blocks: add `-reobfuscate-blocks` argument to enable (de)obfuscating existing blocks #33324

pull l0rinc wants to merge 8 commits into bitcoin:master from l0rinc:l0rinc/reobfuscate-blocks changing 12 files +394 −38
  1. l0rinc commented at 11:51 PM on September 5, 2025: contributor

    Context: Recent discussions highlighted that many nodes that synced before Bitcoin Core v28 have their block and undo files stored effectively in the clear (zero XOR key). This patch adds a simple, resumable maintenance tool to obfuscate previously raw block files, rotate an existing key to a fresh random one, or de-obfuscate (set key to zero) if consciously chosen, all without requiring a resync. The operation can be cancelled and restarted safely.

    Implementation: The new startup option -reobfuscate-blocks[=VALUE] accepts either 16 hex characters as an exact 8-byte XOR key (little-endian in-memory layout) or a boolean to generate a random 64-bit key. e.g. -reobfuscate-blocks=0000000000000000 sets the key to zero, effectively removing obfuscation.

    If unobfuscated blocks are detected at start time, a warning suggests this new option.

    At startup, we iterate over all undo and block files (grouping them for more uniform iteration), read them with the old XOR key, and write them back with the new key (as <name>.reobfuscated). The implementation combines the two keys and reads directly into the new obfuscated version to do only a single pass over the data. This works whether the original blocks are obfuscated, the new blocks are not, or neither are. After a successful write, the old file is deleted immediately. Once all files are staged, they are renamed back, and xor.dat.reobfuscated is atomically swapped to xor.dat before the operation continues.

    Progress is logged roughly per-percent as files complete (i.e. max 100 progress log lines).

    Constraints:

    • Re-obfuscation resumes automatically (detected via xor.dat.reobfuscated) even without the flag. In the worst case, a crash should only force redoing previous work.
    • Single-threaded, processing one file at a time to keep code simple and avoid the complexity of interleaving renames and key swaps across threads.
    • Fast in practice with sequential read/modify/write per block file - after recent obfuscation vectorization, this path is very quick.

    Reproducer:

    cmake -B build -DBUILD_GUI=ON && cmake --build build -j$(nproc)
# command line
./build/bin/bitcoind -reobfuscate-blocks -stopatheight=1
# same with GUI
./build/bin/bitcoin-qt -reobfuscate-blocks -stopatheight=1

    Single-threaded Performance:

    cpu hdd/ssd block count size files time (min) blocks/min
    Apple M4 Max laptop SSD ~909k ~707 GB 9,982 8.4 146,613
    Intel Core i9 SSD ~909k ~725 GB 10,238 23.1 39,351
    Raspberry Pi 5 SSD ~914k ~728 GB 10,276 72.78 12,558
    Intel Core i7 HDD ~909k ~720 GB 10,156 208.7 4,356
    Raspberry Pi 4B HDD ~915k ~730 GB 10,304 1467 624

    Similar work:

  2. DrahtBot commented at 11:51 PM on September 5, 2025: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33324.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK sedited, stickies-v

    If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #34132 (coins: drop error catcher, centralize fatal read handling by l0rinc)
    • #33966 (refactor: disentangle miner startup defaults from runtime options by Sjors)
    • #33854 (fix assumevalid is ignored during reindex by Eunovo)
    • #33637 (refactor: optimize block index comparisons (1.4-6.8x faster) by l0rinc)
    • #33593 (guix: Use UCRT runtime for Windows release binaries by hebasto)
    • #24230 (indexes: Stop using node internal types and locking cs_main, improve sync logic by ryanofsky)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

    LLM Linter (✨ experimental)

    Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

    • notifications.progress(_("Reobfuscating blocks…"), 0, false) in src/node/blockstorage.cpp
    • notifications.progress(_("Reobfuscating blocks…"), percentage, false) in src/node/blockstorage.cpp
    • notifications.progress(_("Reobfuscating blocks…"), 100, false) in src/node/blockstorage.cpp

    Possible places where comparison-specific test macros should replace generic comparisons:

    • test/functional/feature_reobfuscation.py: assert before_blk != blk0.read_bytes(), "blk00000.dat content did not change" -> recommendation: use assert_not_equal(before_blk, blk0.read_bytes(), "blk00000.dat content did not change")
    • test/functional/feature_reobfuscation.py: assert before_rev != rev0.read_bytes(), "rev00000.dat content did not change" -> recommendation: use assert_not_equal(before_rev, rev0.read_bytes(), "rev00000.dat content did not change")

    No other comparison macro suggestions were found.

