Title: Old IRC code in shitcoins "IRC bootstrapping" Post by: garmin on February 02, 2015, 04:17:25 PM I was trying to sync a shitcoin and accidentally found I was connected to IRC when looking in my debug.log file
I usualy add IRC=0 to my conf file to avoid this issue but while troubleshooting a sync problem I found this. use IRC to connect to pelican.heliacal.net and do a /list to see all the connections from old wallets and left over code in shitcoin clones using IRC bootstrapping. Here is some info on the topic, but it's very old, I think many may be unaware of this connection in the background. https://bitcointalk.org/index.php?topic=84.0 Opinions? Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: garmin on February 02, 2015, 04:44:08 PM can this backdoor be used to ddos wallets, nodes? ???
/list from IRC server #namecoin01 254 #namecoin00 245 #novacoin00 196 #HyperStake00 95 #magi00 94 #AuroraCoin00 89 #MintCoin00 76 #tekcoin00 74 #devcoin 68 #eMark00 67 #ultracoin24 64 #Hyper00 63 #Latium00 62 #rimbit00 59 #Diamond00 51 #netcoin00 50 #Truckcoin00 48 #4200 48 #M3GAC01N01 47 #curecoin00 46 #Zeitcoin00 46 #noblecoin00 44 #TagCoin00 42 #sexcoin00 42 #DNotes00 41 #anoncoin00 39 #orbitcoin00 38 #CryptogenicBullion00 38 #AsiaCoin00 37 #mavro00 37 #CAPTcoin00 36 #yacoin24 35 #phoenixcoin00 34 #digitalcoin00 33 #Whitecoin00 33 #bbqcoin00 32 #BlueCoin00 32 #TittieCoin00 31 #emerald00 30 #infinitecoin00 29 #grandcoin00 29 #usde00 29 #lottocoin00 29 #luckycoin00 28 #Philosopherstone00 28 #litecoin00 28 #fastcoin00 25 #Battlecoin00 24 #globalcoin200 24 #chncoin00 23 #dogecoin00 23 #Aricoin00 23 #dopecoin00 22 #StableCoin00 22 #Teslacoin00 21 #huntercoin01 21 #alphacoin00 20 #X11Coin00 19 #lycancoin280 18 #FairCoin00 18 #nyancoin200 18 #OmniCoin00 18 #IncaKoin00 18 #huntercoin00 17 #Cetus00 17 #JackpotCoin00 16 #iCoin00 16 #bitcoin200 16 #BitcoinFast00 15 #Coino00 15 #ECCoin2000 15 #KiwiCoin00 15 #sdcoin00 15 #StarCoin00 14 #BitMiles200 14 #Bitstar00 14 #Coin2.100 13 #pennies-696924 13 ##camorracoin00 13 #florincoin00 12 #Ocoin00 12 #MetalMusicCoin00 12 #redcoin00 12 #elephantcoin00 12 ##growcoin00 12 #silkchat 12 #ybcoin24 12 #copperlark00 12 #americancoinCOM00 12 #hempcoin00 11 #KryptKoin00 11 #OrangeCoin00 11 #feathercoin00 11 #6600 11 #craftcoin200 11 #DolphinCoin00 10 #RippleLite00 10 #Argentum00 10 #doubloons00 10 #krugercoin00 10 #abcittCoin00 10 #xtracoinxx00 10 #halcyon00 9 #InfinitecoinV200 9 #MediCoin00 9 #bitcoin 9 see #bitcoin-dev or #bitcoin-dev on freenode #Grain00 9 #abcittCoin01 9 #bitgem00 9 #alipaycoin00 9 #worldcoin00 9 #GCoin00 9 #elacoin2-01 8 #BatCoin00 8 #copperlark02 8 #paccoin00 8 #PreminePlus00 8 #galaxycoin00 8 #cagecoin00 8 #FailCoin200 8 #AndroidsTokensv200 8 #getnibble00 7 #LegendaryCoin00 7 ##darkshibe00 7 #zccoin24 7 #MemeCoin00 7 #Credits00 7 #HeisenbergHex00 7 #aliencoininvasion00 7 #TrollCoin00 7 #Noirbits200 7 #diemcoin00 7 #fluttercoin00 7 #bitcoinplus00 7 #eXcryptoTEST 7 #cachecoin24 7 #SaturnCoinx00 7 #CommunityCoin00 7 #TopCoin200 7 #likecoin200 6 #ImperialCoin200 6 #CivilizationCoin00 6 #ixcoin02 6 #ixcoin01 6 #PenguinCoin01 6 #LxcCoin00 6 #Roscoin00 6 #Badgercoin00 6 #namecoinTEST 