# How to hack a picture and (not) get BTC

My attention was drawn to the work of American artist Andy Bauch (Andy Bauch) in the form of paintings from Lego blocks. According to the author, the private keys to the wallets of various cryptocurrencies, including Bitcoin, are encrypted in them. The value of assets and wallet addresses are on the page newmoney.andybauch.com The

For example, take the most obvious picture of Bitcoin Initially Valued at $ 60.

It encrypted the private key to the address 1HvEJG5JR84MVpncXcDVBqx65uY5odr6fP on which there was ~ 0.14 bitcoin (~ $ 1200).

On blockchain.info we see a text prompt “Radix 6”, remember it and move on.

With a keen look, we examine and notice the following points:

6 characters is clearly not enough to encode a classic WIF or HEX private key in 270 characters, however there is a mini format for the private key, it consists of just 30 characters and works on the basis of the brainwallet principle - sha256 (“mini_private_key”).

A feature of this format is the obligatory beginning with the letter S, an example is S6c56bnXQiBjk9mqSYE7ykVQ7NzrRy.

The last time we look at the picture and write out all the colors of the squares in the first 30 blocks, except for the blue vertical dividers, for convenience, designating the colors with one letter: Y = Yellow, G = Gray, R = Red, B = Blue, L = Light Blue, D = Dark Green

It turns out:

We know that the first letter is S, and the coding is 6-digit, so we need to find which color is responsible for which digit.

For numerical conversions, install the baseconvert package

Convert the letter S to hexadecimal encoding

Convert the result using another utility to a 6-digit encoding

From this we conclude that

Half of the problem is solved. Since we have not so little time, we will find the remaining 3 values by manual enumeration, since we have few options and immediately write a small script that will issue a private mini-key.

Launching ...

According to the specification of a mini private key, we can verify its validity by adding a question mark to the end and hashing sha256. If the first two characters are zeros, then the key is considered valid.

We are lucky, the private key is valid.

Now we go to www.bitaddress.org (so faster) and insert the resulting private key into the Wallet Details tab.

We take the private key in WIF format (5KfNkSeQwNgjHr7cRErzDmq5XdUm8qc94YM3iEN5YaMYoA2UGky) and import it into the bitcoin client.

So what do we have here? ..

Oops ... Someone turned out to be quicker and took the prize. However, satisfaction from the solved task was nevertheless obtained.

UPD: $ 20 and $ 30 were taken by SopaXT

**call is accepted.**For example, take the most obvious picture of Bitcoin Initially Valued at $ 60.

It encrypted the private key to the address 1HvEJG5JR84MVpncXcDVBqx65uY5odr6fP on which there was ~ 0.14 bitcoin (~ $ 1200).

On blockchain.info we see a text prompt “Radix 6”, remember it and move on.

With a keen look, we examine and notice the following points:

- Squares come in only 6 colors, which means we have a 6-character encoding (radix 6)
- Flat vertical lines every 3 squares dividing them into blocks, starting from the first
- The pattern goes from left to right, consists of 30 blocks and then repeats

6 characters is clearly not enough to encode a classic WIF or HEX private key in 270 characters, however there is a mini format for the private key, it consists of just 30 characters and works on the basis of the brainwallet principle - sha256 (“mini_private_key”).

A feature of this format is the obligatory beginning with the letter S, an example is S6c56bnXQiBjk9mqSYE7ykVQ7NzrRy.

The last time we look at the picture and write out all the colors of the squares in the first 30 blocks, except for the blue vertical dividers, for convenience, designating the colors with one letter: Y = Yellow, G = Gray, R = Red, B = Blue, L = Light Blue, D = Dark Green

It turns out:

`'YGR', 'LBY', 'LBL', 'YBR', 'LGY', 'YYY', 'LBY', 'YBL', 'YDY', 'LGY', 'GRG', 'GRR', 'GDR', 'LBD', 'LBY', 'YDL', 'LBG', 'YYB', 'LYY', 'GRL', 'YYD', 'YGR', 'YDR', 'LBD', 'GYD', 'YRR', 'GRY', 'GYD', 'GRR', 'LGG'`

We know that the first letter is S, and the coding is 6-digit, so we need to find which color is responsible for which digit.

For numerical conversions, install the baseconvert package

`pip install baseconvert`

Convert the letter S to hexadecimal encoding

```
echo -n "S" | od -A n -t x1
53
```

Convert the result using another utility to a 6-digit encoding

```
python3 -m baseconvert --string true --number 53 --input-base 16 --output-base 6
215
```

From this we conclude that

```
Y = 2
G = 1
R = 5
```

Half of the problem is solved. Since we have not so little time, we will find the remaining 3 values by manual enumeration, since we have few options and immediately write a small script that will issue a private mini-key.

**solve.py**

```
#!/usr/bin/python3
import baseconvert
values = ['YGR', 'LBY', 'LBL', 'YBR', 'LGY', 'YYY', 'LBY', 'YBL', 'YDY', 'LGY', 'GRG', 'GRR', 'GDR', 'LBD', 'LBY', 'YDL', 'LBG', 'YYB', 'LYY', 'GRL', 'YYD', 'YGR', 'YDR', 'LBD', 'GYD', 'YRR', 'GRY', 'GYD', 'GRR', 'LGG']
replace = {'Y':'2', 'G':'1', 'R':'5', 'B':'0', 'L':'3', 'D':'4'} #подставляем значения здесь
key = []
base = 6
for char in values:
for i, j in replace.items():
char = char.replace(i, j)
v = baseconvert.base(char, base, 16, string=True)
v = bytearray.fromhex(v).decode('ascii')
key.append(v)
print(''.join(key))
```

Launching ...

```
python3 solve.py
SnoMtVnKbtCGApncmTzEXSep4kD4Gs
```

According to the specification of a mini private key, we can verify its validity by adding a question mark to the end and hashing sha256. If the first two characters are zeros, then the key is considered valid.

```
echo -n SnoMtVnKbtCGApncmTzEXSep4kD4Gs? | sha256sum
00edc14de4c175a2a8ccb213e4d5deee738782a8213c25328a7b035d3c728866
```

We are lucky, the private key is valid.

Now we go to www.bitaddress.org (so faster) and insert the resulting private key into the Wallet Details tab.

We take the private key in WIF format (5KfNkSeQwNgjHr7cRErzDmq5XdUm8qc94YM3iEN5YaMYoA2UGky) and import it into the bitcoin client.

So what do we have here? ..

Oops ... Someone turned out to be quicker and took the prize. However, satisfaction from the solved task was nevertheless obtained.

UPD: $ 20 and $ 30 were taken by SopaXT