Re: [AXIOM] AxiomMemHash, Schnorr Sigs Implemented, APOS 3.0, AXH 2.0 Proposed

[chrysophylax]

Sorry , I misunderstood , The Hack weren't trough Axiom's miner , it was elsewhere..

o ok ...

and im assuming this is windows ... again ...

:| ...

#crysx

[mitchellmint]

I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...

not so long i lost all my crave and various ppl are reporting of different hack on different coins getting stolen. funny thing is i believe there is some sort of 0day exploit as recently malwarebyte blocked one IP trying to remote control axoim running wallet. maybe someone with skills could explore that area.

Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.

getting closer?

make sure you add this to your conf file

rpcallowip=127.0.0.1

There are people out there that ping the nodes and try the blogged username and passwords.  It only takes a couple seconds before you loose everything once they have RPC access.

[ozboy2014]

I don't have a .conf in my directory... still getting 55 connections and staking though.. is ther aneed for the config file?

[hashbrown9000]

I take it the minerd from the original post is still safe?

[ozboy2014]

I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...

not so long i lost all my crave and various ppl are reporting of different hack on different coins getting stolen. funny thing is i believe there is some sort of 0day exploit as recently malwarebyte blocked one IP trying to remote control axoim running wallet. maybe someone with skills could explore that area.

Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.

getting closer?

make sure you add this to your conf file

rpcallowip=127.0.0.1

There are people out there that ping the nodes and try the blogged username and passwords.  It only takes a couple seconds before you loose everything once they have RPC access.

So binding the above ip and using alphanumeric user name and password should be sufficient?

[jc12345]

Even with that, can't some hacker just generate a rainbow table? They would compare their rainbow table to the blockchain, and when they get a match, just import the private key into their wallet and steal those coins? Or would that be too unwieldy?

http://directory.io <-- bitcoin
http://buttcoins.com <-- bitcoin, clamcoin, dogecoin, litecoin

Start searching. Those websites contain every possible address and private key.

Those sites are probably fake or maybe contains only a tiny fraction of the keyspace. It is not possible to create a rainbow table for Bitcoin with today's technology. It will take too much time and energy and storage space. There are so many links to quote where people have already answered why this is not possible at this point. Just google it. Ill past a few:

Link 1
Link 2
Link 3

Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.

You dont have a clue what you are talking about regarding public/private key cryptography do you?

I guess this also applies to you. Are you sure you have no signs of a trojan on your system? Upload your wallet and minerd again and compare the virustotal hashes.

https://bitcointalk.org/index.php?topic=1135151.msg12024102#msg12024102

[keesdewit]

Sorry , I misunderstood , The Hack weren't trough Axiom's miner , it was elsewhere..

Did you had the RPC or P2P port exposed to the internet? What address were the coins sent to?

[keesdewit]

I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...

not so long i lost all my crave and various ppl are reporting of different hack on different coins getting stolen. funny thing is i believe there is some sort of 0day exploit as recently malwarebyte blocked one IP trying to remote control axoim running wallet. maybe someone with skills could explore that area.

Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.

getting closer?

I have the same thoughts. Somehow the axiom wallet has a vulnerability but I am not sure what. Looking through the sourcecode now to see if I can find unchecked buffers or other vulnerabilities.

[keesdewit]

Even with that, can't some hacker just generate a rainbow table? They would compare their rainbow table to the blockchain, and when they get a match, just import the private key into their wallet and steal those coins? Or would that be too unwieldy?

http://directory.io <-- bitcoin
http://buttcoins.com <-- bitcoin, clamcoin, dogecoin, litecoin

Start searching. Those websites contain every possible address and private key.

Those sites are probably fake or maybe contains only a tiny fraction of the keyspace. It is not possible to create a rainbow table for Bitcoin with today's technology. It will take too much time and energy and storage space. There are so many links to quote where people have already answered why this is not possible at this point. Just google it. Ill past a few:

Link 1
Link 2
Link 3

Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.

You dont have a clue what you are talking about regarding public/private key cryptography do you?

