// Input the password (that is the secret seed to your wallet) func getseed(seed []byte) bool { var pass [1024]byte var n int var e error var f *os.File if !*ask4pass { f, e = os.Open(PassSeedFilename) if e == nil { n, e = f.Read(pass[:]) f.Close() if n <= 0 { return false } goto calc_seed } fmt.Println("Seed file", PassSeedFilename, "not found") } fmt.Print("Enter your wallet's seed password: "******"Re-enter the seed password (to be sure): ") var pass2 [1024]byte p2len := utils.ReadPassword(pass2[:]) if p2len != n || !bytes.Equal(pass[:n], pass2[:p2len]) { utils.ClearBuffer(pass2[:p2len]) println("The two passwords you entered do not match") return false } utils.ClearBuffer(pass2[:p2len]) } // Maybe he wants to save the password? if ask_yes_no("Save the password on disk, so you won't be asked for it later?") { e = ioutil.WriteFile(PassSeedFilename, pass[:n], 0600) if e != nil { fmt.Println("WARNING: Could not save the password", e.Error()) } } } calc_seed: for i := 0; i < n; i++ { if pass[i] < ' ' || pass[i] > 126 { fmt.Println("WARNING: Your secret contains non-printable characters") break } } btc.ShaHash(pass[:n], seed) utils.ClearBuffer(pass[:n]) return true }
func do_scan_stealth(p string, ignore_prefix bool) { sa, _ := btc.NewStealthAddrFromString(p) if sa == nil { fmt.Println("Specify base58 encoded stealth address") return } if sa.Version != btc.StealthAddressVersion(common.CFG.Testnet) { fmt.Println("Incorrect version of the stealth address") return } if len(sa.SpendKeys) != 1 { fmt.Println("Currently only single spend keys are supported. This address has", len(sa.SpendKeys)) return } //fmt.Println("scankey", hex.EncodeToString(sa.ScanKey[:])) if ignore_prefix { sa.Prefix = []byte{0} fmt.Println("Ignoring Prefix inside the address") } else if len(sa.Prefix) == 0 { fmt.Println("Prefix not present in the address") } else { fmt.Println("Prefix", sa.Prefix[0], hex.EncodeToString(sa.Prefix[1:])) } ds := wallet.FetchStealthKeys() if len(ds) == 0 { return } defer func() { for i := range ds { utils.ClearBuffer(ds[i]) } }() // clear the keys in mem after all var d []byte for i := range ds { if bytes.Equal(btc.PublicFromPrivate(ds[i], true), sa.ScanKey[:]) { d = ds[i] } } if d == nil { fmt.Println("No matching secret found your wallet/stealth folder") return } var pos []*btc.TxPrevOut cs := make(map[uint64][]byte) as := make(map[uint64]*btc.BtcAddr) var ncnt uint common.BlockChain.Unspent.ScanStealth(sa, func(eth, txid []byte, vout uint32, scr []byte) bool { if len(scr) == 25 && scr[0] == 0x76 && scr[1] == 0xa9 && scr[2] == 0x14 && scr[23] == 0x88 && scr[24] == 0xac { var h160 [20]byte //yes := btc.NewUint256(txid).String()=="9cc90ff2528b49dfd9c53e5e90c98a1fd45d577af7f3a9e7a9f8a86b52fb0280" c := btc.StealthDH(eth, d) spen_exp := btc.DeriveNextPublic(sa.SpendKeys[0][:], c) btc.RimpHash(spen_exp, h160[:]) if bytes.Equal(scr[3:23], h160[:]) { po := new(btc.TxPrevOut) copy(po.Hash[:], txid) po.Vout = vout pos = append(pos, po) cs[po.UIdx()] = c as[po.UIdx()] = btc.NewAddrFromHash160(h160[:], btc.AddrVerPubkey(common.CFG.Testnet)) } ncnt++ /*fmt.Printf("%s with c=%s", btc.NewAddrFromHash160(h160[:], btc.AddrVerPubkey(common.CFG.Testnet)).String(), hex.EncodeToString(c)) fmt.Println()*/ return true } else { return false } }) fmt.Println(len(pos), "outputs, out of", ncnt, "notifications belonged to our wallet") var unsp btc.AllUnspentTx for i := range pos { po, e := common.BlockChain.Unspent.UnspentGet(pos[i]) if e != nil { println("UnspentGet:", e.Error()) println("This should not happen - please, report a bug.") println("You can probably fix it by launching the client with -rescan") os.Exit(1) } //fmt.Println(btc.NewUint256(pos[i].Hash[:]), pos[i].Vout+1, hex.EncodeToString(cs[pos[i].UIdx()])) one := &btc.OneUnspentTx{ TxPrevOut: *pos[i], Value: po.Value, MinedAt: po.BlockHeight, BtcAddr: as[pos[i].UIdx()], StealthC: cs[pos[i].UIdx()]} unsp = append(unsp, one) } sort.Sort(unsp) os.RemoveAll("balance") os.MkdirAll("balance/", 0770) utxt, _ := os.Create("balance/unspent.txt") fmt.Print(wallet.DumpBalance(unsp, utxt, true, false)) }
