Bitcoin Forum
October 20, 2017, 08:09:52 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: technical question - is a fake unconfirmed transaction possible?  (Read 1371 times)
og kush420
Full Member
***
Offline Offline

Activity: 172



View Profile
August 19, 2013, 09:07:38 PM
 #1

is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this...

1508530192
Hero Member
*
Offline Offline

Posts: 1508530192

View Profile Personal Message (Offline)

Ignore
1508530192
Reply with quote  #2

1508530192
Report to moderator
1508530192
Hero Member
*
Offline Offline

Posts: 1508530192

View Profile Personal Message (Offline)

Ignore
1508530192
Reply with quote  #2

1508530192
Report to moderator
1508530192
Hero Member
*
Offline Offline

Posts: 1508530192

View Profile Personal Message (Offline)

Ignore
1508530192
Reply with quote  #2

1508530192
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508530192
Hero Member
*
Offline Offline

Posts: 1508530192

View Profile Personal Message (Offline)

Ignore
1508530192
Reply with quote  #2

1508530192
Report to moderator
1508530192
Hero Member
*
Offline Offline

Posts: 1508530192

View Profile Personal Message (Offline)

Ignore
1508530192
Reply with quote  #2

1508530192
Report to moderator
1508530192
Hero Member
*
Offline Offline

Posts: 1508530192

View Profile Personal Message (Offline)

Ignore
1508530192
Reply with quote  #2

1508530192
Report to moderator
TierNolan
Legendary
*
Offline Offline

Activity: 1120


View Profile
August 19, 2013, 09:13:17 PM
 #2

is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this...

Fake in what way?

The process for spending money is to create a transaction and send it the 8+ nodes you are connected to.

They verify it and then send it onward.

I think they might not forward transactions unless they know about all the inputs.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2324



View Profile
August 19, 2013, 09:45:50 PM
 #3

Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).

Bitcoin will not be compromised
og kush420
Full Member
***
Offline Offline

Activity: 172



View Profile
August 19, 2013, 09:57:15 PM
 #4

Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).
woh, nice haha, that is what im talking about, how did you do that?


og kush420
Full Member
***
Offline Offline

Activity: 172



View Profile
August 19, 2013, 10:01:34 PM
 #5

is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this...

Fake in what way?

The process for spending money is to create a transaction and send it the 8+ nodes you are connected to.

They verify it and then send it onward.

I think they might not forward transactions unless they know about all the inputs.
before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2324



View Profile
August 19, 2013, 10:07:58 PM
 #6

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.

These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week.

before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.

Bitcoin will not be compromised
og kush420
Full Member
***
Offline Offline

Activity: 172



View Profile
August 20, 2013, 01:57:23 AM
 #7

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.

These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week.

before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.
How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page
Code:
Public Note:

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2324



View Profile
August 20, 2013, 02:14:41 AM
 #8

How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page
No, I put javascript in the actual script of a transaction with it decoded and displayed without escaping.

Bitcoin will not be compromised
smolen
Hero Member
*****
Offline Offline

Activity: 525


View Profile
August 20, 2013, 02:35:51 AM
 #9

No, I put javascript in the actual script of a transaction with it decoded and displayed without escaping.
Cheesy Cheesy Cheesy
The next thing to worry are SQL injections

Of course I gave you bad advice. Good one is way out of your price range.
Andrey
Hero Member
*****
Offline Offline

Activity: 588


View Profile
November 18, 2013, 11:42:47 PM
 #10

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.

These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week.

before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.

I am not very good in bitcoin internals, but it seems some tricks are still could be done with blockchain.info . Here is the fake transaction trying to make public believe that bitbonanza auction deposit was done by bitbonanza itself. https://blockchain.info/ru/address/12kBb6UA5ZCXkDgrivpBa9jwmbquH7MGod
e4xit
Sr. Member
****
Offline Offline

Activity: 299



View Profile
November 19, 2013, 10:58:18 AM
 #11

Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).

Holy shitballs dude, decent coinflow through your address Wink

https://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM?offset=650&filter=0

Also, what is your opinion on the blockchain.info coinjoin implementation? Now that it is running at 0% fee, is it worth sticking everything through the 10 iterations, or what?

If you don't have the private key for "your" bitcoins then you have no bitcoins.
There are a million bits in a bitcoin: 1 ฿ = 1,000,000 ƀ
michagogo
Member
**
Offline Offline

Activity: 80


View Profile
November 19, 2013, 12:05:04 PM
 #12

Holy shitballs dude, decent coinflow through your address Wink

https://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM?offset=650&filter=0

I don't think that 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM is his address.

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!