6 #Extremecoin200 6 #junkcoin00 6 #beaocoin00 6 #xencoin00 6 #zedcoin00 5 #ekrona00 5 #gmecoin01 5 #dimecoin00 5 #ixcoin00 5 #ixcoin03 5 #ixcoin08 5 #crtcoin00 5 #GameLeagueCoin00 5 #copperlark01 5 #earthcoin00 5 #ECCoin00 5 #ermiscoin00 5 #ixcoin09 5 #NoirShares00 5 #IRCoin00 4 #ixcoin06 4 #groincoin00 4 #Cash00 4 #CryptoBuck00 4 #CannabisDarkcoin00 4 #RainbowGoldCoin00 4 #CoffeeCoin2.000 4 #TheSmurfsCoin00 4 #BTCtalkcoin00 4 #GoldRushCoin00 4 #LoveCoin00 4 #wildwestcoin00 4 #Newsaturncoin200 4 #8400 4 #Sembros00 4 #Denarius200 3 #GreeceCoin00 3 #axron00 3 #zombiecoin275 3 #Vaultcoin00 3 #bitlira200 3 #YellowCoin00 3 #FutCoinTEST 3 #pigcoin00 3 #nanotoken00 3 #solarcoin00 3 #Thorcoin24 3 #mincoin00 3 #urodark00 3 #BoomCoin00 3 #CarbonCoin00 3 #terracoinTEST3 3 #ixcoin07 3 #litebar00 3 #magiTEST2 3 #Tmgcoinxx00 3 #realcoin00 3 #Muniti00 3 #CosmosCoin00 3 #beercoin00 3 #LasagnaCoin00 3 #SourceCoin00 3 #noblecoinTEST2 3 #FinerCoin120 2 #vampirecoin285 2 #UNCoin00 2 #abcinnCoin00 2 #Cubits00 2 #torcoin00 2 #dogecoin18 2 #dogecoin13 2 #novacoinTEST2 2 #darsek00 2 #xg00 2 #dogecoin34 2 #T1TAN10M01 2 #EuropeCoin00 2 #topcoin00 2 #Mozztestcoin00 2 #Equal00 2 #BEEV200 2 #CapitalCoin01 2 #huntercoinTEST 2 #spots00 2 #solidcoin69 2 #UniversityCoin00 2 #ixcoin05 2 #PayCoin00 2 #dogecoin31 2 #dogecoin32 2 #dogecoin38 2 #dogecoin45 2 #dogecoin41 2 #homecoin00 2 #dogecoin22 2 #dogecoin29 2 #billioncoin00 2 #Firecoin00 2 #nightmare00 2 #corgicoin05 2 #CryptoCredits00 2 #voxpopuli00 2 #SoleCoin00 2 #YouthCoinxx00 2 #IGCCoin_v1_00 2 #ultracoinTEST 2 #dollarpounds00 2 #ecoin00 2 #pandacoins24 2 ##ShadeCoin 2 #polishcoin200 2 #Ethan00 2 #ccoin200 2 #asspennies200 2 #containercoin00 2 #blazecoin00 2 #bitcoinTEST 2 #Distrocoin00 2 #FairCoinBETA00 2 #newyorkc42 2 #dCom00 2 #dollar17 2 #bitcoin77 2 #newyorkc22 2 #newyorkc20 2 #GameCrypto00 2 #BottleCaps00 2 #Mozzsharevv200 2 #laika 2 #BYCoinz00 2 #powercoin01 1 #educoin46 1 #leprocoin00 1 #gpl24 1 #terracoin11 1 #terracoin71 1 #planecoin00 1 #HoboNickels00 1 #snowcoin00 1 #koruna19 1 #corgicoin47 1 #terracoin25 1 #abRhinoCoin00 1 #Citizencoin00 1 #litecoinTEST3 1 #travelcoinproject00 1 #indexcoinproject00 1 #shitcoin00 1 #gldcoin00 1 #CoolCoin00 1 #smartcoin200 1 #AngelCoinxx00 1 #g8coin00 1 #samcoin 1 #PayzorCoin00 1 #groupcoin 1 #Happycoin00 1 #CloakCoinTEST4 1 ##aurovine00 1 #Rekt00 1 #gaycoin28 1 #glcoin200 1 #olympiccoin00 1 #gaycoin18 1 #Applecoin24 1 #indiecreddit00 1 #Nicecoin00 1 #abFBcoin00 1 #nlocoin200 1 #koruna39 1 #GOODcoin03 1 #GOODcoin02 1 #internetcoin00 1 #SquareBit00 1 #eaglecoin200 1 #koruna44 1 #Thebotcoin200 1 #fairbrix01 1 #GhostCoin00 1 #hypercoin200 1 #conemu 1 #getseedcoin00 1 #AmberCoin00 1 #copperbars24 1 #graphene24 1 #coinyecoin02 1 #coinyecoin05 1 #coinyecoin04 1 #coinyecoin07 1 #coinyecoin08 1 #fuelcoin00 1 #icecoin200 1 #NorthKoreaCoin200 1 #chakracoin00 1 #albocoin22 1 #albocoin21 1 #coinyecoin40 1 #coinyecoin12 1 #coinyecoin11 1 #bitcash00 1 #pawncoin47 1 #pawncoin49 1 #StoopidCoin00 1 #albocoin48 1 #bells00 1 #binarycoin00 1 #aluminiumcoin00 1 #XXLcoin25 1 #ezcoin01 1 #XXLcoin30 1 #XXLcoin39 1 #oilcoin00 1 #rabbitcoin27 1 #EBT00 1 #rabbitcoin30 1 #rabbitcoin31 