... ... ... ... or how to (not) work with the mnemonic library!?
SYSTEM WARNING: This repo is not idiot-proof.
Proceeding may result in irreversible loss of fake or real assets.
Do you feel lucky, punk? (y/N)
A love story between developers and irreversible mistakes.
Warning
This document demonstrates how to use Python and the mnemonic library to generate a seed phrase and derive a private key. It's important to note that although these tools can be repurposed by malicious actors, this repository is intended strictly for educational and security testing purposes. I explicitly distance ourselves from any misuse of the knowledge and tools provided here.
Note
Because if you mess up the mnemonic logic, you might just...
- π½ Flush your tokens
- π« Shoot your future self
- β οΈ Kill your wallet (no respawn)
- πΈ Say goodbye to your ETH, BTC, or 3rd-world token dreams
This repo is ironically serious. The title says "Kill" because every undefined, every wrong derivation path, every accidentally published .env file could be the end.
- How to use @scure/bip39 (or bip39, depending on flavor)
- How to generate and validate mnemonics
- How to derive keys and addresses
- How to simulate wallet creation safely
- Bonus: How to simulate destruction of a wallet so you learn without crying
- Introduction
- Security Risks and Vulnerabilities
- Generating a Seed Phrase
- Deriving a Private Key
- Generating Addresses from Seed Phrases
- Signing Transactions
- Reading and Validating Seed Phrases
- Using Hardware Wallets
- Detecting and Preventing Seed Phrase Leaks
- Important Warnings
- Examples
- Your Support
const phrase = "abandon abandon abandon ..."; // π©
const seed = bip39.mnemonicToSeedSync(phrase);
const key = deriveKey(seed); // wrong path? wrong format? sayonara coins.
// At this point, you've probably destroyed 3 hours of effort and 3 years of savings.
- Always work with testnets.
- Never use real mnemonics unless you're sure.
- Avoid cloud syncing any files with keys. -Add .env, .secret, .key to your .gitignore, then double check.
- Use airgapped signing if you're paranoid (which you should be).
The following Python code generates a seed phrase using the mnemonic library. This seed phrase can be used to derive a private key.
import mnemonic
# Generate a seed phrase (using the default English word list)
seed = mnemonic.Mnemonic('english').generate(strength=128)
print("Seed Phrase:", seed)This code generates a random seed phrase with 128 bits of entropy, consisting of 12 words from the English word list.
The seed phrase can be converted into a private key, which can be used for signing transactions.
import binascii
# Convert the seed phrase into a private key
private_key = binascii.hexlify(mnemonic.Mnemonic('english').to_seed(seed)).decode()
print("Private Key:", private_key)This code converts the seed phrase into a private key. The binascii.hexlify() function transforms the byte sequence of the private key into a hexadecimal string.
You can derive public addresses from a seed phrase, which are used in blockchain transactions.
from mnemonic import Mnemonic
import bip32utils
# Generate a seed phrase
mnemo = Mnemonic('english')
seed = mnemo.generate(strength=128)
print("Seed Phrase:", seed)
# Convert the seed phrase to a seed
seed_bytes = mnemo.to_seed(seed)
# Create a BIP32 root key from the seed
root_key = bip32utils.BIP32Key.fromEntropy(seed_bytes)
# Generate a Bitcoin address
address = root_key.Address()
print("Bitcoin Address:", address)This code generates a Bitcoin address from a seed phrase using BIP32.
The private key can be used to sign transactions. Note that this is just a demonstration and should not be used with real funds.
import mnemonic
import binascii
import hashlib
import hmac
# Generate a seed phrase
seed = mnemonic.Mnemonic('english').generate(strength=128)
print("Seed Phrase:", seed)
# Convert the seed phrase into a private key
private_key = binascii.hexlify(mnemonic.Mnemonic('english').to_seed(seed)).decode()
print("Private Key:", private_key)
# Example function to sign a transaction
def sign_transaction(transaction, private_key):
# Convert the private key from hex to bytes
private_key_bytes = binascii.unhexlify(private_key)
# Create a HMAC object using the private key and SHA256
h = hmac.new(private_key_bytes, transaction.encode('utf-8'), hashlib.sha256)
# Generate the signature
signature = h.hexdigest()
return signature
# Hypothetical transaction data
transaction_data = "example_transaction_data"
# Sign the transaction
signed_transaction = sign_transaction(transaction_data, private_key)
print("Signed Transaction:", signed_transaction)You can also read an existing seed phrase and validate it using the mnemonic library.
