Developer Contact Information
Application: BTCDetect — Advanced Bitcoin Wallet Exploitation Tool
Developer: Gunther Zoeir
Email: gunther@zoeir.com
GitHub: github.com/zoeir
Youtube: youtube.com/@zoeirr
Google Colab: colab.research.google.com
BTCDetect Exploitation Process
1. MT19937 State Reconstruction: The attacker captures PRNG outputs and reconstructs all 624 internal states of Mersenne Twister using observed values.
2. Timestamp-based Seed Enumeration: By iterating all possible UNIX timestamps (or ranges), seeds used for MT19937 initialization are identified.
3. BIP39 Mnemonic Generation from Weak Entropy: Once the original seed is found, attacker generates vulnerable BIP39 mnemonics using MT19937 output.
4. BIP32/BIP44 HD Wallet Derivation: Vulnerable BIP39 mnemonic is used to derive hierarchical deterministic Bitcoin wallets (BIP32/BIP44).
5. ECDSA Private Key Extraction: Derived keys are converted to ECDSA private keys for Bitcoin, enabling address control.
6. Bitcoin Address Generation & Verification: BTCDetect verifies wallet addresses, confirming attacker access and risk to funds.
7. Responsible Disclosure & Education: The tool is provided for research and educational demonstration only; users must migrate vulnerable assets and apply mitigation (secure entropy, patched tools).
Disclaimer: This application demonstrates CVE-2023-39910 vulnerability affecting Libbitcoin Explorer and dependent tools, presenting the RingSide Replay Attack methodology. For research use only.