1 #rabbitcoin33 1 #rabbitcoin38 1 #ztc127 1 #LotteryTickets24 1 #dogecoin19 1 #dogecoin14 1 #dogecoin16 1 #dogecoin10 1 #coinyecoin30 1 #coinyecoin32 1 #NumberCoin00 1 #coinyecoin23 1 #coinyecoin22 1 #i0coin00 1 #Digittwo03 1 #BanxTEST2 1 #kittehcoin10 1 #dicecoin00 1 #cleanwatercoin00 1 #Jerkycoin00 1 #rabbitcoin19 1 #XXLcoin16 1 #rabbitcoin47 1 #rabbitcoin46 1 #LightCoin00 1 #mooncoin24 1 #mooncoin25 1 #AurumGoldCoin00 1 #BountyCoin00 1 #Lucky7Coin00 1 #CannaCoin00 1 #BeliCoin00 1 #novacoinTEST 1 #pacycoin43 1 #bitcoin93 1 #bitcoin97 1 #bitcoin96 1 #frozenboxcoin200 1 #goalcoin00 1 #666Coin00 1 #fixcoin200 1 #FloridaCoin11 1 #Gil00 1 #dollar07 1 #dollar24 1 #AltCheck00 1 #dollar32 1 #dollar37 1 ##audiocoin00 1 #AphroditeCoin00 1 #JackpotCoinTEST2 1 #educoin25 1 #Radioactivecoin24 1 #schillingcoin42 1 #geistgeld00 1 #ixcoin04 1 #CalypsoCoin00 1 #sdcoinTEST 1 #vericoin02 1 #EonCoin00 1 #koin22 1 #HorseCoin00 1 #KyushuCoin201 1 #KyushuCoin204 1 #Velocitycoin24 1 #seedcoinlite24 1 #CapitalCoin00 1 #plusevcoin200 1 #noblecoinTEST3 1 #KyushuCoin01 1 #upcoin00 1 #DistroBlitz00 1 #volatilitycoin00 1 #dogecoin09 1 #dogecoin01 1 #dogecoin05 1 #corgicoin02 1 #dogecoin04 1 #dogecoin36 1 #dogecoin37 1 #dogecoin30 1 #dogecoin48 1 #blackcoin03 1 #blackcoin00 1 #bitcoin-dev 1 #dogecoin26 1 #dogecoin21 1 #dogecoin28 1 #Coin2.000 1 #CCIShare00 1 #SeedcoinX00 1 #richcoin00 1 #TrustCoin00 1 #Electric29 1 #cachecoinTEST 1 #bitcoin87 1 #bitcoin84 1 #bitcoin85 1 #runnercoin00 1 #educoin14 1 #bitcoin29 1 #bitcoin27 1 #suncoin200 1 #royalcoin00 1 #bitcoin01 1 #bitcoin07 1 #bitcoin09 1 #newyorkc43 1 #bitcoin47 1 #bitcoin43 1 #pastacoin00 1 #bitcoin59 1 #jbcoin24 1 #bitcoin39 1 #MasterCoin200 1 #dollar45 1 #martexcoin200 1 #bitcoin64 1 #bitcoin68 1 #bitlion01 1 #surge49 1 #newyorkc30 1 #ladycoin00 1 #newyorkc24 1 #digibyte00 1 #newyorkc04 1 #newyorkc06 1 #newyorkc07 1 #newyorkc03 1 #newyorkc15 1 #newyorkc12 1 #foxcoin200 1 #payprocoin01 1 #abclscCoin00 1 #dollarcoin39 1 #macrocoin00 1 #corgicoin37 1 #corgicoin36 1 #crapcoin200 1 #corgicoin20 1 #herocoinme2411 1 #ECCoin1337 1 #pacycoin11 1 #lfnet 1 #BorzoCoin00 1 Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: ronald98 on February 02, 2015, 07:06:40 PM Architectcoin implemented built-in IRC chatting in the ARCH wallet, but it's the only coin I know that implemented it.
https://bitcointalk.org/index.php?topic=695857.0 Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: garmin on February 02, 2015, 07:23:10 PM Architectcoin implemented built-in IRC chatting in the ARCH wallet, but it's the only coin I know that implemented it. https://bitcointalk.org/index.php?topic=695857.0 I think it's old seed node info coded into all the wallet clones. Not so much a IRC feature. The old node info used IRC bootstrap to sync. you can remove all nodes from incakoin [NKA] .conf and it still connects via this old bootstrap method used in the coin it was cloned from. I do notice when I have misbehaving nodes they are usually IRC nodes. It seems as if this backdoor connection could be exploited, by evil doers... Any opinions? Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: microbial on February 02, 2015, 07:37:36 PM it is like a who is who of shitcoins ;D
Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: fsb4000 on February 02, 2015, 07:53:09 PM In many coins IRC left as an additional source nodes.
For example, Novacoin has: 1) IRC 2) DNS seed nodes https://github.com/novacoin-project/novacoin/blob/master/src/net.cpp#L1099 3) Seed nodes https://github.com/novacoin-project/novacoin/blob/master/src/net.cpp#L1173 4) Tor seed nodes https://github.com/novacoin-project/novacoin/blob/master/src/net.cpp#L1194 Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: jasemoney on February 02, 2015, 08:28:14 PM I recall that it was just another way for nodes to find each other. Many of the newer coins have eliminated this as though I don't recall it being exploited yet, its not necessary, and we've moved past it in most sources i think so its a non issue ;)
Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: garmin on February 02, 2015, 08:56:55 PM I recall that it was just another way for nodes to find each other. Many of the newer coins have eliminated this as though I don't recall it being exploited yet, its not necessary, and we've moved past it in most sources i think so its a non issue ;) I was thinking someone could bot attack from the IRC side or ddos the node used in the native code to stop or studder a coins blockchain. while everyone is having sync issues you can dump your coins. or a IRC IP dump looking for c$ or any shares or vulnerability scans against all ip's ;) Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: ronald98 on February 02, 2015, 10:25:20 PM I recall that it was just another way for nodes to find each other. Many of the newer coins have eliminated this as though I don't recall it being exploited yet, its not necessary, and we've moved past it in most sources i think so its a non issue ;) I was thinking someone could bot attack from the IRC side or ddos the node used in the native code to stop or studder a coins blockchain. while everyone is having sync issues you can dump your coins. or a IRC IP dump looking for c$ or any shares or vulnerability scans against all ip's ;) You are right, I just noticed the alt section mod stickied a warning about malware attacks. The warning includes an IRC exploit someone tried here. .............. Modified source with backdoor This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism. here is the relevant source code (https://github.com/alerj78/lucky7coin/blob/master/src/irc.cpp#L350-364): Code: if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1) Code: if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1) Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: BCwinning on February 02, 2015, 10:28:07 PM it is like a who is who of shitcoins ;D which is why bitcoin is in the list and namecoin is not a shitcoin either.but hell no one on here cares anymore what a coin is about. THey just want to the moon make me rich naow Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: siameze on February 03, 2015, 12:24:14 AM This is the exploit I remember, required a very precise set of conditions. http://genesysguru.com/blog/blog/2011/06/17/bitcoin-theft-the-top-ten-threats/
