Good afternoon, I sent a recovery email for a voucher issued on May 5th, I didn't get a reply from the email, comodoro@tutanota.comDid you mean March or April?  May is next month!!  Which email address did you send to? Official support is at: chipmixer@protonmail.comNote that they can sometimes take a day or 2 to answer, but they do answer... so as long as you have been using the correct site and haven't used one of the (many) fake clones of https://chipmixer.com/ or http://chipmixerwzxtzbw.onion/ then your funds will be safe! |
|
|
|
You haven't installed the libraries properly... you don't install them by simply downloading the .zips, extracting and copying to the Python directory. If you're wanting to run Pywallet properly with Windows, you need to install the libraries using pip. As per the pycrypto page on pypi.org, the install command is: If you didn't let the installer modify your path, you might need to use the full path to the "pip" script: c:\Python27\Scripts\pip install pycrypto
Once you have pycrypto installed, you can try running PyWallet... looking at your screenshot, you don't appear to be running it correctly. Given that it's not a BTC wallet, you'll definitely need the --otherversion command... From the registered coin types, Komodo is 141... so something like: python pywallet.py --dumpwallet --datadir=x:\FULL\PATH\TO\WALLET\DIR --wallet=walletfilename --otherversion=141 > wallet.txt
Note that Pywallet on windows is VERY particular about the --datadir... it really needs to be the FULL path to the directory... --wallet is only required if the file is not called wallet.dat |
|
|
|
If that website is successfully decrypting your keys... and it seems to be using CryptoJS with "default" options... then I would guess the options for writing scripts would be: 1. Write something in Javascript that uses the CryptoJS library but reads individual lines from a file and decrypts them or 2. Attempt to mimic the default CryptoJS settings in another language like Python and read in individual lines from a file and decrypt them If you're not able to write such a script yourself, you'd need to find someone you trust and get them to do it for you.
EDIT: I got bored  EDIT 2: OOPS!! forgot the part where it says "use a SHA256 of your password as the key!"    I've hacked up a small javascript that can be run using NodeJS ( https://nodejs.org/). It seems to be decrypting stuff (I installed the "SpareCoins" extension, backed up the wallet, and tested the script on the encrypted keys from the backup file)... So, fingers crossed it would work for your file. No guarantees tho!  NOTES: - You need the 'rollup' aes.js from CryptoJS (I've included it with my script on keybase link below). - You need to edit the dev_keys.js file and put your password in as the 'key' - All your encrypted keys need to be in a file called 'encrypted_keys.txt', one encrypted key per line (see example below) - It'll create a file called 'decrypted_keys.txt', with one decrypted privatekey per line - I've put copies of all the files on my keybase.io: https://keybase.pub/hcp/dec_keys/- As always, use at your own risk! - I accept no responsibility for anything that happens should you decide to try this script! var fs = require('fs');
var crypto = require('crypto');
eval(fs.readFileSync('aes.js')+'');
var key = 'password';
var hash = crypto.createHash('sha256').update(key).digest('hex');
var array = fs.readFileSync('encrypted_keys.txt').toString().split("\n");
for(i in array) {
if (array[i].length > 0) {
var decrypted = CryptoJS.AES.decrypt(array[i], hash);
var utf8 = CryptoJS.enc.Utf8.stringify(decrypted);
process.stdout.write(utf8+"\n");
fs.appendFile('decrypted_keys.txt', utf8+"\n", err => {
if (err) {
console.error(err);
return;
}
//done!
