Bitcoin Forum
March 19, 2024, 05:22:49 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Intersango HOWTO - Build your own Bitcoin Exchange Web Site!  (Read 44387 times)
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 09, 2011, 03:17:03 AM
Last edit: August 20, 2011, 03:46:26 AM by ThiagoCMC
 #1

Intersango HowTo

 This procedure will guide you through the steps toward the installation and configuration of a Ubuntu server to host your Intersango Bitcoin Exchange.

 We'll utilize the domain "bitcoinexample.com" as a example.

 All of my Linuxes are Virtual Machines (ParaVirtual) on top of XenServer, and are minimal installations (F4 option at the server CD boot menu).

Yes, host your wallet.dat within a Xen virtual machine is pretty safe, because the manager of the physical machine can't access your portion of RAM memory. That's because the Xen provides a security through isolation. Do not believe if somebody says that virtual machine are unsafe, this affirmation can be true for vmware and for virtualbox, but not for Xen.

NOTE: Before putting your Xen virtual machine in a production environment, you must convert your virtual machine from HVM to PVM domain.

NOTE 2: It is highly recommended to encrypt your entire Linux partition, using a LVM2 encrypted volume powered by LUKS, for a production environment.

Procedure

1- Install a Ubuntu 11.04 server (can be the minimum virtual machine).

  • Chose the hostname "intersango"
  • Chose the domain "bitcoinexample.com"
  • After the installation, the output of the command "hostname -f" should be "intersango.bitcoinexample.com"


2- Still during the installation, setup a user called "Administrative Intersango" with login "administrative".

  • The "administrative" user can become "root" via "sudo -i" command, it must be used only for the server daily management.
  • Finish the installation and reboot.


3- Login with "administrative" and install the following packages:

Code:
sudo -i
aptitude install screen vim ssh postfix dovecot-imapd git-core build-essential apache2 apache2-mpm-prefork php5 mysql-server mysql-client zip unzip php5-mcrypt php5-gmp php5-cli php5-mysql libgtk2.0-dev libssl-dev libdb4.7-dev libdb4.7++-dev libboost-all-dev

  • Setup a password for the MySQL root user
  • Setup the Postfix with: "Internet Site" and "bitcoinexample.com"

Note: You can enable the Proposed Ubuntu repository to install more newly packages versions by adding the following lines to your /etc/apt/sources.list file:

Code:
deb http://us.archive.ubuntu.com/ubuntu/ natty-proposed main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ natty-proposed main restricted universe multiverse

And run:

Code:
aptitude update; aptitude safe-upgrade
reboot


4- Login as "administrative" and make the following users: "intersango", "bitcoin" and "support".

Code:
sudo -i
adduser --gecos "Intersango Web App User" intersango
adduser --gecos "Bitcoin Wallet Manager" bitcoin
adduser --gecos "Intersango Support" support


5- Login as "administrative" to create the Intersango MySQL database:

Code:
sudo -i

mysqladmin create intersango_devel -p
Enter password: MySQL_ROOT_PASSWORD

mysql -u root -p
Enter password: MySQL_ROOT_PASSWORD

mysql> GRANT ALL PRIVILEGES ON `intersango_devel`.* TO 'intersango_user'@'localhost' IDENTIFIED BY 'PassW0rd';
mysql> FLUSH PRIVILEGES;
mysql> exit

logout


6- Become the "intersango" user from "administrative" user:

Code:
su - intersango

 6.1- Get the Intersango Web Application

Code:
mkdir ~/src ; cd ~/src
git clone git://gitorious.org/intersango/intersango.git

 6.2- Edit the file "intersango/htdocs/config.php" and setup the $abspath variable:

Code:
vim intersango/htdocs/config.php

Code:
$abspath = '/home/intersango/src/intersango';

 6.3- Import the DATABASE to MySQL:

Code:
mysql -u intersango_user -p intersango_devel < intersango/DATABASE
Enter password: PassW0rd

 6.4- Prepare the CRON jobs by creating 3 litle scripts:

  6.4.1- Script 1 - process_orders.sh - does the order matching

Code:
vim intersango/cron/process_orders.sh

Code:
#! /bin/sh

cd /home/intersango/src/intersango/cron
php5 process_orders.php

Code:
chmod +x intersango/cron/process_orders.sh


  6.4.2- Script 2 - verify_deposits.sh - changes the verifying deposits to finalised

