Shulou(Shulou.com)06/01 Report--

How to carry out the Python code analysis of Electrum bitcoin wallet, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

If you are still not surprised by the power of the Python language, in this section we will learn how to develop bitcoin addresses or wallets in python. I just want to say how easy it is to communicate with your computer and how many interesting projects you can do with it if you use the python and Linux operating systems.

I will analyze the source code of Electrum, which is a bitcoin wallet written purely in Python, and it should work with any python 2.x, and I believe that even with the python 3.x package, by default all dependencies of the software are default packages. Therefore, no additional software is required.

Disclaimer: the use of this code and information is at your own risk and I am not responsible for any damage caused by the use of the modified code and the information provided in this article. If you do not know what you are doing, it is recommended that you do not modify the code that generates the private key!

Understand the code

I downloaded the latest version of the Electrum source code from Github:

Https://github.com/spesmilo/electrum/releases/tag/2.8.3

The seed generator file is basically located in lib, which is called mnemonic.py, and the function is make_seed (), which is this code:

You can also use internal commands to actually call from the terminal. So, if you have Electrum installed, it looks like this:

Electrum make_seed-nbits 125

After installing Electrum, a 125bit seed will be created for you, but you can also call the mnemonic script from another python file and customize it (for example, generate multiple or integrate it with other code).

We will create a new file called testcall.py, where we will call this mnemonic code, but it must be in the same lib folder. It looks like this:

If we use the python testcall.py command to call it from the terminal:

Basically we import the Mnemonic class from the mnemonic.py file, but call it a mnemonic. I haven't talked about classes, they are in higher-level parts of the Python language, and they are basically objects that bind functions together. The make_seed () function here is contained in the Mnemonic class and is called along with other functions that depend on other functions. It only takes 1 function to complete, but using it like this is more elegant and less error-prone, because it can handle exceptions. I'm not a very good Classes expert, so I'll just do it.

In the Mnemonic class, you can define one parameter, the language, which has the following values:

None = English

En = English

Es = Spanish

Zh = Chinese

Ja = Japanese

Pt = Portuguese

You can see the country code in the i18n.py file, but only these code columns are available and are visible in the wordlist folder. If you create a Chinese seed, just replace the parameter with the country code:

Print Mnemonic ('zh'). Make_seed (' standard', 132,1)

You can also generate many types of seeds, as you can see in the version.py file:

Standard: a regular wallet.

Segwit: supports upcoming Segregated Witness softfork-based Bitcoin addresses.

2fa: a wallet based on two-factor authentication.

The next argument is the num_bits variable, which is called from the command line using the nbits command, which is basically just the bit entropy your seed will have (the recommended minimum security value is 128)

The last parameter is custom_entropy, which is basically just an integer, which can be multiplied by the number of seeds in case your RNG is bad, which will replace part of the password with your custom generated number, with the same entropy size.

So, if I call it that, I choose a custom entropy number, which will generate seeds in this way, and of course the entropy number must also be a secret:

Print Mnemonic ('en'). Make_seed (' standard', 132,234982335345345345942892342349489238)

I really don't recommend using this code, it looks a little strange, I'm not an encryption expert, but I just don't like how to insert entropy into your numbers. I've heard that multipliers reduce entropy, so I'm not sure about this part of the code. In fact, I will send a message to the developer about this issue and see how he responds to it. But don't worry, the default wallet generation doesn't call the custom entropy part, so if you generate a wallet in Electrum through GUI, or set it to 1, don't worry.

Analyze seed generator

Well, now that we know how to generate seeds, let's take a look at what the seed generator does. After all, everyone who uses Electrum must rely on the security and integrity of this code, otherwise if the code is badly written, you may lose all your money. So if we want to store a lot of bitcoin in Electrum, we have to trust this code 100%. So let's analyze it.

So let's analyze the make_seed () function, which is the location of the action. First, I'll put a lot of print code in it to print out each variable at each step:

Basically I just print out each variable at every step. OK, let's use the python testcall.py command to call the make_seed () function from the testcall.py file. The testcall file looks like this:

Print Mnemonic ('en'). Make_seed (' standard', 132,1)

It's just a standard seed generation that prints out:

All right, let's take it one step at a time.

First import the version.py, where the code in the file is that it basically converts the standard parameter to 01, which becomes the prefix for the seed. So it sets the prefix to the 01 string.

