Didn't see a thread here for some odd reason so I decided to make one. As many people as possible should be digging into this, there's a massive pot of gold at the end of the rainbow. Stay safe out there, Buckaroos.
SALTS: insurance.aes256 DE 18 1B 73 EF F3 5E 39 DA wlinsurance-20130815-A.aes256 0F 0B DA 00 F0 35 9A 0F C8 wlinsurance-20130815-B.aes256 AB C2 04 75 6B AB 85 BE 30 wlinsurance-20130815-C.aes256 73 6B 46 4C 2F 84 9A C2 A4
Download the following transactions with Satoshi Nakamoto's download tool which can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc Free speech and free enterprise! Thank you Satoshi!"
DECODING FILES: A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
Once it is done you will be able to see a pdf was generated in that directory.
Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
If you do python jean.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
You will get a key that was leaked.
Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again. This is the process of 'following the change'.
Using this method we've found several transactions that involve Wikileaks that we don't quite understand. One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.
Some of them are: 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635 cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c 2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df 657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1 05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db 623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be 5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
Levi Gomez
Many OP_RETURNs and all on the 10/16/2016 within a period of a few hours. I have not had the chance to investigate further.
Adrian Powell
>Every single file has a hex file header. You can see a list of some here: garykessler.net/library/file_sigs.html and here file-extension.net/seeker/seeker.cgi?ext=&filetype_AND=pgp&filetype_OR=&filetype_NOT=&seek=Seek! However, this is not the entire list. The lists 'trid' and 'file' use are not complete either. Yet, you don't even need these lists. You can simply look at any file of a type you are interested in finding. Yes, any. Open it with a hex editor and look at the file header. If you want to find a zip file, just download any zipfile, look at the header with a hex editor and then search for it. The headers are not going to always be at the beginning of the file. Scan the entire file for headers and footers.
>Yes footers. Files also have footers! You can find the ending of a file by looking for its hex footer. Here are some examples: datadoctor.biz/data_recovery_programming_book_chapter14-page2.html Again, this is not a complete list. If you want to see what the footer of a file looks like, open one with a hex editor.
This program reads through every file named blk*.dat in the folder to point it at and parses it. It creates an sqlite3 database with the following schema:
CREATE TABLE BLOCK(" "ID INT PRIMARY KEY NOT NULL," "PREV CHAR(64) NOT NULL," "MERKLE CHAR(64) NOT NULL," "HASH CHAR(64) NOT NULL," "NUM INT ," "BITS INT NOT NULL," "NONCE INT NOT NULL," "TIME INT NOT NULL);";
Block header info, including the computed double SHA256 hash for the block. PREV is previous block hash, MERKLE is the merkle root hash, HASH is this block's hash. The other fields are miscellaneous.
"CREATE TABLE TX(" "ID INT PRIMARY KEY NOT NULL," "HASH CHAR(64) NOT NULL," "FILE TEXT NOT NULL," "OFFSET INT NOT NULL);";
Transaction header. HASH is this transaction's SHA double hash. FILE is the .DAT file's ID that it came from (See the FILE table below to get the file's name) OFFSET is the offset in the file it came from.
Ryan Wright
HOW TO GET THE KEYS (AND MORE) FROM THE BLOCKCHAIN:
The goal is to make very simple code that is easy to use and understand so that everyone can do this. This is a rough explanation of how it works.
There are two main approaches users are taking to decode messages in the blockchain. Scanning transactions, let's call this 'tx scanning', and scanning blocks, let's call this 'block scanning'. The main reason users are not yet able to see meaningful content is because both approaches have to be combined.
TX SCANNING: When you scan by transactions, you look for a transaction number (tx id), and decode its contents. When you know the tx id, you can easily see which wallets were involved. Some messages require you to combine the decoded data from multiple tx ids. You can identify which tx ids are relevant by looking at transaction histories of the wallets involved. This strategy is used for the 'Cablegate Backup'. In that case, the list of tx ids is directly told to the readers in the first message. However, you can compile this list on your own by 'tx crawling'. To do this, follow these steps: . For each tx, look at the wallets that received money and find those that spend it (in this case it is only one per tx). . For that wallet, look at its transaction history and find a transaction that follows a similar pattern, i.e., it involves multiple wallets and only one spends the funds. . Continue doing this until you are not able to see the pattern repeat itself.
