
How we found rogerkver’s obfuscated wallet private key - monort
https://medium.freecodecamp.org/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433
======
abstractbeliefs
This is a great reminder to follow the advice of a previous article here about
the blurring of sensitive data.

1) If you care about the data, don't blur. Black it out, entirely. 2) If you
don't want to black it out for aesthetic reasons, then you don't care enough
about the data being private. 3) Black out every pixel, every time.

~~~
Geee
JPEG also stores the thumbnail separately in the EXIF data. This might not be
updated when the image is edited and can reveal the original data.

~~~
TazeTSchnitzel
It's not even in the EXIF data, it's part of JFIF.

------
DINKDINK
Check out Deconvolution[1])

The technique has been done before and the text string of the private key
would probably be the easiest point of attack.

WHY BLURRING SENSITIVE INFORMATION IS A BAD IDEA[2]

RESTORATION OF DEFOCUSED AND BLURRED IMAGES[3]

Take away: black out any and all sensitive information. Blurring just
marginally reduces the independence of the bits presented in blurred output.
To have privacy, all dependence must be eliminated, e.g. black out.

[1]
[https://en.wikipedia.org/wiki/Deconvolution](https://en.wikipedia.org/wiki/Deconvolution)

[2] [https://dheera.net/projects/blur](https://dheera.net/projects/blur)

[3]
[http://yuzhikov.com/articles/BlurredImagesRestoration1.htm](http://yuzhikov.com/articles/BlurredImagesRestoration1.htm)

~~~
3pt14159
In addition to just blacking out, it's also important to screenshot the
content if you are able to _and then_ black it out. Otherwise you may leak
meta data or pre-rendered thumbnails. The reason you screenshot first and
black out second is that it reduces the chances of you mixing up which file to
upload.

~~~
derefr
Also, even more basic: don't just redact a PDF by adding black boxes over the
text as a new layer. The text data is still there. (Yes, this has been a
source of leaks on numerous occasions.)

~~~
lysp
Similar thing happened in Australia recently. Every member of parliament and
senators have their phone bills published to the government website as part of
public disclosure.

What happened though is instead of deleting their phone numbers, the
contractor who was in charge of this simply changed the font colour of their
phone number to white (same as the background).

So if you looked at the PDF, it looked normal. If you highlighted the text -
the phone number instantly showed up. Also viewing google "text" cache version
showed the number too. As a result - hundreds of their personal phone numbers
were available to anyone and everyone.

[http://www.smh.com.au/federal-politics/political-
news/privat...](http://www.smh.com.au/federal-politics/political-news/private-
mobile-phone-numbers-of-nearly-every-federal-mp-accidentally-published-
online-20170320-gv1x85.html)

------
ajnin
Gaussian blur is mathematically reversible, but in practice you don't have
enough resolution to successfully deconvolve the original image. However in
the case of video you have multiple images and you can reconstruct a "super-
resolution" image by combining frames. I'm sure there is a tool somewhere that
can do this, there are too many secrets being shown blurred on TV to pass ...

~~~
joshvm
Not sure how up to date the algorithms are, but OpenCV has an implementation:
[https://docs.opencv.org/3.0-beta/modules/superres/doc/super_...](https://docs.opencv.org/3.0-beta/modules/superres/doc/super_resolution.html)

~~~
SassanoM
Very curious to see if someone can solve this using this method. Would be as
magical as ECC

------
patd
Congrats.

I had also started trying to decode the QR but as I was starting to look into
the ECC I noticed someone had moved half of the coins and gave up.

Glad you explained your technique. I initially used a Picross editor to map
the screenshot before moving to a full Python script.

~~~
SassanoM
Nice trick to use the Picross editor. We started with GIMP but quickly moved
to Google spreadsheet.

------
alanfalcon
This was a great story which previously didn't hit the front page. I'm glad
for the re-submit policy. I enjoyed learning about the build structure of QR
codes. Years ago I chose to learn how barcodes are constructed so that I could
create custom barcodes for my college library. Having access to nothing more
than Microsoft office, I naively decided that a whole lot of conditional
formatting rules would be enough to build the thing in Excel. And I was right!
But it's not a method I would recommend anyone ever attempt.

------
zaroth
My biggest take-away from all this -- look at how much high quality
engineering work was just crowdsourced for $1,000?!

------
IshKebab
It doesn't look very blurred. I expect you could do a blind deconvolution and
just read it.

------
Bromskloss
I was hoping for some application of Bayes' theorem.

