true; +} + +// ATTENTION: this function expects a 64 byte data buffer, containing the checksum after the data + +DECLSPEC bool b58check64 (PRIVATE_AS const u32 *bin, PRIVATE_AS const u32 binsz) +{ + if (binsz < 4) return false; + // if (binsz > 63) return false; + + u32 data[16] = { 0 }; + + for (u32 i = 0; i < 15; i++) data[i] = bin[i]; + + const u32 div = binsz / 4; + const u32 mod = binsz % 4; + + data[div] = 0; + + switch (mod) + { + case 0: + data[div - 1] &= 0x00000000; + break; + case 1: + data[div - 1] &= 0x000000ff; + break; + case 2: + data[div - 1] &= 0x0000ffff; + break; + case 3: + data[div - 1] &= 0x00ffffff; + break; + } + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update_swap (&ctx, data, binsz - 4); + sha256_final (&ctx); + + data[ 0] = ctx.h[0]; + data[ 1] = ctx.h[1]; + data[ 2] = ctx.h[2]; + data[ 3] = ctx.h[3]; + data[ 4] = ctx.h[4]; + data[ 5] = ctx.h[5]; + data[ 6] = ctx.h[6]; + data[ 7] = ctx.h[7]; + + data[ 8] = 0; + data[ 9] = 0; + data[10] = 0; + data[11] = 0; + data[12] = 0; + data[13] = 0; + data[14] = 0; + data[15] = 0; + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + const u32 ph4 = hc_swap32_S (ctx.h[0]); + + u32 checksum = 0; + + switch (mod) + { + case 0: + checksum = (bin[div - 1] >> 0); + break; + case 1: + checksum = (bin[div] << 24) | (bin[div - 1] >> 8); + break; + case 2: + checksum = (bin[div] << 16) | (bin[div - 1] >> 16); + break; + case 3: + checksum = (bin[div] << 8) | (bin[div - 1] >> 24); + break; + } + + return (ph4 == checksum); +} + +// optimized for 21 + 4 input bytes in buffer "bin" + +DECLSPEC bool b58check_25 (PRIVATE_AS const u32 *bin) +{ + u32 data[16] = { 0 }; + + // for (u32 i = 0; i < 6; i++) data[i] = bin[i]; + + data[0] = bin[0]; + data[1] = bin[1]; + data[2] = bin[2]; + data[3] = bin[3]; + data[4] = bin[4]; + data[5] = bin[5]; + + data[5] &= 0x000000ff; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update_swap (&ctx, data, 21); + sha256_final (&ctx); + + data[ 0] = ctx.h[0]; + data[ 1] = ctx.h[1]; + data[ 2] = ctx.h[2]; + data[ 3] = ctx.h[3]; + data[ 4] = ctx.h[4]; + data[ 5] = ctx.h[5]; + data[ 6] = ctx.h[6]; + data[ 7] = ctx.h[7]; + + data[ 8] = 0; + data[ 9] = 0; + data[10] = 0; + data[11] = 0; + data[12] = 0; + data[13] = 0; + data[14] = 0; + data[15] = 0; + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + const u32 ph4 = hc_swap32_S (ctx.h[0]); + + const u32 checksum = (bin[6] << 24) | (bin[5] >> 8); + + return (ph4 == checksum); +} + +// optimized for 33 + 4 input bytes in buffer "bin" +// attention: we use BE (big endian) here as input + +DECLSPEC bool b58check_37 (PRIVATE_AS const u32 *bin) +{ + u32 data[16] = { 0 }; + + // for (u32 i = 0; i < 9; i++) data[i] = bin[i]; + + data[0] = bin[0]; + data[1] = bin[1]; + data[2] = bin[2]; + data[3] = bin[3]; + data[4] = bin[4]; + data[5] = bin[5]; + data[6] = bin[6]; + data[7] = bin[7]; + data[8] = bin[8]; + + data[8] &= 0xff000000; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, data, 33); + sha256_final (&ctx); + + data[ 0] = ctx.h[0]; + data[ 1] = ctx.h[1]; + data[ 2] = ctx.h[2]; + data[ 3] = ctx.h[3]; + data[ 4] = ctx.h[4]; + data[ 5] = ctx.h[5]; + data[ 6] = ctx.h[6]; + data[ 7] = ctx.h[7]; + + data[ 8] = 0; + data[ 9] = 0; + data[10] = 0; + data[11] = 0; + data[12] = 0; + data[13] = 0; + data[14] = 0; + data[15] = 0; + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + const u32 ph4 = ctx.h[0]; + + const u32 checksum = (bin[8] << 8) | (bin[9] >> 24); + + return (ph4 == checksum); +} + +// optimized for 34 + 4 input bytes in buffer "bin" +// attention: we use BE (big endian) here as input + +DECLSPEC bool b58check_38 (PRIVATE_AS const u32 *bin) +{ + u32 data[16] = { 0 }; + + // for (u32 i = 0; i < 9; i++) data[i] = bin[i]; + + data[0] = bin[0]; + data[1] = bin[1]; + data[2] = bin[2]; + data[3] = bin[3]; + data[4] = bin[4]; + data[5] = bin[5]; + data[6] = bin[6]; + data[7] = bin[7]; + data[8] = bin[8]; + + data[8] &= 0xffff0000; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, data, 34); + sha256_final (&ctx); + + data[ 0] = ctx.h[0]; + data[ 1] = ctx.h[1]; + data[ 2] = ctx.h[2]; + data[ 3] = ctx.h[3]; + data[ 4] = ctx.h[4]; + data[ 5] = ctx.h[5]; + data[ 6] = ctx.h[6]; + data[ 7] = ctx.h[7]; + + data[ 8] = 0; + data[ 9] = 0; + data[10] = 0; + data[11] = 0; + data[12] = 0; + data[13] = 0; + data[14] = 0; + data[15] = 0; + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + const u32 ph4 = ctx.h[0]; + + const u32 checksum = (bin[8] << 16) | (bin[9] >> 16); + + return (ph4 == checksum); +} + +DECLSPEC bool b58enc (PRIVATE_AS u8 *b58, PRIVATE_AS u32 *b58sz, PRIVATE_AS const u8 *data, PRIVATE_AS const u32 binsz) +{ + const u8 *bin = (u8 *) data; + int carry; + u32 j = 0; + u32 zcount = 0; + + while (zcount < binsz && !bin[zcount]) ++zcount; + + u32 size = (binsz - zcount) * 138 / 100 + 1; + + u8 buf[200] = { 0 }; + + u32 i = zcount; + u32 high = size - 1; + + for (; i < binsz; i++, high = j) + { + for (carry = bin[i], j = size - 1; (j > high) || carry; j--) + { + carry += 256 * buf[j]; + + buf[j] = carry % 58; + + carry /= 58; + + if (! j) break; + } + } + + j = 0; + + for (; j < (size && !buf[j]); j++) {} + + if (*b58sz <= zcount + size - j) + { + *b58sz = zcount + size - j + 1; + + return false; + } + + for (u32 i = 0; i < zcount; i++) + { + b58[i] = '1'; + } + + for (i = zcount; j < size; i++, j++) + { + b58[i] = B58_DIGITS_ORDERED[buf[j]]; + } + + b58[i] = '\0'; + + *b58sz = i + 1; + + return true; +} + +DECLSPEC bool b58check_enc (PRIVATE_AS u8 *b58c, PRIVATE_AS u32 *b58c_sz, PRIVATE_AS const u8 ver, PRIVATE_AS const u8 *data, PRIVATE_AS const u32 datasz) +{ + u8 buf[128] = { 0 }; + + u32 *buf32 = (u32*) buf; + u8 *data8 = (u8 *) data; + + u8 *hash = &buf[1 + datasz]; + + buf[0] = ver; + + for (u32 i = 0; i < datasz; i++) + { + buf[i + 1] = data8[i]; + } + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update_swap (&ctx, buf32, datasz + 1); + sha256_final (&ctx); + + u32 data1[128] = { 0 }; + + for (u32 i = 0; i < 0x20; i++) + { + ((u8*) data1)[i] = ((u8*) ctx.h)[i]; + } + + sha256_init (&ctx); + sha256_update (&ctx, data1, 0x20); + sha256_final (&ctx); + + ctx.h[0] = hc_swap32_S (ctx.h[0]); + + for (u32 i = 0; i < 4; i++) + { + ((u8 *) hash)[i] = ((u8 *) ctx.h)[i]; + } + + return b58enc (b58c, b58c_sz, buf, 1 + datasz + 4); +} diff --git a/OpenCL/inc_hash_base58.h b/OpenCL/inc_hash_base58.h new file mode 100644 index 000000000..30e396148 --- /dev/null +++ b/OpenCL/inc_hash_base58.h @@ -0,0 +1,24 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifndef _INC_HASH_BASE58_H +#define _INC_HASH_BASE58_H + +DECLSPEC bool is_valid_base58 (PRIVATE_AS const u32 *data, PRIVATE_AS const u32 offset, PRIVATE_AS const u32 len); + +DECLSPEC bool b58dec (PRIVATE_AS u8 *bin, PRIVATE_AS u32 *binszp, PRIVATE_AS const u8 *b58, PRIVATE_AS const u32 b58sz); +DECLSPEC bool b58dec_51 (PRIVATE_AS u32 *out, PRIVATE_AS const u32 *data); +DECLSPEC bool b58dec_52 (PRIVATE_AS u32 *out, PRIVATE_AS const u32 *data); + +DECLSPEC bool b58check (PRIVATE_AS const u8 *bin, PRIVATE_AS const u32 binsz); +DECLSPEC bool b58check64 (PRIVATE_AS const u32 *bin, PRIVATE_AS const u32 binsz); +DECLSPEC bool b58check_25 (PRIVATE_AS const u32 *bin); +DECLSPEC bool b58check_37 (PRIVATE_AS const u32 *bin); +DECLSPEC bool b58check_38 (PRIVATE_AS const u32 *bin); + +DECLSPEC bool b58enc (PRIVATE_AS u8 *b58, PRIVATE_AS u32 *b58sz, PRIVATE_AS const u8 *data, PRIVATE_AS const u32 binsz); +DECLSPEC bool b58check_enc (PRIVATE_AS u8 *b58c, PRIVATE_AS u32 *b58c_sz, PRIVATE_AS const u8 ver, PRIVATE_AS const u8 *data, PRIVATE_AS u32 datasz); + +#endif // _INC_HASH_BASE58_H diff --git a/OpenCL/m28501_a0-pure.cl b/OpenCL/m28501_a0-pure.cl new file mode 100644 index 000000000..a04f0db9c --- /dev/null +++ b/OpenCL/m28501_a0-pure.cl @@ -0,0 +1,317 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#define SECP256K1_TMPS_TYPE PRIVATE_AS + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_rp.h) +#include M2S(INCLUDE_PATH/inc_rp.cl) +#include M2S(INCLUDE_PATH/inc_scalar.cl) +#include M2S(INCLUDE_PATH/inc_hash_base58.