I hacked time to recover $3 million from a Bitcoin software wallet
HTML-код
- Опубликовано: 27 май 2024
- What if I told you that we could hack time to recover over $3 million in Bitcoin from a software wallet that's been locked since 2013? In this episode, I join forces with my friend Bruno to reverse engineer the RoboForm password generator in order to regenerate passwords that have been generated in the past.
Read about it on WIRED: www.wired.com/story/roboform-...
Project details: grandideastudio.com/portfolio...
Check out Joe Grand here:
RUclips: / joegrand
Discord: / discord
Twitter: / joegrand
Instagram: / joegrandofficial
Everything Else: linktr.ee/joegrand
ABOUT OFFSPEC.IO:
offspec.io (offspec.io) is a diverse team specializing in password recovery from hardware and software wallets. If you need help accessing your cryptocurrency, let us know. We're always looking for new and interesting projects where we can use our skills to help others.
Special thanks to:
Macdonald Entertainment Partners: macdonaldentertainmentpartner...
Sebastian Klinger: sebklinger.com
ORISONO: orisono.com Наука
Bro is like a dad that you only see once a year
A shitty dad then.
Basically my dad lol
yes!
Oof. This hurt
You see your dad every year?
Michael: "you can blur my face, but not my biceps"
In an Arnold Schwarzenegger accent
Bro this video is whack, it's wide AF and short in height. wtf?!
Bro this video is whack, wide AF and the height is short. wtf?!
"or my pot belly"
He earned those
Congratulations, you've outdone yourself. This video is one of the most impressive one-punch recovery moves I've seen in a while: the coding, the clickbait, the references from other channels/people... *Strong widget* just knows an opportunity to recover lost money when he sees one.
Joe finally remembered his RUclips channel password 🎉
Nahhh he had to crack it😂
I know I know... the first 3 letters of all my Ex's names combined... and ehhhhh., wait.... did I even had one?
LOL
😂
He had created it with old roboflow
The play off between yourself and Bruno was great. Especially for the awkward jokes.
*hackerviper50* *Just did what others hackers couldn’t thanks for being real.*
:D
Down to earth.
Next year: "I hacked the 4th dimension to recover $5 million Bitcoins"
Some may argue that's what time is.
@@ozzelot3349 Generally that's what time is.
@@ozzelot3349 I think that op means the 4th dimension of space
@@ozzelot3349 exactly
Well now his btc worth 3.6 millions
The amount of bravery this took was INSANE. These people all had their lives in danger, but still decided to go through with the recovery for the sake of busting bad scammers. True respect *Strong widget!*
If the FBI was half as dedicated and ingenious (and honest) as you guys are, the USA would be a much safer country.
Amazing work!
Moral of the story: Use insecure password generators 😊
Moral of story is back up your passwords on multiple digital devices and also physical written copies. Especially with important banking info and things that don’t have recovery options like crypto wallets.
@@implode3 you should just use an insecure generator. Thats easier
The question for me is how this data got corrupted from the beginning like how often can this happen ?
No, fucking backup your shit
@@implode3 nah because it's just a couple thousand so he didn't care.
This could easily be a netflix documentary, based on the cinematic video and the overall choreography of the shots.
Right? That was so fucking well made.
And the delivery of speaking was great
Far above all visuals, the work being done, the stories being told, the information being presented, and the easy to understand presentation.
a 20min doco? I prefer youtube TBH. it also keeps them on their own terms.
Dude, you aren’t even talking about the crazy story and storyline. Insane! Super smart guys impressed
Me emocionei sem saber uma palavra em inglês.. Vcs são maravilhosos.. @Netflix um documentário. Imaginem.
You can clearly tell that Strong widget is tired of playing nice guy.
You can see the anger and frustration towards these scumbags in his eyes. *STRONG WIDGET* I support you 100%. You are doing AWESOME work. Never give up.
This is the kind of recovery agent that should get a tv show. National platform to show the scammers their days are numbered.
Thank you for what you do
This dude dressed up as highway control, and jumped into traffic just to show what he explained... That's dedication 🤣
yes a random generated truck could've crashed that party XD
I was about to say
Big Dick Energy
i cringed so hard, same with the huge sign they took into the plane, but rest was super interesting ofc
the traffic light was red haha
IVE NEVER CLICKED ON A VIDEO SO FAST!
fr
Wow you are faster then me. Damn
Fr when i saw joe, my mind like... its time to watch
Took me 3 hours.
