How we recovered $300k of Bitcoin

https://reperiendi.wordpress.com/2020/04/03/how-i-recovered-over-300k-of-bitcoin/ https://news.ycombinator.com/item?id=22774057/

• A lot of jargon I don’t really understand, but the technical skill on display here is very impressive!
• GPU farm to recover $300k in bitcoin from an encrypted ZIP archive.

Look Up

• SoftICE
• IDA Pro
• CRC32
• Lattice reduction
• TLCG
• Meet-in-the-middle attack

References

• https://security.stackexchange.com/questions/199545/how-does-a-zip-file-detect-a-correct-password

  After the header is decrypted, the last 1 or 2 bytes in Buffer SHOULD be the high-order word/byte of the CRC for the file being decrypted, stored in Intel low-byte/high-byte order. Versions of PKZIP prior to 2.0 used a 2 byte CRC check; a 1 byte CRC check is used on versions after 2.0. This can be used to test if the password supplied is correct or not.

Notes