π SignatureFixer
Comprehensive Bitcoin Signature Analyzer Β· Vulnerability Scanner Β· DER Malleability Lab
SignatureFixer is a full-stack Bitcoin signature-forensics platform designed to audit Bitcoin transactions for vulnerabilities, signature malleability, key-reuse dangers, wallet implementation flaws, and malformed DER encodings.
Safety first: this project is for educational auditing only. It never handles private keys, enforces size-limited hex parsing, and now logs requests and errors via structured Pino logging so operational teams can spot abuse.
βΈ(ο½‘Λ α΅ Λ )βΈ Buy me a coffee : 1PmAFZaBpokiMZ8TxhwMBW78s4Y1U9mEwK βΈ(ο½‘Λ α΅ Λ )βΈ
ββββββββββββββββββββββββββββββ
β Frontend UI β
β React / Vite / TypeScript β
ββββββββββββββββ²ββββββββββββββ
β
User Input β JSON Responses
β
ββββββββββββββββ΄ββββββββββββββ
β Express API β
β /api/* Endpoints β
ββββββββββββββββ²ββββββββββββββ
β
β Calls Services
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BACKEND SERVICE LAYER β
β β
β βββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββ β
β β Multi-Endpoint β β Tor + Cache Layer β β
β β Blockchain Fetcher β β - Rate limit smoothing β β
β β - blockstream.info β β - Memory + Disk cache β β
β β - mempool.space β β - Tor SOCKS5 optional β β
β β - blockchain.info β β - Retry + backoff β β
β βββββββββββββββ²ββββββββββ βββββββββββββββββ²ββββββββββββββββ β
β β β β
β β TX Hex + JSON Data β Cached / Tor-Fixed β
β βΌ βΌ β
β βββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββ β
β β Raw Transaction Decoder β β UTXO Reconstruction β β
β β - version / locktime β β - find inputs/outputs β β
β β - inputs / outputs β β - mark spent/unspent β β
β β - script extraction β β - change detection β β
β βββββββββββββββ²ββββββββββββββββ ββββββββββββββββ²βββββββββββ β
β β β β
β β Signatures / Scripts β UTXO Context β
β βΌ βΌ β
β ββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββ β
β β Signature Extraction Engine β β Sighash Builder β β
β β - r / s / sighash byte β β - Legacy (P2PKH) β β
β β - pubkey parsing β β - SegWit (BIP143) β β
β β - script type detection β β - Nested SW β β
β βββββββββββββββ²ββββββββββββββββ ββββββββββββββββ²βββββββββββββ β
β β β β
β β Parsed Signature Data β Preimages β
β βΌ βΌ β
β βββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββ β
β β DER/BER Engine β β Malleability Engine β β
β β - Strict DER (Bitcoin Core) β β - HighβS transform β β
β β - Loose DER (elliptic bug) β β - BER padding β β
β β - Range validation β β - Bad length fields β β
β βββββββββββββββ²ββββββββββββββββ ββββββββββββββββ²βββββββββββββ β
β β β β
β β Valid / Invalid DER β Malleated Sig β
β βΌ βΌ β
β ββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββ β
β β Library Verification β β CVEβ2024β42461 Tester β β
β β - elliptic β β- Generate 15+ BER variantsβ β
β β - noble-secp256k1 β β- Crossβlibrary verify β β
β β - bitcoinjs-lib β β- Produce vulnerability mapβ β
β βββββββββββββββ²βββββββββββββββ ββββββββββββββββ²βββββββββββββ β
β β β β
β β Verification Matrix β CVE Report β
β βΌ βΌ β
β ββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββ β
β β Wycheproof Runner β β Vulnerability Scoring β β
β β - load vectors β β - r reuse β β
β β - run full suite β β - high-S detection β β
β β - detect invalid accepted β β - sighash anomalies β β
β βββββββββββββββ²βββββββββββββββ ββββββββββββββββ²βββββββββββββ β
β β β β
βββββββββββββββββββΌβββββββββββββββββββββββββββββββββββΌββββββββββββββ
β β
βΌ βΌ
ββββββββββββββββββββ ββββββββββββββββββββββββββ
β Structured JSON β β UI Visualization β
β (Analysis Result)β β (Tables, Charts, Flags)β
ββββββββββββββββββββ ββββββββββββββββββββββββββ
π Installation & Run Install npm install npm run build Dev mode npm run dev Run Backend Only npm run server Run Tests npm test π₯ What This System Provides
Feature Status Description
Raw TX Inspector β Decode, analyze, extract sigs
DER/BER Parser β Strict + Loose modes
CVEβ2024β42461 Detector β Autoβtest libraries for ASN.1 bug
Wycheproof Integration β Full compliance testing
MultiβCurve β secp256k1 + secp521r1
Malleability Engine β HighβS, BER padding, garbage bytes
Sighash Visualizer β BIP143 + legacy
Hardened DER Rules β BitcoinβCore canonicality
CI Security Tests β Prevent regression
SignatureFixer uses four blockchain explorers, automatically switching on rate limits:
blockchain.infoblockstream.infomempool.spaceblockcypher.com
Features:
- Automatic fallback on errors or HTTP 429
- Tor-proxy support
- Normalization into a single unified format
- Full transaction fetching including inputs, outputs, scripts, witness, etc.
