Big money for everyone? You just need to recover the password for the zip archive. Is it that simple ??

By bestdaro | Crypto-My-News | 10 Aug 2020

Check your abilities, is an expert needed, or maybe YOU could do it ???

 Some history...

 I forgot my password for the ZIP archive. This did not prevent experts from recovering USD 300,000 worth of BTC from it… How was this done?

 Last week at the DEFCON conference, Pyrofex CTO Michael Stay shared shared how he helped recover private keys to BTC worth over $ 300,000.

 The keys were locked in a zip archive. Stay was entrusted with the task of retrieving them.

$ 100,000 to recover $ 300,000 worth of BTC ... mission Impossible ??


 A certain "The Guy" is a Russian citizen who, after reading ZIP Attacks with Reduced Known Plaintext by Michael Stay, asked him to try to regain access to his bitcoins in October last year.

 The Guy bought USD 10,000 BTC in 2016. Soon after, he forgot the password for the encrypted ZIP archive where he hid his private keys. He spoke to Slay via LinkedIn last October:

"If we can find the password successfully, thank you," wrote "The Guy" to Stay.

After a preliminary analysis of the problem, Stay announced his price . He demanded $ 100,000 for regaining access to the encrypted archive. The Guy agreed to the offer. There was none, inside were bitcoins worth more than $ 300,000 at the time!

Narrowing the Possibilities of Accessing "Trillions"


 The zip file used by the Russian used ZIP 2.0 Legacy encryption. And although the cipher was designed by an "amateur cryptographer" decades ago, it could not be accessed with ordinary tools.

 That's why Stay and his company gave this engagement such high value. Stay's team claimed that it was also dictated by the fact that The Guy had minimal information to facilitate the task.

 The Guy only knew that he had encrypted the private keys with a zip. He knew the software version. He also had a timestamp from the day the file was created.

 With this knowledge, Stay set to work. It started out by narrowing the encryption password / key down to the order of "trillions".

Breakthrough and failure


 Stay has teamed up with the director general Pyrofex, Nash Foster, to "implement the code and run it cryptanalysis processor GPU general purpose Nvidia Tesla".

 This, according to Stay, helped greatly in perfecting the attack on the archive. It also helped to reduce the time it took to access the file. As Foster said:

Mike was able to do a more effective job with cryptanalysis, so we spent more time developing the attack, but then we only had to play it for about a week. This saved the guy a lot of money in infrastructure costs. Ten years ago, it could not have been done without building special equipment, and the cost would likely exceed its BTC value.

 Michael and Nathan had to work with "encrypted" headers "or file information notes as The Guy didn't quite trust them about the contents of the file. Eventually they could steal his BTC after cracking the zip.

 10 days passed and the attack failed. "The Guy" was already nervous, the price of bitcoin was falling ...

Finally succeeded…


 Michael Stay reviewed the process so far, hoping to find an anomaly, and came up with the idea to calculate a number or seed "as a starting point for the random number generator used in the cryptographic scheme."

 Additionally, The Guy scoured the test data and found that "the GPU did not process the correct password the first time." The Pyrofex duo solved the problem and resumed their attack with the Stay alternative method

 Eventually they got inside and recovered the private keys to BTC.

 Infrastructure costs reached a modest $ 6,000-7,000 as opposed to the initially reported $ 100,000. Ultimately, The Guy paid Pyrofex $ 25,000 for their work. Commenting on the success of the task entrusted, Foster said:

 Such projects are just completely unusual. If the details of his situation were different, if he had used a slightly newer version of the zip, it would have been impossible. But in this particular case, there was something we could do.

 

Finally, the question is asked again ...?
If We have so many free programs for recovering passwords from the archive on the Internet,

Do you think it was really a mission only for an expert?

Bitcoin (BTC) Hack hacking Free Money password security

How do you rate this article?

3
bestdaro
bestdaro

Hi. I am a Polish man who wanted to have so many cryptocurrencies to buy a Mustang... lol

Crypto-My-News
Crypto-My-News

briefly and to the point in news from the world of Crypto

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
How Fear of Piracy [Destroyed] a 20-Year Tech Lead How Fear of Piracy [Destroyed] a 20-Year Tech Lead
scamtester94

scamtester94

23 hours ago
3 minute read

$TEA Goes Live June 4: tea Launches Mainnet With Trading on Aerodrome, MEXC, Gate, and KuCoin $TEA Goes Live June 4: tea Launches Mainnet With Trading on Aerodrome, MEXC, Gate, and KuCoin
Blockman PR

Blockman PR

7 hours ago
3 minute read

Openclaw Users Leveraging Brave Browsers Search API Openclaw Users Leveraging Brave Browsers Search API
Cje95

Cje95

23 hours ago
2 minute read