-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfeed.json
355 lines (355 loc) · 82.1 KB
/
feed.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
{
"version": "https://jsonfeed.org/version/1",
"title": "anubitux.org",
"description": "",
"home_page_url": "https://anubitux.org",
"feed_url": "https://anubitux.org/feed.json",
"user_comment": "",
"icon": "https://anubitux.org/media/website/AnubituxLogo2_nobg2.png",
"author": {
"name": "AnuBitux"
},
"items": [
{
"id": "https://anubitux.org/blind-protocol-and-mnemonic-seeds/",
"url": "https://anubitux.org/blind-protocol-and-mnemonic-seeds/",
"title": "Blind protocol and mnemonic seeds",
"summary": "In a previous post, we illustrated our Blind Protocol, which allows two operators to create a paper wallet splitting the private key so that nobody…",
"content_html": "<p>In a previous <a href=\"https://anubitux.org/blind-protocol-for-crypto-wallet-generation/\" target=\"_blank\" rel=\"noopener noreferrer\">post</a>, we illustrated our <a href=\"https://github.com/ASeriousMister/BlindGen\" target=\"_blank\" rel=\"noopener noreferrer\">Blind Protocol</a>, which allows two operators to create a paper wallet splitting the private key so that nobody has access to it and it is not shown before the need to spend the funds. </p>\n<p>In some cases, it is definitely more useful to have the private key stored in the form of a BIP39 mnemonic seed, since it can be used easily with most of the nowadays clients. So we developed <a href=\"https://github.com/ASeriousMister/BlindMnemonic\" target=\"_blank\" rel=\"noopener noreferrer\">BlindMnemonic</a>, a new tool with the same approach, which generates two parts of a mnemonic seed and provides some deposit addresses, so that it is possible to receive funds with no one having access to the whole mneminic seed.</p>\n<h3>How to use the tool</h3>\n<p>Also this tool requires two different operators, each one obtaining a part of the mnemonic seed.</p>\n<p class=\"msg msg--warning\">In real case scenarios, don't forget to use the \"Offline\" button on the desktop to disable all the network interfaces and prevent any data leakage.</p>\n<p>When starting the tool, it is possible to specify if we prefer a 12 or 24 words mnemonic seed phrase. We knoe It is also possible to have valid mnemonic phrases with other lenghts, but 12 and 24 are the most used out there.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind1.png\" alt=\"\" width=\"450\" height=\"187\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind1-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind1-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind1-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind1-lg.png 1024w\"></figure>\n<p>Once we have choses the lenght of our mnemonic seed, the two operators have to type some random words in the proper text box.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind2.png\" alt=\"\" width=\"450\" height=\"184\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind2-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind2-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind2-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind2-lg.png 1024w\"></figure>\n<p class=\"msg msg--info\">It is important to know that this step is totally not deterministic and the provided words are only part of the entropy used during the seed generation process so, even providing the same words, it is not possible to obtain the same mnemonic seed phrase.</p>\n<p>When clicking on the \"Generat first words\" button, the tool automatically generates a pdf file containing the first part of the mnemonic seed phrase.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind3-2.png\" alt=\"\" width=\"630\" height=\"443\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind3-2-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind3-2-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind3-2-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind3-2-lg.png 1024w\"></figure>\n<p>By clicking on the other button, the pdf file will be irremediably deleted so it is important to save it in this stage of the process. Then the second operator is supposed to do the same, inserting other random words and obtaining another pdf file containing the remaining part of the mnemonic seed phrase.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind4-2.png\" alt=\"\" width=\"630\" height=\"441\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind4-2-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind4-2-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind4-2-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind4-2-lg.png 1024w\"></figure>\n<p>In the last step the tool allows to choose among several types of public address to receive the transfers. This capability is helpful to avoid to put the mnemonic seed phrase into some kind of client to obtain the related public addresses.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind5.png\" alt=\"\" width=\"450\" height=\"179\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind5-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind5-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind5-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind5-lg.png 1024w\"></figure>\n<p>In our example we are choosing to obtain Bitcoin public addresses and the tool is automatically providing a <em>.pdf</em> file with the public address and the corresponding QR code.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind6.png\" alt=\"\" width=\"600\" height=\"481\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind6-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind6-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind6-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind6-lg.png 1024w\"></figure>\n<h3>Verifying the tool</h3>\n<p>To confirm that the mnemonic seed phrase we obtained running the tool is working properly we can check it using Ian Coleman's BIP39 tool.</p>\n<p class=\"msg msg--highlight \">This is supposed to be done only while testing the tool, since the tool was designed to never put together the two parts of the mnemonic seed phrase. </p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/blind7.png\" alt=\"\" width=\"630\" height=\"607\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/blind7-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/blind7-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/blind7-md.png 768w ,https://anubitux.org/media/posts/75/responsive/blind7-lg.png 1024w\"></figure>\n<p> </p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/75/buybeer-md.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/75/responsive/buybeer-md-xs.png 300w ,https://anubitux.org/media/posts/75/responsive/buybeer-md-sm.png 480w ,https://anubitux.org/media/posts/75/responsive/buybeer-md-md.png 768w ,https://anubitux.org/media/posts/75/responsive/buybeer-md-lg.png 1024w\"></figure></a></p>",
"image": "https://anubitux.org/media/posts/75/BlindMnem.jpg",
"author": {
"name": "AnuBitux"
},
"tags": [
"wallet",
"tutorial",
"tools",
"tool",
"python",
"private key",
"print",
"paper wallet",
"opsec",
"offline",
"live",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"linux",
"howto",
"distro for cryptocurrencies",
"distro for crypto",
"distro for bitcoin",
"distro",
"debian",
"cryptocurrency",
"crypto",
"bitcoin",
"bip39",
"anubitux"
],
"date_published": "2024-11-24T18:12:00+01:00",
"date_modified": "2024-11-24T18:12:00+01:00"
},
{
"id": "https://anubitux.org/bequest/",
"url": "https://anubitux.org/bequest/",
"title": "How to share information with third parties in a simple and safe way",
"summary": "It might happen that we want to share some kind of information with a third party without the need to writing down the information in…",
