Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Bit Challenger on December 12, 2018, 07:13:27 PM



Title: Ignore wallet.dat password operation
Post by: Bit Challenger on December 12, 2018, 07:13:27 PM
I stumbled across a bug where Bitcoin QT could send bitcoins without a password in an encrypted wallet. I have done a lot of tests to prove that my method is feasible. But the whole workload is so heavy that it's hard for me to do it alone. If you can see the problem in my picture and have Wallet. dat data analysis experience, you can join me in my work, let's complete the bursting QT wallet together!
Padmin@126.com

Information is encrypted

Thank you for your letter. I chose 5 engineers to help me. I don't need more people, thank you.


After the development is completed, I will announce the results.


Title: Re: Ignore wallet.dat password operation
Post by: LoyceV on December 12, 2018, 07:20:30 PM
I stumbled across a bug where Bitcoin QT could send bitcoins without a password in an encrypted wallet.
First: I don't believe you :P

Quote
You use image tags, but Newbies can't embed images. When I follow your link, Google Drive tells me "You need permission".

I'm not sure what you're trying to share, but a general warning: DO NOT install programs from unknown sources!


Title: Re: Ignore wallet.dat password operation
Post by: Bit Challenger on December 13, 2018, 06:24:24 AM
I stumbled across a bug where Bitcoin QT could send bitcoins without a password in an encrypted wallet.
First: I don't believe you :P

Quote
You use image tags, but Newbies can't embed images. When I follow your link, Google Drive tells me "You need permission".

I'm not sure what you're trying to share, but a general warning: DO NOT install programs from unknown sources!
Sorry, I forgot the public picture.


Title: Re: Ignore wallet.dat password operation
Post by: bob123 on December 13, 2018, 06:57:32 AM
Sorry, I forgot the public picture.

Still, i get Your client does not have permission.

What are you trying to share anyway ?



First: I don't believe you :P

It shouldn't be excluded that there is a bug/vulnerability which would allow to do this.
Even though it seems quite strange that he is uploading a file instead of sharing the general approach publicly, the possibility of such a bug still exists (even if the possibility is extremely low).


@OP:
What about explaining the general approach here ?
How do you think can you 'circumvent' the decryption of the keys ??

If you claim the encryption itself is weak or buggy, i do also not believe you.
And currently i don't see another way to access the encrypted keys without the decryption key  ???


Title: Re: Ignore wallet.dat password operation
Post by: Bit Challenger on December 13, 2018, 08:18:00 AM
Sorry, I forgot the public picture.

Still, i get Your client does not have permission.

What are you trying to share anyway ?



First: I don't believe you :P

It shouldn't be excluded that there is a bug/vulnerability which would allow to do this.
Even though it seems quite strange that he is uploading a file instead of sharing the general approach publicly, the possibility of such a bug still exists (even if the possibility is extremely low).


@OP:
What about explaining the general approach here ?
How do you think can you 'circumvent' the decryption of the keys ??

If you claim the encryption itself is weak or buggy, i do also not believe you.
And currently i don't see another way to access the encrypted keys without the decryption key  ???
Encrypted


Title: Re: Ignore wallet.dat password operation
Post by: Bit Challenger on December 13, 2018, 08:30:30 AM
I'm not sure about older wallet.dat format, but important information (private key / master private key / seed) on wallet.dat is encrypted and there's no way to spend bitcoin (or sign message/unsigned transaction) without decrypt the wallet.
Bitcoin Core/Qt wallet uses AES256 and PBKDF2, if you could crack both of them without knowing password/private key and without brute-force, then you would make most services vulnerable.
I don't question the strength of the algorithm, my method is only for bitcoin qt wallet


Title: Re: Ignore wallet.dat password operation
Post by: bob123 on December 14, 2018, 06:59:38 PM
If you can see that each hash is divided into 4 segments and understand his purpose, you will understand my intentions.

I don't question the strength of the algorithm, my method is only for bitcoin qt wallet


Uff.. First i thought you might have really found a bug (which might have been not as severe as you thought it to be).

But those two statements, just proved that you don't have a clue at all.


Troll post confirmed.

Don't bother to contact OP or discuss this with OP. He obviously is trolling and doesn't know what he is talking about.


Title: Re: Ignore wallet.dat password operation
Post by: Bit Challenger on December 15, 2018, 07:57:57 AM
If you can see that each hash is divided into 4 segments and understand his purpose, you will understand my intentions.

I don't question the strength of the algorithm, my method is only for bitcoin qt wallet


Uff.. First i thought you might have really found a bug (which might have been not as severe as you thought it to be).

But those two statements, just proved that you don't have a clue at all.


Troll post confirmed.

Don't bother to contact OP or discuss this with OP. He obviously is trolling and doesn't know what he is talking about.
I updated the post again and it will prove that I found it to be correct.


Title: Re: Ignore wallet.dat password operation
Post by: achow101 on December 15, 2018, 04:38:37 PM
If you believe you have found a vulnerability in Bitcoin Core (note that bitcoin-qt is part of the Bitcoin Core project) which can result in the loss of private keys or the wallet encryption being broken, please responsibly disclose the vulnerability by emailing security@bitcoincore.org (email listed on website: https://bitcoincore.org/en/contact/).


Title: Re: Ignore wallet.dat password operation
Post by: milewilda on December 15, 2018, 04:59:17 PM
If you believe you have found a vulnerability in Bitcoin Core (note that bitcoin-qt is part of the Bitcoin Core project) which can result in the loss of private keys or the wallet encryption being broken, please responsibly disclose the vulnerability by emailing security@bitcoincore.org (email listed on website: https://bitcoincore.org/en/contact/).
If its true then its good if he would responsibly email the team but if not then he would work other way around. lol


Title: Re: Ignore wallet.dat password operation
Post by: Bit Challenger on December 15, 2018, 09:19:22 PM
If you believe you have found a vulnerability in Bitcoin Core (note that bitcoin-qt is part of the Bitcoin Core project) which can result in the loss of private keys or the wallet encryption being broken, please responsibly disclose the vulnerability by emailing security@bitcoincore.org (email listed on website: https://bitcoincore.org/en/contact/).

Samuel, he's dealing with this