Anti‑Scanner TRNG Audit Tool – Bitcoin, open‑source, white‑hat.
View on GitHub
A PoC audit framework that shows how low‑entropy / predictable TRNGs can compromise Bitcoin wallets. Ready to use as a minimalistic preliminary audit tool.
“Noise is NOT secure random”. The project demonstrates a real‑world attack surface that many RNG specs hide. And introduces an efficient mitigation approach.
It also aims at independent, public and practical verification, if not de-mystification, of NIST claims about security of their standards...with a powerful incentivized computational peer-to-peer network.
`npm install` → download address dump → `node ingest.js` → `node enumerate.js replica_name`.
Ledger Nano Deterministic Replica reproduces the source of entropy and the rest of the TRNG pipeline:∀ 🌈spectra🌈 (exhaustive). `avalanche noise (first power-on)` → `SHA-256` → `entropy seed` → `thermal noise` → `phase-diff + XOR-fold + SHA256` → `wallet seed`.
→ Entropy Explorer Protocol mitigates the risk of attacker running this algorithm in attempt to steal funds.
# 1️⃣ Clone the repo
git clone https://github.com/dk14/crypto.git
cd crypto/chats/btc-audit
# 2️⃣ Install dependencies
npm ci # reproducible install
# 3️⃣ Pull the latest address dump (≈ 600 k addresses)
curl -L https://addresses.loyce.club/addresses.zip -o addresses.zip
unzip addresses.zip -d .
# 4️⃣ Populate the local DB
node ingest.js
# 5️⃣ Run a test enumeration (choose one source)
node enumerate.js ledger # Ledger‑seed brute‑force
node enumerate.js urandom # /dev/urandom scan
node enumerate.js clock # Clock‑drift demo
Tip: add --verbose for detailed logs or --dry-run for a quick sanity check.
| Command | Description | Search space |
|---|---|---|
node enumerate.js ledger |
Enumerates actually possible seeds derived from a Ledger hardware wallet TRNG. | small (millions to billions) |
node enumerate.js urandom |
Scans for wallets that used /dev/urandom directly as a private key. |
small (millions to billions) |
node enumerate.js clock |
Reconstructs keys generated from system‑clock entropy (e.g., time()%2^32). |
tiny (millions) |
Outputs: found.json (compromised addresses + private keys) and report.md (ready‑to‑publish disclosure).
Early warning defense system
Network architecture:
Data-submission format for entropy miners:Explorer Node UI:
bc1qekvmkczge3hxrvwdf2lj3yyvgjnparn3fdf9lg
Instant inclusion in the Explorer Network "profit‑share" pool.
(revenue comes from network fees on compute rewards and other computationally intensive services)
Send a signed TXID + description – your feature is prioritized and you get a larger revenue slice. Bids are listed in CONTRIBUTORS.md.
Earn a “Node‑Sponsor” badge and a share of fees for all audits run on your hardware.
Inquire (Node-Sponsor status requires over 0.1 BTC investment)
Earn bonuses and extra profit‑share for investing early
+ Get BRC-20 and Lightning assets proportionally to donations (~Q4 2026), with extra benefits for early investors!!11
Profit‑sharing logic lives in profit-sharing.js. Assets in issue-assets.js. Feel free to audit, fork or improve it.
| Milestone | ETA | Description |
|---|---|---|
| v1.1 | Q3 2026 | Explorer UI. Tool integration into Explorer protocol |
| v1.2 | Q4 2026 | Ledger replica. Ledger firmware integration for risk reporting |
| v1.3 | Q1 2027 | Full “Explorer Network” – decentralized marketplace of auditors. |
| v2.0 | Q2 2027 | Other replicas (Trezor, Apple Secure Enclave, military TRNGs). Audits for public SSL certificates |
All contributors and spendings (transparent fund tracking) are listed in CONTRIBUTORS.md. Fund contributors automatically receive a share of future revenues.
Message: "Doomsday Explorer Project for Bitcoin: https://github.com/dk14/crypto/tree/main/chats/btc-audit"
Address: bc1qekvmkczge3hxrvwdf2lj3yyvgjnparn3fdf9lg
Signature: IHdq/tIQtQeimfF92NOyOOdz2/iq2YR6qjD8vLgHWK3GGGETKX76L0e4Tvgtb1fOHrbLiW87QYIuOdCKYbSvmpA=
License – MIT (see LICENSE file).
Disclaimer – This tool is for **educational, research and white‑hat security auditing only**. Misuse to steal funds is illegal and will be prosecuted. The author disclaims any liability for damages caused by misuse.