Code:
vim intersango/cron/verify_deposits.sh

Code:
#! /bin/sh

cd /home/intersango/src/intersango/cron
php5 verify_deposits.php

Code:
chmod +x intersango/cron/verify_deposits.sh


  6.4.3- Script 4 - verify_withdrawals_bitcoin.sh - withdraws all the bitcoins

Code:
vim intersango/cron/verify_withdrawals_bitcoin.sh

Code:
#! /bin/sh

cd /home/intersango/src/intersango/cron
php5 verify_withdrawals_bitcoin.php

Code:
chmod +x intersango/cron/verify_withdrawals_bitcoin.sh


  6.4.4- Prepare the crontab with the following (all commented for now):

run:

Code:
crontab -e

Code:
# Begin tasks for: Intersango
#*/2 * * * * /home/intersango/src/intersango/cron/process_orders.sh >/dev/null 2>&1
#*/1 * * * * /home/intersango/src/intersango/cron/verify_deposits.sh >/dev/null 2>&1
#*/3 * * * * /home/intersango/src/intersango/cron/verify_withdrawals_bitcoin.sh >/dev/null 2>&1
# End tasks for: Intersango

  6.4.5- Back to the "administrative" user:

Code:
logout


7- As administrative user, make the file /var/db.intersango.inc with the following content:

Code:
sudo vim /var/db.intersango.inc

Code:
<?php
 mysql_connect
('localhost''intersango_user''PassW0rd') or die(mysql_error());
 
mysql_select_db('intersango_devel') or die(mysql_error());

function 
connect_bitcoin()
{
    
disable_errors_if_not_me();
    
$bitcoin = new jsonRPCClient('http://intersango:BitPass2011@127.0.0.1:8332/');
    
enable_errors();
    return 
$bitcoin;
}

?>


8- Become the "bitcoin" user from "administrative" user:

Code:
su - bitcoin

 8.1- Download and compile the Bitcoind:

Code:
git clone git://gitorious.org/intersango/bitcoind.git
cd bitcoind/src
make -f Makefile bitcoind

 8.2- Make the ~/.bitcoin/bitcoin.conf file with the following content:

Code:
mkdir ~/.bitcoin ; vim ~/.bitcoin/bitcoin.conf

Code:
rpcuser=intersango
rpcpassword=BitPass2011

 8.3- Run the bitcoind:

Code:
/home/bitcoin/bitcoind/src/bitcoind

 8.4- Check the bitcoin instance by running the following commands:

Code:
/home/bitcoin/bitcoind/src/bitcoind help
/home/bitcoin/bitcoind/src/bitcoind getinfo
/home/bitcoin/bitcoind/src/bitcoind getconnectioncount

NOTE: If your server was installed behind a firewall, it is higly recommended setup a DNAT rule, redirecting the incoming TCP connections to port 8333 to your Intersango/Bitcoind server. This will be increase the number of connections, you can check if by running the "getconnectioncount" bitcoind command option, it should be more than 7 or 8.

 8.5- Get the Bitcoin Address of your "default account" of your Intersango Exchange House:

  8.5.1- List your account(s):

Code:
/home/bitcoin/bitcoind/src/bitcoind listaccounts

You should see (this is your "default account"):
Code:
{
    "" : "0"
}

  8.5.2- Get the Bitcoin Address of your Intersango Exchange House:

Code:
/home/bitcoin/bitcoind/src/bitcoind getaccountaddress ""

You should see the Bitcoin Address (This is my one):

Code:
1B25DjRb6AQApEkLo7UtNLpKKqGUD1ar3L

WARNING! WARNING!!

 You must send at least 1 BTC to your "default account", if you do not, and your first user make a 1 BTC deposit and tries to just withdraw its 1 BTC, you, and your user, will be in trouble... So, before starts your Intersango operation, just send 1 BTC to your "default account to pay the Bitcoin withdraw fees of your users.

 This first 1 BTC should be enough for ~200 withdraws...