- Optional TX hex fetching from multiple providers
A custom HTTP client routed through Tor SOCKS5 proxy:
socks5h://127.0.0.1:9050- Infinite retry
- Exponential backoff
- Global request throttle
- Disk + memory cache
- 429-proof data fetching
All external calls pass through the internal caching mechanism:
- Memory cache (5β10 min TTL)
- Disk cache (
/data/http_cache.json) - Reduces API calls by 70β90%
- Instant retries from cache on API blackout
getTxHex(txid) tries:
- Blockchain.info (
?format=hex) - Blockstream (
/tx/:id/hex) - Mempool.space (
/tx/:id/hex) - BlockCypher (
includeHex=true)
Always returns canonical raw hexadecimal transaction.
Supports:
Extracts:
rssighash- public key
- input index
- script type
- corresponding UTXO
Strict ASN.1 DER decoding: Detects:
- Incorrect SEQUENCE length
- Overlong encodings
- Short encodings
- Negative INTEGERs
- Non-canonical DER
- Zero-padding errors
SignatureFixer includes a live interactive DER signature mutation lab:
- High-S variant
- Extra leading zero in
r - Extra leading zero in
s - Wrong SEQUENCE length
- Structural corruption
- Trailing garbage bytes
Does the ECDSA library incorrectly accept malformed signatures?
Includes:
- Elliptic.js verification backend
- Expected vs. actual acceptance
- Automatic bug detection
Supports all hashing modes:
- Legacy P2PKH
- SegWit P2WPKH (BIP143)
- Nested SegWit
- Taproot (coming soon)
Rebuilds:
- Serialized transaction
- Preimage
- Double SHA256
zdigest used in ECDSA
Builds full UTXO set for any address:
- Finds all outputs associated with the address
- Tracks spending transactions
- Marks spent/unspent
- Detects self-spends
- Required for vulnerability testing
SignatureFixer checks for:
Identical r value across two signatures β PRIVATE KEY RECOVERABLE
Detects poor signing library behavior
(P2PKH vs P2WPKH vs P2SH)
Flags anything non-01
Entropy tests, repeating prefixes
Same pubkey signing multiple inputs β local nonce correlation analysis
Allows:
- Running Google's Wycheproof ECDSA test vectors
- Checking whether your ECDSA implementation accepts invalid signatures
- Detecting broken or malleable crypto libraries
- Running malformed DER corpora
Supports:
ecdsa_secp256k1_sha256_test.jsoned25519_test.json- and more
Scan hundreds of Bitcoin addresses safely:
- Concurrency-limited queue
- Tor-aware global throttling
- Memory/disk caching
- Per-address UTXO reconstruction
- Per-transaction signature analysis
git clone https://github.com/bakaxbaka/SignatureFixer
cd SignatureFixer
2. Install dependencies
bash
npm install
3. (Optional) Install + run Tor
bash
sudo apt install tor
tor &
4. Run development server
bash
npm run dev
Backend runs on Express, frontend on React/Vite.