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_hash_ripemd160.cl) +#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl) +#endif + +KERNEL_FQ void m28501_mxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * base + */ + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + COPY_PW (pws[gid]); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + pw_t p = PASTE_PW; + + p.pw_len = apply_rules (rules_buf[il_pos].cmds, p.i, p.pw_len); + + if (p.pw_len != 52) continue; + + const u32 b = hc_swap32_S (p.i[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) continue; // 'L5oL' + + const bool status_base58 = is_valid_base58 (p.i, 0, 52); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_52 (tmp, p.i); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // check that compression is enabled: + + if ((tmp[8] & 0x00ff0000) != 0x00010000) continue; // 33th byte + + + // verify sha256 (sha256 (tmp[0..38 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_38 (tmp); // length is 34 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[16] = { 0 }; // why is re-using the "tmp" variable here slower ? + + const u32 type = 0x02 | (y[0] & 1); + + pub_key[8] = (x[0] << 24); + pub_key[7] = (x[0] >> 8) | (x[1] << 24); + pub_key[6] = (x[1] >> 8) | (x[2] << 24); + pub_key[5] = (x[2] >> 8) | (x[3] << 24); + pub_key[4] = (x[3] >> 8) | (x[4] << 24); + pub_key[3] = (x[4] >> 8) | (x[5] << 24); + pub_key[2] = (x[5] >> 8) | (x[6] << 24); + pub_key[1] = (x[6] >> 8) | (x[7] << 24); + pub_key[0] = (x[7] >> 8) | (type << 24); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 33); // length of public key: 33 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m28501_sxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3] + }; + + + /** + * base + */ + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + COPY_PW (pws[gid]); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + pw_t p = PASTE_PW; + + p.pw_len = apply_rules (rules_buf[il_pos].cmds, p.i, p.pw_len); + + if (p.pw_len != 52) continue; + + const u32 b = hc_swap32_S (p.i[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) continue; // 'L5oL' + + const bool status_base58 = is_valid_base58 (p.i, 0, 52); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_52 (tmp, p.i); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // check that compression is enabled: + + if ((tmp[8] & 0x00ff0000) != 0x00010000) continue; // 33th byte + + + // verify sha256 (sha256 (tmp[0..38 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_38 (tmp); // length is 34 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[16] = { 0 }; // why is re-using the "tmp" variable here slower ? + + const u32 type = 0x02 | (y[0] & 1); + + pub_key[8] = (x[0] << 24); + pub_key[7] = (x[0] >> 8) | (x[1] << 24); + pub_key[6] = (x[1] >> 8) | (x[2] << 24); + pub_key[5] = (x[2] >> 8) | (x[3] << 24); + pub_key[4] = (x[3] >> 8) | (x[4] << 24); + pub_key[3] = (x[4] >> 8) | (x[5] << 24); + pub_key[2] = (x[5] >> 8) | (x[6] << 24); + pub_key[1] = (x[6] >> 8) | (x[7] << 24); + pub_key[0] = (x[7] >> 8) | (type << 24); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 33); // length of public key: 33 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m28501_a1-pure.cl b/OpenCL/m28501_a1-pure.cl new file mode 100644 index 000000000..23146d63a --- /dev/null +++ b/OpenCL/m28501_a1-pure.cl @@ -0,0 +1,395 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#define SECP256K1_TMPS_TYPE PRIVATE_AS + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_scalar.cl) +#include M2S(INCLUDE_PATH/inc_hash_base58.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_hash_ripemd160.cl) +#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl) +#endif + +KERNEL_FQ void m28501_mxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + // copy password to w + + u32 w[13] = { 0 }; // 52 bytes needed + + // for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + for (u32 idx = 0; idx < 13; idx++) + { + w[idx] = pws[gid].i[idx]; + } + + if (pw_len > 3) + { + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) return; // 'L5oL' + } + + const bool status_base58 = is_valid_base58 (w, 0, pw_len); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + const u32 comb_len = combs_buf[il_pos].pw_len; + + if ((pw_len + comb_len) != 52) continue; + + u32 c[64] = { 0 }; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] = combs_buf[il_pos].i[i]; + } + + switch_buffer_by_offset_1x64_le_S (c, pw_len); + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] |= w[i]; + } + + const u32 b = hc_swap32_S (c[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) continue; // 'L5oL' + + const bool status_base58 = is_valid_base58 (c, pw_len, 52); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_52 (tmp, c); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // check that compression is enabled: + + if ((tmp[8] & 0x00ff0000) != 0x00010000) continue; // 33th byte + + + // verify sha256 (sha256 (tmp[0..38 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_38 (tmp); // length is 34 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[16] = { 0 }; // why is re-using the "tmp" variable here slower ? + + const u32 type = 0x02 | (y[0] & 1); + + pub_key[8] = (x[0] << 24); + pub_key[7] = (x[0] >> 8) | (x[1] << 24); + pub_key[6] = (x[1] >> 8) | (x[2] << 24); + pub_key[5] = (x[2] >> 8) | (x[3] << 24); + pub_key[4] = (x[3] >> 8) | (x[4] << 24); + pub_key[3] = (x[4] >> 8) | (x[5] << 24); + pub_key[2] = (x[5] >> 8) | (x[6] << 24); + pub_key[1] = (x[6] >> 8) | (x[7] << 24); + pub_key[0] = (x[7] >> 8) | (type << 24); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 33); // length of public key: 33 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m28501_sxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3] + }; + + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + // copy password to w + + u32 w[13] = { 0 }; // 52 bytes needed + + // for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + for (u32 idx = 0; idx < 13; idx++) + { + w[idx] = pws[gid].i[idx]; + } + + if (pw_len > 3) + { + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) return; // 'L5oL' + } + + const bool status_base58 = is_valid_base58 (w, 0, pw_len); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + const u32 comb_len = combs_buf[il_pos].pw_len; + + if ((pw_len + comb_len) != 52) continue; + + u32 c[64] = { 0 }; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] = combs_buf[il_pos].i[i]; + } + + switch_buffer_by_offset_1x64_le_S (c, pw_len); + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] |= w[i]; + } + + const u32 b = hc_swap32_S (c[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) continue; // 'L5oL' + + const bool status_base58 = is_valid_base58 (c, pw_len, 52); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_52 (tmp, c); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // check that compression is enabled: + + if ((tmp[8] & 0x00ff0000) != 0x00010000) continue; // 33th byte + + + // verify sha256 (sha256 (tmp[0..38 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_38 (tmp); // length is 34 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[16] = { 0 }; // why is re-using the "tmp" variable here slower ? + + const u32 type = 0x02 | (y[0] & 1); + + pub_key[8] = (x[0] << 24); + pub_key[7] = (x[0] >> 8) | (x[1] << 24); + pub_key[6] = (x[1] >> 8) | (x[2] << 24); + pub_key[5] = (x[2] >> 8) | (x[3] << 24); + pub_key[4] = (x[3] >> 8) | (x[4] << 24); + pub_key[3] = (x[4] >> 8) | (x[5] << 24); + pub_key[2] = (x[5] >> 8) | (x[6] << 24); + pub_key[1] = (x[6] >> 8) | (x[7] << 24); + pub_key[0] = (x[7] >> 8) | (type << 24); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 33); // length of public key: 33 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m28501_a3-pure.cl b/OpenCL/m28501_a3-pure.cl new file mode 100644 index 000000000..960a1c431 --- /dev/null +++ b/OpenCL/m28501_a3-pure.cl @@ -0,0 +1,392 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +// #define SECP256K1_TMPS_TYPE CONSTANT_AS +#define SECP256K1_TMPS_TYPE PRIVATE_AS + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_scalar.cl) +#include M2S(INCLUDE_PATH/inc_hash_base58.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_hash_ripemd160.cl) +#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl) +#endif + +// or use set_precomputed_basepoint_g () instead: +// (set SECP256K1_TMPS_TYPE to CONSTANT_AS above:) + +// CONSTANT_AS const secp256k1_t preG = +// { +// { +// SECP256K1_G_PRE_COMPUTED_00, SECP256K1_G_PRE_COMPUTED_01, SECP256K1_G_PRE_COMPUTED_02, +// SECP256K1_G_PRE_COMPUTED_03, SECP256K1_G_PRE_COMPUTED_04, SECP256K1_G_PRE_COMPUTED_05, +// SECP256K1_G_PRE_COMPUTED_06, SECP256K1_G_PRE_COMPUTED_07, SECP256K1_G_PRE_COMPUTED_08, +// SECP256K1_G_PRE_COMPUTED_09, SECP256K1_G_PRE_COMPUTED_10, SECP256K1_G_PRE_COMPUTED_11, +// SECP256K1_G_PRE_COMPUTED_12, SECP256K1_G_PRE_COMPUTED_13, SECP256K1_G_PRE_COMPUTED_14, +// SECP256K1_G_PRE_COMPUTED_15, SECP256K1_G_PRE_COMPUTED_16, SECP256K1_G_PRE_COMPUTED_17, +// SECP256K1_G_PRE_COMPUTED_18, SECP256K1_G_PRE_COMPUTED_19, SECP256K1_G_PRE_COMPUTED_20, +// SECP256K1_G_PRE_COMPUTED_21, SECP256K1_G_PRE_COMPUTED_22, SECP256K1_G_PRE_COMPUTED_23, +// SECP256K1_G_PRE_COMPUTED_24, SECP256K1_G_PRE_COMPUTED_25, SECP256K1_G_PRE_COMPUTED_26, +// SECP256K1_G_PRE_COMPUTED_27, SECP256K1_G_PRE_COMPUTED_28, SECP256K1_G_PRE_COMPUTED_29, +// SECP256K1_G_PRE_COMPUTED_30, SECP256K1_G_PRE_COMPUTED_31, SECP256K1_G_PRE_COMPUTED_32, +// SECP256K1_G_PRE_COMPUTED_33, SECP256K1_G_PRE_COMPUTED_34, SECP256K1_G_PRE_COMPUTED_35, +// SECP256K1_G_PRE_COMPUTED_36, SECP256K1_G_PRE_COMPUTED_37, SECP256K1_G_PRE_COMPUTED_38, +// SECP256K1_G_PRE_COMPUTED_39, SECP256K1_G_PRE_COMPUTED_40, SECP256K1_G_PRE_COMPUTED_41, +// SECP256K1_G_PRE_COMPUTED_42, SECP256K1_G_PRE_COMPUTED_43, SECP256K1_G_PRE_COMPUTED_44, +// SECP256K1_G_PRE_COMPUTED_45, SECP256K1_G_PRE_COMPUTED_46, SECP256K1_G_PRE_COMPUTED_47, +// SECP256K1_G_PRE_COMPUTED_48, SECP256K1_G_PRE_COMPUTED_49, SECP256K1_G_PRE_COMPUTED_50, +// SECP256K1_G_PRE_COMPUTED_51, SECP256K1_G_PRE_COMPUTED_52, SECP256K1_G_PRE_COMPUTED_53, +// SECP256K1_G_PRE_COMPUTED_54, SECP256K1_G_PRE_COMPUTED_55, SECP256K1_G_PRE_COMPUTED_56, +// SECP256K1_G_PRE_COMPUTED_57, SECP256K1_G_PRE_COMPUTED_58, SECP256K1_G_PRE_COMPUTED_59, +// SECP256K1_G_PRE_COMPUTED_60, SECP256K1_G_PRE_COMPUTED_61, SECP256K1_G_PRE_COMPUTED_62, +// SECP256K1_G_PRE_COMPUTED_63, SECP256K1_G_PRE_COMPUTED_64, SECP256K1_G_PRE_COMPUTED_65, +// SECP256K1_G_PRE_COMPUTED_66, SECP256K1_G_PRE_COMPUTED_67, SECP256K1_G_PRE_COMPUTED_68, +// SECP256K1_G_PRE_COMPUTED_69, SECP256K1_G_PRE_COMPUTED_70, SECP256K1_G_PRE_COMPUTED_71, +// SECP256K1_G_PRE_COMPUTED_72, SECP256K1_G_PRE_COMPUTED_73, SECP256K1_G_PRE_COMPUTED_74, +// SECP256K1_G_PRE_COMPUTED_75, SECP256K1_G_PRE_COMPUTED_76, SECP256K1_G_PRE_COMPUTED_77, +// SECP256K1_G_PRE_COMPUTED_78, SECP256K1_G_PRE_COMPUTED_79, SECP256K1_G_PRE_COMPUTED_80, +// SECP256K1_G_PRE_COMPUTED_81, SECP256K1_G_PRE_COMPUTED_82, SECP256K1_G_PRE_COMPUTED_83, +// SECP256K1_G_PRE_COMPUTED_84, SECP256K1_G_PRE_COMPUTED_85, SECP256K1_G_PRE_COMPUTED_86, +// SECP256K1_G_PRE_COMPUTED_87, SECP256K1_G_PRE_COMPUTED_88, SECP256K1_G_PRE_COMPUTED_89, +// SECP256K1_G_PRE_COMPUTED_90, SECP256K1_G_PRE_COMPUTED_91, SECP256K1_G_PRE_COMPUTED_92, +// SECP256K1_G_PRE_COMPUTED_93, SECP256K1_G_PRE_COMPUTED_94, SECP256K1_G_PRE_COMPUTED_95, +// } +// }; + +KERNEL_FQ void m28501_mxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + if (pw_len != 52) return; + + + // copy password to w + + u32 w[13]; // 52 bytes needed + + for (u32 i = 0; i < 13; i++) // pw_len / 4 + { + w[i] = pws[gid].i[i]; + } + + const bool status_base58 = is_valid_base58 (w, 4, 52); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + u32 w0l = w[0]; + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE) + { + u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32 w0 = w0l | w0r; + + w[0] = w0; + + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) continue; // 'L5oL' + + const bool status_base58 = is_valid_base58 (w, 0, 4); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_52 (tmp, w); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // check that compression is enabled: + + if ((tmp[8] & 0x00ff0000) != 0x00010000) continue; // 33th byte + + + // verify sha256 (sha256 (tmp[0..38 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_38 (tmp); // length is 34 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[16] = { 0 }; // why is re-using the "tmp" variable here slower ? + + const u32 type = 0x02 | (y[0] & 1); + + pub_key[8] = (x[0] << 24); + pub_key[7] = (x[0] >> 8) | (x[1] << 24); + pub_key[6] = (x[1] >> 8) | (x[2] << 24); + pub_key[5] = (x[2] >> 8) | (x[3] << 24); + pub_key[4] = (x[3] >> 8) | (x[4] << 24); + pub_key[3] = (x[4] >> 8) | (x[5] << 24); + pub_key[2] = (x[5] >> 8) | (x[6] << 24); + pub_key[1] = (x[6] >> 8) | (x[7] << 24); + pub_key[0] = (x[7] >> 8) | (type << 24); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 33); // length of public key: 33 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m28501_sxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3] + }; + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + if (pw_len != 52) return; + + + // copy password to w + + u32 w[13]; // 52 bytes needed + + for (u32 i = 0; i < 13; i++) // pw_len / 4 + { + w[i] = pws[gid].i[i]; + } + + const bool status_base58 = is_valid_base58 (w, 4, 52); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + u32 w0l = w[0]; + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE) + { + u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32 w0 = w0l | w0r; + + w[0] = w0; + + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x4b774469) || // 'KwDi' + (b > 0x4c356f4c)) continue; // 