On god! I love this guys content
You rock *Strong widget* . My son showed me your page. I've never commented on any RUclips video but I appreciate what you do because I despise these people
I would like to say you're a blessing to all those people who have been scammed and you're the much needed hammer to smash those scammers and stop them in their tracks. Thank you very much for continuing your crusade against the scammers
Channel: is about recovering crypto wallets
Joe's insane production: fricking stops traffic in Frankfurt
Moral of the story: Don't attack the password, attack the system that created the password.
moral of the story: call joe grand
Nah, its: Attack the weakest link in the chain.
wrong
@@fabrestervis humans..
exactly. Its time to flush the toilet.
This man really hit the ground running and hasn't stopped yet. He gives us more understanding of him without interviews and negative antics he just shows us who he is through the Recovery. True living legend. We salute you.
Incredible recovery. The execution, creativity, and goodness that came from it were inspiring on a number of levels. Cheers *Strong widget* on the internet & looking forward to seeing what you do next!
GET THIS MAN A NETFLIX SERIES NOW!
The storytelling is incredible!
+1
why would he do that? why chose a highly biased politically correct streaming platform to release great content. Make it make sense.
it‘s annoying and over dramatized
AMAZING STORY TELLING
Kingpin is BACK!
*Honestly, just owning it and not trying to hide it is partially why I watch you. It's the honorable thing to do and it make the rest of the jobs much more believe when you are call out of the spots like that, so thank you StrongWidget. I can't wait to tell my grandkids this was the greatest youtube Recovery agent of my time..*
Damn, the cinematic quality of your videos is astonishing
I noticed that too. I was like this is the widest video I ever watched. LOL
I am watching on a 55" TV too. I think it was 21:9 like a movie theater
especially the thing with the cars, right?? like how did he even arrange that?
This is some Oscar winning documentary stuff 😂 Joe stopping the cars in Frankfurt
I don't think they stopped the traffic. The traffic light was red at that moment and they took advantage of it. @11:54 you can see that the light for pedestrians (same direction) is also red. Still very well done.
@@ferdynand40 you are fun at parties aren't ya? XD
@@g60force hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
Why was this so incredibly well made. It’s like a professionally made documentary. Loved it!! Using time as the only seed for a password generator was not great either lol
Clearly just wrote that for likes. Who asks why something is made so well? Weird 🤡
@@FunnyDesertCobra-hn7wv who cares about likes in yt comments? lmao
maybe they going to pitch it to netflix?
Wow that's unbeleivable that this password generator did not use the nanoseconds of the machine as well and the machine ID as a seed. Great work, awesome video.
I was thinking the same...
The most surprising thing for me is that it didn't send the password to a CC server. it seems like its a shady program.
plus it could use randomness more than once with random intervals in between as well
Milliseconds would have „only“ increased the time to find it from 20m to 14d
If it would've been so, then he would've had to run the code on the machine he used to generate the password. Am I right ?
The dude is just not fakeing . The finishes of the goals. Beautiful. Magisterial. Love you *Strong widget.!* 🙏🏼 Whoever's reading this, I pray that whatever your going through gets better and whatever your struggling with or worrying about is going to be fine and that everyone has a fantastic recovery! Amen
Bro needs his own show on Netflix. Well done as always!
for real. bro deserves million of views. the quality of video shooting and writing
Kingpin has already had a reality show.
OMG, it’s been 84 years, JOE IS BACK
It was but not anymore, Joe changed the time!
@@avfc1985 what do you mean , my almanac says this event still need to happen XD
ngl, I love the story and how you accomplished this - BUT: the cinematography is just awesome, it told the story so well. It felt more like 5 minutes to watch this.
No, it's not. The unnecessary jump cuts from multiple camera angles and the excessive word-trimming is garbage.
@@AllAmericanGuyExpertthe cuts are so annoying in this, it’s a 20 min coding story video in the style of a tiktok and it’s pretty unpleasant
@@AllAmericanGuyExpert’murica!
Password generator... You had one job! 😂
That password generator really just generated a password for every second of time lmao
yeah I was suprised because I thought unix timestamp is in nanoseconds. And that would be still impossible unless they knew what minute the guy created the password. But no they def used like seconds or ms for the timestamp.