"content_html": "<p>It might happen that we want to share some kind of information with a third party without the need to writing down the information in clear text and without requiring the other party to get used to some encryption method. For this purpose we developed <a href=\"https://github.com/ASeriousMister/Bequest\" target=\"_blank\" rel=\"noopener noreferrer\">Bequest</a>, a tool that encrypts some text using an arbitrary key phrase and stores the encrypted text in a series of QR codes. With this tool the party that needs to access the secret information only has to remember the phrase that was used in the encryption process.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77//beq1.png\" alt=\"\" width=\"521\" height=\"516\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77//responsive/beq1-xs.png 300w ,https://anubitux.org/media/posts/77//responsive/beq1-sm.png 480w ,https://anubitux.org/media/posts/77//responsive/beq1-md.png 768w ,https://anubitux.org/media/posts/77//responsive/beq1-lg.png 1024w\"></figure>\n<h2>How to encrypt some text</h2>\n<p>To encrypt some text, we simply have to:</p>\n<ul>\n<li>write some text in the bigger box;</li>\n<li>chose an encryption phrase and write it in the second box. It should be some kind of notable sentence that is easy to remember for who has to access the encrypted information, so that there is no need to write it down;</li>\n<li>select a folder where to save the QR codes containing the encrypted text;</li>\n<li>click on the \"Encrypt\" button.</li>\n</ul>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77/beq2-2.png\" alt=\"\" width=\"513\" height=\"511\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77/responsive/beq2-2-xs.png 300w ,https://anubitux.org/media/posts/77/responsive/beq2-2-sm.png 480w ,https://anubitux.org/media/posts/77/responsive/beq2-2-md.png 768w ,https://anubitux.org/media/posts/77/responsive/beq2-2-lg.png 1024w\"></figure>\n<p>Once done, we will obtain some QR codes that we can store in the way that better fits our needs, lime putting them on some encrypted device or saving them on paper, maybe in plain sight on something that usually has QR codes like a boarding pass.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77/beq3-2.png\" alt=\"\" width=\"800\" height=\"800\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77/responsive/beq3-2-xs.png 300w ,https://anubitux.org/media/posts/77/responsive/beq3-2-sm.png 480w ,https://anubitux.org/media/posts/77/responsive/beq3-2-md.png 768w ,https://anubitux.org/media/posts/77/responsive/beq3-2-lg.png 1024w\"></figure>\n<h2>How to decrypt the QR codes</h2>\n<p>To decrypt the QR codes it is enough to read them using some tool, like QtQR.</p>\n<p class=\"msg msg--info\">In some cases, especially with some special character, we noticed that QtQR or CoBang are not reading QR codes properly but smartphones are. So it is advised to use smartphones in case QR codes seem not to work.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77/beq4-2.png\" alt=\"\" width=\"700\" height=\"469\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77/responsive/beq4-2-xs.png 300w ,https://anubitux.org/media/posts/77/responsive/beq4-2-sm.png 480w ,https://anubitux.org/media/posts/77/responsive/beq4-2-md.png 768w ,https://anubitux.org/media/posts/77/responsive/beq4-2-lg.png 1024w\"></figure>\n<p>The text has the to be copied and pasted in the bigger box of the Bequest tool. Then it can be decrypted by providing the same encryption phrase and clicking o the \"Decrypt\" button.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77/beq5.png\" alt=\"\" width=\"500\" height=\"505\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77/responsive/beq5-xs.png 300w ,https://anubitux.org/media/posts/77/responsive/beq5-sm.png 480w ,https://anubitux.org/media/posts/77/responsive/beq5-md.png 768w ,https://anubitux.org/media/posts/77/responsive/beq5-lg.png 1024w\"></figure>\n<p>Once done, we will find the output.txt file in the selected folder.</p>\n<h2><figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77/beq6.png\" alt=\"\" width=\"600\" height=\"309\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77/responsive/beq6-xs.png 300w ,https://anubitux.org/media/posts/77/responsive/beq6-sm.png 480w ,https://anubitux.org/media/posts/77/responsive/beq6-md.png 768w ,https://anubitux.org/media/posts/77/responsive/beq6-lg.png 1024w\"></figure></h2>\n<h2>Recommendations</h2>\n<p>It is recommended to always check if the QR codes are storing the correct text and if the tool is able to decrypt it in the proper way. In case something goes wrong, it is probably due to some temporary issue or to some special characted that is not handled correctly. If so, we recommend to try again, maybe changing your text and <a href=\"https://anubitux.org/meet-the-anubitux-project/\" target=\"_blank\" rel=\"noopener noreferrer\">reporting the issue to us</a>.</p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/77/buybeer-md.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/77/responsive/buybeer-md-xs.png 300w ,https://anubitux.org/media/posts/77/responsive/buybeer-md-sm.png 480w ,https://anubitux.org/media/posts/77/responsive/buybeer-md-md.png 768w ,https://anubitux.org/media/posts/77/responsive/buybeer-md-lg.png 1024w\"></figure></a></p>\n<p> </p>\n<p> </p>\n<p> </p>\n<p> </p>\n<p> </p>\n<p> </p>",
"image": "https://anubitux.org/media/posts/77/angels.png",
"author": {
"name": "AnuBitux"
},
"tags": [
"tutorial",
"tools",
"tool",
"python",
"print",
"password",
"opsec",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"linux",
"howto",
"encrypted",
"distro for cryptocurrencies",
"distro for bitcoin",
"caution",
"anubitux"
],
"date_published": "2024-11-23T16:16:00+01:00",
"date_modified": "2024-11-23T16:26:29+01:00"
},
{
"id": "https://anubitux.org/generate-a-mnemonic-seed-with-your-microphone/",
"url": "https://anubitux.org/generate-a-mnemonic-seed-with-your-microphone/",
"title": "Generate a mnemonic seed with your microphone",
"summary": "Generating mnemonic seeds is perhaps the most delicate aspect in relation to the custody of cryptocurrencies. There are a lot of methods to obtain mnemonics,…",
"content_html": "<p>Generating mnemonic seeds is perhaps the most delicate aspect in relation to the custody of cryptocurrencies. There are a lot of methods to obtain mnemonics, for example:</p>\n<ul>\n<li>many wallets automatically provide them to us;</li>\n<li>they can be obtained <a href=\"https://anubitux.org/how-to-generate-a-mnemonic-seed-with-anubitux-and-a-dice/\" target=\"_blank\" rel=\"noopener noreferrer\">rolling a dice</a> several times;</li>\n<li>they can be obtained through dedicated tools and hardwares like <a href=\"#INTERNAL_LINK#/null/undefined\" title=\"https://seedsigner.com/\" target=\"_blank\" rel=\"noopener noreferrer\">SeedSigner</a>.</li>\n</ul>\n<p>It is very important to make sure that the obtained mnemonic seed is truly random and not replicable. If not so, other users could obtain the same private keys and steal our funds. Summarizing, <strong>it is important to use a good source of entropy</strong>!</p>\n<h3>Entropy from the air</h3>\n<p>It could also be a good idea to grab the entropy from the environmental noise, since it is very unlike that there could be exactly the same noise for two times. To collect entropy in this way and obtain a printable paper wallet, AnuBitux provides the <a href=\"https://github.com/ASeriousMister/Mic2Seed\" target=\"_blank\" rel=\"noopener noreferrer\">Mic2Seed</a> tool.</p>\n<h3>OpSec first</h3>\n<p>Before using the tool, it may be a good idea to use the \"Offline\" shortcut from the AnuBitux desktop, in order to disable all the possible connection to external devices and avoid leaking any kind of information.</p>\n<p>It is also important to check that the ardware we are using is working properly. In AnuBitux, we can use the <a href=\"https://github.com/AnuBitux/MicCheck\" target=\"_blank\" rel=\"noopener noreferrer\">MicCheck</a> tool. It records a 5 seconds audio and plays it. If we don't hear anything there may be something not working in the correct way but definetly we have to remember to turn up the volume. The tool tries to help us showing a clear and big message saying \"VolumeUp\".</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"file:///home/misterserious/Dropbox/Publii/anubituxorg/input/media/posts/72/MicCheck.png\" alt=\"\" width=\"600\" height=\"461\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"file:///home/misterserious/Dropbox/Publii/anubituxorg/input/media/posts/72/responsive/MicCheck-xs.png 300w ,file:///home/misterserious/Dropbox/Publii/anubituxorg/input/media/posts/72/responsive/MicCheck-sm.png 480w ,file:///home/misterserious/Dropbox/Publii/anubituxorg/input/media/posts/72/responsive/MicCheck-md.png 768w ,file:///home/misterserious/Dropbox/Publii/anubituxorg/input/media/posts/72/responsive/MicCheck-lg.png 1024w\"></figure>\n<h3>How to use the tool</h3>\n<p>Once we are sure that our hardware is working properly and we took care of our OpSec, we can launch the tool directly from the <em>Wallet Generators</em> menu or typing <em>mic2seed.py</em> in our terminal.