'L5oL' + + const bool status_base58 = is_valid_base58 (w, 0, 4); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_52 (tmp, w); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // check that compression is enabled: + + if ((tmp[8] & 0x00ff0000) != 0x00010000) continue; // 33th byte + + + // verify sha256 (sha256 (tmp[0..38 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_38 (tmp); // length is 34 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[16] = { 0 }; // why is re-using the "tmp" variable here slower ? + + const u32 type = 0x02 | (y[0] & 1); + + pub_key[8] = (x[0] << 24); + pub_key[7] = (x[0] >> 8) | (x[1] << 24); + pub_key[6] = (x[1] >> 8) | (x[2] << 24); + pub_key[5] = (x[2] >> 8) | (x[3] << 24); + pub_key[4] = (x[3] >> 8) | (x[4] << 24); + pub_key[3] = (x[4] >> 8) | (x[5] << 24); + pub_key[2] = (x[5] >> 8) | (x[6] << 24); + pub_key[1] = (x[6] >> 8) | (x[7] << 24); + pub_key[0] = (x[7] >> 8) | (type << 24); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 33); // length of public key: 33 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m28502_a0-pure.cl b/OpenCL/m28502_a0-pure.cl new file mode 100644 index 000000000..19f5e4af8 --- /dev/null +++ b/OpenCL/m28502_a0-pure.cl @@ -0,0 +1,319 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#define SECP256K1_TMPS_TYPE PRIVATE_AS + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_rp.h) +#include M2S(INCLUDE_PATH/inc_rp.cl) +#include M2S(INCLUDE_PATH/inc_scalar.cl) +#include M2S(INCLUDE_PATH/inc_hash_base58.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_hash_ripemd160.cl) +#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl) +#endif + +KERNEL_FQ void m28502_mxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * base + */ + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + COPY_PW (pws[gid]); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + pw_t p = PASTE_PW; + + p.pw_len = apply_rules (rules_buf[il_pos].cmds, p.i, p.pw_len); + + if (p.pw_len != 51) continue; + + const u32 b = hc_swap32_S (p.i[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) continue; // '5Km2' + + const bool status_base58 = is_valid_base58 (p.i, 0, 51); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_51 (tmp, p.i); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // verify sha256 (sha256 (tmp[0..37 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_37 (tmp); // length is 33 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[32] = { 0 }; + + pub_key[16] = (y[0] << 24); + pub_key[15] = (y[0] >> 8) | (y[1] << 24); + pub_key[14] = (y[1] >> 8) | (y[2] << 24); + pub_key[13] = (y[2] >> 8) | (y[3] << 24); + pub_key[12] = (y[3] >> 8) | (y[4] << 24); + pub_key[11] = (y[4] >> 8) | (y[5] << 24); + pub_key[10] = (y[5] >> 8) | (y[6] << 24); + pub_key[ 9] = (y[6] >> 8) | (y[7] << 24); + pub_key[ 8] = (y[7] >> 8) | (x[0] << 24); + pub_key[ 7] = (x[0] >> 8) | (x[1] << 24); + pub_key[ 6] = (x[1] >> 8) | (x[2] << 24); + pub_key[ 5] = (x[2] >> 8) | (x[3] << 24); + pub_key[ 4] = (x[3] >> 8) | (x[4] << 24); + pub_key[ 3] = (x[4] >> 8) | (x[5] << 24); + pub_key[ 2] = (x[5] >> 8) | (x[6] << 24); + pub_key[ 1] = (x[6] >> 8) | (x[7] << 24); + pub_key[ 0] = (x[7] >> 8) | (0x04000000); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 65); // length of public key: 65 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m28502_sxx (KERN_ATTR_RULES ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3] + }; + + + /** + * base + */ + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + COPY_PW (pws[gid]); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + pw_t p = PASTE_PW; + + p.pw_len = apply_rules (rules_buf[il_pos].cmds, p.i, p.pw_len); + + if (p.pw_len != 51) continue; + + const u32 b = hc_swap32_S (p.i[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) continue; // '5Km2' + + const bool status_base58 = is_valid_base58 (p.i, 0, 51); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_51 (tmp, p.i); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // verify sha256 (sha256 (tmp[0..37 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_37 (tmp); // length is 33 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[32] = { 0 }; + + pub_key[16] = (y[0] << 24); + pub_key[15] = (y[0] >> 8) | (y[1] << 24); + pub_key[14] = (y[1] >> 8) | (y[2] << 24); + pub_key[13] = (y[2] >> 8) | (y[3] << 24); + pub_key[12] = (y[3] >> 8) | (y[4] << 24); + pub_key[11] = (y[4] >> 8) | (y[5] << 24); + pub_key[10] = (y[5] >> 8) | (y[6] << 24); + pub_key[ 9] = (y[6] >> 8) | (y[7] << 24); + pub_key[ 8] = (y[7] >> 8) | (x[0] << 24); + pub_key[ 7] = (x[0] >> 8) | (x[1] << 24); + pub_key[ 6] = (x[1] >> 8) | (x[2] << 24); + pub_key[ 5] = (x[2] >> 8) | (x[3] << 24); + pub_key[ 4] = (x[3] >> 8) | (x[4] << 24); + pub_key[ 3] = (x[4] >> 8) | (x[5] << 24); + pub_key[ 2] = (x[5] >> 8) | (x[6] << 24); + pub_key[ 1] = (x[6] >> 8) | (x[7] << 24); + pub_key[ 0] = (x[7] >> 8) | (0x04000000); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 65); // length of public key: 65 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m28502_a1-pure.cl b/OpenCL/m28502_a1-pure.cl new file mode 100644 index 000000000..fdbe644aa --- /dev/null +++ b/OpenCL/m28502_a1-pure.cl @@ -0,0 +1,397 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#define SECP256K1_TMPS_TYPE PRIVATE_AS + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_scalar.cl) +#include M2S(INCLUDE_PATH/inc_hash_base58.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_hash_ripemd160.cl) +#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl) +#endif + +KERNEL_FQ void m28502_mxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + // copy password to w + + u32 w[13] = { 0 }; // 51 bytes needed + + // for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + for (u32 idx = 0; idx < 13; idx++) + { + w[idx] = pws[gid].i[idx]; + } + + if (pw_len > 3) + { + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) return; // '5Km2' + } + + const bool status_base58 = is_valid_base58 (w, 0, pw_len); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + const u32 comb_len = combs_buf[il_pos].pw_len; + + if ((pw_len + comb_len) != 51) continue; + + u32 c[64] = { 0 }; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] = combs_buf[il_pos].i[i]; + } + + switch_buffer_by_offset_1x64_le_S (c, pw_len); + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] |= w[i]; + } + + const u32 b = hc_swap32_S (c[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) continue; // '5Km2' + + const bool status_base58 = is_valid_base58 (c, pw_len, 51); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_51 (tmp, c); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // verify sha256 (sha256 (tmp[0..37 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_37 (tmp); // length is 33 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[32] = { 0 }; + + pub_key[16] = (y[0] << 24); + pub_key[15] = (y[0] >> 8) | (y[1] << 24); + pub_key[14] = (y[1] >> 8) | (y[2] << 24); + pub_key[13] = (y[2] >> 8) | (y[3] << 24); + pub_key[12] = (y[3] >> 8) | (y[4] << 24); + pub_key[11] = (y[4] >> 8) | (y[5] << 24); + pub_key[10] = (y[5] >> 8) | (y[6] << 24); + pub_key[ 9] = (y[6] >> 8) | (y[7] << 24); + pub_key[ 8] = (y[7] >> 8) | (x[0] << 24); + pub_key[ 7] = (x[0] >> 8) | (x[1] << 