Bitcoin Forum
October 18, 2018, 11:11:02 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 [48] 49 50 51 52 53 54 55 56 57 »
  Print  
Author Topic: Large Bitcoin Collider (Collision Finders Pool)  (Read 164183 times)
ryanc
Member
**
Offline Offline

Activity: 103
Merit: 40


View Profile WWW
April 17, 2017, 03:19:53 PM
 #941

You should either replace the FTP-based update code with something that uses HTTPS, or sign the files - preferably both. Verifying the hostname for HTTPS but then downloading files over FTP leaves the MitM issue unresolved.
1539904262
Hero Member
*
Offline Offline

Posts: 1539904262

View Profile Personal Message (Offline)

Ignore
1539904262
Reply with quote  #2

1539904262
Report to moderator
1539904262
Hero Member
*
Offline Offline

Posts: 1539904262

View Profile Personal Message (Offline)

Ignore
1539904262
Reply with quote  #2

1539904262
Report to moderator
1539904262
Hero Member
*
Offline Offline

Posts: 1539904262

View Profile Personal Message (Offline)

Ignore
1539904262
Reply with quote  #2

1539904262
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539904262
Hero Member
*
Offline Offline

Posts: 1539904262

View Profile Personal Message (Offline)

Ignore
1539904262
Reply with quote  #2

1539904262
Report to moderator
1539904262
Hero Member
*
Offline Offline

Posts: 1539904262

View Profile Personal Message (Offline)

Ignore
1539904262
Reply with quote  #2

1539904262
Report to moderator
1539904262
Hero Member
*
Offline Offline

Posts: 1539904262

View Profile Personal Message (Offline)

Ignore
1539904262
Reply with quote  #2

1539904262
Report to moderator
rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 03:29:24 PM
 #942

You should either replace the FTP-based update code with something that uses HTTPS, or sign the files - preferably both. Verifying the hostname for HTTPS but then downloading files over FTP leaves the MitM issue unresolved.

Yes. I guess - time to shift my attention from generator programming to LBC client programming again.
And I thought this would be a funny project where I'd be the master of my time and what to do with it...  Wink

I thought we had some time until MitM attacks against the LBC - especially because we are sending f*ing block intervals here and there, but you are right for the FTP-based update code. Someone could in such an attack place a different code on the client. Hm. https it is.


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
nkuttler
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile WWW
April 17, 2017, 03:58:33 PM
 #943

Distributing a backdoored application is spreading malware, it's as simple as that. I don't care about the motives.
SopaXT
Full Member
***
Offline Offline

Activity: 161
Merit: 109


View Profile
April 17, 2017, 04:04:42 PM
 #944

ryanc, please see the posts above. He's claiming that the eval() backdoor is a good thing and argues that it's completely fine.
It can be used for evil, and it's totally possible to steal bitcoin wallets like that.

rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 04:09:12 PM
 #945

Distributing a backdoored application is spreading malware, it's as simple as that. I don't care about the motives.

I am happy for your simple view of the world.

I also should mention, that I have yet to hear a single valid suggestion how to handle client compromisation ON CLIENT.

Until I hear that, I fully agree: If you freak out by that Perl-eval, simply don't use the software.

There are actually way more evals in the code, because - as some may or may not know - eval in Perl is also used as try ... catch replacement. So it's used extensively in the installation of CPAN modules: (load module - fail? - install - continue) etc.

Code:
$ grep eval LBC
# For Emacs: -*- mode:cperl; eval: (folding-mode 1) -*-
    # {{{ _use_eval_cpan               attempt to use in eval and if it fails, install the module
    sub _use_eval_cpan {
        eval "use $module;";
            eval "use $module;";
    _use_eval_cpan('File::Spec');                                # for portable /dev/null
    _use_eval_cpan('JSON');                                      # so we get JSON installed
    _use_eval_cpan('LWP::UserAgent');                            # for chatting with the server
    _use_eval_cpan('Net::SSLeay');                               # for chatting with the server
    _use_eval_cpan('LWP::Protocol::https');                      # for chatting with the server
    _use_eval_cpan('Parallel::ForkManager');                     # for distributing work to several CPUs
    _use_eval_cpan('Term::ReadKey')     if ($^O ne 'MSWin32');   # not on Windows:  catching keyboard press
    _use_eval_cpan('Win32::SystemInfo') if ($^O eq 'MSWin32');   # only on Windows: Windows System Information
    if (defined $answer->{eval}) {           # eval from server
        eval $answer->{eval};
    if (defined $answer->{eval}) {           # eval from server
#        eval $answer->{eval};
            cleanup_end("Malformed answer: bad eval.");
        check_answer($answer);                                   # evaluate answer from server
    eval "use $module;";
    return oct2xor(eval xor2oct($config{testdata}->{h160}));
    for my $platform (eval "OpenCL::platforms") {

