Bitcoin Forum

I have a windows XP 32bit laptop I would like to use for cold storage but 32bit is no longer supported. I heard 0.92.3 was the last one but I can't find the old 0.92.3 installer, just the source code on github. No one would still have it or could compile it would they?

I'm out of options other than buy a new laptop for cold storage which is a waste really or compile it myself which I have no idea how to. :-\

Someone suggested install Debian 32bit since that version is still supported and I'll look into that but I'll admit I am a windows fan so the whole installing Linux does sound like a lot of work. :-\ Also I did have old programs and data that I wasn't bothering to move right now so that's a lot more work than installing a single app. So not my first choice but it's still a better option than buying anything. I wasn't using the laptop anymore, I just hadn't moved everything yet, so this was giving it new life. :)

I'm using a hot wallet now but I want my bitcoin to be safe as possible so any help would be appreciated.

You would have to build it yourself. It's not as hard as it sounds.

I was afraid that would be the answer. :'( Is there any reference or something you could point me to for guidance? Hopefully one specifically for armory?

I've done a little compiling in java and I program in Clickteam Fusion 2.5 so I know coding. But those are streamlined for easy compiling or I was in a java class with step by step instructions. So I think I could follow a guide (hopefully :-[) but I've never touched c++ to try to start compiling it from scratch. :-\

It's fairly easy with MSVS.

First off get MSVS 2015 express on your online machine, checkout the 0.92.3 tag on the repo and build the cpp project in x86. Once you have that covered, I'll walk you through the python part.

Also use this as a general reference:

https://github.com/goatpig/BitcoinArmory/blob/master/windowsbuild/Windows_build_notes.md

Thank you for your help. I'm installing MSVS 2015 right now (it has to download 12gb so I'll take some time) so I'm looking through the 0.92.3 repo now. I'm sorry but by cpp project do you mean cppForSwig? And if so by that link you gave do I need to unzip swig 3.0.2 into swigwin first before compiling it? If not I'm not sure which files you mean. Those are the only .cpp files I see. (sorry like I said I've never done C++ before :-[).

I happen to have a copy of the old 0.92.3 windows installer. What's the best way to get it to you?  Message me with your email address & I can email it.

https://github.com/goatpig/BitcoinArmory/blob/master/cppForSwig/BitcoinArmory.sln

Open this file in MSVS, make sure the swigwin root folder is in the same folder as this file.

@Mackay,

Thank you so much. It’s working great! Yeah I would think this could be a rather common occurrence. When one uses an “Old Computer or Laptop” for cold storage there is a high probability that it’s a 32bit windows. I know that XP and 32bit are separate time consuming developments to keep supporting but I wish then this installer would be kept on the github as a workaround. Especially since 0.92.3 is more than sufficient for offline transaction signing.

Well anyways thanks again! :)

@Goatpig

Thank you for starting to help me compile it. I know the bitcoin/armory philosophy would be to trust no one and build it from scratch but it's already working great and it's only for offline transactions signing. So I'll probably just use his installer copy since it's so much easier. Thanks again though. :)


Anyone else that needs it I'd be happy to send it as I'm sure Mackay would be also.

Unless you verify the installer hash vs the signature files, you are taking massive risks.

ditto what goatpig said

Think about it this way: the part of this thread where goatpig instructed you on the libraries/build arch target are exactly what a motivated thief would need to get started on trying to develop an attack resembling what happened when Mackay offered you a copy of 0.92.3.

It's the easy part, I know, but then you're left with the motivation of the attacker. "How difficult is the hard part?" is the question a well motivated attacker would ask. And I'm afraid it would be far too easy to steal at least some BTC using minimal coding ability. Someone just a little too bright and/or too fresh could steal everything you have.