})
}
}
example encrypted_keys.txt (the passkey is 'password'): U2FsdGVkX1/ugbl2NotXVsiIdPaRwbe9fqSSVzSRJKi4blQvdtwMBUZnC9zjzuZ+dZOQj7AWN/eEfWuxnsKXykTWW3wq9zZ1+kvLPSNkIf8=
U2FsdGVkX18m7rxwczplFDZrommKXG5tZxVAN4YKVftdXw1biTsE+Q+vPUHRd6Qd1S3Rc/lzjO1leP0DLR1VkcUj9kOTqHeR+Yl9dw8hy40=
U2FsdGVkX18nW63+xUt/qWrFvKBAON6CXtTgZKs2X+qiGWrdMGJQgL+HuMRhof/RMzjFzb5nPRP0vUguCz7Zq+VcoDVS6cGhd+FFiYvAoxU=
U2FsdGVkX1+mANMbct/hfRfJAnboeLA51UVLY2OqCm+F4LRAo9HZwbiSBUNO1Vs+TC2jrEl3hoSXYBbexYdd1+BAIygipIqQhtjsq+Ov1kA=
U2FsdGVkX19BnQf2anIVfHOFpKBroUXat7HdDqWcO54fEqHs8tGo8VwqUIGtQLJYvraLyrwAF6Rh6CxMo1kmx/kuGdN+H7QR49C021UpyAo=
U2FsdGVkX1/BDfQr34Q82ApeZgkIWH1IBquWria6X2Ajz8FPneso+pS/ksH+CAKFewqgukQ26aPcLz1VEemhcAOb42vWk21WH/g7nI7GZ1Y=
U2FsdGVkX1+Cl+C1B3aSwwgKIdSFWYgsrt4cHRB1DE7+DRTf6tiurEAx5EYu+NZSKo+qAHFJhWzzdbprj+IHOXcwv5umTvx2sxgyB+ESWQI=
U2FsdGVkX1+/i9JgEguwQfJfFV5bOaEzEozZcQCMVbzvEF56TDkYlXBE3L3gvCojj1ZLLzgjRtkBLckQVv19AF6ttV7TWzUki0Tb0/96n3I=
U2FsdGVkX1/ugbl2NotXVsiIdPaRwbe9fqSSVzSRJKi4blQvdtwMBUZnC9zjzuZ+dZOQj7AWN/eEfWuxnsKXykTWW3wq9zZ1+kvLPSNkIf8=
U2FsdGVkX18CtXV/jRBx5gQn8OHY3uKQ4eDYOkTs/2DDpVEC4BRQZD4vtrlG6rNGj331NyLAu19hUvncDDYSH8tsHoffkZ+FHMv4u3cEP6k=
Using the passkey of 'password', the decrypted_keys.txt: 5JZJeLV7U5DbYiEpNh78waPCdc8r3Mf1RZRdZyEwpiNTAmLippn
5J9SrWoSKzwxVibB4JS3YqMcVJCBctrsLxd1wAgaW8bdNJqGXaV
5KTd2sGoJv3RLFk2qY4PeP7wJieZDiMpcGwiAcY5Cv1QuyCQGVf
5JAoQDUGrczyGyDgqSKHuSdWKEk7ZQzvSX5peTfo74QkQtCrgQH
5JFiErULUKFYWKxC9JdgqvaR7y2f6edfTn7oaTfhmPi2vGp7YYR
5KCpjABBPVh9hQAYyxpixaZMySzEEMqJPDKuTLwuzJdQJHFWZZ1
5KUT9Fdu6uikLyLDkVRvvmeFfTXRAPKxdETxgkegxyKcmGPYATc
5JS2eqw7RkQJx1k3NsJDR7Fx3YXLWugT47oVFJCqsSQhzAAvDxk
5JZJeLV7U5DbYiEpNh78waPCdc8r3Mf1RZRdZyEwpiNTAmLippn
5JhokRFK6fpiguvWHWCpv7HDogmRnD5fCNL6Ked4VHYX6Fborzj
|
|
|
|
You should consider each and every one of those private keys as compromised and never use any of them for anything again. Likewise, consider your password compromised and don't ever use it for anything and/or change it if you've used it anywhere else! Is there a way I can input more than 1 encrypted private key at a time? I have hundreds of encrypted private keys I want to check for any btc balance.
So each private key is encrypted separately? It's not a single encrypted file... but a file of individually encrypted keys? yeeeeshhhh  The only way you'd be able to do them all at once, would be a script of some sort that could read the input file, and then individually decrypt each key and output them all to another file.
|
|
|
|
Write down needs and you'll hear some options
This is often the critical step that most people seeking help seem to skip... and most people trying to help fail to ask for. They're simple enough questions... "What is the best wallet?"... "Is WalletX a good wallet?"... But the "short" answer is always "It depends"... and the "long" answer will always require a list of the question-asker's goals and needs. |
|
|
|
Curious that the OP suggested that. I've downloaded software that doesn't provide a signature file for the binaries, but instead includes a PGP signed list of checksum hashes. I can't remember if it's TOR browser of Oracle VM that does that, but it seems like a viable way of doing it, even if it requires an second step and knowledge of both PGP, and how to check for hash values.
