A minha questão agora é: como é que eles vão desbloquear esses bitcoins?
Deve ter um QR code, a private-key impressa, etc... qualquer coisa que alguém consiga obter fisicamente. Dizem que é para o primeiro viajante. Mas que tipo de viajante? Será dificil uma pessoa ir sozinha a Lua.
Essa é a graça. Quem conseguir pegar o QR/dispositivo/private-key/tanto-faz conseguirá pegar as moedinhas. Seja essa pessoa um astronauta da NASA que vai ter que dar as moedinhas pro governo, seja um astronauta na surdina, seja o primeiro visitante comercial daqui à 20 anos... Alem disso, que garantia existe que essa suposta carteira esta realmente na lua?
Vá lá verificar você mesmo.
|
|
|
- When combining notes, I once got a 500 status error from the API (server was probably down), and yet I got an "invalid note(s)" alert. This can be confusing to the user since he will think he messed up somewhere while the issue is on the server. Probably better to return 404 if the note doesn't exist and show the appropriate message.
-You can use Combine or Withdraw only after your deposit has confirmed, I will add this info to both pages so it's less confusing I believe my deposit was already confirmed. Actually, if I recall correctly, that was after combining my two Notes into a new one C, so it should have worked (and it did work a second later, when I clicked the button again). -I suppose you mean API Address? That is the Public key of your Note. For each Note you should have an API Address, and when you combine them you receive a LoG saying something along the lines of: You have credited the API address x on Mon Apr 03 2023 00:00:00 GMT+0000 (Coordinated Universal Time), using the following API addresses: 1 - y; 2 - z;
Yes, I meant API address. But let's say I had issues with my Note. How do I connect the Note's public key to the note itself and to the fact that it was supposed to have any balance (example)?
Trying out Note, saw the guarantee letter, and now I got the "API address". But still, it is unclear what it meant to be or what is the purpose of that since there isn't any information about it. In addition, I try to visit /verification/letter_signing_address/{the given API address}, but no luck.
It is on "the system's API", so: /api/verification/letter_signing_address/{the given API address}
|
|
|
Some thoughts: - The website design is clean and very slick, good job. - I really like the "Note" mixing (reminds me of you-guys-know-who, which I always enjoyed using ). I created two separate notes and funded both of them. Then I tried "combining" Note A alone (basically destroyed it for a new Note C), and later combine Note B and Note C for a third Note D. Withdrew my coins and they arrived just like any other mixer after the time I specified. No issues at all. A -> C B + C -> D -> my address - When combining notes, I once got a 500 status error from the API (server was probably down), and yet I got an "invalid note(s)" alert. This can be confusing to the user since he will think he messed up somewhere while the issue is on the server. Probably better to return 404 if the note doesn't exist and show the appropriate message. - The whole "API Address" is a bit confusing. Could you explain a little bit about it? The LoG of both "combine" and "withdraw" functions only mention those addresses, so how do we prove that the API address 1Abc... and 1Xyz... had X+Y funds and they both got deleted for a third note of API address 1Fgh..., which is supposed to be unspent? Maybe there are improvements to be made there. - You should definitely, absolutely, add some kind of verification (either on the frontend or backend, or both) on the address the user inputs. I managed to go to the next step (Deposit) by using a 26-length random string, which is NOT a valid Bitcoin address (i.e 11111111111111111111111111). - The coin output (what I got from the mixer) actually came from a 3-of-3 multisig address. No bs there. - Maybe tell the user to save his deposit session and/or include that in the LoG? This way he can easily come back and check the status of his deposit even after closing the browser (better than forgetting it or manually having to go to /deposit/XXXXXXXX). Took me some time to notice that the LoG file is named after it. - Minor UI suggestion, but maybe hide (or at least show the cursor "not-enabled") on the percentage slide of the last address (when addresses > 1), since you can't move it anyways. - Minor UX (totally optional) suggestion, but maybe allow the user to regenerate the captcha on the page (usually by clicking on it) so he doesn't have to refresh it. I got at least one hard one (and failed it ). - Very super minor UI issue, but you can click the Withdraw page "Continue" button even when it is disabled (i.e when the Note field is empty, shows the "invalid note or empty balance" message). Actually enjoyed using the mixer. No doubt that you really get a big privacy bonus when you can hold your Notes for a few days rather than receiving the output coins after a few hours. I don't think there is any other mixer currently active with this functionality, which is a big plus for me. Extra bonus points for not going with Cloudflare, the easy route. Any eventual downtime due to DDoS attacks is 100x worth not having a big corporate MITM, in my opinion. bc1qvzxhnhdsg9zh6j3jy3vxdngd433al7udnyeydh
|
|
|
Exactly, the same here I have been trying to see the content and the features in the site before making proper Review on the site but the website both the onion and clearnet are not working instead one shows "The site can't be reached".👇
It has been working fine for me since OP's last message. Keep in mind that the .onion domain can only be accessed through Tor.