</p>\n<p>If we are sure that our hardware is working properly, we only have to wait about 30 seconds to obtain our new random mnemonic seed.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/73/mic2seed1.png\" alt=\"\" width=\"900\" height=\"441\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/73/responsive/mic2seed1-xs.png 300w ,https://anubitux.org/media/posts/73/responsive/mic2seed1-sm.png 480w ,https://anubitux.org/media/posts/73/responsive/mic2seed1-md.png 768w ,https://anubitux.org/media/posts/73/responsive/mic2seed1-lg.png 1024w\"></figure>\n<p>The tool also provides the entropy used to obtain the mnemonic seed and the indexes of the words to check them from the <a href=\"https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt\" target=\"_blank\" rel=\"noopener noreferrer\">BIP39 list</a>.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/73/mic2seed2.png\" alt=\"\" width=\"900\" height=\"273\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/73/responsive/mic2seed2-xs.png 300w ,https://anubitux.org/media/posts/73/responsive/mic2seed2-sm.png 480w ,https://anubitux.org/media/posts/73/responsive/mic2seed2-md.png 768w ,https://anubitux.org/media/posts/73/responsive/mic2seed2-lg.png 1024w\"></figure>\n<p class=\"msg msg--info\">On our <a href=\"https://www.youtube.com/@AnuBitux\" target=\"_blank\" rel=\"noopener noreferrer\">YouTube channel</a> you can find a demonstration on how to use this tool!</p>\n<p align=\"center\"><div class=\"post__iframe\"><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/b23h-PbYOzA?si=AHMcEF8ZdLFpTobS\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen=\"allowfullscreen\"></iframe></div>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/73/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/73/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/73/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/73/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/73/responsive/buybeer-lg.png 1024w\"></figure></a></p>",
"image": "https://anubitux.org/media/posts/73/Mic2Seed.png",
"author": {
"name": "AnuBitux"
},
"tags": [
"wallet",
"tutorial",
"tools",
"python",
"opsec",
"offline",
"linux for xmr",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"linux",
"howto",
"distro for cryptocurrencies",
"distro for crypto",
"distro for bitcoin",
"distro",
"debian",
"cryptocurrency",
"crypto",
"bitcoin",
"bip39",
"anubitux"
],
"date_published": "2024-06-05T12:21:00+02:00",
"date_modified": "2024-06-05T13:15:16+02:00"
},
{
"id": "https://anubitux.org/blind-protocol-for-crypto-wallet-generation/",
"url": "https://anubitux.org/blind-protocol-for-crypto-wallet-generation/",
"title": "Blind protocol for crypto wallet generation",
"summary": "In some cases it may be necessary to create private keys to securely store funds for others, for instance, when seizing cryptocurrency for the judicial…",
"content_html": "<p>In some cases it may be necessary to create private keys to securely store funds for others, for instance, when seizing cryptocurrency for the judicial authority or when acting as a crypto custodian. When creating the private key with the common tools, even when using all the precautions (i.e. using a live working environment like AnuBitux, disabling all the network connections, using a good source o fentropy, etc.), the operator, even if only for a few seconds, is gaining access to a private key related to funds which are not going to belong to him. To avoid it, multisignature wallets ciuld be created, but this solution is not directly and easily available for all the currencies and may also be pretty difficult to use for most of the users.</p>\n<p>As more complex is the solution we use to store cryptocurrencies, as more it is easy to lose access to them.</p>\n<p>To solve this, we developed something called \"<strong>Blind protocol for crypto wallet generation</strong>\". This protocol provides two tools, <a href=\"https://github.com/ASeriousMister/BlindGen\" target=\"_blank\" rel=\"noopener noreferrer\">BlindGen</a> and BlindDecode.</p>\n<p>The BlindGen tool allows <span style=\"text-decoration: underline;\"><strong>two user</strong></span> to create half part of the private key, without ever gaining access to the whole private key and then provides a printable paper wallet only containing the public address. The BlindDecode tool allows the users to obtain the whole private key. It is intended to be used only when in need to spend the funds received on the genearted address.</p>\n<h3>OpSec first</h3>\n<p>Before using the tool, it may be a good idea to use the \"Offline\" shortcut from the AnuBitux desktop, in order to disable all the possible connection to external devices and avoid leaking any kind of information. It is also mandatory to use AnuBitux in live mode and not in a virtual machine and to operate in a safe environment.</p>\n<h3>How to use the tool</h3>\n<p>The tool is provided with a very easy to use graphical interface. When starting it, the first user has to insert some random text, which could be a single word, a sentence, a number, some random characters, etc. </p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind1-2.png\" alt=\"\" width=\"460\" height=\"183\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind1-2-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind1-2-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind1-2-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind1-2-lg.png 1024w\"></figure>\n<p>Then it is only necessary to click on the \"Generate first half key\" button to obtain a printable pdf file with the first half part of the private key and the related QR code.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind2.png\" alt=\"\" width=\"920\" height=\"527\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind2-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind2-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind2-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind2-lg.png 1024w\"></figure>\n<p>Now the first user has to print the pdf or store it in some safe place and click on the \"End\" button. When clicking on it, the pdf viewer is automatically closed and the pdf file is permanetly deleted. </p>\n<p>Then the second user has to perform the same operations.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind3.png\" alt=\"\" width=\"920\" height=\"531\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind3-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind3-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind3-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind3-lg.png 1024w\"></figure>\n<p class=\"msg msg--highlight \">It is very important to store the provided parts of the keys during the process since the tool does not work in a deterministic way. The text provided by the user is not the only source of entropy. This tool uses multiple sources of entropy so that human randomness and computer randomness can work together and avoid that the obtained private key could be raplicated by some threat actor. </p>\n<p>Now, when the second part of the private key has been put in a safe place, also the second user can click on the \"End\" button. Then one of the users or also some third user has to select for which currency it is necessary to obtain a public address.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind4.png\" alt=\"\" width=\"460\" height=\"289\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind4-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind4-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind4-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind4-lg.png 1024w\"></figure>\n<p>Let's hypothesize we are in need of a Bitcoin address, so we can chose Bitcoin from the menu and click on the \"Generate public addresses\" button.