// Get the secret seed and generate "*keycnt" key pairs (both private and public) func make_wallet() { var lab string if *testnet { verbyte = 0x6f privver = 0xef } else { // verbyte is be zero by definition privver = 0x80 } load_others() seed_key := make([]byte, 32) if !getseed(seed_key) { os.Exit(0) } defer func() { utils.ClearBuffer(seed_key) }() if *waltype == 3 { lab = "TypC" } else if *waltype == 2 { if *type2sec != "" { d, e := hex.DecodeString(*type2sec) if e != nil { println("t2sec error:", e.Error()) os.Exit(1) } type2_secret = d } else { type2_secret = make([]byte, 20) btc.RimpHash(seed_key, type2_secret) } lab = "TypB" } else { lab = "TypA" } if *verbose { fmt.Println("Generating", *keycnt, "keys, version", verbyte, "...") } for i := uint(0); i < *keycnt; { prv_key := make([]byte, 32) if *waltype == 3 { btc.ShaHash(seed_key, prv_key) seed_key = append(seed_key, byte(i)) } else if *waltype == 2 { seed_key = btc.DeriveNextPrivate(seed_key, type2_secret) copy(prv_key, seed_key) } else { btc.ShaHash(seed_key, prv_key) copy(seed_key, prv_key) } priv_keys = append(priv_keys, prv_key) if *scankey != "" { new_stealth_address(prv_key) return } // for stealth keys if i == 0 { copy(first_seed[:], prv_key) } compressed_key = append(compressed_key, !*uncompressed) pub := btc.PublicFromPrivate(prv_key, !*uncompressed) if pub != nil { adr := btc.NewAddrFromPubkey(pub, verbyte) if *pubkey != "" && *pubkey == adr.String() { fmt.Println(adr.String(), "=>", hex.EncodeToString(pub)) return } publ_addrs = append(publ_addrs, adr) labels = append(labels, fmt.Sprint(lab, " ", i+1)) i++ } else { println("PublicFromPrivate error 3") } } if *verbose { fmt.Println("Private keys re-generated") } }
// Thanks @dabura667 - https://bitcointalk.org/index.php?topic=590349.msg6560332#msg6560332 func stealth_txout(sa *btc.StealthAddr, value uint64) (res []*btc.TxOut) { if sa.Version != btc.StealthAddressVersion(*testnet) { fmt.Println("ERROR: Unsupported version of a stealth address", sa.Version) os.Exit(1) } if len(sa.SpendKeys) != 1 { fmt.Println("ERROR: Currently only non-multisig stealth addresses are supported", len(sa.SpendKeys)) os.Exit(1) } // Make two outpus res = make([]*btc.TxOut, 2) var e, ephemkey, pkscr []byte var nonce, nonce_from uint32 var look4pref bool sha := sha256.New() // 6. create a new pub/priv keypair (lets call its pubkey "ephemkey" and privkey "e") pick_different_e: e = make([]byte, 32) rand.Read(e) defer utils.ClearBuffer(e) ephemkey = btc.PublicFromPrivate(e, true) if *verbose { fmt.Println("e", hex.EncodeToString(e)) fmt.Println("ephemkey", hex.EncodeToString(ephemkey)) } // 7. IF there is a prefix in the stealth address, brute force a nonce such // that SHA256(nonce.concate(ephemkey)) first 4 bytes are equal to the prefix. // IF NOT, then just run through the loop once and pickup a random nonce. // (probably make the while condition include "or prefix = null" or something to that nature. look4pref = len(sa.Prefix) > 0 && sa.Prefix[0] > 0 if look4pref { fmt.Print("Prefix is ", sa.Prefix[0], ":", hex.EncodeToString(sa.Prefix[1:]), " - looking for nonce...") } binary.Read(rand.Reader, binary.LittleEndian, &nonce_from) nonce = nonce_from for { binary.Write(sha, binary.LittleEndian, nonce) sha.Write(ephemkey) if sa.CheckPrefix(sha.Sum(nil)[:4]) { break } sha.Reset() nonce++ if nonce == nonce_from { fmt.Println("EOF") goto pick_different_e } if (nonce & 0xfffff) == 0 { fmt.Print(".") } } if look4pref { fmt.Println(uint32(nonce - nonce_from)) } // 8. Once you have the nonce and the ephemkey, you can create the first output, which is pkscr = make([]byte, 40) pkscr[0] = 0x6a // OP_RETURN pkscr[1] = 38 // length pkscr[2] = 0x06 // always 6 binary.LittleEndian.PutUint32(pkscr[3:7], nonce) copy(pkscr[7:40], ephemkey) res[0] = &btc.TxOut{Pk_script: pkscr} // 9. Now use ECC multiplication to calculate e*Q where Q = scan_pubkey // an e = privkey to ephemkey and then hash it. c := btc.StealthDH(sa.ScanKey[:], e) if *verbose { fmt.Println("c", hex.EncodeToString(c)) } // 10. That hash is now "c". use ECC multiplication and addition to // calculate D + (c*G) where D = spend_pubkey, and G is the reference // point for secp256k1. This will give you a new pubkey. (we'll call it D') Dpr := btc.DeriveNextPublic(sa.SpendKeys[0][:], c) if *verbose { fmt.Println("Dpr", hex.EncodeToString(Dpr)) } // 11. Create a normal P2KH output spending to D' as public key. adr := btc.NewAddrFromPubkey(Dpr, btc.AddrVerPubkey(*testnet)) res[1] = &btc.TxOut{Value: value, Pk_script: adr.OutScript()} fmt.Println("Sending to stealth", adr.String()) return }