How we recovered $300k of Bitcoin
https://reperiendi.wordpress.com/2020/04/03/how-i-recovered-over-300k-of-bitcoin/ https://news.ycombinator.com/item?id=22774057/
- A lot of jargon I don’t really understand, but the technical skill on display here is very impressive!
- GPU farm to recover $300k in bitcoin from an encrypted ZIP archive.
Look Up
- SoftICE
- IDA Pro
- CRC32
- Lattice reduction
- TLCG
- Meet-in-the-middle attack
References
- https://security.stackexchange.com/questions/199545/how-does-a-zip-file-detect-a-correct-password
After the header is decrypted, the last 1 or 2 bytes in Buffer SHOULD be the high-order word/byte of the CRC for the file being decrypted, stored in Intel low-byte/high-byte order. Versions of PKZIP prior to 2.0 used a 2 byte CRC check; a 1 byte CRC check is used on versions after 2.0. This can be used to test if the password supplied is correct or not.
Notes