Bitcoin Explorer: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
sigh
Evoskuil (talk | contribs)
Repair vandalism, replace `bx seed` example with `echo [user entropy]`, add info on seeding.
Line 1: Line 1:
= WARNING USE OF THIS SOFTWARE WILL RESULT IN YOUR FUNDS BEING STOLEN =
Bitcoin Explorer (bx) is an advanced command line application that is included as part of [[Libbitcoin_Explorer|libbitcoin-explorer]]. [https://github.com/libbitcoin/libbitcoin-explorer/wiki Extensive documentation] and [https://github.com/libbitcoin/libbitcoin-explorer/wiki/Download-BX signed binaries] for Linux, OSX and Windows are available on GitHub.
 
'''WARNING: The use of this library to generate seeds, contrary to the author's own following suggestions that include no warnings whatsoever, WILL RESULT IN YOUR FUNDS BEING STOLEN as per:'''
 
'''[https://milksad.info/ CVE-2023-39910 aka Milksad] archive here: [https://archive.is/KbdGI Milksad Archive]'''
 
'''WARNING: The author is taking zero responsibility for participating in the use of his code in critical reference materials and has taken to blaming the people who used his code to create seeds as per his own examples, in spite of this code being used widely in many non-wallet programs, examples, a widely-read book, and in suggestions in many places on Reddit.'''


'''For reference, the following is instructive:'''
==Entropy==
In versions prior to 3.7.0 bx included the '''seed''' command, which was explained in the [https://github.com/libbitcoin/libbitcoin-explorer/wiki/Random-Numbers Random-Numbers] topic:


* [https://github.com/libbitcoin/libbitcoin-system/commit/6d5a06e283d81260165e0eab95175069bf03b408 git commit where the author wrote vulnerable RNG code without any warnings and described it as "optimal"]
With the exception of cert-new, any BX command that requires a random number obtains that value as an argument. This places the responsibility of ensuring random number strength on end-users and also helps them understand the potential for problems.
* [https://news.ycombinator.com/item?id=37057601 Additional write-up by Greg Maxwell describing some of the extent of the damage done]
...
* [https://archive.is/TVGrU Author asserting a 32-bit non-entropic seed to a seen gen is working as intended]
The seed command is provided as a convenience for demonstrative purposes only, and should never be used to secure real bitcoin.
* [https://archive.is/BvGH7 Similar, "working as intended"]
* [https://archive.is/YlwCQ Author asserting it is all a part of a core conspiracy against him]


'''WARNING: The following is being left as-is for historical reference.'''
and was itself documented with the following warning:


== FOR HISTORICAL REFERENCE ONLY ==
Generate a pseudorandom seed.
WARNING: Pseudorandom seeding can introduce cryptographic weakness into your keys. This command is provided as a convenience.


Bitcoin Explorer (bx) is an advanced command line application that is included as part of [[Libbitcoin_Explorer|libbitcoin-explorer]]. [https://github.com/libbitcoin/libbitcoin-explorer/wiki Extensive documentation] and [https://github.com/libbitcoin/libbitcoin-explorer/wiki/Download-BX signed binaries] for Linux, OSX and Windows are available on GitHub.
Despite this documentation, it [https://milksad.info/ has been determined] that the command may have been used for live wallet seeding. Consequently the command has been removed.


==Examples==
==Examples==
Generating a new bitcoin address:
Generating a new bitcoin address:


  $ bx seed | bx ec-new | bx ec-to-public | bx ec-to-address
  $ echo [user entropy] | bx ec-new | bx ec-to-public | bx ec-to-address
  13ua8RRSxLpL5WL5cKUDepUCvJZgGWuKh7
  13ua8RRSxLpL5WL5cKUDepUCvJZgGWuKh7


Line 82: Line 76:
* [[Libbitcoin_Explorer|libbitcoin-explorer]]
* [[Libbitcoin_Explorer|libbitcoin-explorer]]
* [[SubvertX]]
* [[SubvertX]]
= WARNING USE OF THIS SOFTWARE WILL RESULT IN YOUR FUNDS BEING STOLEN =


==References==
==References==

Revision as of 17:38, 17 August 2023

Bitcoin Explorer (bx) is an advanced command line application that is included as part of libbitcoin-explorer. Extensive documentation and signed binaries for Linux, OSX and Windows are available on GitHub.

Entropy

In versions prior to 3.7.0 bx included the seed command, which was explained in the Random-Numbers topic:

With the exception of cert-new, any BX command that requires a random number obtains that value as an argument. This places the responsibility of ensuring random number strength on end-users and also helps them understand the potential for problems.
...
The seed command is provided as a convenience for demonstrative purposes only, and should never be used to secure real bitcoin.

and was itself documented with the following warning:

Generate a pseudorandom seed.
WARNING: Pseudorandom seeding can introduce cryptographic weakness into your keys. This command is provided as a convenience.

Despite this documentation, it has been determined that the command may have been used for live wallet seeding. Consequently the command has been removed.

Examples

Generating a new bitcoin address:

$ echo [user entropy] | bx ec-new | bx ec-to-public | bx ec-to-address
13ua8RRSxLpL5WL5cKUDepUCvJZgGWuKh7

Executing a blockchain query against Libbitcoin Server via ZeroMQ:

$ bx fetch-tx 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
transaction
{
    hash 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
    inputs
    {
        input
        {
            previous_output
            {
                hash 0000000000000000000000000000000000000000000000000000000000000000
                index 4294967295
            }
            script "[ 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73 ]"
            sequence 4294967295
        }
    }
    lock_time 0
    outputs
    {
        output
        {
            address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
            script "[ 04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f ] checksig"
            value 5000000000
        }
    }
    version 1
}

Decoding Satoshi's words:

$ bx base16-decode 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73 
ÿÿEThe Times 03/Jan/2009 Chancellor on brink of second bailout for banks

Posting a transaction directly to 10 nodes on the Bitcoin P2P network:

$ bx send-tx-p2p --nodes 10 0100000001b3807042c92f449bbf79b33ca59d7dfec7f4cc71096704a9c526dddf496ee0970100000069463044022039a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c202204fcc407ce9b6f719ee7d009aeb8d8d21423f400a5b871394ca32e00c26b348dd2103c40cbd64c9c608df2c9730f49b0888c4db1c436e8b2b74aead6c6afbd10428c0ffffffff01905f0100000000001976a91418c0bd8d1818f1bf99cb1df2269c645318ef7b7388ac00000000
Sent transaction at 2015-May-08 12:17:09.
Sent transaction at 2015-May-08 12:17:09.
Sent transaction at 2015-May-08 12:17:09.
Sent transaction at 2015-May-08 12:17:12.
Sent transaction at 2015-May-08 12:17:12.
Sent transaction at 2015-May-08 12:17:15.
Sent transaction at 2015-May-08 12:17:15.
Sent transaction at 2015-May-08 12:17:19.
Sent transaction at 2015-May-08 12:17:20.
Sent transaction at 2015-May-08 12:17:20.

See Also

References