UBF -- The Ultimate Bitmessage Forum

User info

Welcome, Guest! Please login or register.

You are here » UBF -- The Ultimate Bitmessage Forum » privacy & anti-NSA » download files from the bitcoin blockchain

download files from the bitcoin blockchain

Posts 1 to 6 of 6



WikiLeaks investigation BUNKER

download files from the bitcoin blockchain


                                                           Quick blockchain tutorial

1.   Decoding one transaction:

    downld -->               https://gist.github.com/anonymous/063ad … e44304e4b3

    Download http://gateway.glop.me/ipfs/QmSU67Ei3Te … 9V/jean.py

    or http://gateway.glop.me/ipfs/QmburFHeUtM … /jean_b.py



    python jean.py transaction_number


python3 ./jean-p3.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a

    python jean.py 691dd277dc0e90a462a3d652a1171686de49cf19067cd33c7df0392833fb986a


    "Wikileaks Cablegate Backup


    Download the following transactions with Satoshi Nakamoto's download tool
    which can be found in transaction 6c53cd987119ef797d5adccd76241247988a0a5ef783572a9972e7371c5fb0cc
    Free speech and free enterprise! Thank you Satoshi!"

      ... etc ...


2.     Downloading a transaction that generates a file:

    A nice example is the original Bitcoin paper. It can be found in transaction 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713.

    python3 ./jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf

    python jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > paper.pdf

    Once it is done you will be able to see a pdf was generated in that directory.

    Note that the transaction that generates the Bitcoin paper is related to the transaction that describes the Wikileaks cable dump, the cable dump itself, and many other transactions that have other content. Some has yet to be completely decrypted. These transactions are all related because they have common addresses involved or the money resulting from the transaction was used.

    For example, take a look at this transaction: https://blockchain.info/tx/08654f9dc9d6 … e975c588bd

    If you do

    python3 jean.py 08654f9dc9d673b3527b48ad06ab1b199ad47b61fd54033af30c2ee975c588bd

    You will get a key that was leaked.

    Now, if you look at the addresses involved, you can see one at the bottom, below Wikileaks. It does not show 'Escrow'. Go to that address and see its transactions. You will then find another message. Keep doing this and you'll eventually find the cable dump again.

    Using this method we've found several transactions that involve Wikileaks that we don't quite understand. One good strategy is to generate a file from a transaction and then look at its 'magic numbers' to figure out what it could be.

    Some of them are:

    7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c      GPG symmetrically encrypted data (CAST5 cipher)








    Testing the file type again with the Bitcoin paper transaction.  If you do

    python jean.py 54e48e5f5c656b26c3bca14a8c95aa583d07ebe84dde3b7dd4a78f4e4186e713 > output

    and then do,

    file -b output

    You will get:            PDF document, version 1.4


    python script.py 7379ab5047b143c0b6cfe5d8d79ad240b4b4f8cced55aa26f86d1d3d370c0d4c > output

    file -b output

    you should get :         GPG symmetrically encrypted data (CAST5 cipher)

3.    Merging multiple transactions into one file:

    http://gateway.glop.me/ipfs/QmafUK8hYKz … d/jean2.py

    http://gateway.glop.me/ipfs/QmY7D4bgMtq … x_list.txt

    Then do

    python jean2.py tx_list.txt > cables.zip

    you will get a zipfile with the cables  , 2.5 MB of size   -     or 0 bytes output, server error, if your firewall troubles 'curl'

From: http://8ch.net/tech/res/679042.html

Last edited by UBF4 (Nov 20 2016 21:19)


# New script block-opreturn-finder.py to store OP_RETURN's in SQLite Database (might be easier to browse).


python block-opreturn-finder.py blocks FROM TO
... where FROM is a block number and TO is a block number


python block-opreturn-finder.py blocks 434300 435800


import sys, getopt
import json
import pycurl
import struct
import cStringIO
import pprint;
import jsonrpclib
import subprocess;
import os;
import sqlite3;
from binascii import unhexlify, crc32

rpcserver = "http://username:password@localhost:8332"
sqlitedb = "OP_RETURN.db"

server = jsonrpclib.Server(rpcserver)

# Setup SQLiteDb
dbconn = sqlite3.connect(sqlitedb)

c = dbconn.cursor()