    <sup>2026-02-08 06:59:05</sup>

  3. l0rinc force-pushed on Sep 6, 2025
  4. l0rinc force-pushed on Sep 7, 2025
  5. l0rinc force-pushed on Sep 8, 2025
  6. l0rinc force-pushed on Sep 8, 2025
  7. sedited commented at 8:21 AM on September 8, 2025: contributor

    Concept ACK

  8. stickies-v commented at 10:06 PM on September 8, 2025: contributor

    Concept ACK, this seems like useful functionality to expose.

    Should we split ObfuscateBlocks out of init? I have split it into many local lambdas, but we may want to find better home for those methods...

    I don't like using startup options for one-time operations (I feel the same about e.g. -reindex). Without having thought it through too much yet, maybe we can bundle this e.g. as part of bitcoin-util or a separate bitcoin-xor-blocks utility?

    Should we repurpose the existing -blocksxor arg instead?

    With this PR, IIUC we'd have -blocksxor, reobfuscate-blocks, and the existence of the xor.dat file that all have some redundancy and thus potential for conflict (e,g. blocksxor=0, reobfuscate-blocks=1, and a non-zero xor.dat file). Reducing that complexity seems like it would be useful.

  9. DrahtBot added the label Needs rebase on Sep 9, 2025
  10. l0rinc force-pushed on Sep 10, 2025
  11. DrahtBot removed the label Needs rebase on Sep 10, 2025
  12. in src/init.cpp:1366 in aa587f3740 outdated 
    1361 | +    std::vector<std::byte> buf;
1362 | +    buf.resize(node::MAX_BLOCKFILE_SIZE);
1363 | +
1364 | +    // Migrate undo and block files atomically
1365 | +    for (const auto& [name, files] : {std::make_pair("undo", collect_undo_files()),
1366 | +                                      std::make_pair("block", collect_block_files())}) {
    ajtowns commented at 5:10 AM on September 11, 2025:

    I was surprised when it hit 100% of the undo files then restarted on the block files and was much slower -- might be better to do the slow files first, or ideally to do block and undo files intermixed so you just have a single 0% to 100% run.

    l0rinc commented at 3:56 AM on September 12, 2025:

    I had that version before, but didn't like that the small and big files made the percentages look unevenly spaced. But I have reverted that version and shuffled the files, this should make the progress feel more uniform - thank you for the observation!

  13. in src/init.cpp:1351 in aa587f3740 outdated 
    1346 | +        old_blocks.read(buf);
1347 | +
1348 | +        AutoFile new_blocks{fsbridge::fopen(file + suffix, "wb")};
1349 | +        new_blocks.write_buffer(buf);
1350 | +
1351 | +        if (old_blocks.fclose() || !new_blocks.Commit() || new_blocks.fclose()) return false;
    ajtowns commented at 5:22 AM on September 11, 2025:

    Would be good to try to reset the timestamp of new_blocks to match that of old_blocks here.

            // attempt to preserve timestamp
        fs::last_write_time(file + suffix, fs::last_write_time(file));
    l0rinc commented at 3:56 AM on September 12, 2025:

    Done, thanks!