BLOCK SCANNING: When you scan by block, you will be able to find encoded data more easily but it is harder to extract the tx id and wallets. One benefit of block scanning is that you can explicitly search for file headers and important strings. For example you can directly search for the magic numbers in GPG files. When you find one of these, you can then tx crawl from that starting point in order to get all pieces of the file. More concretely, if you want to find the Cablegate Backup with a block scanner, you could search for the magic number of Zip files. Then, when one is found, you can find the tx id that contains it, and finally tx crawl to get all the pieces. Yet, file headers are just one of the many other patterns that can be used to find important transactions. Examples of others are: . Magic numbers: Look for the first bytes in different types of file. 'file' can be used in UNIX. . Ability to compress: Compress the decoded output. If the size is reduced, the output is possibly a message or part of a file. . Text: If the decoded output has text, it might have information. . Keywords (Very important): Search for relevant keywords, e.g., checksums for files in Wikileaks.org, checksums for the insurance files, hashes, dates, names, time stamps, etc. . Reversibility: Some messages are in reverse and need to be flipped. This should be tried both before and after decoding.
Henry Anderson
Both scanners have to be used. The starting points for the searches should be Wikileak's wallet, important dates (for example, during the DDoS attacks), previous messages and checksum hashes. The Cablegate Backup was a bit simpler than the more recent messages. In that case, only one wallet spent the funds in each transaction, and simply looking at wallet's next transaction was enough to find all the pieces. Newer messages are bit more complicated. Some of the wallets that receive money make multiple transactions with no encoded data before proceeding with the 'real' transaction. Moreover, in a lot of cases, all wallets involved spend the funds (not just one). Therefore, the crawler has to keep track of all wallets that receive funds, and all future transactions of that wallet while using techniques (like those above) to detect encoded data. A transaction tree should be kept and the pieces of each files should be combined in multiple orderings.
If you implement the process described above you will find all the keys, other backups and other files that are not released. One way to test your code is to search for checksum hashes for files that have already been published at a specific date. There are multiple messages in the blockchain that include file hashes and dates. [/spoiler]Use the leads in this thread.[/spoiler]
I recommend you use a local copy of the blockchain and carry out the search on a computer that has no internet access. Work in groups and share the process. Remember to look at other cryptocurrencies as well and to encode your findings into the blockchain yourself.
Good luck!
Grayson Lopez
...
Aaron Flores
Dammit Holla Forums meme magic strikes again
Gabriel Wilson
Now that's an image I haven't seen in a long time. A long time.
Joseph Cox
wat
This is intriguing but can you break this down for anons. What am I looking at? What does this do? Can you give examples of what this will find exactly?
Will bump for answers.
Robert Sullivan
Bump
Jordan Fisher
Basically it's a way to trace for the key to unlock the big ass insurance file wikileaks put out. The pot of gold at the end of the rainbow is all the evidence needed to crash this plane with no survivors.
Evan Jackson
This sounds legal, I'm on board. :^)
Joshua Hall
tbh fam, I think hate/pol/ is generally lacking in techpriests. This is a psyker board.
Juan Green
Actual NSA referral links
Chase Mitchell
...
Jace Morales
Then I'll bump. I wish I had the skills to contribute, this looks like an amazing treasure trove of goodies. Like said, we would be ready to blast what was found but we're not all the kind of people to do this sort of thing. I hope you are passing this around to further boards, especially where the technically adept are more likely to frequent.
Tyler Phillips
lol woops forgot to turn off sage, here's the real bump
Ryan Nelson
It's all legal my friend.
Jeremiah Gutierrez
Checked and bumped because this looks like the happening we've been praying for. Archived.
Ayden Carter
because apparently was a faggot and didn't archive, here it is: archive.fo/e5LIe
John Morgan
looks promising.
BIPPITY BUMP
James Gomez
Bump, many retarded threads got bumped since this one appeared.
William Lewis
Requesting source, OP
to page 1 with you
Brandon Russell
You're going to need to provide some proof or at least results first.