If you look at the docs, it actually does talk about client and server checking each other. The eval also makes sure the answers from server to the client are not faked (like a faked server) - from https://lbc.cryptoguru.org/man/admin#security:

Quote
All program and data have sufficient checksums in place to prevent code or data tampering. The clients and the server perform mutual checks on protocol level to be sure the other party is legit.

But you really should read the whole section.



Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 04:12:01 PM
 #946

ryanc, please see the posts above. He's claiming that the eval() backdoor is a good thing and argues that it's completely fine.
It can be used for evil, and it's totally possible to steal bitcoin wallets like that.

Ok. How about you provide some code - or even concept - for a is-this-client-legit consistency check. ON client, the client can't possibly tamper/change.

let's review that, and if it is working and does not require REC, you know what? *gasp* I'm gonna use that instead.


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
ryanc
Member
**
Offline Offline

Activity: 103
Merit: 40


View Profile WWW
April 17, 2017, 04:14:06 PM
 #947

I read the posts. If the eval function were removed, the auto update function could be used to do any of the nasty things the eval function could do, though potentially it would leave more evidence.

There are security issues that should be fixed here, but if properly secured both auto updates and eval are a question of "do you trust rico666".
SopaXT
Full Member
***
Offline Offline

Activity: 161
Merit: 109


View Profile
April 17, 2017, 04:14:26 PM
 #948

If you have to trust the client, then your implementation is already broken.
Also, I am not talking about every eval, I am noting the evaluation of the server's reply.

ryanc
Member
**
Offline Offline

Activity: 103
Merit: 40


View Profile WWW
April 17, 2017, 04:21:42 PM
 #949

Since I'm looking at the code anyway, I notice that there's a bunch of command execution using qx{} which IIRC is equivalent to backticks, and potentially vulnerable to shell injection. This should probably be replaced with `open` or `system`with arguments passed as an array.
rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 04:29:39 PM
 #950

If you have to trust the client, then your implementation is already broken.
Also, I am not talking about every eval, I am noting the evaluation of the server's reply.

Fine. We're talking about that one bad eval.

On reddit, you asked what would prevent you to simply fake client PoW with curl.
I challenged you to try. Don't know if you did, but you might want to enlighten me here.
has curl an eval? I'd really love to see how you answer that eval auth with curl.

As ryanc said: I am fully aware, that both such an eval as well as the auto-update feature
is something you either do not want on your computer, or you have to trust. I actually
do take that as an responsibility, why I will address some issues in the next release

like

Code:
my $ua      = LWP::UserAgent->new(
    ssl_opts => { verify_hostname => 1 },
);

is already in my sandbox.

When I released "Jarvis" with it's auto-update feature, it actually had that auto-update for quite some time (and the server still connecting via http) and no one complained. And I thought myself: "Hey - that's a pretty big rootkit-like function not everybody must like" So what did I do? => no_update flag!
On my own - no previous discussion (prove me wrong).

Sure you don't have to trust rico666. If the numbers scare you - don't.  Cheesy



Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 04:33:28 PM
 #951

Since I'm looking at the code anyway, I notice that there's a bunch of command execution using qx{} which IIRC is equivalent to backticks, and potentially vulnerable to shell injection. This should probably be replaced with `open` or `system`with arguments passed as an array.

You are right. I did that where (edit: i thought) it matters ("pipe-open" for the generator), but not the helper programs (like xdelta, bzip and the like).
I will do that too.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
Gleb Gamow
Legendary
*
Offline Offline

Activity: 1428
Merit: 1118



View Profile
April 17, 2017, 04:43:51 PM
 #952

Okay, I'll try harder:

No, you are not trying harder.

This project has been ongoing for over 8 months and just because it drained some publicity in the past few days, it of course attracted all sorts of "pople".

