>>4757618 lb
Holy fuck.
Ok, read almost all of that first gateway link. Need an anon versed in blockchain and decryption.. that was boring and kind of a nothing burger at first then got scary as shitโฆ
print alldata
example:
python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
save the 130 transactions to trans.txt
then use the script above and do
python newscript.py trans.txt cables
you will get a zipfile with the cables
[2:42 AM] iDanoo: woah
[2:42 AM] claudiacardinale:
GETTING ADDRESSES FROM HASHES
# How to get address from hash
# Run the following on bitcoin
from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
pk.public_key().address()
# Compressed address will be returned
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
pk.public_key().address()
# Uncompressed address will be returned
snowden
1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
kerry
1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
ecuador
1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
ukfco
1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
[2:42 AM] claudiacardinale:
Analysis threads (heavily deleted and slid):
https://8ch.net/pol/res/7946506.html
https://8ch.net/pol/res/7962287.html
Post where a 'key' was posted and deletions started taking place:
https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html
https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
[2:42 AM] claudiacardinale:
Link to original insurance file in case anyone wants to test that one:
https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"
the passwords seem to be telling us that there might be multiple files
coming out of this, or it could be telling us a message like "Use a Tor Onion Router and do this". It might be that the file has to be unlocked over and over.
also someone suggested, "take the last 32 or so bytes in the file, flip them, save it and then run 'file -b' on it."
UNCRACKED TRANSACTIONS:
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
>>4758093 Pt. 1
[2:40 AM] claudiacardinale:
IF YOU ARE READING THIS DOWNLOAD ALL INSURANCE FILES AND THE ENTIRE BLOCKCHAIN INTO AN EXTERNAL DRIVE RIGHT NOW
IF YOU KNOW HOW PUSH THIS INTO THE BLOCKCHAIN ALONG WITH THE INSURACE FILES
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2
transaction = str(sys.argv[1])
data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
print dataout
usage
python script.py transaction_number
returns all the data in the output scripts
example
python script 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
Returns,
Wikileaks Cablegate Backup
cablegate-201012041811.7z
Download the following transactions with Satoshi Nakamoto's download tool which
can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
Free speech and free enterprise! Thank you Satoshi!
[2:41 AM] Bobb: I am not an expert but I know many of them and can get answers on questions fast
[2:41 AM] iDanoo: ah python
[2:41 AM] claudiacardinale:
HOW TO FIND MESSAGES ON THE BLOCKCHAIN
I'll be helping you with a few initial examples. Remember that if you feel like you've been compromised, switch over to codec communication.
I'm assuming you already did the example on Jean's latest code dump >>24140 Let's try to do a few more.
First, let us download a transaction that generates a file. A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.
Use Jean's script and do
'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 paper.pdf'
Once it is done you will be able to see a pdf was generated in that directory.
Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.
[2:41 AM] claudiacardinale:
For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
If you do
python script.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd
You will get a key that was leaked.
Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again.
Using this method we've found several transactions that involve Wikileaks that we don't quite understand.
One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.
Pt. 2
For example, the Bitcoin paper transaction.