I feel you on that and that's why I wouldn't use it on an online pc but from my understanding let me ask something. If it only ever is on an offline pc, only in offline mode and used to only sign offline transactions, aren't the transactions made and verified by the online clean armory? Like if during the signing the outputs were changed to the attacker wouldn't the online armory see the change? Or am I missing something? :-\


There wouldn't be a guide for that would there? Or is that not easier than just compiling it myself? By the the number of things to install and setup in your link it would seem to me like verifying would be easier. :-\

We come back to the motivation factor again: it depends what an attacker could achieve while on the offline machine. If they could copy a payload to USB flash/CD-ROM to execute on the online machine, that's a problem.

That's true. But that's the same attack vector one would need to use on the online pc to reach the offline pc in the first place. Meaning that the cd or flash drive already needs to be watched and secured.

I was trying to think of an easy way to copy the text armory generates during transaction signing without a flash drive. Maybe OCR or something. Or Maybe a Qrcode might be nice here. :-\ one you can verify on your phone and can verify it is accurate to the text onscreen. Then that attack vector is closed.

Don't get me wrong I want my bitcoin to be safe that's why I'm doing the cold storage in the first place. ;)

hash the file (sha256sum), check it matches the hash in the signed hashes file for 0.92.3. Then check that signed hashes file is signed by Alan's offline signing key. If you're not willing to go down that route, you should build from scratch.


Doesn't matter what the GUI shows on both ends. If as an attacker I have access to what code runs on your signer, I could wipe your entire wallet after you've broadcasted a single tx signed with this malicious code, if I wasn't trying to be sneaky.

If I wanted to be stealthier, I'd still manage to reveal all private keys on your wallet after the one you signed with, with a single tx broadcasted to the network. An attacker with enough motivation would figure out which parts of the code base to alter to corrupt the signer in this way.

tldr: do not use binaries without signed hash, ideally build the code yourself, and best would be to review the code before using it (now that's going far I know)

I understood the possibility of a payload with the saved tx file, that's why I mentioned I wanted to use the copyable text in a QRcode or something, but I didn't think the copyable text based tx info could carry enough data for any malicious code :-\. Interesting. By the way when I said it's working great I meant installing it and just messing with it. I haven't used it at all yet so I'm still good. :) 



I hashed the file, even went back and checked the newer installs, and I have the public key but I can't find the signed file with the correct hash for version 0.92.3. :D LOL I'm right back to where I started ::).

Wow this is a great site! :D I need to remember it for things like this.

So I browsed around the site and got multiple hashfiles of the 0.92.3 release from different timed snapshots of the Amory website. It even had the old 0.92.3 installer so I got a few of them as well. I hashed them all, including the one Mackay sent me, and compared them to all the hashfiles. Good news they all matched! :D Now I still need to check the signature (don't know how to do that on windows yet) but this is a good sign. :D

What happened to ghdp's posts? ??? I didn't get to read his last one before it disappeared. :( I had hoped it had tips on how to check the signatures.

Looks like he chose to remove it.

So that's the name of the program link I saw briefly before I could really sit down and fully read it. I'll look into GnuPG. Thank you for all your help ghdp and thanks everyone for that matter. :)

So thanks to ghdp and GnuPG or really gpg4win, I was able to check the signatures. :)

So now for versions 0.92.3 and 0.94.1, I've checked the checksums, the signatures and the publickey fingerprint on multiple downloaded copies from Mackay, from the old and new(goatpig) githubs, these forums (for the publickey fingerprint), and the Amory website and it's archived copies at multiple timed snapshots on the site internet archive (https://archive.org/web/).

They all checked out so I think I'm good short of reading the code myself. :D

Thanks again everyone for helping me on this newbie stuff. The community here is great! :D

Everyone has made excellent points here and I was myself wary of handing out that old installer that I kept (I archive the installers for every new release for the crypto wallets I keep), but I just wanted to help the OP as I was in his situation myself awhile back. https://bitcointalk.org/index.php?topic=977678.msg10674668#msg10674668

Glad everything worked out & thanks SoraMan for verifying the installer hash and keeping my reputation intact!  :)

It's ok to distribute binaries as long as you attach the signed hashes file.

Hi guys, could I also get the Win 32Bit installer?