# Create table
c.execute('''CREATE TABLE IF NOT EXISTS op_returns (block int, tx text, op_return text)''')

def decode_transaction(transaction, block = 0):
    "Decodes an individual transaction"

        rawTx = server.getrawtransaction(transaction)
        tx = server.decoderawtransaction(rawTx)

        data = b''
        for txout in tx['vout']:
            if "OP_RETURN" in txout['scriptPubKey']['asm']:
              for op in txout['scriptPubKey']['asm'].split(' '):
                  if not op.startswith('OP_'):
                      print(transaction+": contains OP_RETURN")
                      data = unhexlify(op.encode('utf8'))
                      c.execute("INSERT INTO op_returns VALUES (?, ?, ?)", (block, transaction, buffer(data)))
    except Exception, e:

def get_transactions_for_block(block_number):
    "Gets the transactions for a given block"
    print("Checking block: "+str(block_number))
    hash = server.getblockhash(block_number)
    block = server.getblock(hash)
    for transaction in block["tx"]:
        decode_transaction(transaction, block_number)

type = sys.argv[1]

if type == 'transactions':
    transaction = sys.argv[2]

elif type == 'blocks':
    print("Blockchain length: " + str(server.getblockcount()))
    start = int(sys.argv[2])
    end = int(sys.argv[3])
    for block in range(start, end):


Last edited by UBF4 (Nov 21 2016 08:49)



etherpad phase III.


all pgms in one zip


import sys
import urllib2 
import commands
import struct
from   binascii import unhexlify, crc32

# usage, python script.py address              download files from blockchain , block # is param 1 -- e. g.          for  a pdf file


UBF : 


addr = str(sys.argv[1])

def txdecode(transaction):

    data = urllib2.urlopen("https://blockchain.info/tx/"+transaction+"?show_adv=true")
    dataout = b''
    atoutput = False

    for line in data:
            if 'Output Scripts' in line:
                atoutput = True
            if '</table>' in line:
                atoutput = False
            if atoutput:
                if len(line) > 100:
                    chunks = line.split(' ')
                    for c in chunks:
                        if 'O' not in c and '\n' not in c and '>' not in c and '<' not in c:
                            dataout += unhexlify(c.encode('utf8'))

    length   = struct.unpack('<L', dataout[0:4])[0]
    checksum = struct.unpack('<L', dataout[4:8])[0]
    dataout  =                     dataout[8:8+length]

    return dataout

print 'Reading '+addr+"'s transactions..."

startatpage = 0  #27
offset = startatpage*50

data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")

pagecalc = offset/50
if pagecalc == 0:
    pagecalc = 1
if offset >= 50:
    offset -= 50
page = pagecalc
files = 0
keep_reading = True
tx_list = []
f = open('dataout/'+addr+"_tx_list.txt", 'w')

while (keep_reading):
    tx_exist = False

    if keep_reading:
        print 'Page', page, '...'
        data = urllib2.urlopen("https://blockchain.info/address/"+addr+"?offset="+str(offset)+"&filter=0")
    for line in data:
        chunks = line.split('><')
        if 'hash-link' in line:
            tx_exist = True
            ll = chunks[4].split(' ')
            if len(ll) == 1:
                print("To be continued...")
            lll = ll[2][10:10+64]
            date1 = ll[4].split('>')[1]           
            date2 = ll[5].split('<')[0]
            print date1, date2
            if len(ll) == 1:
            print lll
            decoded_data = txdecode(str(lll))
            fd = open('dataout/'+str(lll),"wb")

            status, output = commands.getstatusoutput("dataout/trid dataout/"+str(lll))
            if 'Unknown!' not in output:

                ff = open('dataout/'+addr+"_file_tx_list.txt", 'a')
                files += 1
                outputlines = output.split('\n')
                for i in range(6,len(outputlines)):
                    print outputlines[i]
                ff.write(str(lll)+' '+outputlines[1]+' '+date1+' '+date2+'\n')

    page += 1
    offset += 50
    if tx_exist == False:
        keep_reading = False

print len(tx_list), 'transactions found'
print files,        'file headers found'
print               'List saved in file',             addr+"_tx_list.txt"
print               'Txs with file headers saved in', addr+"_file_tx_list.txt"


shit doesnt work here

You are here » UBF -- The Ultimate Bitmessage Forum » privacy & anti-NSA » download files from the bitcoin blockchain