 8.6- Back to the "administrative" user:

Code:
logout


9- Prepare the Apache Web Server environment, become the "root" user from "administrative" user:

Code:
sudo -i
cd /var
rm -fr www
ln -s /home/intersango/src/intersango/htdocs www
service apache2 restart


10. Mark /var/tmp/error-reports.log as rw for users:

Code:
touch /var/tmp/error-reports.log
chmod 666 /var/tmp/error-reports.log

11. Access your own Intersanto Bitcoin Exchange web service:

Code:
http://bitcoinexample.com/


12. Test the CRON scripts (as intersango user) by running each script:

Code:
/home/intersango/src/intersango/cron/process_orders.sh
/home/intersango/src/intersango/cron/verify_deposits.sh
/home/intersango/src/intersango/cron/verify_withdrawals_bitcoin.sh

If you see no errors, enable these scripts at crontab:

Code:
crontab -e

Code:
# Begin tasks for: Intersango
*/2 * * * * /home/intersango/src/intersango/cron/process_orders.sh >/dev/null 2>&1
*/1 * * * * /home/intersango/src/intersango/cron/verify_deposits.sh >/dev/null 2>&1
*/3 * * * * /home/intersango/src/intersango/cron/verify_withdrawals_bitcoin.sh >/dev/null 2>&1
# End tasks for: Intersango

13. Disable the root login via ssh:

Code:
vim /etc/ssh/sshd_config

change:

Code:
PermitRootLogin yes

to:

Code:
PermitRootLogin no

Code:
service ssh restart


14. The DNS and mail settings:

 This server will also send and receive e-mail for the domain bitcoinexample.com, so you need to point the MX DNS entry to it. The Bind9 zone file can be something like this:

Code:
sudo aptitude install bind9

Code:
vim /etc/bind/named.conf.local

Code:
zone "bitcoinexample.com" {
type master;
file "bitcoinexample.com.db";
};

Code:
vim /var/cache/bind/bitcoinexample.com.db

Code:
;
; BIND data file for BitcoinExample
;
$TTL 604800
@ IN SOA bitcoinexample.com. administrative.bitcoinexample.com. (
2011080801 ; Serial
604800 ; Refresh
 86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS intersango.bitcoinexample.com.
@ IN MX 0 mail.bitcoinexample.com.

@ IN A 200.1.2.3
mail IN A 200.1.2.3
intersango IN A 200.1.2.3

 Now, open your Thunderbird mail client and setup the address "mail.bitcoinexample.com" as your IMAP and SMTP server.

WELL DONE!
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 09, 2011, 03:47:18 AM
 #2

Fellas!

 I forgot one thing, the bank statement parser...

 Until now, you must access your Internet Banking and export your bank statement to a CSV or TXT file, to import it into Internsango using some scripts under the intersango/cron directory.

 BTW, this is the only missing part for my own Intersango installation here in Brazil, I'm working on it!

 Maybe the Intersango guys can help us! We post here our bank statement as a example, and somebody adjust the parser for us, I can pay in Bitcoins for this job...

Cheers!
Thiago
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574
Merit: 507



View Profile
August 09, 2011, 02:07:46 PM
 #3

I converted your howto as INSTALL.ubuntu in the repository.   Feel free to update it in the repo as well if you would liek.
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 09, 2011, 03:37:54 PM
 #4

AWESOME!!   Grin

 Did you know how can I made a intersango branch at gitorious for my currency (BRL)?
 I already have my local branch called "brl" and it´s working... And I have a Gitorious account too...

Thanks!
Thiago
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1327



View Profile
August 09, 2011, 06:35:51 PM
 #5

Typically, you:

1) 'clone repository' on the gitorious site
2) 'git clone git://gitorious.org/~yourname/intersango/yourname-intersango.git' in a terminal
3) make the branch in your local repository, work on it, commit your changes
4) 'git push' to send your local changes back to your gitorious clone
5) 'request merge' on the gitorious site, to ask the bitcoinconsultancy guys to merge your changes back to their repository

That's the way things generally go with git - you work in your own repository and send merge requests.

Your clone doesn't have to be on gitorious.  I find github.com works a lot faster for me and has an issues tracker.  You don't have to use a website to host your repository at all, but it's nice to have an offsite backup.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
crispy
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
August 09, 2011, 06:38:42 PM
 #6

Excellent instructions.  Can't wait to try it out.

