CryptoAutoPilot is a comprehensive Bitcoin vulnerability scanner that analyzes ECDSA signature weaknesses in Bitcoin transactions. The application searches for cryptographic vulnerabilities that could lead to private key recovery, including k-reuse attacks, weak random number generation, brain wallet vulnerabilities, and various other ECDSA implementation flaws.
Windows Users: Simply double-click start_app.bat and the application will:
- Automatically install all required dependencies
- Set up a virtual environment
- Launch the web server
- Open your browser to the application
The application will be available at http://localhost:5000
# Clone and navigate to the directory
git clone <repository-url>
cd CryptoAutoPilot
# Run the launcher (Windows)
start_app.bat
# Or run manually (All platforms)
pip install -r requirements.txt
python main.py- K-reuse Detection: Identifies repeated nonce values across multiple signatures
- Weak R-value Analysis: Detects signatures with abnormally small R values
- LSB/MSB Bias Detection: Identifies biases in signature generation
- Lattice Attack Preparation: Prepares data for advanced lattice-based attacks
- Brain Wallet Vulnerability Scanning: Detects weak private key patterns
- Real-time Block Analysis: Analyzes Bitcoin blocks as they are mined
- Autopilot Mode: Automated sequential block scanning with configurable parameters
- Multi-threaded Processing: Parallel transaction analysis for improved performance
- Private Key Recovery: Mathematical recovery of private keys from vulnerable signatures
- Address Generation: Generates multiple Bitcoin address formats from recovered keys
- Real-time Dashboard: Live vulnerability statistics and analysis progress
- Interactive Controls: Start/stop analysis, configure parameters
- Detailed Reporting: Comprehensive vulnerability reports with recovery details
- Transaction Explorer: Integration with blockchain.com for transaction verification
- Responsive Design: Bootstrap-based terminal/hacker aesthetic
- Framework: Flask web application with Bootstrap 5.1.3
- Templates: Jinja2 templating engine
- JavaScript: Vanilla JS for real-time updates and AJAX communication
- Styling: Custom CSS with terminal-style green-on-black color scheme
- Framework: Flask (Python 3.11+)
- Database: SQLite with SQLAlchemy ORM (PostgreSQL-ready)
- Concurrency: ThreadPoolExecutor for parallel processing
- API Integration: Blockstream API for Bitcoin blockchain data
- Cryptographic Libraries: ECDSA, Base58, Hashlib for Bitcoin operations
- Python: 3.8 or higher
- Operating System: Windows, macOS, or Linux
- Memory: 4GB RAM minimum (8GB recommended)
- Storage: 1GB free space
For Windows Users:
- Download or clone the repository
- Navigate to the
CryptoAutoPilotdirectory - Double-click
start_app.bat - Wait for automatic setup (first run only)
- The application will open in your browser
Features:
- β Automatic dependency installation
- β Virtual environment setup
- β Web server launch
- β Browser integration
- β Error handling and recovery
For All Platforms:
- Clone the repository:
git clone <repository-url>
cd CryptoAutoPilot- Install dependencies:
# Using requirements.txt
pip install -r requirements.txt
# Or install core packages manually
pip install flask flask-sqlalchemy python-dotenv numpy requests scipy
pip install torch tensorflow scikit-learn cryptography matplotlib pandas networkx- Set up virtual environment (recommended):
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt- Initialize the database:
python -c "from main import app, db; app.app_context().push(); db.create_all()"- Launch the application:
python main.pyThe application will be available at http://localhost:5000
| File | Purpose | Platform |
|---|---|---|
start_app.bat |
Simple one-click launcher | Windows |
start_admin.bat |
Admin-powered launcher with advanced features | Windows |
launch_admin.bat |
Advanced launcher with multiple fallback methods | Windows |
start.ps1 |
PowerShell launcher with admin capabilities | Windows |
Common Issues:
-
Python not found:
- Install Python 3.8+ from python.org
- Ensure "Add Python to PATH" is checked during installation
-
Permission errors:
- Use
start_admin.batfor administrator privileges - Or run Command Prompt as administrator
- Use
-
Port already in use:
- Close other applications using port 5000
- The application will show an error if the port is unavailable
-
Package installation fails:
- Ensure internet connection is stable
- Try running the launcher again (it has retry logic)
- Check Python and pip are working correctly
-
Launch the application:
- Windows: Double-click
start_app.bat - Manual:
python main.py
- Windows: Double-click
-
Open your browser: Navigate to
http://localhost:5000 -
Explore the dashboard:
- View real-time vulnerability statistics
- Monitor analysis progress
- Access control panels
- Live Statistics: Real-time vulnerability counts and analysis progress
- Quick Actions: Start/stop autopilot, analyze specific blocks
- Recent Activity: Latest vulnerability discoveries and analysis results
-
Enter Block Information:
- Block number (e.g., 800000)
- Block hash (e.g., 000000000000000000076c036ff5119e5a5a74df77abf64203473364509f7732)
-
Start Analysis:
- Click "Analyze Block"
- Monitor progress in real-time
- View detailed results when complete
-
Review Results:
- Vulnerability types discovered
- Affected transactions
- Private key recovery attempts
- Risk assessment
-
Configure Settings:
- Direction: Forward (newer blocks) or Backward (older blocks)
- Delay: Time between block analyses (1-60 seconds)
- Range: Number of blocks to analyze
-
Start Automated Scanning:
- Click "Start Autopilot"
- Monitor continuous analysis