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind5.png\" alt=\"\" width=\"920\" height=\"595\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind5-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind5-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind5-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind5-lg.png 1024w\"></figure>\n<p>It is also possible to click multiple times on the \"Generate public addresses\" button obtaining addresses for different currencies. Only the last one is stored in the Documents folder but, if the previous generated address hasn't been stored, it is possible to choose the same currency again and obtain it multiple times before the tool is closed.</p>\n<p class=\"msg msg--warning\">Now it is possible to send funds to the obtained addresses but it is very important to be sure to have both parts of the private key. Unless so there is no way to recover it and funds are going to be lost!</p>\n<h3>How to obtain the private key</h3>\n<p>To obtain the whole private key, it is necessary to use the BlindDecode tool.</p>\n<p class=\"msg msg--highlight \">This action is supposed to be done only when it is necessary to move the funds.</p>\n<p>The tool is not mandatory since the two parts of the private key simply are the bits of the private key in hex format and they could also be converted manually or with other custom tools.</p>\n<p>When the tool is started, it shows a garphical interface where it is possible to paste the two parts of the private key and select the desired coin. To avoid to write them manually it is also possible to read the QR codes with QtQR or any similar tool.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind6.png\" alt=\"\" width=\"460\" height=\"235\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind6-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind6-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind6-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind6-lg.png 1024w\"></figure>\n<p>Now, clicking on the \"Show private key\" it is possible to obtain a pdf file with the WIF private key in and the related QR code.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/Blind7.png\" alt=\"\" width=\"920\" height=\"530\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/Blind7-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/Blind7-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/Blind7-md.png 768w ,https://anubitux.org/media/posts/74/responsive/Blind7-lg.png 1024w\"></figure>\n<p>There are also some suggestions about how the private keys could be used.</p>\n<figure class=\"post__image post__image--center\"><a href=\"https://buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/74/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/74/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/74/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/74/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/74/responsive/buybeer-lg.png 1024w\"></figure></a></p>\n<p> </p>\n<p> </p>",
"image": "https://anubitux.org/media/posts/74/BlindGen.png",
"author": {
"name": "AnuBitux"
},
"tags": [
"wallet",
"tutorial",
"tools",
"tool",
"seizure",
"seize",
"private key",
"paper wallet",
"opsec",
"offline",
"monero",
"live",
"linux for xmr",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"howto",
"ethereum",
"distro for cryptocurrencies",
"distro for crypto",
"distro for bitcoin",
"debian",
"cryptography",
"cryptocurrency",
"crypto",
"bitcoin",
"anubitux"
],
"date_published": "2024-06-02T19:19:00+02:00",
"date_modified": "2024-06-02T19:34:33+02:00"
},
{
"id": "https://anubitux.org/generate-a-paper-wallet-with-your-microphone/",
"url": "https://anubitux.org/generate-a-paper-wallet-with-your-microphone/",
"title": "Generate a paper wallet with your microphone",
"summary": "Generating private keys is perhaps the most delicate aspect in relation to the custody of cryptocurrencies. There are a lot of methods to obtain keys,…",
"content_html": "<p>Generating private keys is perhaps the most delicate aspect in relation to the custody of cryptocurrencies. There are a lot of methods to obtain keys, for example:</p>\n<ul>\n<li>many wallets automatically provide them to us;</li>\n<li>they can be obtained <a href=\"https://anubitux.org/how-to-generate-random-paper-wallets-with-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">rolling a dice</a> several times;</li>\n<li>they can be obtained through dedicated tools, like <a href=\"https://anubitux.org/how-to-create-a-paper-wallet-with-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">bitaddress</a> for Bitcoin.</li>\n</ul>\n<p>It is very important to make sure that the obtained private key is truly random and not replicable. If not so, other users could obtain the same private key and steal our funds. Summarizing, it is important to use a good source of entropy!</p>\n<h3>Entropy from the air</h3>\n<p>It could also be a good idea to grab the entropy from the environmental noise, since it is very unlike that there could be exactly the same noise for two times. To collect entropy in this way and obtain a printable paper wallet, AnuBitux provides the <a href=\"https://github.com/ASeriousMister/Mic2Paper\" target=\"_blank\" rel=\"noopener noreferrer\">Mic2Paper</a> tool.</p>\n<h3>OpSec first</h3>\n<p>Before using the tool, it may be a good idea to use the \"Offline\" shortcut from the AnuBitux desktop, in order to disable all the possible connections to external devices and avoid leaking any kind of information.</p>\n<p>It is also important to check that the hardware we are using is working properly. In AnuBitux, we can use the <a href=\"https://github.com/AnuBitux/MicCheck\" target=\"_blank\" rel=\"noopener noreferrer\">MicCheck</a> tool. It records a 5 seconds audio and plays it. If we don't hear anything there may be something not working in the correct way but definetly we have to remember to turn up the volume. The tool tries to help us showing a clear and big message saying \"VolumeUp\".</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/72/MicCheck.png\" alt=\"\" width=\"600\" height=\"461\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/72/responsive/MicCheck-xs.png 300w ,https://anubitux.org/media/posts/72/responsive/MicCheck-sm.png 480w ,https://anubitux.org/media/posts/72/responsive/MicCheck-md.png 768w ,https://anubitux.org/media/posts/72/responsive/MicCheck-lg.png 1024w\"></figure>\n<h3>How to use the tool</h3>\n<p>Once we are sure that our hardware is working properly and we took care of our OpSec, we can launch the tool directly from the <em>Wallet Generators</em> menu or typing <em>mic2paper.py</em> in our terminal.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/72/Mic2Paper1.png\" alt=\"\" width=\"700\" height=\"185\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/72/responsive/Mic2Paper1-xs.png 300w ,https://anubitux.org/media/posts/72/responsive/Mic2Paper1-sm.png 480w ,https://anubitux.org/media/posts/72/responsive/Mic2Paper1-md.png 768w ,https://anubitux.org/media/posts/72/responsive/Mic2Paper1-lg.png 1024w\"></figure>\n<p>Then we only have to confirm that we feel confortable with our hardware and then the tools does all the magic by itself.</p>\n<p>Then we can choose among many different coins which kind of paper wallet we need.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/72/Mic2paper2.png\" alt=\"\" width=\"700\" height=\"544\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/72/responsive/Mic2paper2-xs.png 300w ,https://anubitux.org/media/posts/72/responsive/Mic2paper2-sm.png 480w ,https://anubitux.org/media/posts/72/responsive/Mic2paper2-md.png 768w ,https://anubitux.org/media/posts/72/responsive/Mic2paper2-lg.png 1024w\"></figure>\n<p>After this, we can choose if we want a printable pdf. If we don't, the keys will only be printed in our terminal and the we can manually create QR codes with QtQR.</p>\n<p>If we accept to make the tool create a paper wallet for us, we can find the printable file in the <em>Documents/PaperWallet</em> folder.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/72/Mic2Paper3.png\" alt=\"\" width=\"1000\" height=\"485\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/72/responsive/Mic2Paper3-xs.png 300w ,https://anubitux.org/media/posts/72/responsive/Mic2Paper3-sm.png 480w ,https://anubitux.org/media/posts/72/responsive/Mic2Paper3-md.png 768w ,https://anubitux.org/media/posts/72/responsive/Mic2Paper3-lg.png 1024w\"></figure>\n<p>Now, thanks to the numerous <a href=\"https://anubitux-project.gitbook.io/the-anubitux-documentation/features/printing\" target=\"_blank\" rel=\"noopener noreferrer\">printer drivers</a> included in AnuBitux, we should be able to print our paper wallet and store it in a super safe place.</p>\n<p class=\"msg msg--info\">You can see a demo about how this tool works on our <a href=\"https://www.youtube.com/@AnuBitux\" target=\"_blank\" rel=\"noopener noreferrer\">YouTube channel</a>.</p>\n<p align=\"center\"><div class=\"post__iframe\"><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/9_OWg6KSmpQ?si=wsHhcoBhGeUuGzLM\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen=\"allowfullscreen\"></iframe></div>\n<p> </p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/72/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/72/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/72/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/72/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/72/responsive/buybeer-lg.png 1024w\"></figure></a></p>\n<p> </p>",