If you do
'python script.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 output'
and then do,
'file -b output'
You will get:
'PDF document, version 1.4'
For
'python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c output'
'file -b output'
you should get
'GPG encrypted data'
[2:42 AM] claudiacardinale:
MERGING CODE TO GET FILES FROM MULTIPLE TRANSACTIONS
import sys
import pycurl
import struct
from binascii import unhexlify, crc32
import urllib2
# usage, python script.py transactionlist.txt file
txlist = str(sys.argv[1])
def txdecode(transaction):
data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
dataout = b''
atoutput = False
for line in data:
if 'Output Scripts' in line:
atoutput = True
if '</table>' in line:
atoutput = False
if atoutput:
if len(line) 100:
chunks = line.split(' ')
for c in chunks:
if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
dataout += unhexlify(c.encode('utf8'))
length = struct.unpack('<L', dataout[0:4])[0]
checksum = struct.unpack('<L', dataout[4:8])[0]
dataout = dataout[8:8+length]
return dataout
f = open(txlist, 'r')
alldata = b''
for l in f.readlines():
l = l.rstrip('\n')
alldata += txdecode(str(l))
print alldata
example:
python script.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a
save the 130 transactions to trans.txt
then use the script above and do
python newscript.py trans.txt cables
you will get a zipfile with the cables
[2:42 AM] iDanoo: woah
[2:42 AM] claudiacardinale:
GETTING ADDRESSES FROM HASHES
# How to get address from hash
# Run the following on bitcoin
from pybitcoin import BitcoinPrivateKey
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=True)
pk.public_key().address()
# Compressed address will be returned
pk = BitcoinPrivateKey('HASHGOESHERE', compressed=False)
pk.public_key().address()
# Uncompressed address will be returned
snowden
1EnDZkT8Thep9sfbAy5gwg23EHhZw7tYwg
1L3Zqv68zsXxNs53r25dKcUgjDe1119Rhj
kerry
1D7f2VtZz7HHmdhpgn82nDhfu1b3PN5TaU
1KWsRE9FjFTZgBzKyjv6UQQGwKACbQgR9e
ecuador
1JZL5DtxtsPk5MuAhQgsDd5ZYGaKVbiRta
16YJC3wJtAUjYWsCRXgYed9iyfL8AqqXpB
ukfco
1Pf71gkiDPZNaS1DrnexsA33t394A2JBmf
1HsJsAsDT3yJLBHJFBioTLQDGWi5DJvbdm
Pt 3
[2:42 AM] claudiacardinale:
Analysis threads (heavily deleted and slid):
https://8ch.net/pol/res/7946506.html
https://8ch.net/pol/res/7962287.html
Post where a 'key' was posted and deletions started taking place:
https://web.archive.org/web/20161024220842/http://8ch.net/pol/res/7933031.html
https://web.archive.org/web/20161022203236/http://8ch.net/pol/res/7933031.html
[2:42 AM] claudiacardinale:
Link to original insurance file in case anyone wants to test that one:
https://wikileaks.org/wiki/Afghan_War_Diary,_2004-2010
https://web.archive.org/web/20100901162556/http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256
https://file.wikileaks.org/torrent/2016-06-03_insurance.aes256.torrent
https://file.wikileaks.org/torrent/wikileaks-insurance-20120222.tar.bz2.aes.torrent https://file.wikileaks.org/torrent/wlinsurance-20130815-A.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-B.aes256.torrent
https://file.wikileaks.org/torrent/wlinsurance-20130815-C.aes256.torrent
openssl enc -d -aes-256-cbc -in insurance.aes256 -out onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfonionout -k "ONION"
openssl enc -d -aes-256-cfb8 -in insurance.aes256 -out fb8onionout -k "ONION"
openssl enc -d -bf -in insurance.aes256 -out bfrouterout -k "ROUTER"
openssl enc -d -cast -in insurance.aes256 -out outtor -k "Tor"
the passwords seem to be telling us that there might be multiple files
coming out of this, or it could be telling us a message like "Use a Tor Onion Router and do this". It might be that the file has to be unlocked over and over.
also someone suggested, "take the last 32 or so bytes in the file, flip them, save it and then run 'file -b' on it."
UNCRACKED TRANSACTIONS:
7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c
d3c1cb2cdbf07c25e3c5f513de5ee36081a7c590e621f1f1eab62e8d4b50b635
cce82f3bde0537f82a55f3b8458cb50d632977f85c81dad3e1983a3348638f5c
2a14783f74796ace53e0a6859a7012723d3d6cd9dacf72d4e90a3394484093df
657aecafe66d729d2e2f6f325fcc4acb8501d8f02512d1f5042a36dd1bbd21d1
05e6c80d9d6469e7d1328e89b9d971b19972594701586bbcbd70070f2be799db
623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be
5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e
[2:43 AM] claudiacardinale: Spread this everywhere.