24); + pub_key[ 6] = (x[1] >> 8) | (x[2] << 24); + pub_key[ 5] = (x[2] >> 8) | (x[3] << 24); + pub_key[ 4] = (x[3] >> 8) | (x[4] << 24); + pub_key[ 3] = (x[4] >> 8) | (x[5] << 24); + pub_key[ 2] = (x[5] >> 8) | (x[6] << 24); + pub_key[ 1] = (x[6] >> 8) | (x[7] << 24); + pub_key[ 0] = (x[7] >> 8) | (0x04000000); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 65); // length of public key: 65 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m28502_sxx (KERN_ATTR_BASIC ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3] + }; + + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + // copy password to w + + u32 w[13] = { 0 }; // 51 bytes needed + + // for (u32 i = 0, idx = 0; i < pw_len; i += 4, idx += 1) + for (u32 idx = 0; idx < 13; idx++) + { + w[idx] = pws[gid].i[idx]; + } + + if (pw_len > 3) + { + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) return; // '5Km2' + } + + const bool status_base58 = is_valid_base58 (w, 0, pw_len); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos++) + { + const u32 comb_len = combs_buf[il_pos].pw_len; + + if ((pw_len + comb_len) != 51) continue; + + u32 c[64] = { 0 }; + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] = combs_buf[il_pos].i[i]; + } + + switch_buffer_by_offset_1x64_le_S (c, pw_len); + + #ifdef _unroll + #pragma unroll + #endif + for (u32 i = 0; i < 13; i++) + { + c[i] |= w[i]; + } + + const u32 b = hc_swap32_S (c[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) continue; // '5Km2' + + const bool status_base58 = is_valid_base58 (c, pw_len, 51); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_51 (tmp, c); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // verify sha256 (sha256 (tmp[0..37 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_37 (tmp); // length is 33 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[32] = { 0 }; + + pub_key[16] = (y[0] << 24); + pub_key[15] = (y[0] >> 8) | (y[1] << 24); + pub_key[14] = (y[1] >> 8) | (y[2] << 24); + pub_key[13] = (y[2] >> 8) | (y[3] << 24); + pub_key[12] = (y[3] >> 8) | (y[4] << 24); + pub_key[11] = (y[4] >> 8) | (y[5] << 24); + pub_key[10] = (y[5] >> 8) | (y[6] << 24); + pub_key[ 9] = (y[6] >> 8) | (y[7] << 24); + pub_key[ 8] = (y[7] >> 8) | (x[0] << 24); + pub_key[ 7] = (x[0] >> 8) | (x[1] << 24); + pub_key[ 6] = (x[1] >> 8) | (x[2] << 24); + pub_key[ 5] = (x[2] >> 8) | (x[3] << 24); + pub_key[ 4] = (x[3] >> 8) | (x[4] << 24); + pub_key[ 3] = (x[4] >> 8) | (x[5] << 24); + pub_key[ 2] = (x[5] >> 8) | (x[6] << 24); + pub_key[ 1] = (x[6] >> 8) | (x[7] << 24); + pub_key[ 0] = (x[7] >> 8) | (0x04000000); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 65); // length of public key: 65 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/OpenCL/m28502_a3-pure.cl b/OpenCL/m28502_a3-pure.cl new file mode 100644 index 000000000..080e86bc7 --- /dev/null +++ b/OpenCL/m28502_a3-pure.cl @@ -0,0 +1,352 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +//#define NEW_SIMD_CODE + +#define SECP256K1_TMPS_TYPE PRIVATE_AS + +#ifdef KERNEL_STATIC +#include M2S(INCLUDE_PATH/inc_vendor.h) +#include M2S(INCLUDE_PATH/inc_types.h) +#include M2S(INCLUDE_PATH/inc_platform.cl) +#include M2S(INCLUDE_PATH/inc_common.cl) +#include M2S(INCLUDE_PATH/inc_scalar.cl) +#include M2S(INCLUDE_PATH/inc_hash_base58.cl) +#include M2S(INCLUDE_PATH/inc_hash_sha256.cl) +#include M2S(INCLUDE_PATH/inc_hash_ripemd160.cl) +#include M2S(INCLUDE_PATH/inc_ecc_secp256k1.cl) +#endif + +KERNEL_FQ void m28502_mxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + if (pw_len != 51) return; + + + // copy password to w + + u32 w[13]; // 51 bytes needed + + for (u32 i = 0; i < 13; i++) // pw_len / 4 + { + w[i] = pws[gid].i[i]; + } + + const bool status_base58 = is_valid_base58 (w, 4, 51); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + u32 w0l = w[0]; + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE) + { + u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32 w0 = w0l | w0r; + + w[0] = w0; + + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) continue; // '5Km2' + + const bool status_base58 = is_valid_base58 (w, 0, 4); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_51 (tmp, w); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // verify sha256 (sha256 (tmp[0..37 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_37 (tmp); // length is 33 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[32] = { 0 }; + + pub_key[16] = (y[0] << 24); + pub_key[15] = (y[0] >> 8) | (y[1] << 24); + pub_key[14] = (y[1] >> 8) | (y[2] << 24); + pub_key[13] = (y[2] >> 8) | (y[3] << 24); + pub_key[12] = (y[3] >> 8) | (y[4] << 24); + pub_key[11] = (y[4] >> 8) | (y[5] << 24); + pub_key[10] = (y[5] >> 8) | (y[6] << 24); + pub_key[ 9] = (y[6] >> 8) | (y[7] << 24); + pub_key[ 8] = (y[7] >> 8) | (x[0] << 24); + pub_key[ 7] = (x[0] >> 8) | (x[1] << 24); + pub_key[ 6] = (x[1] >> 8) | (x[2] << 24); + pub_key[ 5] = (x[2] >> 8) | (x[3] << 24); + pub_key[ 4] = (x[3] >> 8) | (x[4] << 24); + pub_key[ 3] = (x[4] >> 8) | (x[5] << 24); + pub_key[ 2] = (x[5] >> 8) | (x[6] << 24); + pub_key[ 1] = (x[6] >> 8) | (x[7] << 24); + pub_key[ 0] = (x[7] >> 8) | (0x04000000); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 65); // length of public key: 65 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_M_SCALAR (r0, r1, r2, r3); + } +} + +KERNEL_FQ void m28502_sxx (KERN_ATTR_VECTOR ()) +{ + /** + * modifier + */ + + const u64 gid = get_global_id (0); + + if (gid >= GID_CNT) return; + + + /** + * digest + */ + + const u32 search[4] = + { + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R0], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R1], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R2], + digests_buf[DIGESTS_OFFSET_HOST].digest_buf[DGST_R3] + }; + + /** + * base + */ + + const u32 pw_len = pws[gid].pw_len; + + if (pw_len != 51) return; + + + // copy password to w + + u32 w[13]; // 51 bytes needed + + for (u32 i = 0; i < 13; i++) // pw_len / 4 + { + w[i] = pws[gid].i[i]; + } + + const bool status_base58 = is_valid_base58 (w, 4, 51); + + if (status_base58 != true) return; + + secp256k1_t preG; // need to change SECP256K1_TMPS_TYPE above to: PRIVATE_AS + + set_precomputed_basepoint_g (&preG); + + + /** + * loop + */ + + u32 w0l = w[0]; + + for (u32 il_pos = 0; il_pos < IL_CNT; il_pos += VECT_SIZE) + { + u32x w0r = words_buf_r[il_pos / VECT_SIZE]; + + const u32 w0 = w0l | w0r; + + w[0] = w0; + + const u32 b = hc_swap32_S (w[0]); + + if ((b < 0x35487048) || // '5Hph' + (b > 0x354b6d32)) continue; // '5Km2' + + const bool status_base58 = is_valid_base58 (w, 0, 4); + + if (status_base58 != true) continue; + + + // convert password from b58 to binary + + u32 tmp[16] = { 0 }; + + const bool status_dec = b58dec_51 (tmp, w); + + if (status_dec != true) continue; + + + // check for bitcoin main network identifier: + + if ((tmp[0] & 0xff000000) != 0x80000000) continue; + + + // verify sha256 (sha256 (tmp[0..37 - 4])) + // real work is done in b58check where sha256 is run twice + + const bool status_check = b58check_37 (tmp); // length is 33 (+ 4 checksum bytes) + + if (status_check != true) continue; + + + u32 prv_key[9]; // why is re-using the "tmp" variable here slower ? + + prv_key[0] = (tmp[7] << 8) | (tmp[8] >> 24); + prv_key[1] = (tmp[6] << 8) | (tmp[7] >> 24); + prv_key[2] = (tmp[5] << 8) | (tmp[6] >> 24); + prv_key[3] = (tmp[4] << 8) | (tmp[5] >> 24); + prv_key[4] = (tmp[3] << 8) | (tmp[4] >> 24); + prv_key[5] = (tmp[2] << 8) | (tmp[3] >> 24); + prv_key[6] = (tmp[1] << 8) | (tmp[2] >> 24); + prv_key[7] = (tmp[0] << 8) | (tmp[1] >> 24); + + + // convert: pub_key = G * prv_key + + u32 x[8]; + u32 y[8]; + + point_mul_xy (x, y, prv_key, &preG); + + + // to public key: + + u32 pub_key[32] = { 0 }; + + pub_key[16] = (y[0] << 24); + pub_key[15] = (y[0] >> 8) | (y[1] << 24); + pub_key[14] = (y[1] >> 8) | (y[2] << 24); + pub_key[13] = (y[2] >> 8) | (y[3] << 24); + pub_key[12] = (y[3] >> 8) | (y[4] << 24); + pub_key[11] = (y[4] >> 8) | (y[5] << 24); + pub_key[10] = (y[5] >> 8) | (y[6] << 24); + pub_key[ 9] = (y[6] >> 8) | (y[7] << 24); + pub_key[ 8] = (y[7] >> 8) | (x[0] << 24); + pub_key[ 7] = (x[0] >> 8) | (x[1] << 24); + pub_key[ 6] = (x[1] >> 8) | (x[2] << 24); + pub_key[ 5] = (x[2] >> 8) | (x[3] << 24); + pub_key[ 4] = (x[3] >> 8) | (x[4] << 24); + pub_key[ 3] = (x[4] >> 8) | (x[5] << 24); + pub_key[ 2] = (x[5] >> 8) | (x[6] << 24); + pub_key[ 1] = (x[6] >> 8) | (x[7] << 24); + pub_key[ 0] = (x[7] >> 8) | (0x04000000); + + + // calculate HASH160 for pub key + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update (&ctx, pub_key, 65); // length of public key: 65 + sha256_final (&ctx); + + for (u32 i = 0; i < 8; i++) tmp[i] = ctx.h[i]; + + // tmp[ 8] = 0; tmp[ 9] = 0; tmp[10] = 0; tmp[11] = 0; + // tmp[12] = 0; tmp[13] = 0; tmp[14] = 0; tmp[15] = 0; + + for (u32 i = 8; i < 16; i++) tmp[i] = 0; + + + // now let's do RIPEMD-160 on the sha256sum + + ripemd160_ctx_t rctx; + + ripemd160_init (&rctx); + ripemd160_update_swap (&rctx, tmp, 32); + ripemd160_final (&rctx); + + const u32 r0 = rctx.h[0]; + const u32 r1 = rctx.h[1]; + const u32 r2 = rctx.h[2]; + const u32 r3 = rctx.h[3]; + + COMPARE_S_SCALAR (r0, r1, r2, r3); + } +} diff --git a/charsets/base58.hcchr b/charsets/base58.hcchr new file mode 100644 index 000000000..6c6156e34 --- /dev/null +++ b/charsets/base58.hcchr @@ -0,0 +1 @@ +123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz diff --git a/docs/changes.txt b/docs/changes.txt index 9c2f22d38..7c163abda 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -7,6 +7,7 @@ - Added hash-mode: BLAKE2b-512($salt.$pass) - Added hash-mode: BLAKE2b-512($pass.$salt) - Added hash-mode: Amazon AWS4-HMAC-SHA256 +- Added hash-mode: Bitcoin WIF private key (P2PKH) - Added hash-mode: DPAPI masterkey file v1 (context 3) - Added hash-mode: DPAPI masterkey file v2 (context 3) - Added hash-mode: Exodus Desktop Wallet (scrypt) diff --git a/docs/readme.txt b/docs/readme.txt index 44573abad..e635c552c 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -400,6 +400,7 @@ NVIDIA GPUs require "NVIDIA Driver" (440.64 or later) and "CUDA Toolkit" (9.0 or - MetaMask Wallet - BitShares v0.x - sha512(sha512_bin(pass)) - Bitcoin/Litecoin wallet.dat +- Bitcoin WIF private key (P2PKH) - Electrum Wallet (Salt-Type 1-3) - Electrum Wallet (Salt-Type 4) - Electrum Wallet (Salt-Type 5) diff --git a/include/convert.h b/include/convert.h index 968c93e1b..ca97b0c4a 100644 --- a/include/convert.h +++ b/include/convert.h @@ -20,6 +20,8 @@ bool is_valid_base64b_string (const u8 *s, const size_t len); bool is_valid_base64b_char (const u8 c); bool is_valid_base64c_string (const u8 *s, const size_t len); bool is_valid_base64c_char (const u8 c); +bool is_valid_base58_string (const u8 *s, const size_t len); +bool is_valid_base58_char (const u8 c); bool is_valid_hex_string (const u8 *s, const size_t len); bool is_valid_hex_char (const u8 c); bool is_valid_digit_string (const u8 *s, const size_t len); diff --git a/include/emu_inc_hash_base58.h b/include/emu_inc_hash_base58.h new file mode 100644 index 000000000..88ff3cf82 --- /dev/null +++ b/include/emu_inc_hash_base58.h @@ -0,0 +1,14 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#ifndef _EMU_INC_HASH_BASE58_H +#define _EMU_INC_HASH_BASE58_H + +#include "emu_general.h" + +#include "inc_vendor.h" +#include "inc_hash_base58.h" + +#endif // _EMU_INC_HASH_BASE58_H diff --git a/include/types.h b/include/types.h index 188647287..3ed618715 100644 --- a/include/types.h +++ b/include/types.h @@ -843,6 +843,7 @@ typedef enum token_attr TOKEN_ATTR_VERIFY_BASE64A = 1 << 8, TOKEN_ATTR_VERIFY_BASE64B = 1 << 9, TOKEN_ATTR_VERIFY_BASE64C = 1 << 10, + TOKEN_ATTR_VERIFY_BASE58 = 1 << 11, } token_attr_t; diff --git a/src/Makefile b/src/Makefile index ab518c6fd..c42d24b44 100644 --- a/src/Makefile +++ b/src/Makefile @@ -396,6 +396,7 @@ EMU_OBJS_ALL := emu_general emu_inc_common emu_inc_platform emu_inc_s EMU_OBJS_ALL += emu_inc_rp emu_inc_rp_optimized EMU_OBJS_ALL += emu_inc_hash_md4 emu_inc_hash_md5 emu_inc_hash_ripemd160 emu_inc_hash_sha1 emu_inc_hash_sha256 emu_inc_hash_sha384 emu_inc_hash_sha512 emu_inc_hash_streebog256 emu_inc_hash_streebog512 emu_inc_ecc_secp256k1 emu_inc_bignum_operations EMU_OBJS_ALL += emu_inc_cipher_aes emu_inc_cipher_camellia emu_inc_cipher_des emu_inc_cipher_kuznyechik emu_inc_cipher_serpent emu_inc_cipher_twofish +EMU_OBJS_ALL += emu_inc_hash_base58 OBJS_ALL := affinity autotune backend benchmark bitmap bitops combinator common convert cpt cpu_crc32 debugfile dictstat dispatch dynloader event ext_ADL ext_cuda ext_hip ext_nvapi ext_nvml ext_nvrtc ext_hiprtc ext_OpenCL ext_sysfs_amdgpu ext_sysfs_cpu ext_iokit ext_lzma filehandling folder hashcat hashes hlfmt hwmon induct interface keyboard_layout locking logfile loopback memory monitor mpsp outfile_check outfile pidfile potfile restore rp rp_cpu selftest slow_candidates shared status stdout straight terminal thread timer tuningdb usage user_options wordlist $(EMU_OBJS_ALL) diff --git a/src/convert.c b/src/convert.c index 4c344035f..5aa383f10 100644 --- a/src/convert.c +++ b/src/convert.c @@ -314,6 +314,30 @@ bool is_valid_base64c_char (const u8 c) return false; } +bool is_valid_base58_string (const u8 *s, const size_t len) +{ + for (size_t i = 0; i < len; i++) + { + const u8 c = s[i]; + + if (is_valid_base58_char (c) == false) return false; + } + + return true; +} + +bool is_valid_base58_char (const u8 c) +{ + if ((c >= '1') && (c <= '9')) return true; + if ((c >= 'A') && (c <= 'H')) return true; + if ((c >= 'J') && (c <= 'N')) return true; + if ((c >= 'P') && (c <= 'Z')) return true; + if ((c >= 'a') && (c <= 'k')) return true; + if ((c >= 'm') && (c <= 'z')) return true; + + return false; +} + bool is_valid_hex_string (const u8 *s, const size_t len) { for (size_t i = 0; i < len; i++) diff --git a/src/emu_inc_hash_base58.c b/src/emu_inc_hash_base58.c new file mode 100644 index 000000000..e4f649584 --- /dev/null +++ b/src/emu_inc_hash_base58.c @@ -0,0 +1,10 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "emu_general.h" + +#include "inc_hash_base58.cl" diff --git a/src/modules/module_28501.c b/src/modules/module_28501.c new file mode 100644 index 000000000..80b314f31 --- /dev/null +++ b/src/modules/module_28501.c @@ -0,0 +1,254 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +#include "emu_inc_hash_sha256.h" +#include "emu_inc_hash_base58.