"image": "https://anubitux.org/media/posts/72/mic2paper.png",
"author": {
"name": "AnuBitux"
},
"tags": [
"wallet",
"tutorial",
"tools",
"tool",
"seizure",
"private key",
"paper wallet",
"opsec",
"offline",
"monero",
"linux for xmr",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"howto",
"hash",
"electrum",
"distro for cryptocurrencies",
"distro for crypto",
"distro for bitcoin",
"distro",
"debian",
"cryptocurrency",
"crypto",
"bitcoin",
"anubitux"
],
"date_published": "2024-05-15T14:30:00+02:00",
"date_modified": "2024-06-19T20:27:27+02:00"
},
{
"id": "https://anubitux.org/recover-access-to-your-samourai-wallet/",
"url": "https://anubitux.org/recover-access-to-your-samourai-wallet/",
"title": "Recover access to your Samourai Wallet",
"summary": "On April 24, 2024, U.S. D.O.J. arrested the founder and the CEO of Samourai wallet and charged them with money laundering and unlicensed money transmitting…",
"content_html": "<p>On April 24, 2024, U.S. D.O.J. <a href=\"https://www.justice.gov/usao-sdny/pr/founders-and-ceo-cryptocurrency-mixing-service-arrested-and-charged-money-laundering\" target=\"_blank\" rel=\"noopener noreferrer\">arrested</a> the founder and the CEO of Samourai wallet and charged them with money laundering and unlicensed money transmitting offenses.</p>\n<p>Samourai wallet was a mobile wallet that could be used to perform CoinJoin transactions through the <a href=\"https://bitcoiner.guide/whirlpool/\" target=\"_blank\" rel=\"noopener noreferrer\">Whirlpool algorithm</a> (a zerolink coinjoin implementation created by the Samourai Wallet developer team). </p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/71/seized.png\" alt=\"\" width=\"800\" height=\"483\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/71/responsive/seized-xs.png 300w ,https://anubitux.org/media/posts/71/responsive/seized-sm.png 480w ,https://anubitux.org/media/posts/71/responsive/seized-md.png 768w ,https://anubitux.org/media/posts/71/responsive/seized-lg.png 1024w\"></figure>\n<h3>What is Whirlpool?</h3>\n<p>At a very high level, a Whirlpool mix is a collaborative transaction between five participants. The outputs of each Whirlpool mix are always identical resulting in every mix having a lot of possible interpretations. Anyone trying to analyze the blockchain and looking at a Whirlpool transaction cannot say for sure which output corresponds to which input. </p>\n<p>Each of the five Whirlpool participants submits 1 input into the transaction. For a mix to start, a minimum of two of these participants must be new entrants to the pool. These new entrants are known as ‘premixers’ and they are required at every Whirlpool mix. Requiring two premixers to trigger a mix ensures that new liquidity forms part of every cycle and prevents the same pool UTXO’s continually mixing with each other.</p>\n<h3>How does a Whirlpool transaction look like?</h3>\n<p>As stated above, a whirlpool transaction requires 5 participants sending 5 identical outputs. Here you can see an example of a <a href=\"https://mempool.space/tx/3795565f9d3b0885f9b702a6a216653afe03d8bf647d4f640afb4227654703c1\" target=\"_blank\" rel=\"noopener noreferrer\">Whirlpool transaction</a>.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/71//Whirlpool.png\" alt=\"\" width=\"850\" height=\"823\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/71//responsive/Whirlpool-xs.png 300w ,https://anubitux.org/media/posts/71//responsive/Whirlpool-sm.png 480w ,https://anubitux.org/media/posts/71//responsive/Whirlpool-md.png 768w ,https://anubitux.org/media/posts/71//responsive/Whirlpool-lg.png 1024w\"></figure>\n<p>As you can see, two addresses are providing bigger inputs, they are the new entrants, providing a little extra-amount to cover transaction fees.</p>\n<h3>Where are the mixed funds?</h3>\n<p>It is very important to point out that Whirlpool works in a totally <strong>non custodial</strong> way. Funds are never sent to third parties, there's only a coordinator server orchestrating the process without knowing which funds belong to each of the involved addresses.</p>\n<p>Among the mixing process, funds are sent to addresses based on the same seed used to create the BIP39 software wallet you are using. Whirlpool just uses different standards with an offset on the index.</p>\n<p class=\"msg msg--info\">Remember that a <a href=\"https://learnmeabitcoin.com/technical/keys/hd-wallets/derivation-paths/\" target=\"_blank\" rel=\"noopener noreferrer\">derivation path</a> is something like m/44’/60’/0’/0/0. it is tellig your hierarchical deterministic wallet to:</p>\n<p class=\"msg msg--info\">- start at the master key (m);<br>- use the BIP44 standard (44);<br>- derive keys for Ethereum (60, use 0 for bitcoin);<br>- do not derive a change address (first zero, use 1 for change addresses);<br>- the index of the address (last zero).</p>\n<p>In detail, Whirlpool is using the following <a href=\"https://github.com/Samourai-Wallet/samourai-wallet-android/blob/develop/Guides/Restore%20%26%20Recovery.md\" target=\"_blank\" rel=\"noopener noreferrer\">derivation paths</a>:</p>\n<ul>\n<li dir=\"auto\">Deposit: <code>m/44'|49'|84'|47'/0'/0'</code></li>\n<li dir=\"auto\">Bad Bank: <code>m/84'/0'/2147483644'</code></li>\n<li dir=\"auto\">Pre Mix: <code>m/84'/0'/2147483645'</code></li>\n<li dir=\"auto\">Post Mix: <code>m/84'/0'/2147483646'</code></li>\n<li dir=\"auto\">Ricochet: <code>m/44'|49'|84'/0'/2147483647'</code></li>\n</ul>\n<p>That means that we can always recover all our funds so long as you have the seed.</p>\n<h3>Recover access to the funds</h3>\n<p>Since the Samourai app may not be available anymore, to access funds held through this client it may be possible to use other clients supporting Whirlpool mixes, like <a href=\"https://sparrowwallet.com/docs/mixing-whirlpool.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sparrow wallet</a> (<a href=\"https://web.archive.org/web/20240405202436/https://www.sparrowwallet.com/docs/mixing-whirlpool.html\" target=\"_blank\" rel=\"noopener noreferrer\">backup link</a>). If also Sparrow wallet does not work with Whirlpool anymore, it is enough to use it or other fully feathured clients, like <a href=\"https://electrum.org/\" target=\"_blank\" rel=\"noopener noreferrer\">Electrum</a>, manually specifying the desired derivation path in the wallet setup wizard.</p>\n<p>To see the funds used through Whirlpool with Sparrow wallet, when importing a new keystore based on the BIP39 mnemonic used with Samourai, it is necessary to click on the \"Add Account...\" button and click on the Whirlpool option (the last one). This will add the buttons on the left and will allow us to see the funds and the transactions related to our ordinary wallet (Deposit) and also the funds and the transactions related to Whirlpool (Premix, Postmix and Badbank).</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/71/Selection_204.png\" alt=\"\" width=\"800\" height=\"513\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/71/responsive/Selection_204-xs.png 300w ,https://anubitux.org/media/posts/71/responsive/Selection_204-sm.png 480w ,https://anubitux.org/media/posts/71/responsive/Selection_204-md.png 768w ,https://anubitux.org/media/posts/71/responsive/Selection_204-lg.png 1024w\"></figure>\n<h3>Final thoughts</h3>\n<p>In this case we can notice how it is important to know how the tools we are using work. So, if some of them stops working, we will always be in control of our funds. It is very important to avoid to rely on centralized solutions or using tools before trying to understand how they work.</p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/71/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/71/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/71/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/71/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/71/responsive/buybeer-lg.png 1024w\"></figure></a></p>",
