Even the "fixed" version contains the backdoor.
I need someone that can help me cleaning this script so we can run a polite business.
If interested(not for bitcoins, for altcoins like catcoin,earthcoin... ecc ecc.) PM me.
Clean version, well not clean, but not phone homeCogeIgniter system replaced for more safety.
Each file manually checked.
It's still not fully safe though, the encrypt() function does nothing
public function encrypt($string){
return $string;
}
Not sure about the implications though.
Also seems to return preset addresses
function get_address(){
$addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf");
return $addresses[array_rand($addresses)];
}
Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.
bitdice-1.01.CLEAN.7z
https://mega.co.nz/#!UMFyRDxZ!bXs-fgPSS2Es3blyPReuoV05jB0jLGwAVHP66X7bpc8CRC32: c8f9aef7
MD5: f9aca5d45fedde616e13b282271534b1
SHA-1: f522bbd32f5cf02b7b30aa56710710ee62da95ed
SHA-256: c7e95e8c446bf2c1a236a654b0f53f1bd11ab7cfd6355be7f37b0bf654f41b77
SHA-512: 0b11adb6e69dc59699717649f8c18819386d42f4240fefb30815807a4cd12c411545571944d7201
6f9181a583c70e6b82d97bbdc2b1d5bcd7bc06b0bbb4b2a66