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_CRYPTOCURRENCY_WALLET; +static const char *HASH_NAME = "Bitcoin WIF private key (P2PKH), compressed"; +static const u64 KERN_TYPE = 28501; +static const u32 OPTI_TYPE = OPTI_TYPE_NOT_SALTED; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_NONE; +static const char *ST_PASS = "KxhashcatxhXkULNJYF8Fu46G28SJrC7x2qwFtRuf38kVjkWxHg3"; +static const char *ST_HASH = "1Jv6EonXm9x4Dw4QjEPAhGfmzFxTL7b3Zj"; +static const char *BENCHMARK_MASK = "?b?b?b?b?b?b?batxhXkULNJYF8Fu46G28SJrC7x2qwFtRuf38kVjkWxHg3"; +static const u32 PUBKEY_MAXLEN = 64; // our max is actually always 25 (21 + 4) +static const u32 WIF_LEN = 52; + + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return BENCHMARK_MASK; } + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return WIF_LEN; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return WIF_LEN; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u8 *digest = (u8 *) digest_buf; + + u8 pubkey[PUBKEY_MAXLEN]; + + hc_token_t token; + + token.token_cnt = 1; + + token.len_min[0] = 26; + token.len_max[0] = 34; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE58; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + u32 pubkey_len = PUBKEY_MAXLEN; + + bool res = b58dec (pubkey, &pubkey_len, (u8 *) line_buf, line_len); + + if (res == false) return (PARSER_HASH_LENGTH); + + // for now we support only P2PKH addresses + + if (pubkey_len != 25) return (PARSER_HASH_LENGTH); // most likely wrong Bitcoin address type + + u32 l = PUBKEY_MAXLEN - pubkey_len; + + if (pubkey[l] != 0) return (PARSER_HASH_VALUE); // wrong Bitcoin address type + + // check if pubkey has correct sha256 sum included + + u32 npubkey[16] = { 0 }; + + u8 *npubkey_ptr = (u8 *) npubkey; + + for (u32 i = 0, j = PUBKEY_MAXLEN - pubkey_len; i < pubkey_len; i++, j++) + { + npubkey_ptr[i] = pubkey[j]; + } + + // if (b58check (npubkey_ptr, pubkey_len) == false) return (PARSER_HASH_ENCODING); + // if (b58check64 (npubkey, pubkey_len) == false) return (PARSER_HASH_ENCODING); + + if (b58check_25 (npubkey) == false) return (PARSER_HASH_ENCODING); + + + for (u32 i = 0; i < 20; i++) // DGST_SIZE + { + digest[i] = pubkey[PUBKEY_MAXLEN - pubkey_len + i + 1]; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + u8 *digest = (u8 *) digest_buf; + + u8 bin[64] = { 0 }; + + // add 00 byte at front indicating BTC PubKey Hash160 + + for (u32 i = 0; i < 20; i++) + { + bin[i + 1] = digest[i]; // + 1 because we have \x00 at the start + } + + // calculate sha256 twice + + u32 *bin32 = (u32 *) bin; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update_swap (&ctx, bin32, 21); + sha256_final (&ctx); + + u32 data[16] = { 0 }; + + for (u32 i = 0; i < 8; i++) // 8 * 4 = 32 bytes + { + data[i] = ctx.h[i]; + } + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + ctx.h[0] = byte_swap_32 (ctx.h[0]); + + // put sha256 after pub key hash160 + + u8 *hash = &bin[21]; + + for (u32 i = 0; i < 4; i++) + { + ((u8*) hash)[i] = ((u8*) ctx.h)[i]; + } + + // base58 encode + + u32 bufsz = 41; + + u8 buf[64] = { 0 }; + + b58enc (buf, &bufsz, bin, 25); + + return snprintf (line_buf, line_size, "%s", buf); +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/modules/module_28502.c b/src/modules/module_28502.c new file mode 100644 index 000000000..c26b514aa --- /dev/null +++ b/src/modules/module_28502.c @@ -0,0 +1,254 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "memory.h" + +#include "emu_inc_hash_sha256.h" +#include "emu_inc_hash_base58.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_5; +static const u32 HASH_CATEGORY = HASH_CATEGORY_CRYPTOCURRENCY_WALLET; +static const char *HASH_NAME = "Bitcoin WIF private key (P2PKH), uncompressed"; +static const u64 KERN_TYPE = 28502; +static const u32 OPTI_TYPE = OPTI_TYPE_NOT_SALTED; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_LE; +static const u32 SALT_TYPE = SALT_TYPE_NONE; +static const char *ST_PASS = "5KcL859EUnBDtVG76134U6DZWnVmpE996emJnWmTLRW2hashcat"; +static const char *ST_HASH = "1L9nr4GX4Zmd7gDL1UT75QPUqxSgNTvdHb"; +static const char *BENCHMARK_MASK = "?b?b?b?b?b?b?bEUnBDtVG76134U6DZWnVmpE996emJnWmTLRW2hashcat"; +static const u32 PUBKEY_MAXLEN = 64; // our max is actually always 25 (21 + 4) +static const u32 WIF_LEN = 51; + + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } +const char *module_benchmark_mask (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return BENCHMARK_MASK; } + +u32 module_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return WIF_LEN; +} + +u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + return WIF_LEN; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + u8 *digest = (u8 *) digest_buf; + + u8 pubkey[PUBKEY_MAXLEN]; + + hc_token_t token; + + token.token_cnt = 1; + + token.len_min[0] = 26; + token.len_max[0] = 34; + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE58; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + u32 pubkey_len = PUBKEY_MAXLEN; + + bool res = b58dec (pubkey, &pubkey_len, (u8 *) line_buf, line_len); + + if (res == false) return (PARSER_HASH_LENGTH); + + // for now we support only P2PKH addresses + + if (pubkey_len != 25) return (PARSER_HASH_LENGTH); // most likely wrong Bitcoin address type + + u32 l = PUBKEY_MAXLEN - pubkey_len; + + if (pubkey[l] != 0) return (PARSER_HASH_VALUE); // wrong Bitcoin address type + + // check if pubkey has correct sha256 sum included + + u32 npubkey[16] = { 0 }; + + u8 *npubkey_ptr = (u8 *) npubkey; + + for (u32 i = 0, j = PUBKEY_MAXLEN - pubkey_len; i < pubkey_len; i++, j++) + { + npubkey_ptr[i] = pubkey[j]; + } + + // if (b58check (npubkey_ptr, pubkey_len) == false) return (PARSER_HASH_ENCODING); + // if (b58check64 (npubkey, pubkey_len) == false) return (PARSER_HASH_ENCODING); + + if (b58check_25 (npubkey) == false) return (PARSER_HASH_ENCODING); + + + for (u32 i = 0; i < 20; i++) // DGST_SIZE + { + digest[i] = pubkey[PUBKEY_MAXLEN - pubkey_len + i + 1]; + } + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + u8 *digest = (u8 *) digest_buf; + + u8 bin[64] = { 0 }; + + // add 00 byte at front indicating BTC PubKey Hash160 + + for (u32 i = 0; i < 20; i++) + { + bin[i + 1] = digest[i]; // + 1 because we have \x00 at the start + } + + // calculate sha256 twice + + u32 *bin32 = (u32 *) bin; + + sha256_ctx_t ctx; + + sha256_init (&ctx); + sha256_update_swap (&ctx, bin32, 21); + sha256_final (&ctx); + + u32 data[16] = { 0 }; + + for (u32 i = 0; i < 8; i++) // 8 * 4 = 32 bytes + { + data[i] = ctx.h[i]; + } + + sha256_init (&ctx); + sha256_update (&ctx, data, 32); + sha256_final (&ctx); + + ctx.h[0] = byte_swap_32 (ctx.h[0]); + + // put sha256 after pub key hash160 + + u8 *hash = &bin[21]; + + for (u32 i = 0; i < 4; i++) + { + ((u8*) hash)[i] = ((u8*) ctx.h)[i]; + } + + // base58 encode + + u32 bufsz = 41; + + u8 buf[64] = { 0 }; + + b58enc (buf, &bufsz, bin, 25); + + return snprintf (line_buf, line_size, "%s", buf); +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = MODULE_DEFAULT; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = module_benchmark_mask; + module_ctx->module_benchmark_salt = MODULE_DEFAULT; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = MODULE_DEFAULT; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = MODULE_DEFAULT; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = module_pw_max; + module_ctx->module_pw_min = module_pw_min; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/src/shared.c