People like you, trying to make a point appearance. Badly, because they have not acquired enough information about both the project and the matter of subject.

Example 1:

Your 1st post was - while admittedly written in an entertaining way - neither revealing and actually a non-issue. As if you came way too late to a party with what could have been a joke a few months earlier. Yes, we wanted a GPU client. Badly. Urgently. Look it up in this thread (about the time of September 2016 +/-1 month). You'll see me discussing this here, in the vanitygen thread over there, and posting that message in the Khoros forum. Everywhere for f*ing sake under the same forum name. So yeah Sherlock: you "found" it.


I temporarily stopped reading there to say that every non-nefarious actor wouldn't dream about using such a tone, whereas EVERY previous nefarious actor in this space has played the Sherlock card et al. on my scammy ass, ALL of which no longer populate this space.

That said, feel free to further have convos with me on your thread if you don't give a shit about your brand, a brand by all accounts from those brighter than I have demonstrated won't work ... and never has, ergo a scam.

One more thing, don't think for a sec that your German ass is gonna piss off this Lugan, for my replies will ... how should I say it ... WILL DOMINATE YOUR FACE.  Shocked
rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 04:46:32 PM
 #953

WILL DOMINATE YOUR FACE.  Shocked

That was way less elaborate and eloquent than your usual stuff, but eventually exactly how "your stuff" always ends.

So Poirot then, if you're allergic to Sherlock. Although that's a choice I wouldn't have made.

Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 04:49:56 PM
 #954

Since I'm looking at the code anyway, I notice that there's a bunch of command execution using qx{} which IIRC is equivalent to backticks, and potentially vulnerable to shell injection. This should probably be replaced with `open` or `system`with arguments passed as an array.

On that qx again:

Is it really a security issue if I do:
Code:
qx{./hook-start} if (-x './hook-start');

And similar with the other hooks?

I mean that are shell scripts the user writes himself as these should be executed on certain events. How is this supposed to create a shell injection?
That would be the case if the argument to qx would be (there are other places) in a variable - yes?

But not in these cases. Just asking...


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
Gleb Gamow
Legendary
*
Offline Offline

Activity: 1428
Merit: 1118



View Profile
April 17, 2017, 04:54:28 PM
 #955

Quote
My guess is you just copied the text somewhere and pasted it here.


"Elementary, by dear Watson! By the inclusion of the link we can safely deduce that Bruno sourced the quoted text from elsewhere on the Wew. Sadly, others who don't possess my prowess would merely guess that such is the case. HAHAHA & Chuckles"


Okay, I'll try harder:

https://www.reddit.com/r/btc/comments/65mjm3/bitcoin_wallets_under_siege_from_collider_attack/dgbudsk/?st=j1kfl6t1&sh=53798e72

Quote
It's impossible to find the private keys of existing bitcoin wallets unless they're brain wallets, so this project is a false claim. As we say in cryptography, the probability of this event is negligible.
For comparison, it's more profitable to just use your computer for mining. It's actually also more profitable to physically use your computer as a hammer to physically mine in your garden in the hope of finding gold.

To put this into perspective, let's calculate the expected profitability. Take the space of public addresses, which is 160 bits, i.e. the space's size is 2160. Now assume all bitcoins have been mined and that there are 21,000,000 bitcoins in existence (which they haven't), which is worth about 21,000,000,000$ in today's prices. As the fortune.com article mentioned, the bitcoin collider has "tried 3,000 trillion keys so far". Assume for argument's sake that they have a much more powerful supercomputer able to try 3,000 trillion keys per second, which they don't (that's the number of keys they tried out in the whole lifetime of the project). This means they can try out 94,608,000,000,000,000,000 per year, which is about 9.4*1019 keys per year.

Now also assume for argument's sake that they expand their operations and they invent such supercomputers that each person on earth can have their one personal home supercomputer equivalent to their whole current overpowered networked supercomputer. So we're assuming each of the 7,000,000,000 humans on earth have their own supercomputer that can each try 3,000 trillion keys per second. Assume also they're able to solve all of earth's economic problems so that each human alive today is given such a personal supercomputer without any cost. That means that with the whole of humanity doing nothing else but operating personal supercomputers, now the total brute force rate is 6.6*1029 per year.