"image": "https://anubitux.org/media/posts/71/Samourai_UncleSam.png",
"author": {
"name": "AnuBitux"
},
"tags": [
"wallet",
"seizure",
"recovery",
"linux for cryptocurrencies",
"linux for bitcoin",
"bip39",
"anubitux"
],
"date_published": "2024-04-28T12:47:36+02:00",
"date_modified": "2024-05-15T14:11:00+02:00"
},
{
"id": "https://anubitux.org/anubitux-presented-at-the-cyber-forensics-iisfa-forum-2024/",
"url": "https://anubitux.org/anubitux-presented-at-the-cyber-forensics-iisfa-forum-2024/",
"title": "AnuBitux presented at the Cyber Forensics IISFA Forum 2024",
"summary": "On the 12th April 2024 our core team memper StanleyK presented AnuBitux at the Cyber Forensics IISFA Forum, held by the IISFA association. Here you…",
"content_html": "<p>On the 12th April 2024 our core team memper StanleyK presented AnuBitux <span class=\"yt-core-attributed-string--link-inherit-color\"> at the Cyber Forensics IISFA Forum, held by the <a href=\"https://iisfa.it\" target=\"_blank\" rel=\"noopener noreferrer\">IISFA association</a>.</span></p>\n<p>Here you can watch the recording of the talk:</p>\n<p align=\"center\"><div class=\"post__iframe\"><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https://www.youtube.com/embed/dpRNw5ijA_8?si=kYiChZ54jILo7m6h\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen=\"allowfullscreen\"></iframe></div>\n<p>It was about the features and the tools included in AnuBitux and there was also a demo about how to use <a href=\"https://github.com/3rdIteration/btcrecover\" target=\"_blank\" rel=\"noopener noreferrer\">seedrecover</a> to fix a mnemonic seed with missing words, like we have shown <a href=\"https://anubitux.org/fix-your-mnemonic-seed-with-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">here</a>.</p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/70/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/70/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/70/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/70/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/70/responsive/buybeer-lg.png 1024w\"></figure></a></p>",
"image": "https://anubitux.org/media/posts/70/2024-04-14_16-02.png",
"author": {
"name": "AnuBitux"
},
"tags": [
"tools",
"test",
"recovery",
"linux for cryptocurrencies",
"linux for bitcoin",
"investigation",
"distro",
"debian",
"cryptocurrency",
"crypto",
"btcrecover",
"bitcoin",
"anubitux"
],
"date_published": "2024-04-14T16:08:19+02:00",
"date_modified": "2024-06-03T23:18:35+02:00"
},
{
"id": "https://anubitux.org/anubitux-30-is-out/",
"url": "https://anubitux.org/anubitux-30-is-out/",
"title": "AnuBitux 3.0 is out!",
"summary": "A new version of AnuBitux is finally out! It is now based on Debian 12 with a fresher Linux Kernel! We have also improved the…",
"content_html": "<p>A new version of AnuBitux is finally out! It is now based on <a href=\"https://www.debian.org/\" target=\"_blank\" rel=\"noopener noreferrer\">Debian 12</a> with a fresher Linux Kernel! We have also improved the user interface with new icons, to give our distro a more modern look.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/69/2024-03-23_18-07.png\" alt=\"\" width=\"1200\" height=\"606\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/69/responsive/2024-03-23_18-07-xs.png 300w ,https://anubitux.org/media/posts/69/responsive/2024-03-23_18-07-sm.png 480w ,https://anubitux.org/media/posts/69/responsive/2024-03-23_18-07-md.png 768w ,https://anubitux.org/media/posts/69/responsive/2024-03-23_18-07-lg.png 1024w\"></figure>\n<p>We also removed the possibility to install it, to avoid misuses and make it work in a totally amnesic way. It is able to interact with a lot of ways to store cryptocurrencies, like restoring mnemonic seeds in many different clients, connecting hardware wallets, mounting different kind of encrypted storages, etc.</p>\n<p>More details are provided in the <a href=\"https://anubitux.org/changelog/\" target=\"_blank\" rel=\"noopener noreferrer\">Changelog</a>. Visit our <a href=\"https://anubitux.org/download-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">Download page</a> to get it!</p>\n<h3>What's next?</h3>\n<p>We have other big projects in mind. We are finishing the test stage to also publish the whole building process of the version 3 on <a href=\"https://github.com/AnuBitux\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub</a>, we are creating an official, more technical and organized documentation and we are also preparing a script to convert a common Debian virtual machine in a fully featured AnuBitux VM to test our tools in a safe way get more confident with them. Stay tuned following our <a href=\"https://t.me/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\">Telegram channel</a> and our <a href=\"https://x.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\">X profile</a>!</p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/69//buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/69//responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/69//responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/69//responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/69//responsive/buybeer-lg.png 1024w\"></figure></a></p>",
"image": "https://anubitux.org/media/posts/69/fireworks-180553_1280.jpg",
"author": {
"name": "AnuBitux"
},
"tags": [
"wallet",
"project",
"monero",
"linux for xmr",
"linux for cryptocurrencies",
"linux for bitcoin",
"linux",
"ethereum",
"download",
"distro",
"debian",
"cryptocurrency",
"bitcoin",
"anubitux"
],
"date_published": "2024-03-23T17:59:57+01:00",
"date_modified": "2024-03-23T18:07:39+01:00"
},
{
"id": "https://anubitux.org/how-to-build-anubitux-by-yourself/",
"url": "https://anubitux.org/how-to-build-anubitux-by-yourself/",
"title": "How to build AnuBitux by yourself",
"summary": "We know that using using cryptocurrencies one of the first rules is \"be your own bank\". So, when we need to use softwares and tools,…",
"content_html": "<p>We know that using using cryptocurrencies one of the first rules is \"be your own bank\". So, when we need to use softwares and tools, it is very important to analyze them to avoid the risk to lose our cryotis or to use solutions that are not working in a proper way.</p>\n<p>We are building AnuBitux, first of all, because we need it for personal and professional reasons and, since it could be useful for others, we decided to share it with everyone that could need it.</p>\n<p>Now we decided to make a little step forward, publishing the way we build it and making it completely replicable by creating a dedicated <a href=\"https://github.com/AnuBitux/build\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub repository</a>.</p>\n<p>We have always built AnuBitux in that way, but. before today, we performed some of the steps manually, now it is completely automated and you only need to launch some preparatory command and then you can run the <a href=\"https://github.com/AnuBitux/build/blob/main/anubitux_script.sh\" target=\"_blank\" rel=\"noopener noreferrer\">anubitux_script</a>.</p>\n<p>If you want to build AnuBitux by yourself, you can follow these easy steps.</p>\n<p>We should start using some Debian based Linux distribution and install the following packages:</p>\n<p><code>sudo apt install live-build squashfs-tools syslinux-common syslinux-utils xorriso isolinux</code></p>\n<p>Then we can create a folder to store all the files that are being created during the building process, like</p>\n<p><code>mkdir distro</code></p>\n<p>Now we can set the parameters of the distro, suing this command</p>\n<p><code>lb config -b iso --cache true --apt-recommends true -a amd64 --binary-images iso --debian-installer live --linux-flavours amd64 --mode debian --debian-installer-gui true --archive-areas \"main contrib non-free\" --security true --win32-loader false --interactive shell --updates true --iso-application anubitux --iso-publisher https://anubitux.org --iso-volume anubitux --memtest none</code></p>\n<p>With this command, we are setting up things like the repositories to use, the architecture and some information about the project.