@@stt.9433 Depends on the API ur using the one the developer used must have returned ms
Pretty crazy. Would expected a higher tick
@@stt.9433 but i bet it was at least one hundred a second, they just din't explore it further in the video. one for each second would interfere if you clicked twice at the botton in the same second. you would see the same password in the two clicks. I am very sure that at least as more than one a second haha
@@stt.9433 What's abs crazy to me, is instead of lifting the algorithm to some C code, they were actually changing the system time lmfao
This young man is very talented I just hate the bad reputation rumors and fake allegations but when it comes to money get back he's in his own lane and has his own style and that's what makes *Strong widget* so unique and untouchable‼️..
"he looks familiar"
"oh is this the guy"
"ITS THE GUY!"
so happy to find this video lol
Which guy?
@@SPINERbg i saw a video of his a while ago and loved it!
Man I appreciated Bruno being there. Such a calm person. Keep it up
He may look calm but he looks like someone i would not like to mess with
The efficiency of this is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folk underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this SO digestible is really something. Awesome works *STRONGWIDGET!*
I'm a simple man, I see Kingpin video I upvote
bro that production quality is insane
You're so real for the Kung Fury callout on hacking time
I felt the secondhand euphoria when the password got cracked, absolute banger video
Explaining reverse engineering to everyday normal people is really cool man!
I would absolutely watch a full fength movie about each of the projects you mentioned. The production quality, storytelling, and expertise are all top notch, welcome back!
Just goes to show that a random password generator isn’t as good as they make out. Absolutely brilliant video Joe 😊
Entirely depends on the code that produces the random password. A time seed is never really random, I figured that out the hard way. As we see in this video as well.
No its not. I still have the old PHP code for the "random" captcha words was generated.
If you use a random generator from 10 years ago, sure. But that's 10 years ago.
Fun fact: Nothing generated by a computer is random
depends from where you generate the seed
really nice cinematic editing trying to get the hacking concepts across. Much better than hollywood haha
The best 21 minutes 30 seconds of my life
not really but I have to admit it came close...
for those who wonder what was my best...
well lemme tell ya I didn't last 21min and 30sec hahah
That's sad
This is one of the best series on RUclips right now
Wow! What a cinematic production! Well done 👍
he used cheat engine which makes this even more goated lol
Salting the password, nice you found it! Very nice video.
I'm at 7:57 and I'm thinking please no, not PRNG seeding? Enjoying this a lot
excuse me, which other type of seed do you think is more suitable? hardcoded string "password"?
@@tooru prng seeding from a clock
@@tooru E.g many encryption softwares use your last X mouse movements as a seed. You can easily guess when a password was generated as in this video. But good luck finding out how this guy moved his mouse 10+ years ago.
These days, computers have built-in hardware random number generators. Before that, operating systems tended to gather entropy from sources such as the exact timing of mouse and keyboard input events, which in theory is less secure, but AFAIK hasn’t ever been publicly broken.
Well, copilot recall be like: @@comexk
Really appreciate how yall go above and beyond to tell stories like this, well done!
yoooo btmcc!!! maybe one day if you forgot your osu account somehow. contact this guy!
Great to see you back, Joe!!!
Incredible story!
Tech Info + Cinematography + Crypto = 🔥🔥🔥🔥🔥
I can't believe a password software used the system time value to seed a PRNG algorithm...
I know it was 2013 but come on you have cryptographically secure true RNG algorithems available on both Windows and Linux...
It was a good thing for this guy that forgot his password though
there's no such thing as "true RNG"
Minecraft generation was more random than that before 2013. 😂
@@tooru Yes there is, you can use quantum effects cosmic rays radioactive decay and other physical phenomenon for true randomness.
@zaper2904 OK bud use those things. Oh wait my linux machine can't
It's actually pretty simple(logic not hard work), but boy does the cinematography gives you goosebumps.
Basically, the random password generator uses current timestamp -> hence stopping time to get the password (or hijack)
I love your production lol the traffic analogy made me chuckle. 😂
I don't think they stopped the traffic. The traffic light was red at that moment and they took advantage of it. @11:54 you can see that the light for pedestrians (same direction) is also red. Still very well done.