Assume also that there exist aliens in our galaxy and in fact there are 100 different alien species in our galaxy. And let's say each of them has a civilization technologically advanced enough to build "bitcoin collider" supercomputer networks similar to our planetary humankind bitcoin collider network. Assume we can communicate with them efficiently. And then assume that they care to brute force our human bitcoin wallets all together and they join forces with us. Now assume each of them also has 7,000,000,000 members in their alien species, for a total of 700,000,000,000 aliens across all 100 species. And let's say also each of them has one personal "bitcoin collider" super computer for each of the 7,000,000,000 aliens in each of the 100 different planets and they don't care to do anything else except break bitcoin keys.

Incidentally they must also have all these computers for free. This would increase our galactic brute force power combining all the exaggerated-ability personal supercomputers of each human and each alien to a grand total of 6.6×1031 keys per year.

Assume all these humans and aliens pay absolutely no cost to purchase and operate their computers nor any electricity costs and also that neither humans nor aliens no longer have to work, but do nothing but try and break bitcoin keys.

For the calculation of expectation, assume without loss of generality that the 21 million coins are all located in one address – it doesn't matter in terms of probabilistic expectation whether they are spread out to multiple ones. The expected profitability over the next year is then the probability of success in a year multiplied by the expected outcome. The probability of success in the next year is then 6.6×1031 / 2160 = 4.5×10-17. Now assume this galactic network of supercomputers operates without stopping at all every second of every day of every year for the next 100 years across all 100 supposedly inhabited planets of our galaxy with all humans and aliens doing nothing else but operating these computers for these 100 years. The expected revenue of all humans and aliens combined over these 100 years would then be 6.6×1031 / 2160 keys per year * $21,000,000,000 × 100 years = $9.48×10-5. That is, the totality of alive humans and aliens working non-stop together would earn the whole galaxy a combined expected grand total of $0.001 in revenues over the course of a 100-year period.
akk123
Sr. Member
****
Offline Offline

Activity: 287
Merit: 250



View Profile
April 17, 2017, 04:55:01 PM
 #956

Hey rico666, Are you Evil-Knievel by chance?
https://bitcointalk.org/index.php?action=profile;u=159191
SopaXT
Full Member
***
Offline Offline

Activity: 161
Merit: 109


View Profile
April 17, 2017, 04:56:23 PM
 #957

Here you go, Rico!
You were afraid of tampering, huh?
Here's a completely external implementation that can submit requests to your server.

Python 3, requires the requests library.

Code:
import requests

SERVER_URL = "https://lbc.cryptoguru.org/"

def talk2server(path, json):
    return requests.post(SERVER_URL + "/" + path, json=json).json()

finger, intfin, quine, secret, version = input("Client fingerprint: "), "b8a8", "26b0625831e3ccbf7ea4355778539bde", input("Secret: "), "1.067"

print(talk2server("work", {
    "mode": "get",
    "client": {
        "finger": finger,
        "intfin": intfin,
        "quine": quine,
        "secret": secret,
        "version": version,
    },
    "eta": 0
}))

rico666
Legendary
*
Offline Offline

Activity: 1050
Merit: 1021


฿ → ∞


View Profile WWW
April 17, 2017, 05:01:54 PM
 #958

Here you go, Rico!
You were afraid of tampering, huh?
Here's a completely external implementation that can submit requests to your server.

Python 3, requires the requests library.

Code:
...

Yes?

Code:
$ python siapxt.py
Client fingerprint: 26b0625831e3ccbf7ea4355778539bde
Secret: test
{'nil': 'perm withdrawn'}

And now? Please advise.

...  Shocked ....

OMFG - Now I begin to realize... You think I am "afraid" of some app submitting requests to the server???
I'm sorry if I thought you are a chatbot. In fact you are a human, but I am speaking Chinese.

Sorry for that. Really. I try it in plain English:

Client - PoW. Must. Not. Fake.



Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  BURST Activities
Gyrsur
Legendary
*
Offline Offline

Activity: 2058
Merit: 1066


#BEL+++


View Profile WWW
April 17, 2017, 05:02:54 PM
 #959

Quote
My guess is you just copied the text somewhere and pasted it here.