Thank you!
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1071


View Profile
August 09, 2011, 06:42:34 PM
 #7

It would be cool if we're not the only stewards but we have lots of groups collaborating, pushing and pulling from each other to build a repository of scripts up for dealing with all the different bank variants and so forth.
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1071


View Profile
August 09, 2011, 08:11:55 PM
 #8

Fellas!

 I forgot one thing, the bank statement parser...

 Until now, you must access your Internet Banking and export your bank statement to a CSV or TXT file, to import it into Internsango using some scripts under the intersango/cron directory.

 BTW, this is the only missing part for my own Intersango installation here in Brazil, I'm working on it!

 Maybe the Intersango guys can help us! We post here our bank statement as a example, and somebody adjust the parser for us, I can pay in Bitcoins for this job...

Cheers!
Thiago

Generally the gbp branch is more up to date and newer... I keep trying to migrate things over but occasionally forget but phantom won't let me delete the master branch -_- since he says others should use it.

Anyway I copied over more bank stuff for you,

https://gitorious.org/intersango/intersango/commits/master

You should mainly be interested in import_csv_hsbc.py

It imports CSV files by accounting for overlap and duplicate entries.

phantom also wrote the parse_deposits.py which searches for anything that looks like the deposit reference on that line.

Hmmm, might be a good idea for v2 that the deposit reference starts with DPsk32jkjs to make finding it easier, and then a script that generically finds the amount somehow...
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 10, 2011, 02:20:14 AM
 #9

WOW! MASSIVE INTERSANGO UPGRADE AT GITORIOUS!! AWESOME!!!

Guys!!

The step 10 is wrong!!

change:

Code:
chown 666 /var/tmp/error-reports.log

to:

Code:
chmod 666 /var/tmp/error-reports.log

Sorry.... \o/
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1071


View Profile
August 10, 2011, 05:45:33 AM
 #10

Done! BTW, if you have a repo and tell me certain commits that may be useful then we can pull them into the master Smiley
BubbleBoy
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250



View Profile
August 11, 2011, 07:48:45 PM
 #11

Yes, host your wallet.dat within a Xen virtual machine is pretty safe, because the manager of the physical machine can't access your portion of RAM memory. That's because the Xen provides a security through isolation. Do not believe if somebody says that virtual machine are unsafe, this affirmation can be true for vmware and for virtualbox, but not for Xen.

Say... what ? That a bit like claiming that since the Linux provides isolation between processes, than you are safe from spying via the root account. Guess what, the root account can dump the memory of any process, and even if it lacked that ability it can write it's own memory descriptors and dump the full contents of the physical RAM. Even if it lacked that ability too, by simply doing a warm reset and booting off custom media without wiping the RAM has 99.5% chance to reveal you private key. Let's not even bring RAM freezing into discussion.

Bottom line, the way you run a financial site is on hardware you own, control and store in a physically secure data center (The Bunker etc.). As some unfortunate pole found out the hard way, a 10$ virtual server just doesn't cut the mustard.

When deploying a Xen system, one must be sure to secure the management domain (Domain-0) as much as possible. If the management domain is comprimised, all other domains are also vunerable. The following are a set of best practices for Domain-0:

Run the smallest number of necessary services the less things that are present in management partition the better. Remember, a service running as root in the management domain has full access to all other domains on the system.
Use a firewall to restrict the traffic to the management domain a firewall with default-reject rules will help prevent attacks on the management domain.
Do not allow users to access Domain-0 the Linux kernel has been known to have local-user root exploits. If you allow normal users to access Domain-0 (even as unprivileged users) you run the risk of a kernel exploiting making all of your domains vunerable.


                ████
              ▄▄████▄▄
          ▄▄████████████▄▄
       ▄██████▀▀▀▀▀▀▀▀██████▄
     ▄████▀▀            ▀▀████▄
   ▄████▀                  ▀████▄
  ▐███▀                      ▀███▌
 ▐███▀   ████▄  ████  ▄████   ▀███▌
 ████    █████▄ ████ ▄█████    ████
▐███▌    ██████▄████▄██████    ▐███▌
████     ██████████████████     ████
████     ████ ████████ ████     ████
████     ████  ██████  ████     ████
▐███▌    ████   ████   ████    ▐███▌
 ████    ████   ████   ████    ████
 ▐███▄   ████   ████   ████   ▄███▌
  ▐███▄                      ▄███▌
   ▀████▄                  ▄████▀
     ▀████▄▄            ▄▄████▀
       ▀██████▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████▀▀
              ▀▀████▀▀
                ████
MIDEX
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂ GET TOKENS ▂▂▂▂
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
BLOCKCHAIN BASED FINANCIAL PLATFORM                                # WEB ANN + Bounty <
with Licensed Exchange approved by Swiss Bankers and Lawyers           > Telegram Facebook Twitter Blog #
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
August 11, 2011, 08:10:30 PM
 #12