|
|
|
Cara, eu não acho que seja legal, nem ético ou moral a divulgação disso. Por mais que não tenha nada de "interessante", é algo pessoal e que deveria ser garantido o sigilo e privacidade, principalmente pelos administradores do fórum.
É exatamente por esse motivo que até hoje você e nem eu sabemos o que tem nessas mensagens. E ele nunca divulgaria mensagens realmente privadas. Deve ser coisa do desenvolvimento do Bitcoin, assim como já são publicos os emails do satoshi com diversos desenvolvedores lá nos blocos iniciais (e até antes mesmo de ter um bloco).
|
|
|
I keep getting a "Backend offline. Please try again later" message and I noticed that the API calls are returning the 500 status. Both clearnet and Tor. DDoS maybe?
|
|
|
I'll take the best fail of April, thank you.
|
|
|
Pessoal, hoje estou contente. Arrumei emprego depois de mais de um ano "desempregado" aqui no Bitcointalk. Os "barrigudinhos" já estavam passando necessidade. Agora, espero que a campanha dure um bom tempo e de para pagar as dívidas. Rapaz, quem imaginaria que era só se candidatar que ia, né?
|
|
|
Só tomaria cuidado com uma coisa nisso que falou: A parte da hardwallet ser usada. Existem relatos de carteiras usadas que haviam sido modificadas com algum componente malicioso.
Nunca ouvi falar, tem o link de algum caso de exemplo?
|
|
|
E se for assim, eles teriam a possibilidade de acessar a conta do Satoshi?
Sim! Na verdade já foi confirmado que existem algumas DMs secretas do satoshi. Não consegui achar o post agora, mas lembro que o theymos tinha decidido soltar essas mensagens do satoshi em uma data que já passou. Depois ele mudou de ideia e botou essa data lá pra frente (alguns anos).
|
|
|
Fui ver seu post e fiquei curiosa com o ''' The H4CK3R1337'' e fui pesquisar o que poderia significar o ''1377''e descobri que é um alfabeto (?) Apesar de nunca ter ouvido falar, eu sempre usei o modo fácil em algumas coisas. Mas vi que é a expressão surgiu nos anos 80, então imagino que seja uma forma de comunicação usada bastante no inicio da internet talvez?
Isso. Foi muito usada pelos hackers e principalmente pela mídia do entretenimento. Disruptivas é apenas uma usuária comum do BitcoinTalk, D1srupt1v4s é uma mega hacker que está tramando sabe-se lá o que... 1337 itself comes from the word elite. Users with elite status on BBSs had the widest access to the system and usually had to be the best hackers in order to achieve that level of access—hence 1337 as slang for “skilled,” in contrast to n00b, or newbie. Elite was modified to leet, then written with numbers as 1337 (1 for L, 3 for E, and 7 for T).
|
|
|
Detalhe: Os 9.861 bitcoins vendidos estão ligados ao hack da Silk Road, de 2012.
|
|
|
Congrats! How long did it take you? I estimated that it'd take an hour or two to reverse engineer, and honestly I didn't expect anyone to go to the trouble in the 24 hours available.
To get it working around 1 hour, yep. Took me longer to actually understand the code and clean it up a little bit so it doesn't look like a keylogger. I'm glad it was interesting enough to somebody that I was proven wrong here!