There was another PoS coin that someone told me had the recent irc exploit. One of those that had the built-in chat, but I don't recall the name. Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: garmin on February 03, 2015, 12:38:22 AM This is the exploit I remember, required a very precise set of conditions. http://genesysguru.com/blog/blog/2011/06/17/bitcoin-theft-the-top-ten-threats/ There was another PoS coin that someone told me had the recent irc exploit. One of those that had the built-in chat, but I don't recall the name. interesting link, kinda what I was thinking but fleshed out. as the duck swims atop the pond little does he know the shark below is watching him paddle away ;) Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: jasemoney on February 03, 2015, 01:26:06 AM i dont think ddos'ing the irc nodes would do to much, they have connections aside form just the irc coded peerfinder.
also that relaunch coin backdoored it in the code, ther were not able to attack the coin based on normal irc bootstraping protocol. im sure something nefarious could be done but i guess we might have to wait around til someone comes up with it :/ Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: garmin on February 03, 2015, 04:28:58 AM What about something like this
################################################################################ # bitmon # Description: monitors irc.lfnet.org:6667#bitcoin and extracts user details # Author: Brendan Coles <bcoles@gmail.com> # Version: 0.1-20110520 ################################################################################ import socket, string botname = 'u1rt6zQzvGpS1Zz' # change this channel = '#bitcoin' network = 'irc.lfnet.org' port = 6667 irc = socket.socket ( socket.AF_INET, socket.SOCK_STREAM ) irc.connect ( ( network, port ) ) irc.send ( 'NICK %s\r\n' % (botname)) irc.send ( 'USER %s 8 * : %s\r\n' % (botname, botname)) irc.send ( 'JOIN %s\r\n' % (channel) ) while (1): data = irc.recv ( 4096 ) msg = string.split(data) # Respond to PING X request with PONG X if msg[0] == 'PING': irc.send ( 'PONG ' + msg[1] + '\r\n' ) # Send WHO request to each NICK that joins the channel if msg [1] == 'JOIN': message = ':'.join ( data.split ( ':' ) [ 2: ] ) nick = msg[0][:string.find(msg[0],"!")] irc.send ( 'WHO %s\r\n' % (nick)) # Write WHO data to file if msg [1] == '352': user = string.join(string.split(data[:string.find(data,"\n")])[4:]) print user filetxt = open('users.txt', 'a+') filetxt.write(user+"\n") filetxt.flush() https://gist.github.com/bcoles/982695 I found maxminers.net kinda easy by hand from the IRC side of #INCAKOIN00 user > u36KUV4d5N1JfDD = https://nka.maxminers.net/index.php the code above could prolly make quick work of finding the interesting stuff with a few mods =) Title: Re: Old IRC code in shitcoins "IRC bootstrapping" Post by: siameze on February 03, 2015, 04:27:31 PM There is a reason I stayed on Bitcoin until I have found Monero, this is one of them, the number of unpatched and dumb code in shitcoins is as alarming as unsurprising. I would love to see a chart with the list of coins that have this or similar problems. |