Done! BTW, if you have a repo and tell me certain commits that may be useful then we can pull them into the master Smiley
Yup, https://github.com/davout/bitcoin-central.git
You can pull pretty much everything XD

genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1071


View Profile
August 11, 2011, 08:26:13 PM
 #13

We discussed here, and our general idea would be to move our site's repo off that project on gitorious and open that repo on gitorious to be open to the community.

If everybody wants that.
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 12, 2011, 05:19:47 AM
Last edit: August 13, 2011, 06:58:21 AM by ThiagoCMC
 #14

Yes, host your wallet.dat within a Xen virtual machine is pretty safe, because the manager of the physical machine can't access your portion of RAM memory. That's because the Xen provides a security through isolation. Do not believe if somebody says that virtual machine are unsafe, this affirmation can be true for vmware and for virtualbox, but not for Xen.

Say... what ? That a bit like claiming that since the Linux provides isolation between processes, than you are safe from spying via the root account. Guess what, the root account can dump the memory of any process, and even if it lacked that ability it can write it's own memory descriptors and dump the full contents of the physical RAM. Even if it lacked that ability too, by simply doing a warm reset and booting off custom media without wiping the RAM has 99.5% chance to reveal you private key. Let's not even bring RAM freezing into discussion.

Bottom line, the way you run a financial site is on hardware you own, control and store in a physically secure data center (The Bunker etc.). As some unfortunate pole found out the hard way, a 10$ virtual server just doesn't cut the mustard.

When deploying a Xen system, one must be sure to secure the management domain (Domain-0) as much as possible. If the management domain is comprimised, all other domains are also vunerable. The following are a set of best practices for Domain-0:

Run the smallest number of necessary services the less things that are present in management partition the better. Remember, a service running as root in the management domain has full access to all other domains on the system.
Use a firewall to restrict the traffic to the management domain a firewall with default-reject rules will help prevent attacks on the management domain.
Do not allow users to access Domain-0 the Linux kernel has been known to have local-user root exploits. If you allow normal users to access Domain-0 (even as unprivileged users) you run the risk of a kernel exploiting making all of your domains vunerable.

I must admit, you are right and, I did not express myself right too.

My point with Xen, in comparison with VMware and VirtualBox or even KVM, is:

1- The Xen, when it boots the dom0, shrinks the physical RAM of the Domain0, so, the Linux called Domain0, only can see its own portion of RAM memory. He thinks that there is only a small amount of RAM (392MB in my case), even if my physical server has 8192MB of RAM;

2- The Linux Domain0 is unable to read the RAM memory of ANY onther Virtual Machines from within itself. It is more or less like us trying to see a parallel Universe, from within our own Universe.

The only way for somebody who have domain 0 root access, to access the virtual machine's contents is turning it off and mounting its root file system within the dom0.

And here, we have the "second level of security", I mean, the wallet.dat within the virtual machine will be hosted within a encrypted file system, so, even if somebody tries to mounts this file system at dom0, well, it is encrypted, no way to mount it. Even running in a Live CD. You can not access it, even if you're from FBI.

Well, when a virtual machine is running, the dom0 can't read its RAM, because it is jailed within its own "RAM Universe". When a virtual machine is off, the disk is encrypted. BTW, the VM must be secured against network attacks, with no SSH open, etc...

So, how to access the data?!

The only way I see is, cracking the Xen itself, wich is less than a microkernel, reboot te entire server with your modified Xen, and try to access the RAM memory of running virtual machines from by the Xen, not from Linux dom0. But honestly, who will do that without any major "system alarms"?! Or, without shutting down the VM too, leaving its encrypted file system unmounted...   Huh

I really sorry if I say something wrong, incomplete or confuse sometimes... I'm from Brazil and it is pretty hard for me to express myself in english...   \o/

Thanks!
Thiago
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 12, 2011, 07:43:13 AM
Last edit: August 13, 2011, 06:58:43 AM by ThiagoCMC
 #15

Guys,

 Sometimes, talk isn't enough. So, I'll launch a challenge... To prove if I am right or not.

