UBF -- The Ultimate Bitmessage Forum

User info

Welcome, Guest! Please login or register.

You are here » UBF -- The Ultimate Bitmessage Forum » privacy & anti-NSA » download files from the bitcoin blockchain

download files from the bitcoin blockchain

Page: 1
Post reply

Posts 1 to 6 of 6

1

  • Posted by: UBF4
  • Member

https://anarplex.net/webirc/?channels=#WikiLeaks

WikiLeaks investigation BUNKER

download files from the bitcoin blockchain


http://bm6hsivrmdnxmw2f.onion.to/chan/wikileaks

                                                           Quick blockchain tutorial

1.   Decoding one transaction:

   
    downld -->               https://gist.github.com/anonymous/063ad … e44304e4b3

    Download http://gateway.glop.me/ipfs/QmSU67Ei3Te … 9V/jean.py

    or http://gateway.glop.me/ipfs/QmburFHeUtM … /jean_b.py

   
   

    Usage:

    python jean.py transaction_number

    Example:

python3 ./jean-p3.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a


    python jean.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

    Returns:

    "Wikileaks Cablegate Backup

    cablegate-201012041811.7z

    Download the following transactions with Satoshi Nakamoto's download tool
    which can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
    Free speech and free enterprise! Thank you Satoshi!"

      ... etc ...

     
     

2.     Downloading a transaction that generates a file:

    A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.

   
    python3 ./jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf

   
   
    python jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf

    Once it is done you will be able to see a pdf was generated in that directory.
   
   
   
   
   
   

    Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.

    For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d6 … e975c588bd

    If you do

    python3 jean.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

    You will get a key that was leaked.

   
   
   
    Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again.

    Using this method we've found several transactions that involve Wikileaks that we don't quite understand. One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.

   
   
   
    Some of them are:

    7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c      GPG symmetrically encrypted data (CAST5 cipher)

    d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635

    cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c

    2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df

    657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1

    05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db

    623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be

    5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
   
   
   
   
   

    Testing the file type again with the Bitcoin paper transaction.  If you do

    python jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output

    and then do,

    file -b output

    You will get:            PDF document, version 1.4

   
    For:

    python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output

    file -b output

    you should get :         GPG symmetrically encrypted data (CAST5 cipher)


3.    Merging multiple transactions into one file:

    Download
    http://gateway.glop.me/ipfs/QmafUK8hYKz … d/jean2.py

    and
    http://gateway.glop.me/ipfs/QmY7D4bgMtq … x_list.txt

   
   
   
   
    Then do

    python jean2.py tx_list.txt > cables.zip

   
   
    you will get a zipfile with the cables  , 2.5 MB of size   -     or 0 bytes output, server error, if your firewall troubles 'curl'

   
   
   
From: http://8ch.net/tech/res/679042.html

Last edited by UBF4 (Nov 20 2016 21:19)

2

  • Posted by: UBF4
  • Member

# New script block-opreturn-finder.py to store OP_RETURN's in SQLite Database (might be easier to browse).

'''
Usage:

python block-opreturn-finder.py blocks FROM TO
... where FROM is a block number and TO is a block number

e.g.

python block-opreturn-finder.py blocks 434300 435800

'''

import sys, getopt
import json
import pycurl
import struct
import cStringIO
import pprint;
import jsonrpclib
import subprocess;
import os;
import sqlite3;
from binascii import unhexlify, crc32

rpcserver = "http://username:password@localhost:8332"
sqlitedb = "OP_RETURN.db"

server = jsonrpclib.Server(rpcserver)

# Setup SQLiteDb
dbconn = sqlite3.connect(sqlitedb)

c = dbconn.cursor()