  14. in src/init.cpp:1346 in aa587f3740 outdated 
    1341 | +    }};
1342 | +
1343 | +    auto migrate_single_blockfile{[&](const fs::path& file, const Obfuscation& delta_obfuscation, std::vector<std::byte>& buf) -> bool {
1344 | +        AutoFile old_blocks{fsbridge::fopen(file, "rb"), delta_obfuscation}; // deobfuscate & reobfuscate with a single combined key
1345 | +        buf.resize(fs::file_size(file)); // reuse buffer
1346 | +        old_blocks.read(buf);
    ajtowns commented at 5:23 AM on September 11, 2025:

    Rather than reading the entire blockfile into memory at once, consider chunking it:

            size_t left = fs::file_size(file);
        while (left > 0) {
            size_t chunk = std::min<size_t>(left, 2 * MAX_BLOCK_SERIALIZED_SIZE);
            buf.resize(chunk);
            old_blocks.read(buf);
            new_blocks.write_buffer(buf);
            left -= chunk;
        }
    l0rinc commented at 5:49 AM on September 11, 2025:

    We could do that with the recently introduced buffered readers - but that's considerably slower. Is it a problem to read all of it in memory when we don't even have dbcache yet? The total memory usage is just 160 MB during migration, we should be fine until 1 GB at least, right?

    ajtowns commented at 6:20 AM on September 11, 2025:

    I don't think buffered readers is the right thing (that's for when you want to process small amounts of data while still reading it from the file in large chunks), and trying the above didn't seem particularly slow to me.

    I guess it could be simplified a bit to:

    buf.resize(2 * MAX_BLOCK_SERIALIZED_SIZE);
while (true) {
    size_t size = old_blocks.detail_fread(buf);
    if (size == 0) break;
    new_blocks.write_buffer(std::span(buf, 0, size));
}
    l0rinc commented at 3:58 AM on September 12, 2025:

    What's problem would chunking solve in your opinion? I don't mind doing it, but the current version is slightly simpler and slightly faster, so I need at least some justification for giving up both :)

    ajtowns commented at 12:36 PM on September 12, 2025:

    Loading a large file entirely into memory when it's not necessary is just bad practice. What if we changed to .blk files of 1GB each? What if we're running on a node that's memory constrained and configured dbcache down to 4MB?

    If we're worried about speed, then doing it in parallel helps on my system since obfuscation ends up CPU bound when single-threaded -- with the current code, it takes 238s (4min); with 8 threads it's 65s; with 16 threads it's 47s. Using 16MB chunks (BLOCKFILE_CHUNK_SIZE), 8 threads is also ~128MB of memory, but a user on a severely memory constrained system could reduce the thread count if they wanted. Here's roughly what I'm thinking: https://github.com/ajtowns/bitcoin/commits/202509-reobfus/

    l0rinc commented at 1:48 PM on September 12, 2025:

    Loading a large file

    This is run on request, before anything else loads, it's not that large, only 160 MB memory is needed.

    For reference, applying the mentioned dbcache=4 (which isn't used here yet) still makes the node use > 1 GB memory: <img width="1202" height="631" alt="image" src="https://github.com/user-attachments/assets/1867ba38-ba35-4ce5-86de-5bfe8add145b" />

    Edit: doing an actual massif memory measurement with dbcache=4 and -blocksonly reveals that the actual memory usage is lower than that (but still higher than the 160MB needed for a single blockfile):

    Command:            ./build/bin/bitcoind -datadir=/mnt/my_storage/BitcoinData -stopatheight=200000 -dbcache=4 -blocksonly -printtoconsole=1                                               
Massif arguments:   --time-unit=ms --massif-out-file=/mnt/my_storage/logs/massif-e66f04d0131b8c2db13ddd649e9eb20910eb6d1d-200000-4.out                                                    
ms_print arguments: /mnt/my_storage/logs/massif-e66f04d0131b8c2db13ddd649e9eb20910eb6d1d-200000-4.out                                                                                     
--------------------------------------------------------------------------------                                                                                                          
                                                                                                                                                                                          