b/src/shared.c index d82a30ce7..4eb74e556 100644 --- a/src/shared.c +++ b/src/shared.c @@ -1237,6 +1237,10 @@ int input_tokenizer (const u8 *input_buf, const int input_len, hc_token_t *token { if (is_valid_base64c_string (token->buf[token_idx], token->len[token_idx]) == false) return (PARSER_TOKEN_ENCODING); } + if (token->attr[token_idx] & TOKEN_ATTR_VERIFY_BASE58) + { + if (is_valid_base58_string (token->buf[token_idx], token->len[token_idx]) == false) return (PARSER_TOKEN_ENCODING); + } } return PARSER_OK; diff --git a/tools/install_modules.sh b/tools/install_modules.sh index c94a2bb6f..1536d1824 100755 --- a/tools/install_modules.sh +++ b/tools/install_modules.sh @@ -14,6 +14,8 @@ cpan install Authen::Passphrase::LANManager \ Authen::Passphrase::MySQL323 \ Authen::Passphrase::NTHash \ Authen::Passphrase::PHPass \ + Bitcoin::Crypto \ + Bitcoin::Crypto::Base58 \ Compress::Zlib \ Convert::EBCDIC \ Crypt::AuthEnc::GCM \ diff --git a/tools/test.pl b/tools/test.pl index 0c909d0ae..2ea8b094d 100755 --- a/tools/test.pl +++ b/tools/test.pl @@ -140,6 +140,11 @@ sub single my $word = random_numeric_string ($word_len) // ""; my $salt = random_numeric_string ($salt_len) // ""; + if (exists &{module_get_random_password}) # if hash mode requires special format of passwords + { + $word = module_get_random_password ($word); + } + # check if this combination out of word and salt was previously checked next if exists $db_prev->{$word}->{$salt}; diff --git a/tools/test.sh b/tools/test.sh index 733c64a66..650997b77 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -41,6 +41,11 @@ VECTOR_WIDTHS="1 2 4 8 16" HASHFILE_ONLY=$(grep -l OPTS_TYPE_BINARY_HASHFILE "${TDIR}"/../src/modules/module_*.c | sed -E 's/.*module_0*([0-9]+).c/\1/' | tr '\n' ' ') SLOW_ALGOS=$(grep -l ATTACK_EXEC_OUTSIDE_KERNEL "${TDIR}"/../src/modules/module_*.c | sed -E 's/.*module_0*([0-9]+).c/\1/' | tr '\n' ' ') +# fake slow algos, due to specific password pattern (e.g. ?d from "mask_3" is invalid): +# ("only" drawback is that just -a 0 is tested with this workaround) + +SLOW_ALGOS="${SLOW_ALGOS} 28501 28502" + OUTD="test_$(date +%s)" PACKAGE_CMD="7z a" diff --git a/tools/test_modules/m28501.pm b/tools/test_modules/m28501.pm new file mode 100644 index 000000000..a8b23e8b1 --- /dev/null +++ b/tools/test_modules/m28501.pm @@ -0,0 +1,106 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Bitcoin::Crypto qw (btc_prv btc_extprv); +use Bitcoin::Crypto::Base58 qw (decode_base58check); + +sub module_constraints { [[52, 52], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +# Note: +# We expect valid WIF format which for BTC private address is 51/52 base58 characters long. +# For compressed P2PKH the length of the WIF is always 52. +# Standard test.pl is generating random passwords consisting only from digits. +# That does not work for this mode. +# So we have introduced new function: module_get_random_password () +# that will help to generate random valid password for the module from a given seed. +# +# It will be called from test.pl if it exists in the module, otherwise everything +# will work as in legacy code. Search test.pl for module_get_random_password () + +sub module_generate_hash +{ + my $word = shift; # expecting valid WIF formated private key + + my @is_valid_base58 = eval + { + decode_base58check ($word); # or we could use from_wif () or validate_wif () + }; + + if (! @is_valid_base58) + { + # not valid so just return and do nothing + return; + } + + # validate WIF (check password, "verify") + + my $priv = btc_prv->from_wif ($word); + + my $pub = $priv->get_public_key (); + my $hash = $pub->get_legacy_address (); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = rindex ($line, ':'); + + return unless $idx >= 0; + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless (defined ($hash)); + return unless (defined ($word)); + + my @is_valid_base58 = eval + { + decode_base58check ($hash); + decode_base58check ($word); + }; + + return unless (@is_valid_base58); + + return unless (length ($word) == 52); + + my $first_byte = substr ($word, 0, 1); + + return unless (($first_byte eq "K") || ($first_byte eq "L")); + + my $new_hash = module_generate_hash ($word); + + return ($new_hash, $word); +} + +sub module_get_random_password +{ + # new function added to generate valid password for an algorithm + # from a given seed as a parameter + + my $seed = shift; + + my $master_key = btc_extprv->from_seed ($seed); # expecting random seed from test.pl + my $derived_key = $master_key->derive_key ("m/0'"); + + my $priv = $derived_key->get_basic_key (); + + my $IS_COMPRESSED = 1; + + $priv->set_compressed ($IS_COMPRESSED); + + # return WIF format + + return $priv->to_wif (); +} + +1; diff --git a/tools/test_modules/m28502.pm b/tools/test_modules/m28502.pm new file mode 100644 index 000000000..edadd5585 --- /dev/null +++ b/tools/test_modules/m28502.pm @@ -0,0 +1,104 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Bitcoin::Crypto qw (btc_prv btc_extprv); +use Bitcoin::Crypto::Base58 qw (decode_base58check); + +sub module_constraints { [[51, 51], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +# Note: +# We expect valid WIF format which for BTC private address is 51/52 base58 characters long. +# For uncompressed P2PKH the length of the WIF is always 51. +# Standard test.pl is generating random passwords consisting only from digits. +# That does not work for this mode. +# So we have introduced new function: module_get_random_password () +# that will help to generate random valid password for the module from a given seed. +# +# It will be called from test.pl if it exists in the module, otherwise everything +# will work as in legacy code. Search test.pl for module_get_random_password () + +sub module_generate_hash +{ + my $word = shift; # expecting valid WIF formated private key + + my @is_valid_base58 = eval + { + decode_base58check ($word); # or we could use from_wif () or validate_wif () + }; + + if (! @is_valid_base58) + { + # not valid so just return and do nothing + return; + } + + # validate WIF (check password, "verify") + + my $priv = btc_prv->from_wif ($word); + + my $pub = $priv->get_public_key (); + my $hash = $pub->get_legacy_address (); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my $idx = rindex ($line, ':'); + + return unless $idx >= 0; + + my $hash = substr ($line, 0, $idx); + my $word = substr ($line, $idx + 1); + + return unless (defined ($hash)); + return unless (defined ($word)); + + my @is_valid_base58 = eval + { + decode_base58check ($hash); + decode_base58check ($word); + }; + + return unless (@is_valid_base58); + + return unless (length ($word) == 51); + + return unless (substr ($word, 0, 1) eq "5"); + + my $new_hash = module_generate_hash ($word); + + return ($new_hash, $word); +} + +sub module_get_random_password +{ + # new function added to generate valid password for an algorithm + # from a given seed as a parameter + + my $seed = shift; + + my $master_key = btc_extprv->from_seed ($seed); # expecting random seed from test.pl + my $derived_key = $master_key->derive_key ("m/0'"); + + my $priv = $derived_key->get_basic_key (); + + my $IS_COMPRESSED = 0; + + $priv->set_compressed ($IS_COMPRESSED); + + # return WIF format + + return $priv->to_wif (); +} + +1;