# Create table
c.execute('''CREATE TABLE IF NOT EXISTS op_returns (block int, tx text, op_return text)''')

def decode_transaction(transaction, block = 0):
    "Decodes an individual transaction"

    try:
        rawTx = server.getrawtransaction(transaction)
        tx = server.decoderawtransaction(rawTx)

        data = b''
        for txout in tx['vout']:
            if "OP_RETURN" in txout['scriptPubKey']['asm']:
              for op in txout['scriptPubKey']['asm'].split(' '):
                  if not op.startswith('OP_'):
                      print(transaction+": contains OP_RETURN")
                      data = unhexlify(op.encode('utf8'))
                      c.execute("INSERT INTO op_returns VALUES (?, ?, ?)", (block, transaction, buffer(data)))
                      dbconn.commit()
   
    except Exception, e:
        print(jsonrpclib.history.request)
        print(str(e))
       
    return

def get_transactions_for_block(block_number):
    "Gets the transactions for a given block"
    print("Checking block: "+str(block_number))
    hash = server.getblockhash(block_number)
    block = server.getblock(hash)
    for transaction in block["tx"]:
        decode_transaction(transaction, block_number)
    return

type = sys.argv[1]

if type == 'transactions':
    transaction = sys.argv[2]
    decode_transaction(transaction)

elif type == 'blocks':
    print("Blockchain length: " + str(server.getblockcount()))
    start = int(sys.argv[2])
    end = int(sys.argv[3])
    for block in range(start, end):
        get_transactions_for_block(block)

dbconn.close()

Last edited by UBF4 (Nov 21 2016 08:49)

3

  • Posted by: UBF4
  • Member

https://pad.riseup.net/p/WEAREPHASE3

etherpad phase III.

4

  • Posted by: UBF4
  • Member

all pgms in one zip

5

  • Posted by: alternate jeanY dwnloader
  • Guest

import sys
import urllib2 
import commands
import struct
from   binascii import unhexlify, crc32

'''
# usage, python script.py address              download files from blockchain , block # is param 1 -- e. g.          for  a pdf file

https://codepaste.net/wd5pve#

UBF : 

'''

addr = str(sys.argv[1])

def txdecode(transaction):

    data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
    dataout = b''
    atoutput = False

    for line in data:
            if 'Output Scripts' in line:
                atoutput = True
            if '</table>' in line:
                atoutput = False
            if atoutput:
                if len(line) > 100:
                    chunks = line.split(' ')
                    for c in chunks:
                        if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                            dataout += unhexlify(c.encode('utf8'))

    length   = struct.unpack('<L', dataout[0:4])[0]
    checksum = struct.unpack('<L', dataout[4:8])[0]
    dataout  =                     dataout[8:8+length]

    return dataout

print 'Reading '+addr+"'s transactions..."

startatpage = 0  #27
offset = startatpage*50

data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")

pagecalc = offset/50
if pagecalc == 0:
    pagecalc = 1
if offset >= 50:
    offset -= 50
page = pagecalc
files = 0
keep_reading = True
tx_list = []
f = open('dataout/'+addr+"_tx_list.txt", 'w')

while (keep_reading):
    tx_exist = False

    if keep_reading:
        print 'Page', page, '...'
        data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")
    for line in data:
        chunks = line.split('><')
        if 'hash-link' in line:
            tx_exist = True
            ll = chunks[4].split(' ')
            if len(ll) == 1:
                print("To be continued...")
                continue
            lll = ll[2][10:10+64]
            date1 = ll[4].split('>')[1]           
            date2 = ll[5].split('<')[0]
            print date1, date2
            if len(ll) == 1:
                continue
            print lll
            f.write(str(lll)+'\n')
           
            decoded_data = txdecode(str(lll))
            fd = open('dataout/'+str(lll),"wb")
            fd.write(decoded_data)
            fd.close()

            status, output = commands.getstatusoutput("dataout/trid dataout/"+str(lll))
            if 'Unknown!' not in output:

                ff = open('dataout/'+addr+"_file_tx_list.txt", 'a')
                files += 1
                outputlines = output.split('\n')
                for i in range(6,len(outputlines)):
                    print outputlines[i]
                ff.write(str(lll)+' '+outputlines[1]+' '+date1+' '+date2+'\n')
                ff.close()

    page += 1
    offset += 50
    if tx_exist == False:
        keep_reading = False

print len(tx_list), 'transactions found'
print files,        'file headers found'
print               'List saved in file',             addr+"_tx_list.txt"
print               'Txs with file headers saved in', addr+"_file_tx_list.txt"
f.close()

6

  • Posted by: jeanY is crap
  • Guest

shit doesnt work here

Post reply
Page: 1

You are here » UBF -- The Ultimate Bitmessage Forum » privacy & anti-NSA » download files from the bitcoin blockchain