Please never stop doing these videos.
Holy crap the production value of this is insane
You do a fantastic job with the storytelling mate
Let’s make this go viral so Joe uploads more!
The cinematography is amazing!
This was legitimately so wholesome. You can tell at the ending of getting your money back that it wasn't scripted at all when *Strongwidget* proposed.… This warmed my heart today! Congratulations guys! So happy for y'all!
I really enjoy the cinematography of this. It's like one of those professional documentaries you see on TV
lol the upgrade from the OG day 1 video to this one. A+ Joe A+
14:41 Dude really got my attention, explaining it that way
It's ridiculous that you could come up with such an idea and actually take advantage of this vulnerability. You are awesome.
Actually, these kind of vulneabilities (missing entropy in PRNGs) are quite common. Remember the Debian SSH keys back in 2008, and many cases of broken cryptography by weak PRNGs - either because they had too little entropy to start with, or because by observing a sequence of random generator outputs, one could derive the internal state of the PRNG and thus predict any future or past output.
Still: nice attack in the real world!
It's so abstract, it's so brilliant. This is, quite literally, one of the greatest feats of the modern era.
@@psyonixdj uh, it's really not that impressive... cool project, great video, but PRNG seeding exploitation is pretty much Hacking 101 😂
The references to Kung fury are awesome! Amazing video, as always.
You’re really good at explaining things and painting pictures. Cheers.
The storytelling is just on the spot. Great work!
It was way too overeggsaggerated imo
_"Yeah, we did it. But your parameters were wrong."_
At least he has a new, slightly more wholesome story to make fun of himself now. ;)
I hope the dude got you at least 50% of his money for cracking it
That’s selfish
i love that you used cheat engine to peek/poke memory, and explain every tool like ghidra in a non technical way. very accessible, great videos.
i have been waiting for years for someone to use cheat engine outside games. aside from stories from ppl. youtube videos are what i wanted to see and it's really fitting my wishes
the editing in this video is INSANE, its better than some movies on cinema
Your explanation of the problem and the steps you took was fantastic! Great video
Your storytelling is absolutely phenomenal man.
This production quality is superb!!
I am surprised there was not a Kung Fury hacking time meme in here.
There was - you missed it
"Are you sure you want to hack time?"
I'm upvoting only because this is the only comment I see mentioning it. Like eightbo said, there was a mention of it. 16:07
I already figured out where this was going... like in 7:00... but still watched all, it is so well narrated and edited. Excellent work !
joe as always a mixture of amazing shots and engineering !!!! good job mann
For a second I forgot I was watching RUclips! The cinematic quality is amazing! Loved the story!
saw this in my notifications and i was like "kurtis conner changed his profile picture?"
The production quality is insane, you even stopped traffic at one point!
At one point when they were talking, I thought the different camera views and cuts were a little fast.
He stopped it when signal was red hahaha
ya and that was sfx job
need more of these mate :)
I honestly have been waiting for another one of these . Thank god.
It goes to show how smart Joe is when this project was one of the easier ones to do
Sounds like a hard CTF problem. Loved the video! ❤
Anything is a CTF problem, if we think about it..
Love the color grading
So happy to see your successes, Joe! and Bruno!
THIS PRODUCTION QUALITY IS NEXT LEVEL HOLY SHIT
This felt like a Netflix documentary ❤
And Joe finally remembered the password to his RUclips account.
This project alone is amazing but wow your storytelling and use of shot selection is next level 🔥
This is by far better than any hollywood movie
not just the content, but the direction, colors, cinematography... everything top notch
Gone for a year and came back with a BANGER. Love the cinematography of this one! but uh.. At least give us 2 videos even if its less cinematic 🙏
THE PRODUCTION OF THESE VIDEOS ARE LIKE A MOVIE, HOLY CRAP SO IMMERSIVE
I loved every second of it and it's great being a part of this amazing community.
This is such a high quality video!!
Perfection, this channel should be 20mil subscribers. Great work!
The production value has gone up
paralel to crypto value XD
"YOU" did not hack any time, Bruno did. Bruno is the mastermind in this issue. Credits to him please!
Ive heard some password generators use stuff like optical inputs or cosmic microwave background radiation to generate randomness so you might need to hack the Universe for the next vid 😂