                                                                                                                                                                                          
    MB                                                                                                                                                                                    
383.1^#                                                                                                                                                                                   
     |#                                                                                                                                                                                   
     |#                                                                                                                                                                                   
     |#                                                                                                                                                                                   
     |#                                                                                                                                                                                   
     |#                                                                                                                                                                                   
     |#                                   :  : :::      :  :    ::::  @                                                                                                                   
     |#   :@: :::@::::::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#::::@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::                                                                                                            
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::
     |#:: :@::: :@::: ::::::::::@:::@::::::::::::::::::@:::::::@::::::@:::::::
   0 +----------------------------------------------------------------------->h
     0                                                                   2.506

    Here's roughly what I'm thinking: ajtowns/bitcoin@202509-reobfus (commits)

    Multithreading is indeed a very good argument for chunking, thanks a lot for the patch, I'll apply it soon and add you as coauthor!

    l0rinc commented at 7:02 AM on September 20, 2025:

    Thanks again for the review, I have pushed a change to fix the CI and took a few suggestion from your branch (chunking, code simplifications), but kept the original file iteration with progress indicator for now. The parallelization complicates the situation considerably, I will see if I can find a simpler way or if single-threaded execution is also acceptable. Edit: grouped the block and undo files for more uniform iteration instead of shuffling

    l0rinc commented at 3:33 AM on September 26, 2025:

    I have pushed a new version (rebased, extended test), let me know what you think.

    I have implemented a very simple multithreaded version but I couldn't convince it to achieve any speedup whatsoever - I guess xor operations are a lot cheaper than disk reads/writes. The total CPU usage was at 20% even with 50 threads.

    I have pushed my threaded solution to https://github.com/l0rinc/bitcoin/pull/40/files#diff-b1e19192258d83199d8adaa5ac31f067af98f63554bfdd679bd8e8073815e69dR1361-R1379, but I kept the single-threaded version here.

  15. in src/init.cpp:1295 in aa587f3740 outdated 
    1290 | +        return files;
1291 | +    }};
1292 | +    auto collect_block_files{[&]() -> std::set<fs::path> {
1293 | +        std::set<fs::path> files;
1294 | +        while (true) {
1295 | +            if (auto f{m_blockman.GetBlockPosFilename(FlatFilePos(files.size(), 0))}; fs::exists(f)) {
    ajtowns commented at 5:43 AM on September 11, 2025:

    This doesn't seem like it would work correctly with pruning, when blk0000.dat has been deleted?

    l0rinc commented at 3:58 AM on September 12, 2025:

    Good call, changed it back to regex matching

  16. ajtowns commented at 5:46 AM on September 11, 2025: contributor

    Having it be a startup option like -reindex seems fine to me.

  17. l0rinc force-pushed on Sep 12, 2025
  18. ajtowns commented at 7:32 AM on September 15, 2025: contributor

    tidy wants emplace_back over push_back

  19. luke-jr commented at 1:29 AM on September 18, 2025: member

    I agree a separate utility for this seems better - this requires very little of the existing codebase, in theory.

    Also suggest making the files with the same names, but in a new directory, and then atomically rename the directory when complete, rather than every single file.

  20. l0rinc commented at 1:49 AM on September 18, 2025: contributor

    I agree a separate utility for this seems better

    Can you quote what you're agreeing with specifically, not sure who suggested that. Besides, @andrewtoth already has a tool for that, it was mentioned in the PR description.

    but in a new directory, and then atomically rename

    I will think about it, could make sense, but in that case unrelated files should also be copied over (maybe duplicated to be safe) - and listing the directory content wouldn't make the progress obvious. What's wrong with the current approach?

  21. l0rinc force-pushed on Sep 20, 2025
  22. l0rinc force-pushed on Sep 20, 2025
  23. l0rinc force-pushed on Sep 22, 2025
  24. l0rinc force-pushed on Sep 26, 2025
  25. l0rinc force-pushed on Oct 3, 2025
  26. l0rinc commented at 1:01 AM on October 3, 2025: contributor

    Added kernel notifications (thanks @ryanofsky) and improved crash resistance at the very last step (final rename back to old names) - try it out with ./build/bin/bitcoin-qt -reobfuscate-blocks -stopatheight=1. <img width=500 src="https://github.com/user-attachments/assets/95b72e06-63fe-4057-989d-24ab9e93bfac" />