My favorite part of the Aprils Fool's joke every year is trying to create whatever I can around your inventions, so I couldn't miss it.
|
|
|
Damn, good job. I could feel the nervousness when you (almost) missed the last one. Still got marked as a spammer though, should have posted it on that same page with the solved captcha.
|
|
|
Updated the code to make it smaller and more readable. The biggest chunk of the code is the SHA1 function, so any dev can check there are no hidden shenanigans.
|
|
|
Nice, but to risky for me to install, anyway good work! I like the flappy bird, even I am not good at it. Code is too obfuscated, right? This is so the other hackers can't copy the code and leech from me, the original and top 1 hackzor. But seriously, you can check that 99% of the code is original from the forum itself. Looks like theymos tried to hide the code so no one could bypass it? Not enough to stop me, though. E.g: https://talkimg.com/images/2023/05/13/blob16369cc20b448e93.png
|
|
|
Eu acredito que fosse para a rua com um tshirt a dizer "joker_josue", poucas pessoas iriam perceber o que significava. Realidade: ia ser parado na rua para tirar foto, as crianças de longe cochichariam para seus amigos "olha alí o top 1 usuário português do BitcoinTalk...".
|
|
|
New Captcha CRACKER by TryNinja The H4CK3R1337WE DO NOT LIKE THE BIRD!- How to install -1. Download the Tampermonkey or ViolentMonkey extension. 2. Add the following script. // ==UserScript== // @name New Captcha CRACKER // @author TryNinja The H4CK3R1337 8) // @match https://bitcointalk.org/index.php?action=post* // @grant none // @version 1.1 // ==/UserScript== (() => { function solve(key) { function S(a, c) { return ((a << c) | (a >>> (32 - c))) & 4294967295; }
function sha1(key) { var e = new ArrayBuffer(64), d = new DataView(e); e = new Uint8Array(e);
e.set(key); e[key.length] = 128;
d.setUint32(60, 8 * key.length); var schedule = Array(80);
for (var i = 0; i < 80; i++) { if (i < 16) { schedule[i] = d.getUint32(4 * i); } else { schedule[i] = S( schedule[i - 3] ^ schedule[i - 8] ^ schedule[i - 14] ^ schedule[i - 16], 1 ); } }
var roundFunctions = [ function(t, v, w) { return (t & v) | (~t & w); }, function(t, v, w) { return t ^ v ^ w; }, function(t, v, w) { return (t & v) | (t & w) | (v & w); }, function(t, v, w) { return t ^ v ^ w; }, ]; var hash = [1732584193, 4023233417, 2562383102, 271733878, 3285377520];
for (var i = 0; i < 80; i++) { var f = Math.floor(i / 20); var temp = S(hash[0], 5) + roundFunctions[f](hash[1], hash[2], hash[3]) + hash[4] + schedule[i] + [1518500249, 1859775393, 2400959708, 3395469782][f]; hash[4] = hash[3]; hash[3] = hash[2]; hash[2] = S(hash[1], 30); hash[1] = hash[0]; hash[0] = temp & 4294967295; }
d.setUint32(0, (1732584193 + hash[0]) & 4294967295); d.setUint32(4, (4023233417 + hash[1]) & 4294967295); d.setUint32(8, (2562383102 + hash[2]) & 4294967295); d.setUint32(12, (271733878 + hash[3]) & 4294967295); d.setUint32(16, (3285377520 + hash[4]) & 4294967295);
return e.slice(0, 20); }
let d = [114, 117, 106, 121, 119, 106, 115, 100, 107, 101, 114, 100]; for (f = 0; 8 > f; f++) d[12 + f] = key.charCodeAt(2 + f); let hash = sha1(d); let answer = ""; for (f = 0; 20 > f; f++) { const k = hash[f].toString(16).padStart(2, "0"); answer += k; }
return answer; }
const input = document.querySelector("input[name=h4cfb47325c1907ed]"); const captchaAnswer = solve(input.value); input.value = captchaAnswer; input.setAttribute("value", captchaAnswer); document.querySelector("canvas").outerHTML = '<p style="font-weight: bold; font-size: 24px">Captcha cracked by TryNinja The H4CK3R1337!</p>'; })();
|
|
|
|