Andrew Stewart
Could this be what fbi user meant by follow the money?
Elijah Cox
This is way above my paygrade but seems promising so here's a bump of encouragement and well wishes.
Noah Davis
wonder if the CF has any bitcoin transactions we could find.
Robert Stewart
Guys stop LARPing as Nazis and fellating Trump and keep this bumped. 4chan's Holla Forums is getting this more progress and attention than you autists.
Try to get Holla Forums on this too. Monitor the halfchan threads.
Brayden Wilson
...
Adrian Torres
You're not going to get past aes256
Lucas Hall
Reads like a Tom Clancy novel. Will bump because this would have bigger payoff than anything else on Holla Forums right now. Also, if true, we should notice these threads getting deleted and/or 8ch going down.
Will be monitoring for happenings.
David Ward
bump for interest
Samuel Jackson
I had a really hard time archiving this last night. Archive.is 404'd it the first time I tried, then I tried to print to PDF and I couldnt't (?!) so I screenshotted everything. After that I managed to archive it, and then 8ch went down and I got spooked and meditated until I fell asleep.
Jack Edwards
pol is very much a psyker board, which hypothetically means that if we were to learn technology we could become wh40k style techpriests.
Thomas Brown
shoo, shill. we're not tethered by the limits of the possible anymore
Jayden Perry
bump for justice
Juan Kelly
bumpstigation how many bumps until this thing is solved?
Oliver Hall
Am I the only one who has no idea what is going on in this thread? I don't understand 90% of the instructions or terms. Are you all trying to find the password to unlock the wikileaks insurance file or something?
If so, god speed. I sure as hell can't help. My brain feels exactly the same way it does when I have had the unfortunate experience of watching one of the crocheting tutorials my girlfriend uses to learn how to make certain patterns. I can't even understand what the fuck is going on.
Owen Russell
I love you Holla Forums but 85% of you are tech illiterate as fuck.
Aaron Harris
It's not just you. Someone said it's like finding a needle in a haystack, but to me it's like finding a needle in a stack of needles with needles in my eyes.
Ian Hernandez
kek about crocheting. I have no idea either. I don't even know what bump is or how to do it? Does it just mean to post something to keep this post alive? Well here goes . . .
BUMP! :D
Matthew Foster
how many bumps left? are we there yet?
Cooper Sanchez
Stop posting
Logan Jenkins
Install linux, go to internet, learn
What is there to contribute. Everything is there already IF you want to learn.
This board is often insanely retarded when it comes to tech.
Camden Cox
Stop posting
Aaron Flores
...
Grayson Ward
interesting. I will give this one bump and one bump only because this looks a lot like the umpteen other threads that were like this and were horseshit.
Luis Robinson
install Gentoo
FTFY
Jace Johnson
I don't know shit about this but bumping in case someone knows.
OP should post on other tech and hacking boards though
Nicholas Roberts
No thank you. Do you anything specific you want to learn about, or do you just expect courses for things you don't even know you need? Everything is already available.
And yes, this board is often absolutely retarded when it comes to tech. One example would be the peerblock retardation that pops up every time there's a hot new topic to dig on.
Christopher Ward
bamp
Easton Brooks
What dos all this shit mean?
What are the salt codes and what am I supposed to do with them?
What are "insurance snippets"? If they are only pieces of a file, what good is a piece of an encrypted file when you need the whole thing to decrypt it?
Why are there multiple insurance files? And if the rumor is that wikileaks is compromised, why are all of the files hosted on wikileaks?
What's all the rest of the shit for? Same question for every section. There's a name and a longass hex number, what the fuck am I supposed to do with this?
Dominic Martin
The great thing about python is you can just open the source code and examine it. If anything looks fucky to you, let us all know but I looked at the scripts he enclosed and saw nothing fucky.
Joseph Cooper
If you can decrypt the first 256 bytes of a file, you can decrypt the whole thing. It's just that testing goes over much quicker on a snipped as opposed to trying the full file.
Also, bumping this.
Hint we've collected over the past days:
Look at other coins apart from bitcoin. Especially Dogecoin and Namecoin seem to be interesting, as they have received a lot more transaction than normal on the days in question