- View vulnerability discoveries in real-time
-
Control and Monitor:
- Pause/resume scanning
- Change direction on the fly
- View cumulative statistics
- Export results
Manual Recovery Testing:
- Navigate to
/test_manual_recovery - Test k-reuse recovery algorithms
- Validate results with real transaction data
- Debug and optimize recovery methods
- Edit
config.jsonfor custom settings - Modify analysis parameters
- Configure API endpoints and timeouts
The system includes quantum computing algorithms for:
- Shor's Algorithm: Factor large numbers for RSA attacks
- Grover's Algorithm: Quadratic speedup for brute force searches
- Quantum Phase Estimation: Enhanced eigenvalue extraction
- LSTM Networks: Predict vulnerability patterns
- CNN Models: Analyze signature structures
- Random Forest: Classify risk levels
- Neural Networks: Optimize attack strategies
- MPI Support: Parallel processing across multiple machines
- Load Balancing: Optimize resource utilization
- Fault Tolerance: Handle node failures gracefully
- ZK-SNARK Integration: Generate privacy-preserving proofs
- Homomorphic Encryption: Process encrypted data
- Secure Multi-Party Computation: Collaborative analysis
POST /analyze_block: Analyze a specific Bitcoin blockGET /autopilot_status: Get current autopilot statusPOST /start_autopilot: Start automated block scanningPOST /stop_autopilot: Stop automated scanning
GET /vulnerability_stats: Get vulnerability statisticsGET /export/<analysis_key>: Export analysis resultsGET /test_manual_recovery: Test manual recovery with real data
GET /config: Get current configurationPOST /config: Update configuration settings
FLASK_ENV: Set to 'development' for debug modeDATABASE_URL: Database connection string (default: SQLite)BLOCKSTREAM_API: Blockstream API endpointSESSION_SECRET: Flask session secret key
BLOCKSTREAM_API: Bitcoin blockchain API endpointMAX_CONCURRENT_ANALYSIS: Maximum concurrent analysis threadsANALYSIS_TIMEOUT: Timeout for individual analysis operationsAUTOPLOT_DELAY: Delay between autopilot block analyses
The system detects when the same nonce (k-value) is used across multiple ECDSA signatures. This vulnerability allows mathematical recovery of the private key using the formula:
k = (zβ - zβ) / (sβ - sβ) mod n
d = (sβ Γ k - zβ) / r mod n
Identifies signatures with unusually small R values, which can indicate poor random number generation or potential vulnerabilities in the signing process.
Scans for private keys generated from weak patterns such as:
- Leading zeros
- Repeating characters
- Common test patterns
- Sequential patterns
- Low entropy keys
Collects and prepares signature data for advanced lattice-based cryptographic attacks, which can recover private keys from signatures with biased nonce generation.
- All recovered private keys are handled securely
- No sensitive data is stored in plain text
- Transactions are analyzed anonymously
- Rate limiting for external API calls
- Input validation for all user inputs
- Secure session management
- Protection against common web vulnerabilities
- No logging of recovered private keys
- Secure handling of cryptographic materials
- Regular security updates and dependency management
CryptoAutoPilot/
βββ main.py # Main Flask application
βββ requirements.txt # Python dependencies
βββ templates/
β βββ index.html # Main web interface
βββ static/
β βββ app.js # Frontend JavaScript
β βββ style.css # Custom CSS styles
βββ README.md # This documentation
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Submit a pull request
Run the test suite:
python -m pytest tests/- Set up a production database (PostgreSQL recommended)
- Configure environment variables
- Use Gunicorn as WSGI server:
gunicorn -w 4 -b 0.0.0.0:5000 main:appFROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
EXPOSE 5000
CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:5000", "main:app"]The application is configured for easy deployment on Replit:
- Import the project to Replit
- Configure the Nix packages (PostgreSQL, OpenSSL, etc.)
- Set up the run command with Gunicorn
- Deploy using Replit's autoscale infrastructure
Database Connection Errors
- Ensure SQLite file permissions are correct
- Check DATABASE_URL environment variable
- Verify database initialization
API Rate Limiting
- Blockstream API has rate limits
- Implement proper request throttling
- Consider using multiple API endpoints
Memory Usage
- Large block analysis can consume significant memory
- Adjust MAX_CONCURRENT_ANALYSIS setting
- Monitor system resources during operation
Performance Issues
- Reduce analysis thread count for slower systems
- Increase AUTOPLOT_DELAY for less frequent scanning
- Consider using SSD storage for database
This project is for educational and research purposes. Please ensure compliance with local laws and regulations when using cryptographic analysis tools.
This tool is designed for educational and research purposes. Users are responsible for ensuring compliance with applicable laws and regulations. The developers are not responsible for any misuse of this software.
- Initial setup and basic vulnerability detection
- Enhanced k-reuse detection with block-wide R-value analysis
- Added WIF private key recovery functionality
- Implemented transaction explorer integration
- Enhanced signature extraction with improved DER parsing
- Added raw transaction parsing with proper SIGHASH calculation
- Replaced all mock data with real transaction fetching
- Implemented dynamic weak key detection
- Added comprehensive Bitcoin address generation
For issues, questions, or contributions, please open an issue on the project repository or contact the development team.