</p>\n<p>Now we need to gain root privileges so that we can start the building process, creating a <a href=\"https://en.wikipedia.org/wiki/Chroot\" target=\"_blank\" rel=\"noopener noreferrer\">chroot environment</a>:</p>\n<p><code>sudo -s</code></p>\n<p><code>lb build</code></p>\n<p>This may take a while. We will notice it finisched when we'll see (live) written on the left of our command prompt.</p>\n<p>Now we can execute the anubitux_script. We can copy it to our chroot environment after we downloaded it to our main operating system</p>\n<p><code>cp /path/anubitux_script.sh /distro/chroot/</code></p>\n<p>or download it directly into our chroot environment</p>\n<p><code>sudo apt -y install git</code></p>\n<p><code>git clone https://github.com/AnuBitux/build</code></p>\n<p><code>cd build</code></p>\n<p>Now we need to give execution rights to the script and run it:</p>\n<p><code>chmod +x anubitux_script.sh</code></p>\n<p><code>./anubitux_script.sh</code></p>\n<p class=\"msg msg--info\">Before running the script we may want to check the variables at its beginning. They refer to the versions of the tools that are going to be installed. If some tool has received an update, please change the version number in the corresponfing variable. We plan to update the script regularly but it could be useful to do that check to be sure to obtain the last version of all the tools.</p>\n<p>During the execution of the script we only have to provide a password for the anubitux user and accept the license agreement of the Samsung printers' drivers (if you need to use such devices, unless so the printer-drivers-all package is already installed, supporting a lot of different printers).</p>\n<p>When the script ended up, we may perform some further customization, like installing other drivers and tools. We may also want to delete the script since it is not needed anymore. </p>\n<p>Now we only have to type</p>\n<p><code>exit</code></p>\n<p>to start the building process. When the iso creation is completed, we can find the .iso file in the distro folder. To be able to write it on some bootable device, we only need to run this command</p>\n<p><code>isohybrid isoname.iso</code></p>\n<p>Now we are ready to run our personally built AnuBitux.</p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/68/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/68/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/68/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/68/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/68/responsive/buybeer-lg.png 1024w\"></figure></a></p>\n<p> </p>",
"image": "https://anubitux.org/media/posts/68/lego-5442555_1280.jpg",
"author": {
"name": "AnuBitux"
},
"tags": [
"tutorial",
"tools",
"team",
"script",
"project",
"linux for xmr",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"linux",
"howto",
"distro",
"debian",
"cryptocurrency",
"crypto",
"anubitux",
"USB"
],
"date_published": "2023-09-03T16:04:40+02:00",
"date_modified": "2024-05-15T14:12:00+02:00"
},
{
"id": "https://anubitux.org/reviewing-ledger-lives-network-traffic/",
"url": "https://anubitux.org/reviewing-ledger-lives-network-traffic/",
"title": "Reviewing Ledger Live's network traffic",
"summary": "There are a lot of rumors about hardware wallet clients tracing their customers, collecting their data through official clients. One of the most common hardware…",
"content_html": "<p>There are a lot of rumors about hardware wallet clients tracing their customers, collecting their data through official clients. O<span class=\"--l --r sentence_highlight\">ne of the most common hardware wallets, which has also been much discussed for possible privacy issues, is undoubtedly the <a href=\"https://www.ledger.com/\" target=\"_blank\" rel=\"noopener noreferrer\">Ledger</a>.</span></p>\n<p>Let's try to analyze the Ledger Live client's network traffic to see what data it collects.</p>\n<p>One of the most common rumors is that the Ledger's servers collect the <a href=\"https://anubitux.org/how-to-obtain-xpub-keys-with-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">XPUB keys</a>, being able to know all the past, present and future activities of each customer. A<span class=\"--l --r sentence_highlight\">nother rumor, spread when the company launched the ability to <a href=\"https://www.ledger.com/recover\" target=\"_blank\" rel=\"noopener noreferrer\">recover</a> users' seeds, is that the devices are sending them to the servers, putting user's funds at risk.</span></p>\n<h3>Myth busting rumors</h3>\n<p>Let's try to verify these rumors, by analyzing the behavior of the client. To do this, we could capture the network traffic using <a href=\"https://www.wireshark.org/\" target=\"_blank\" rel=\"noopener noreferrer\">Wireshark</a>, which is included in AnuBitux with the <a href=\"https://www.ledger.com/ledger-live\" target=\"_blank\" rel=\"noopener noreferrer\">Ledger Live</a> client and the <a href=\"https://anubitux.org/connecting-your-hardware-wallet-to-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">udev rules</a> to handle Ledger devices. </p>\n<p>Likely the network traffic between the Ledger Live client and Ledger's servers is encrypted. So we can set up the environment as we explained in <a href=\"https://anubitux.org/capture-and-review-network-traffic-with-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">this post</a>, start the traffic capture by clicking on the proper button in Wireshark and launch the Ledger Live client from our command line (unless doing so, it will not write the TLS data in the SSLKeyLog file and encrypted traffic will not be readable).</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/LedgerLiveCLI.png\" alt=\"\" width=\"800\" height=\"101\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/LedgerLiveCLI-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/LedgerLiveCLI-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/LedgerLiveCLI-md.png 768w ,https://anubitux.org/media/posts/67/responsive/LedgerLiveCLI-lg.png 1024w\"></figure>\n<p>Now we can regularly connect our Ledger, install the Bitcoin app on the device if needed, set up a Bitcoin account in the client, wait for the sync to complete and then we can stop Wireshark and unplug our Ledger.</p>\n<p>Now we can analyze all the network traffic from Wireshark and, since we have set it up to decode encrypted traffic and since the Ledger Live client is based on a web browser, we are also able to inspect the content of the transmitted network traffic.</p>\n<p>First of all, ledger Live sends information about the client and the device we are using, like any web browser commonly does. Here you can find the whole content in plain text of a packet sending this kind of data.</p>\n<p><code>Transport Layer Security<br> TLSv1.3 Record Layer: Application Data Protocol: http2<br> Opaque Type: Application Data (23)<br> Version: TLS 1.2 (0x0303)<br> Length: 256<br> [Content Type: Application Data (23)]<br> Encrypted Application Data: 72dd5dc080844e1149f02f93017803ecddd6334b9f86f3abfead7a05aa517a6ef3bfbb2e…<br> [Application Data Protocol: http2]<br>HyperText Transfer Protocol 2<br> Stream: HEADERS, Stream ID: 1, Length 230, GET /edgedl/chrome/dict/en-us-10-1.bdic<br> Length: 230<br> Type: HEADERS (1)<br> Flags: 0x25, Priority, End Headers, End Stream<br> 00.0 ..0. = Unused: 0x00<br> ..1. .... = Priority: True<br> .... 0... = Padded: False<br> .... .1.. = End Headers: True<br> .... ...1 = End Stream: True<br> 0... .... .... .... .... .... .... .... = Reserved: 0x0<br> .000 0000 0000 0000 0000 0000 0000 0001 = Stream Identifier: 1<br> [Pad Length: 0]<br> 1... .... .... .... .... .... .... .... = Exclusive: True<br> .000 0000 0000 0000 0000 0000 0000 0000 = Stream Dependency: 0<br> Weight: 109<br> [Weight real: 110]<br> Header Block Fragment: 82418eb0b21ac29127b179bba42b90f4ff87049960b24c59286093d87a4ac48622582d4b…<br> [Header Length: 431]<br> [Header Count: 10]<br> Header: :method: GET<br> Name Length: 7<br> Name: :method<br> Value Length: 3<br> Value: GET<br> :method: GET<br> [Unescaped: GET]<br> Representation: Indexed Header Field<br> Index: 2<br> Header: :authority: redirector.gvt1.com<br> Name Length: 10<br> Name: :authority<br> Value Length: 19<br> Value: redirector.gvt1.com<br> :authority: redirector.gvt1.com<br> [Unescaped: redirector.gvt1.com]<br> Representation: Literal Header Field with Incremental Indexing - Indexed Name<br> Index: 1<br> Header: :scheme: https<br> Name Length: 7<br> Name: :scheme<br> Value Length: 5<br> Value: https<br> :scheme: https<br> [Unescaped: https]<br> Representation: Indexed Header Field<br> Index: 7<br> Header: :path: /edgedl/chrome/dict/en-us-10-1.bdic<br> Name Length: 5<br> Name: :path<br> Value Length: 35<br> Value: /edgedl/chrome/dict/en-us-10-1.bdic<br> :path: /edgedl/chrome/dict/en-us-10-1.bdic<br> [Unescaped: /edgedl/chrome/dict/en-us-10-1.bdic]<br> Representation: Literal Header Field without Indexing - Indexed Name<br> Index: 4<br> Header: sec-fetch-site: none<br> Name Length: 14<br> Name: sec-fetch-site<br> Value Length: 4<br> Value: none<br> [Unescaped: none]<br> Representation: Literal Header Field with Incremental Indexing - New Name<br> Header: sec-fetch-mode: no-cors<br> Name Length: 14<br> Name: sec-fetch-mode<br> Value Length: 7<br> Value: no-cors<br> [Unescaped: no-cors]<br> Representation: Literal Header Field with Incremental Indexing - New Name<br> Header: sec-fetch-dest: empty<br> Name Length: 14<br> Name: sec-fetch-dest<br> Value Length: 5<br> Value: empty<br> [Unescaped: empty]<br> Representation: Literal Header Field with Incremental Indexing - New Name<br> Header: user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) LedgerLive/2.55.0 Chrome/110.0.5481.100 Electron/23.1.0 Safari/537.36<br> Name Length: 10<br> Name: user-agent<br> Value Length: 140<br> Value: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) LedgerLive/2.55.0 Chrome/110.0.5481.100 Electron/23.1.0 Safari/537.36<br> user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) LedgerLive/2.55.0 Chrome/110.0.5481.100 Electron/23.1.0 Safari/537.36<br> [Unescaped: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) LedgerLive/2.55.0 Chrome/110.0.5481.100 Electron/23.1.0 Safari/537.36]<br> Representation: Literal Header Field with Incremental Indexing - Indexed Name<br> Index: 58<br> Header: accept-encoding: gzip, deflate, br<br> Name Length: 15<br> Name: accept-encoding<br> Value Length: 17<br> Value: gzip, deflate, br<br> accept-encoding: gzip, deflate, br<br> [Unescaped: gzip, deflate, br]<br> Representation: Literal Header Field with Incremental Indexing - Indexed Name<br> Index: 16<br> Header: accept-language: en-US<br> Name Length: 15<br> Name: accept-language<br> Value Length: 5<br> Value: en-US<br> accept-language: en-US<br> [Unescaped: en-US]<br> Representation: Literal Header Field with Incremental Indexing - Indexed Name<br> Index: 17</code></p>\n<p>To verify if the client is sending our XPUB key, we can simply try to search the \"xpub\" string using the proper Wireshark function.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/pic1a.png\" alt=\"\" width=\"1200\" height=\"486\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/pic1a-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/pic1a-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/pic1a-md.png 768w ,https://anubitux.org/media/posts/67/responsive/pic1a-lg.png 1024w\"></figure>\n<p>As we can see, we are also looking into the detail of the transmitted packets, but there seems to be no trace of any XPUB key, even encrypted with TLS.</p>\n<p>Analyzing the transmitted packages, we can see that the client is sending many Bitcoin addresses in plain text, as shown above.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/pic2.png\" alt=\"\" width=\"1200\" height=\"500\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/pic2-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/pic2-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/pic2-md.png 768w ,https://anubitux.org/media/posts/67/responsive/pic2-lg.png 1024w\"></figure>\n<p>This is a normal behavior, since it happens with most of the SPV wallets that are not connecting to users' private nodes. We can see that the client is checking each of our addresses but it is not sending the whole XPUB key or a lot of unnecessary addresses. If it seems to send more addresses than we have ever used, it depends on the default gap limit. This means that Ledger Live continues deriving addresses until it finds 20 unused addresses, so that it should not miss any balance. We can change this value from the \"Experimental features\" tab, setting a \"Custom gap limit\".</p>\n<p>The second rumor we talked about regards the possibility that Ledger Live is sending our seed to the Ledger's servers. To verify this myth, first of all, we exported the packets in a plain text file.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/pic4.png\" alt=\"\" width=\"750\" height=\"557\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/pic4-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/pic4-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/pic4-md.png 768w ,https://anubitux.org/media/posts/67/responsive/pic4-lg.png 1024w\"></figure>\n<p>Then we used our <a href=\"https://anubitux.org/search-for-bip39-seeds-with-anubitux/\" target=\"_blank\" rel=\"noopener noreferrer\">seedsearch</a> tool to verify if there is any mnemonic seed among all the transmitted data. As expected, we didn't find anyone.</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/pic5.png\" alt=\"\" width=\"800\" height=\"221\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/pic5-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/pic5-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/pic5-md.png 768w ,https://anubitux.org/media/posts/67/responsive/pic5-lg.png 1024w\"></figure>\n<p>We could notice that the tool didn't access the pcapng file, but this does not matter since it examined the plain text file we have exported, which contains all the content of any captured packet.</p>\n<h3>Final thoughts</h3>\n<p>To analyze the rumors around the privacy issues related to Ledger devices, we tried to examine the network traffic of their official client but we could also refer to <a href=\"https://support.ledger.com/hc/en-us/articles/360011069619-Extended-public-key-xPub-?docs=true\" target=\"_blank\" rel=\"noopener noreferrer\">their website</a>, even if one of the main rules of the crypto users is \"don't trust, verify\".</p>\n<figure class=\"post__image post__image--center\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/LedgerXpubWeb.png\" alt=\"\" width=\"700\" height=\"502\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/LedgerXpubWeb-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/LedgerXpubWeb-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/LedgerXpubWeb-md.png 768w ,https://anubitux.org/media/posts/67/responsive/LedgerXpubWeb-lg.png 1024w\"></figure>\n<p>This analysis seems to confirm that Ledger is doing what is claimed on their website and that they are not \"stealing\" users' data. Of course, if Ledger was/became a malicious actor, xpub keys or other sensitive data could be sent with additional encryption so that it couldn't be read even decrypting the TLS traffic, but there is no evidence to support this rumor and we never have to forget that another main rule of the crypto users is \"be your own bank\" and <span class=\"--l --r sentence_highlight\">only we can choose what is best for our needs.</span></p>\n<figure class=\"post__image post__image--center\"><a href=\"https://www.buymeacoffee.com/anubitux\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" src=\"https://anubitux.org/media/posts/67/buybeer.png\" alt=\"\" width=\"256\" height=\"171\" sizes=\"(min-width: 920px) 703px, (min-width: 700px) calc(82vw - 35px), calc(100vw - 81px)\" srcset=\"https://anubitux.org/media/posts/67/responsive/buybeer-xs.png 300w ,https://anubitux.org/media/posts/67/responsive/buybeer-sm.png 480w ,https://anubitux.org/media/posts/67/responsive/buybeer-md.png 768w ,https://anubitux.org/media/posts/67/responsive/buybeer-lg.png 1024w\"></figure></a></p>",
"image": "https://anubitux.org/media/posts/67/system-2660914_1280.jpg",
"author": {
"name": "AnuBitux"
},
"tags": [
"wireshark",
"wallet",
"tools",
"tool",
"test",
"seedcheck",
"opsec",
"network",
"linux for cryptocurrencies",
"linux for crypto",
"linux for bitcoin",
"investigation",
"hardware wallet",
"encryption",
"encrypted",
"debian",
"cryptography",
"cryptocurrency",
"blockchain",
"bitcoin",
"bip39",
"anubitux"
],
"date_published": "2023-08-17T18:33:43+02:00",
"date_modified": "2024-05-15T14:12:24+02:00"
}
]
}