# Read and validate a seed phrase
seed_phrase = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
# Check if the seed phrase is valid
is_valid = mnemonic.Mnemonic('english').check(seed_phrase)
print("Is the seed phrase valid?", is_valid)
# Convert the valid seed phrase into a private key
if is_valid:
private_key = binascii.hexlify(mnemonic.Mnemonic('english').to_seed(seed_phrase)).decode()
print("Private Key:", private_key)
else:
print("The seed phrase is invalid. Please provide a valid seed phrase.")This example shows how to validate a given seed phrase and convert it into a private key if it is valid.
Integrating mnemonic libraries with hardware wallets adds an extra layer of security.
# This is a placeholder for actual hardware wallet integration code
# Example:
# from hardware_wallet_library import HardwareWallet
# wallet = HardwareWallet()
# wallet.load_seed(seed)
# address = wallet.get_address()
# print("Hardware Wallet Address:", address)Scripts to detect common patterns of seed phrase leaks and how to prevent them.
# Example of a simple script to check for seed phrase leaks in a file
def check_for_seed_phrases(file_path):
with open(file_path, 'r') as file:
content = file.read()
if "abandon abandon abandon" in content:
print("Potential seed phrase leak detected!")
else:
print("No seed phrase leaks detected. Yet.")
# Check a sample file for leaks
check_for_seed_phrases('sample_file.txt')- Secure Your Seed Phrase: Store your seed phrase in a secure location, as it is the only way to access your cryptocurrency.
- Do Not Use This Code with Real Funds: This code is for demonstration purposes only. Never use it with your actual private key or real funds, as you risk losing your money.
- Learn About Cryptography: It is crucial to understand the basics of cryptography and hardware wallet security before experimenting with real funds.
Here are some practical examples of using the mnemonic library:
import mnemonic
# Generate a seed phrase
seed = mnemonic.Mnemonic('english').generate(strength=128)
print("Seed Phrase:", seed)import mnemonic
import binascii
# Generate a seed phrase
seed = mnemonic.Mnemonic('english').generate(strength=128)
# Convert the seed phrase into a private key
private_key = binascii.hexlify(mnemonic.Mnemonic('english').to_seed(seed)).decode()
print("Private Key:", private_key)... but hauntingly real!?
import mnemonic
import binascii
import hashlib
import hmac
# Generate a seed phrase
seed = mnemonic.Mnemonic('english').generate(strength=128)
# Convert the seed phrase into a private key
private_key = binascii.hexlify(mnemonic.Mnemonic('english').to_seed(seed)).decode()
# Example function to sign a transaction
def sign_transaction(transaction, private_key):
# Convert the private key from hex to bytes
private_key_bytes = binascii.unhexlify(private_key)
# Create a HMAC object using the private key and SHA256
h = hmac.new(private_key_bytes, transaction.encode('utf-8'), hashlib.sha256)
# Generate the signature
signature = h.hexdigest()
return signature
# Hypothetical transaction data
transaction_data = "example_transaction_data"
# Sign the transaction
signed_transaction = sign_transaction(transaction_data, private_key)
print("Signed Transaction:", signed_transaction)import mnemonic
import binascii
# Read and validate a seed phrase
seed_phrase = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
# Check if the seed phrase is valid
is_valid = mnemonic.Mnemonic('english').check(seed_phrase)
print("Is the seed phrase valid?", is_valid)
# Convert the valid seed phrase into a private key
if is_valid:
private_key = binascii.hexlify(mnemonic.Mnemonic('english').to_seed(seed_phrase)).decode()
print("Private Key:", private_key)
else:
print("The seed phrase is invalid. Please provide a valid seed phrase.")Issues for this script are not accepted as it is intended for educational purposes only and not for production use. However, you are welcome to make a Pull Request (PR) for contributions.
Warning
Exploiting security vulnerabilities without permission and manipulating or destroying cryptocurrency wallets is illegal and unethical, and may result in criminal charges.
If you find this project useful and want to support it, there are several ways to do so:
- If you find the white paper helpful, please β it on GitHub. This helps make the project more visible and reach more people.
- Become a Follower: If you're interested in updates and future improvements, please follow my GitHub account. This way you'll always stay up-to-date.
- Learn more about my work: I invite you to check out all of my work on GitHub and visit my developer site https://volkansah.github.io. Here you will find detailed information about me and my projects.
- Share the project: If you know someone who could benefit from this project, please share it. The more people who can use it, the better. If you appreciate my work and would like to support it, please visit my GitHub Sponsor page. Any type of support is warmly welcomed and helps me to further improve and expand my work.
Thank you for your support! β€οΈ
MIT License β Use at your own risk.
If you fry your wallet while playing with this code or accidentally shut down a hacker β congrats or condolences, depending on your role. ππ