 I mean, to prove if Xen provides a safe environment, or not, for your Bitcoins being hosted within a encrypted virtual machine on top of it.

 The challenge prize will be 10 BTC (or 50 BTC). But you will must get it by your own.


 Brief of the My Challenge:

 Hack the Virtual Machine called "bitcoin" and get the BTCs for you!


 Scope:

 1- A Xen hypervisor on a physical server, called "xenserver";

 2- A Xen Virtual Machine on it, called "bitcoin", with a encrypted file system (only I will have the encrypted volume password) and no network access;

 3- The Bitcoin client will be always running within "bitcoin" virtual machine, with 50 BTC on its balance;

 4- I'll give to everybody, full root access to the "xenserver";

 5- If somebody have the knowledge, he or she will be able to win the prize, sending those 50 BTC to itself;

 6- The challenge will be valid for 10 days;

 7- If somebody shuts down the "bitcoin" virtual machine, challenge over (because you are "detected");

 8- If somebody shuts down the "xenserver", challenge over (because you are "detected");

 That's it!


 Of course, those 10 or 50 BTC, the wallet.dat it self, will be copied in my own safe place, if somebody just delete the "bitcoin" virtual machine to vandalize the challenge...

 But honestly, today I have only 2 BTC in my wallet...I pretty much just knowing about the existence of Bitcoins, precisely on June 15, 2011 at 9AM, I met the Bitcoin for the first time. So, this challenge will take longer to become active.

 Anybody wants to fund it?! I'm sure no one will be able to win the prize...  Grin So, the 50 BTC will be back to the funder at the end of the challenge. But it I'm wrong, I must pay for it.  Wink

 What do you guys think?!

 I know this is out of the scope of "Intersango HOWTO" but, I have mentioned that Xen is safe enough for leaving your Bitcoins within a Virtual Machine hosted on top of it... Sorry the "OFFTOPIC"...

 BTW, I do not want to do this alone in my house... I appreciate any help, tips, ideas, etc... To make this challenge visible to the public, for example...

Cheers!
Thiago
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530
Merit: 500



View Profile WWW
August 12, 2011, 08:46:34 AM
 #16

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

nybble41
Full Member
***
Offline Offline

Activity: 152
Merit: 100


View Profile
August 13, 2011, 12:16:13 AM
 #17

You might want to look into the "xm save" command, which freezes a VM and records its state to a file; that includes the contents of RAM. It would take some searching, but at least the encryption key for the disk and possibly the wallet.dat file itself would be visible in the resulting save file.

If you run "xm restore" quickly enough you may even be able to get the VM running again without being detected.
ThiagoCMC (OP)
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
August 13, 2011, 07:06:41 AM
 #18

You might want to look into the "xm save" command, which freezes a VM and records its state to a file; that includes the contents of RAM. It would take some searching, but at least the encryption key for the disk and possibly the wallet.dat file itself would be visible in the resulting save file.

If you run "xm restore" quickly enough you may even be able to get the VM running again without being detected.

How could I be so innocent!? That's why I like to talk to several people... Sometimes we (at least I) get stuck on certain thoughts, thinking that we are right, but only one command and you (me) fall... I had completely forgotten about the "xm save" or "xe vm-checkpoint"... RAM Universe... blah blah blah... LOL!  Roll Eyes

 Lips sealed
indicasteve
Full Member
***
Offline Offline

Activity: 140
Merit: 100



View Profile WWW
August 13, 2011, 08:20:22 AM
 #19

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

THIS--^   Cheesy

Art Express!  Native American Art, Crafts and Weapons!  coingig.com/ArtExpress
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1071


View Profile
August 13, 2011, 02:58:34 PM
 #20

Great stuff.

Learned one thing though.
If you want to start something up that has to do with money biz you need 4 more things then just the front-end and back-end.

1) A 24/7 lawyer
2) Alot of money
3) A couple of skilled programmers
4) A additional security expert.

THIS--^   Cheesy

You have to start somewhere. I had none of those in the beginning, slowly accumulated them and now we have that and more.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!