Bitcoin Explorer

From Bitcoin Wiki
Jump to navigation Jump to search

WARNING: FUNDS LOSS

The use of specific versions of this tool to generate wallets has been documented in CVE-2023-39910 to have already resulted in significant funds loss due to the inexplicable removal of the inclusion of OS randomness and replacement thereof with mere time-based seeding. The author's implication that the use of OS randomness is cryptographically equivalent to low-entropy time-only based seeding is inaccurate.

DO NOT USE THIS TOOL TO CREATE WALLETS NOR RECEIVE FUNDS.

Additional write-up by Greg Maxwell describing some of the extent of the damage done
Author inexplicably asserting the broken bx seed command is working as intended
Author inexplicably asserting that tdryja pointing out his error is just part of the 'core playbook'

The following page is preserved for archival purposes.


Bitcoin Explorer (bx) is an advanced command line application that is included as part of libbitcoin-explorer. Extensive documentation and signed binaries for Linux, OSX and Windows are available on GitHub.

Entropy

In versions prior to 3.8.0 bx included the seed command, which was explained in the Random-Numbers topic:

With the exception of cert-new, any BX command that requires a random number obtains that value as an argument. This places the responsibility of ensuring random number strength on end-users and also helps them understand the potential for problems... The seed command is provided as a convenience, and is the only command that generates randomness.

and was itself documented with the following warning:

Generate a pseudorandom seed.
WARNING: Pseudorandom seeding can introduce cryptographic weakness into your keys. This command is provided as a convenience.

Despite this documentation, it has been determined that the command may have been used for live wallet seeding. Consequently the command has been removed.

Examples

Generating a new bitcoin address:

$ echo [user entropy] | bx ec-new | bx ec-to-public | bx ec-to-address
13ua8RRSxLpL5WL5cKUDepUCvJZgGWuKh7

Executing a blockchain query against Libbitcoin Server via ZeroMQ:

$ bx fetch-tx 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
transaction
{
    hash 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
    inputs
    {
        input
        {
            previous_output
            {
                hash 0000000000000000000000000000000000000000000000000000000000000000
                index 4294967295
            }
            script "[ 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73 ]"
            sequence 4294967295
        }
    }
    lock_time 0
    outputs
    {
        output
        {
            address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
            script "[ 04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f ] checksig"
            value 5000000000
        }
    }
    version 1
}

Decoding Satoshi's words:

$ bx base16-decode 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73 
ÿÿEThe Times 03/Jan/2009 Chancellor on brink of second bailout for banks

Posting a transaction directly to 10 nodes on the Bitcoin P2P network:

$ bx send-tx-p2p --nodes 10 0100000001b3807042c92f449bbf79b33ca59d7dfec7f4cc71096704a9c526dddf496ee0970100000069463044022039a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c202204fcc407ce9b6f719ee7d009aeb8d8d21423f400a5b871394ca32e00c26b348dd2103c40cbd64c9c608df2c9730f49b0888c4db1c436e8b2b74aead6c6afbd10428c0ffffffff01905f0100000000001976a91418c0bd8d1818f1bf99cb1df2269c645318ef7b7388ac00000000
Sent transaction at 2015-May-08 12:17:09.
Sent transaction at 2015-May-08 12:17:09.
Sent transaction at 2015-May-08 12:17:09.
Sent transaction at 2015-May-08 12:17:12.
Sent transaction at 2015-May-08 12:17:12.
Sent transaction at 2015-May-08 12:17:15.
Sent transaction at 2015-May-08 12:17:15.
Sent transaction at 2015-May-08 12:17:19.
Sent transaction at 2015-May-08 12:17:20.
Sent transaction at 2015-May-08 12:17:20.

See Also

References