Or perhaps you are thinking of Bitcoin Core? https://bitcoincore.org/bin/bitcoin-core-0.19.1/SHA256SUMS.ascIt's something I've thought about in the past, why doesn't Electrum publish their checksum hashes? A lot of us old-timers have been verifying the checksum of downloaded software for some time now.
I don't really see any difference between checking the signature on the binary file... and checking the signature on the file of the checksums and then checking the checksums... except, for the latter, it's a two step process! Which I would guess is the reason why the Electrum devs sign the binaries Has the source of fraudulent message been found? How were so many servers infected?
Servers were not "infected"... Someone modified the server code to display the message instead of standard server responses... then they deliberately ran that code on a bunch of servers that were spun up on services like AWS in various locations... basically, create one, clone it 100s of times... let them go. By flooding the network with "malicious" servers, chances were good that people would end up "randomly" connected to one. |
|
|
|
|
Thanks for the headsup!... I never read off-topic (and that thread shouldn't be in there anyway, imo!)... so I've dropped the author some merit and a PM (as the thread is locked).
|
|
|
|
....
Anyhow
Now i'm in this and he's trying to convince me that its all safe and i would now only need to top up 15% of the gains from the "non-spendable" to retrieve the amount that apparently is in my favor with a bit coin address linked to my wallet which says non-spendable with funds approximately 5k worth of btc.
I'm starting to feel as if i'm scammed, but not sure since i have contacted another guy whom is portrayed by branco as an investor.
He's profile was shared to me by branco, and he looks like a straight up family guy serving in the army.
I wrote to him asking if he had experienced the same, and how its going for him.
He gives me an answer saying that he confirms the same situation has happened to him, and i should trust keeping my investment with branco.
Apparently he's been investing with for a while as he states the following -
By 10th of this month will make it 6 months of my investment with cryp branco. Your investment is safe with them.
As before: IT IS A SCAMRegardless of what this other "investor" is claiming, this scheme IS completely bogus and you have been scammed. Your money is gone, you will not be able to get it back. I would recommend that you immediately cease communicating with both of these fraudsters (unless you are attempting to get information that might help identify who they really are so you can pass it to law enforcement). But in any event, you chances of recovering your $500 are pretty much zero. |
|
|
|
|
DO NOT SEND ANY MORE MONEY ANYWHERE!
I concur. This is a total scam. You have already lost $500. You will not be able to recover the funds you have already sent as you have no access to the private keys (which is why it is "non spendable"). You can't "unlock" this wallet or the funds by sending more money.
In the future, NEVER let anyone create a wallet for you... changing a password means nothing if the other party has already had access to private keys/seeds and/or the wallet they give you is "watching only" or "non spendable"... your funds will NEVER be safe.
|
|
|
|
That's probably just some plaintext encrypted to AES... so you simply need to use an AES decrypt function and pass in the necessary IV and secret key... in this case, they haven't specified the IV (Initialisation Vector) and have stated that the secret key is the SHA256 digest of your password. There are plenty of examples online of how to implement this sort of procedure... like in the first example shown here for Python: https://www.quickprogrammingtips.com/python/aes-256-encryption-and-decryption-in-python.htmlIn this particular instance, you can see that they are indeed using the SHA256 digest of the password as the encryption key, as it's a fairly "common" method. Having said that, I would contact the support/devs for your web wallet and ask them for a utility/script or step by step instructions for how to decrypt your wallet info, just in case they have used something unexpected for some of the encryption values. |
|
|
|
I have a chromebook. is there any way I can use this OS to join in on the folding fun? I found an old APK which allows me to fold with my android, but it doesn't provide an option to join a team. I'll continue to use my phone, as that's my only option, but I'd like to contribute to the team stats if possible. does anyone have any ideas?
While I admire your desire to contribute... your hardware isn't really suitable for the task. Aside from the obvious lack of clients for the Chromebook and outdated Android (there is no official Android client that I'm aware of), the performance of both your devices is likely to be fairly poor But, if you're deadset keen on giving it a go, I've seen that people have managed to install Linux on a Chromebook... if you could get a Linux distro up and running on your device, you should then be able to run the official Linux folding client. |
|
|
|
And please answer the question in post#2, where did you stored your 12-word seed phrase? <-- must be the issue.
He already did up in Post #4... it was just a bit hidden in the "bad" quoting: the seed phrase is written on a piece of paper and is hidden in my personal safe. no one can access her. besides this, I specially changed the word order on paper, the correct order is known only to me.