Then the bwp (digits per word) variable takes the log2 value of the word list length, I mean how many words are there, in this case the English list: english.txt. There are 2048 words in the English list, of which log2 is 11.

Then divide num_bits by bwp and round it up, convert it to an integer, and multiply it by bwp again. I don't know why this is necessary, because it gives the same value, and I think it's just some kind of precaution.

If we leave custom_entropy at the default value of 1, n_custom will become 0, so no additional entropy will be added.

N if no custom entropy is added, it is still the same as the num_bits input.

So basically if you generate a default wallet with no extra entropy, then the n variable becomes the principal number, which contains the amount of entropy you originally defined through num_bits. So, in our case, it remains equivalent because we don't add anything.

Then my_entropy will only choose random numbers between the n powers of 0 to 2, where n is n with the same name, so it will be a large number, which is the prototype of the seed.

Then we enter the while loop to search for a random number that starts with 01, which will be used as the checksum of the seed.

If the custom entropy is 0, then basically we only need to add 1 to the my_entropy number until the first two bits become 0 and 1. In fact, its first two bits are in hash format. So what happens is that it encodes it with mnemonic_encode (I), and after decoding it with mnemonic_decode (seed), I guess if it can be encoded in words, otherwise there will be some errors. This is what the assert command does, which tests for errors.

Then it goes into the is_new_seed () function, if you generate a seed now, if you import the old seed in the old format, then it goes into the old function. But the code I executed above entered the new function. This is where miracles happen. The is_new_seed () function is actually located in the bitcoin.py file:

What's happening here is interesting. First, use the normalize_text () function in the mnenonic.py file to normalize the seed. I think Chinese or other strange languages will be converted into what I think is ASCII text. So this function does not have much to do with the list of English words.

And then when things get interesting, it uses the HMAC-SHA512 hash of the seed list, which is basically our case in its English text version. It checks that the first two characters are 01 because we call it a standard wallet. Electrum defines a standard wallet as a seed, its seed version of HMAC-SHA512 begins with 01, a Segwit wallet, its encoded seed version of HMAC-SHA512 begins with 02, and so on. So basically add the my_entropy variable 1 in a loop until, in our example, it gives a list of HMAC-SHA512 words encoded with the Seed version that starts with 01. When the number is found, it exits the loop and returns the seed.

That's it, that's the basic way Electrum generates seeds. The HMAC-SHA512 sum of this seed will start at 01, and you can even check it yourself. So in Linux you can install a tool called GTKHash to calculate the hash, so let me demonstrate that we take the seed and then add the seed version of the HMAC message, as defined by this function:

Therefore, you can see whether we add the HMAC message Seed version with the seed, which provides us with a 512-bit hash starting with 01, so in this case, this is a valid default seed compatible with Electrum.

Of course, the HMAC system is unbreakable, especially since its 512-bit version may be quantum computer resistant, so there is no way to reverse engineer the seeds of the system.

But there is a problem, if we fix the first two characters of the hexadecimal format, it is clear that the HMAC-SHA512 output is in hexadecimal format, then we will lose entropy.

That's why we start with 132-bit entropy, because we lost about 4 bits of entropy, so the final output is only 128 bits of entropy, which is the default we want, using 128-bit security entropy, in fact, in view of the powerful function of the computer, it is recommended to use more than 120 bits now.

So we started with 132 bits, and because we fixed the first two characters, we lost some bits, and then we kept 128 bits, which is computationally safe. To violently crack this requires supercomputers to go through 2128 combinations, which is almost impossible, because there is not enough energy on earth to go through so many combinations, and in fact some people say that you can't even count this number range, let alone hash and other memory-intensive operations.

It seems that Electrum is safe to use. It has been approved by me, and although I am not an encryption expert, it seems secure to me since I studied and learned it.

I'm still skeptical about custom_entropy. I should ask what dev did, but other than that, the default wallet generation is perfect. I don't think there's a back door.

After all, thousands of people use Electrum, especially those who hold a large number of them, so it's best to use it safely, and in my opinion.

I analyzed its main seed generation code. Of course the code is much more than that, but we already know that if you use it to generate seeds on an offline computer, it should be safe. Now I don't look at the web-related parts of it, but I believe they are secure.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.