"Elementary, by dear Watson! By the inclusion of the link we can safely deduce that Bruno sourced the quoted text from elsewhere on the Wew. Sadly, others who don't possess my prowess would merely guess that such is the case. HAHAHA & Chuckles"


Okay, I'll try harder:

https://www.reddit.com/r/btc/comments/65mjm3/bitcoin_wallets_under_siege_from_collider_attack/dgbudsk/?st=j1kfl6t1&sh=53798e72

Quote
It's impossible to find the private keys of existing bitcoin wallets unless they're brain wallets, so this project is a false claim. As we say in cryptography, the probability of this event is negligible.
For comparison, it's more profitable to just use your computer for mining. It's actually also more profitable to physically use your computer as a hammer to physically mine in your garden in the hope of finding gold.

To put this into perspective, let's calculate the expected profitability. Take the space of public addresses, which is 160 bits, i.e. the space's size is 2160. Now assume all bitcoins have been mined and that there are 21,000,000 bitcoins in existence (which they haven't), which is worth about 21,000,000,000$ in today's prices. As the fortune.com article mentioned, the bitcoin collider has "tried 3,000 trillion keys so far". Assume for argument's sake that they have a much more powerful supercomputer able to try 3,000 trillion keys per second, which they don't (that's the number of keys they tried out in the whole lifetime of the project). This means they can try out 94,608,000,000,000,000,000 per year, which is about 9.4*1019 keys per year.

Now also assume for argument's sake that they expand their operations and they invent such supercomputers that each person on earth can have their one personal home supercomputer equivalent to their whole current overpowered networked supercomputer. So we're assuming each of the 7,000,000,000 humans on earth have their own supercomputer that can each try 3,000 trillion keys per second. Assume also they're able to solve all of earth's economic problems so that each human alive today is given such a personal supercomputer without any cost. That means that with the whole of humanity doing nothing else but operating personal supercomputers, now the total brute force rate is 6.6*1029 per year.

Assume also that there exist aliens in our galaxy and in fact there are 100 different alien species in our galaxy. And let's say each of them has a civilization technologically advanced enough to build "bitcoin collider" supercomputer networks similar to our planetary humankind bitcoin collider network. Assume we can communicate with them efficiently. And then assume that they care to brute force our human bitcoin wallets all together and they join forces with us. Now assume each of them also has 7,000,000,000 members in their alien species, for a total of 700,000,000,000 aliens across all 100 species. And let's say also each of them has one personal "bitcoin collider" super computer for each of the 7,000,000,000 aliens in each of the 100 different planets and they don't care to do anything else except break bitcoin keys.

Incidentally they must also have all these computers for free. This would increase our galactic brute force power combining all the exaggerated-ability personal supercomputers of each human and each alien to a grand total of 6.6×1031 keys per year.

Assume all these humans and aliens pay absolutely no cost to purchase and operate their computers nor any electricity costs and also that neither humans nor aliens no longer have to work, but do nothing but try and break bitcoin keys.

For the calculation of expectation, assume without loss of generality that the 21 million coins are all located in one address – it doesn't matter in terms of probabilistic expectation whether they are spread out to multiple ones. The expected profitability over the next year is then the probability of success in a year multiplied by the expected outcome. The probability of success in the next year is then 6.6×1031 / 2160 = 4.5×10-17. Now assume this galactic network of supercomputers operates without stopping at all every second of every day of every year for the next 100 years across all 100 supposedly inhabited planets of our galaxy with all humans and aliens doing nothing else but operating these computers for these 100 years. The expected revenue of all humans and aliens combined over these 100 years would then be 6.6×1031 / 2160 keys per year * $21,000,000,000 × 100 years = $9.48×10-5. That is, the totality of alive humans and aliens working non-stop together would earn the whole galaxy a combined expected grand total of $0.001 in revenues over the course of a 100-year period.

Gleb, nice to see you back again! I very appreciate that your spot is on this bullshit now. let us fight this together and bring the truth out like we did it together with the identity of SN. cheers!














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
SopaXT
Full Member
***
Offline Offline

Activity: 161
Merit: 109


View Profile
April 17, 2017, 05:03:53 PM
 #960

uhm, could you unblock my IP?
I want to test this a bit more. I couldn't make sure it worked because my IP was blacklisted for running a tampered client.
Oh, you are assuming my nationality now? Fine.

I can easily submit a fake PoW request too, if you let my IP submit it.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 [48] 49 50 51 52 53 54 55 56 57 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!