Like I said, if everything he said is true... it's very puzzling and concerning. |
|
|
|
Thanks HCP. Yes you are right, it was the libsecp256k1-0.dll that was creating some issues for me. I appreciate your offer and please no offence but with the past scam around Electrum, I was hoping a version (with all the components incl. DLL) could be downloaded from the official source. I guess I'll have to wait for the official release 4 which hopefully will be available in the coming months.
No offence taken... I understand your concerns. In which case, I'd suggest you download and install a virtual machine like Oracle Virtual Box, install Ubuntu 18.04 and compile your own version of libsecp256k1-0.dll... it isn't overly hard and doesn't take a lot of grunt... My Ubuntu VM only has 4 Gigs of RAM assigned to it... and my host machine is Windows10 with 8 Gigs total (and a very old i5-3570k). Hell, you could probably even try installing the Windows Subsytem for Linux... run "Ubuntu" using that and compile the libsecp256k1-0.dll there. I might even test if this is possible if I get bored enough |
|
|
|
I doubt it, using PGP is hard task for most people. I doubt anyone perform PGP verification aside from security expert, geeks or anyone with serious security concern.
Most people is more likely to ask whether a website is real or not.
So which do think would be "harder" to handle for most users... verifying the digital signatures... or losing their life savings? Be Your Own Bank == Be Your Own Bank's Security Department If you're not going to do it properly, then the outcome should not be a surprise. Checking the PGP signatures is NOT hard or beyond the ability of the majority of computer users. The problem is that is takes time and effort to learn... usually the first one is in short supply for most people, however in the current environment, most people have a lot more time. Now they just need to make the effort. Adbussamad's step-by-step guides are very good and should be easy enough to follow for anyone: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/ |
|
|
|
I'm not blaming the brand or implying that they are the thieves... I'm questioning the fact that this wallet was installed on an Android device and it appears that it can be relatively easily rooted and flashed with all sorts of different/custom ROMs: https://forum.xda-developers.com/mi-9t/development@OP, is your device rooted? |
|
|
|
This is indeed puzzling and concerning... if all that OP has said is true regarding their OpSec (only installed from Play Store, seed on paper in safe etc) then theoretically their funds should be "safe" from such events. installed on Xiaomi mi9t pro.
Could this be a possible vector? The fact that it is a Xiaomi device? They run a custom version of the Android OS right? Is it root-enabled? |
|
|
|
I've been building the Windows version of 4.0.0a0 for a while now... what dependency do you think is missing? If you are just after libsecp256k1-0.dll (64 bit) so you can run from source, then you can get a copy of that here: https://keybase.pub/hcp/libsecp256k1-0.dllOtherwise, I have my latest build available here: https://www.mocacinno.com/HCP/ (Thanks for the hosting again mocacinno! ) NOTES: - Ignore the file name of 3.3.8. It IS a 4.0.0a0 build, it's just that the build script has not been updated to set the file name at build time as yet. - This is the "portable" .exe... I can provide the installer or standalone if you really want, but the portable is more suited for 'testing' purposes imo as it can be run in it's own separate directory without disturbing your current "install". |
|
|
|
Staking my BTC ADDRESS AS OF MARCH 20, 2018
3LjVmpw2wDWawaPGa8Lj5JYjYciXDAePbW
Quoted for you, and feel free to sign message with that address, it's helpful for you latter. Posting my FRESHLY MADE ADDRESS: -----BEGIN BITCOIN SIGNED MESSAGE-----
I, cabalism13 of Bitcointalk Forum, hereby claim that this address is owned by me and will be my BTC address starting today April 5, 2020 3:45PM (PH Time). Also will follow another BTC address for my Private Transactions.
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: bc1qcgmytl4nmdlw3pjcnaghfhcqdckdyrtr36e4af
INykzCnOSUMBckuVEj+ITSOXMqKM+TwycdkSm6ozV1W0O/ssgELkV9MzERnM6JEXAOsC3k0QyMG1TkG7cw41CHA=
-----END BITCOIN SIGNATURE----- also will make another for my Private transactions but for the meantime this comes first. Quoted and verified with Electrum  |
|
|
|
Not likely, as individual block files are not interchangeable... my "blk01881.dat" file will not be identical to yours. As above, did you move just the "blocks" or did you move everything including "chainstate"? |
|
|
|
Nope... just the notification:  and then the popup with the link to the official download:  On a side note, maybe the should include a note in that dialog to remember to verify the download! |
|
|
|
|
Show Posts