  27. l0rinc marked this as ready for review on Oct 3, 2025
  28. l0rinc renamed this:
    RFC: blocks: add `-reobfuscate-blocks` arg to xor existing blk/rev on startup
    blocks: add `-reobfuscate-blocks` arg to xor existing blk/rev on startup
    on Oct 3, 2025
  29. l0rinc force-pushed on Dec 10, 2025
  30. l0rinc renamed this:
    blocks: add `-reobfuscate-blocks` arg to xor existing blk/rev on startup
    blocks: add `-reobfuscate-blocks` argument to enable (de)obfuscating existing blocks
    on Dec 11, 2025
  31. l0rinc force-pushed on Jan 25, 2026
  32. l0rinc force-pushed on Jan 25, 2026
  33. DrahtBot added the label CI failed on Jan 25, 2026
  34. DrahtBot commented at 7:07 PM on January 25, 2026: contributor

    <!--85328a0da195eb286784d51f73fa0af9-->

    🚧 At least one of the CI tasks failed. <sub>Task lint: https://github.com/bitcoin/bitcoin/actions/runs/21336964680/job/61410315485</sub> <sub>LLM reason (✨ experimental): Lint check failed: direct use of std::filesystem flagged by the std_filesystem lint rule.</sub>

    <details><summary>Hints</summary>

    Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

    • Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

    • A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.

    • An intermittent issue.

    Leave a comment here, if you need help tracking down a confusing failure.

    </details>

  35. l0rinc force-pushed on Jan 25, 2026
  36. l0rinc force-pushed on Jan 25, 2026
  37. l0rinc force-pushed on Jan 25, 2026
  38. DrahtBot removed the label CI failed on Jan 25, 2026
  39. DrahtBot added the label Needs rebase on Feb 8, 2026
  40. refactor: inline constant `f_obfuscate = false` parameter cb8eebdea4
  41. refactor: add path + string and file removal helpers
    For consistency, `RenameOver` was also adjusted slightly.
    303e8a09dc
  42. util: add `Obfuscation::Delta` helper
    Used to combine old and new XOR keys for upcoming block reobfuscation.
    c7adf1a5a3
  43. node: extract xor key file helpers
    Used by upcoming block reobfuscation in block storage.
    467d835ae4
  44. node: extract block file collection helper
    Will be used by `CleanupBlockRevFiles` and upcoming block reobfuscation.
    29e004d143
  45. node: warn when blocksdir files aren't obfuscated 557be492d0
  46. blocks: reobfuscate blk/rev files on startup
    Handle `-reobfuscate-blocks` by rewriting existing blk/rev files with a new XOR key and resuming via `xor.dat.reobfuscated`.
Stage reobfuscated files with a temporary name and directory commits so crashes resume from the rename phase.
Fail fast on invalid hex keys and when an explicit key disagrees with a staged `xor.dat.reobfuscated`.
Add `feature_reobfuscation.py` coverage for reobfuscation, resume, and key validation.

Co-authored-by: Anthony Towns <aj@erisian.com.au>
    a03ccb41d7
  47. gui: add kernel notifications for reobfuscation progress
    Co-authored-by: Ryan Ofsky <ryan@ofsky.org>
    f9bbef505c
  48. l0rinc force-pushed on Feb 8, 2026
  49. DrahtBot removed the label Needs rebase on Feb 8, 2026
  50. DrahtBot added the label Needs rebase on May 26, 2026
  51. DrahtBot commented at 1:03 PM on May 26, 2026: contributor

    <!--cf906140f33d8803c4a75a2196329ecb-->

    🐙 This pull request conflicts with the target branch and needs rebase.

Contributors
l0rincDrahtBotseditedstickies-vajtownsluke-jr
Labels
Needs rebase
Linked (view graph)
#32451 contrib: add xor-blocks tool to obfuscate blocks directory#34048 refactor: inline constant `f_obfuscate = false` parameter
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-06-01 19:51 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me