I guess this also applies to you. Are you sure you have no signs of a trojan on your system? Upload your wallet and minerd again and compare the virustotal hashes.

https://bitcointalk.org/index.php?topic=1135151.msg12024102#msg12024102

I do know what I am talking about regarding cryptography, it is part of my daily job. Explain to me what is wrong with my explanation if you know it better.

Let me explain the sausage example (all uncompressed):

SHA256(sausage) = 30caae2fcb7c34ecadfddc45e0a27e9103bd7cfc87730d7818cc096b1266a683
BASE58(30caae2fcb7c34ecadfddc45e0a27e9103bd7cfc87730d7818cc096b1266a683) = 5JBmuBc64pVrKLyDc8ktyXJmAeEwKQogn6jsk6taeq8zRMtGZrE

Now the derived public key will be 1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZ

Check the block explorer: https://blockchain.info/address/1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZ

The result, a public and private key based on the word 'sausage':
1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZ
5JBmuBc64pVrKLyDc8ktyXJmAeEwKQogn6jsk6taeq8zRMtGZrE

Now tell me, where am I wrong?

[cyberspacemonkey]

So many people have gotten hacked  . Good thing I run my miner on a different computer than my wallet and I always encrypt no matter what.

[Anonyme]

So the dumper at trex is hacker not whale?

[jc12345]

I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.

Ok, answer the following for me:

1) Can you tell me the key length of the private key of a wallet?
2) Can you tell me who "chooses" the private key - the "wallet" or the user?
3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing if he actually decides to encrypt his wallet?
4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key by using the wallet password if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to? My question in point 4 is what you are in fact saying is possible in your argument.

[go6ooo1212]

It was definitely a troyan to me, I found it and cleaned it , but it was too late. It have been archived almost every single wallet.dat in my appdata folder. I moved the unharmed coins to brand new wallet.dat encrypted files...

EDIT: Yes I had rpc ports exposed to the network for solo mining , of course ...

[antonio8]

It was definitely a troyan to me, I found it and cleaned it , but it was too late. It have been archived almost every single wallet.dat in my appdata folder. I moved the unharmed coins to brand new wallet.dat encrypted files...

EDIT: Yes I had rpc ports exposed to the network for solo mining , of course ...

For myself, just curious, and others who might want to know. Did you get the name of the trojan?

EDIT: It might others who were infected also.

[ajw7989]

All this wallet hacking got my nervous I just encrypted my wallet and added the local rpc. I run mine off a server right now for staking purposes and to have the wallet on 24/7.

[go6ooo1212]

It was definitely a troyan to me, I found it and cleaned it , but it was too late. It have been archived almost every single wallet.dat in my appdata folder. I moved the unharmed coins to brand new wallet.dat encrypted files...

EDIT: Yes I had rpc ports exposed to the network for solo mining , of course ...

For myself, just curious, and others who might want to know. Did you get the name of the trojan?

EDIT: It might others who were infected also.

[MickGhee]

I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...

thats why i dl only from op sad to say but you risk a lot when u trust a stranger from the internet

[keesdewit]

I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.

Ok, answer the following for me:

1) Can you tell me the key length of the private key of a wallet?
2) Can you tell me who "chooses" the private key - the "wallet" or the user?
3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing?
4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to?

Sure I can:

1) The lenght is 256 bit or 32 bytes if you like, which results in 16^64 or 2^256 possibilities.
2) The input for the hash function that produces the private key can be from human input or from a (strong) random generator (that is built into the wallet)
3) If I understand this question right (bit of a language barrier): In both situations
4) It is not about getting the users wallet password with a rainbow table. See answer 2 where it is possible to have human input (so called brain wallet) for the hash function that results in the private key. Those can be brute forced with a rainbow table. Also see the details of the sausage example.

[go6ooo1212]

The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...

[MemberCount+1]

which miner?
from the first page https://mega.co.nz/#!MQ8nkA7C!geDKX8ROONKzQrDYL96KLfJTwPNI3AK5SdtPxjz5E-8 ?