Just now: <evan82> I found out what's going on, I'll have an update out in a few minutes Edit: <evan82> props to whoever figured this out, pretty cool hack
<evan82> I could use some help programming whoever you are
Not interested. I'm not so good at C++, really.
Btw, you should hire some real penetration tester, not me or
what was the name of that guy?Ok, could the person who found the bug post here, I promise no one's gonna hate on you. Would be interesting to hear
how long it took to find it, and how did you approach it? And also, would you help testing DRK in the future?
About 6 hours to look through the code to get the main idea of darksend, 2 more hours (got lucky) to find this vulnerability and about 8 hours to code and deploy the exploit.
I will definitely run some more tests with darksend. Will I help or just going to abuse it? Dunno lol. It seems to be more vulnerabilities in darkcoin. Code looks terrible (nothing personal
)
Proof of identity:
./darkcoind verifymessage XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq \
"ILLG8hT+bkKUDznBD8R+EGowIal/QFVhEJM2HvrAREeE+LXl++HqeI+Go9+976p7iZ7CTgybpTGIucb3ycMwwek=" \
"XwzmEE1cJ6HG84CgJvAt7ADmJ @ bitcointalk.org, darkcoin thread. Signed with XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq"