Bitcoin Forum
August 08, 2020, 01:05:50 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Ignore wallet.dat password operation  (Read 229 times)
Bit Challenger
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 12, 2018, 07:13:27 PM
Last edit: December 15, 2018, 08:03:38 AM by Bit Challenger
 #1

I stumbled across a bug where Bitcoin QT could send bitcoins without a password in an encrypted wallet. I have done a lot of tests to prove that my method is feasible. But the whole workload is so heavy that it's hard for me to do it alone. If you can see the problem in my picture and have Wallet. dat data analysis experience, you can join me in my work, let's complete the bursting QT wallet together!
Padmin@126.com

Information is encrypted

Thank you for your letter. I chose 5 engineers to help me. I don't need more people, thank you.


After the development is completed, I will announce the results.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1596848750
Hero Member
*
Offline Offline

Posts: 1596848750

View Profile Personal Message (Offline)

Ignore
1596848750
Reply with quote  #2

1596848750
Report to moderator
LoyceV
Legendary
*
Offline Offline

Activity: 1932
Merit: 6748


Thick-Skinned Gang Leader


View Profile WWW
December 12, 2018, 07:20:30 PM
Merited by Foxpup (4)
 #2

I stumbled across a bug where Bitcoin QT could send bitcoins without a password in an encrypted wallet.
First: I don't believe you Tongue

Quote
You use image tags, but Newbies can't embed images. When I follow your link, Google Drive tells me "You need permission".

I'm not sure what you're trying to share, but a general warning: DO NOT install programs from unknown sources!

Bit Challenger
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 13, 2018, 06:24:24 AM
 #3

I stumbled across a bug where Bitcoin QT could send bitcoins without a password in an encrypted wallet.
First: I don't believe you Tongue

Quote
You use image tags, but Newbies can't embed images. When I follow your link, Google Drive tells me "You need permission".

I'm not sure what you're trying to share, but a general warning: DO NOT install programs from unknown sources!
Sorry, I forgot the public picture.
bob123
Legendary
*
Offline Offline

Activity: 1288
Merit: 1910



View Profile WWW
December 13, 2018, 06:57:32 AM
 #4

Sorry, I forgot the public picture.

Still, i get Your client does not have permission.

What are you trying to share anyway ?



First: I don't believe you Tongue

It shouldn't be excluded that there is a bug/vulnerability which would allow to do this.
Even though it seems quite strange that he is uploading a file instead of sharing the general approach publicly, the possibility of such a bug still exists (even if the possibility is extremely low).


@OP:
What about explaining the general approach here ?
How do you think can you 'circumvent' the decryption of the keys ??

If you claim the encryption itself is weak or buggy, i do also not believe you.
And currently i don't see another way to access the encrypted keys without the decryption key  Huh

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2072
Merit: 2456

Use SegWit and enjoy lower fees.


View Profile WWW
December 13, 2018, 06:59:28 AM
 #5

I'm not sure about older wallet.dat format, but important information (private key / master private key / seed) on wallet.dat is encrypted and there's no way to spend bitcoin (or sign message/unsigned transaction) without decrypt the wallet.
Bitcoin Core/Qt wallet uses AES256 and PBKDF2, if you could crack both of them without knowing password/private key and without brute-force, then you would make most services vulnerable.

Bit Challenger
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 13, 2018, 08:18:00 AM
Last edit: December 15, 2018, 07:58:42 AM by Bit Challenger
 #6

Sorry, I forgot the public picture.

Still, i get Your client does not have permission.

What are you trying to share anyway ?



First: I don't believe you Tongue

It shouldn't be excluded that there is a bug/vulnerability which would allow to do this.
Even though it seems quite strange that he is uploading a file instead of sharing the general approach publicly, the possibility of such a bug still exists (even if the possibility is extremely low).


@OP:
What about explaining the general approach here ?
How do you think can you 'circumvent' the decryption of the keys ??

If you claim the encryption itself is weak or buggy, i do also not believe you.
And currently i don't see another way to access the encrypted keys without the decryption key  Huh
Encrypted
Bit Challenger
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 13, 2018, 08:30:30 AM
 #7

I'm not sure about older wallet.dat format, but important information (private key / master private key / seed) on wallet.dat is encrypted and there's no way to spend bitcoin (or sign message/unsigned transaction) without decrypt the wallet.
Bitcoin Core/Qt wallet uses AES256 and PBKDF2, if you could crack both of them without knowing password/private key and without brute-force, then you would make most services vulnerable.
I don't question the strength of the algorithm, my method is only for bitcoin qt wallet
bob123
Legendary
*
Offline Offline

Activity: 1288
Merit: 1910



View Profile WWW
December 14, 2018, 06:59:38 PM
 #8

If you can see that each hash is divided into 4 segments and understand his purpose, you will understand my intentions.

I don't question the strength of the algorithm, my method is only for bitcoin qt wallet


Uff.. First i thought you might have really found a bug (which might have been not as severe as you thought it to be).

But those two statements, just proved that you don't have a clue at all.


Troll post confirmed.

Don't bother to contact OP or discuss this with OP. He obviously is trolling and doesn't know what he is talking about.

Bit Challenger
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 15, 2018, 07:57:57 AM
 #9

If you can see that each hash is divided into 4 segments and understand his purpose, you will understand my intentions.

I don't question the strength of the algorithm, my method is only for bitcoin qt wallet


Uff.. First i thought you might have really found a bug (which might have been not as severe as you thought it to be).

But those two statements, just proved that you don't have a clue at all.


Troll post confirmed.

Don't bother to contact OP or discuss this with OP. He obviously is trolling and doesn't know what he is talking about.
I updated the post again and it will prove that I found it to be correct.
achow101
Moderator
Legendary
*
Offline Offline

Activity: 2212
Merit: 3410


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
December 15, 2018, 04:38:37 PM
Merited by Foxpup (4), LoyceV (2)
 #10

If you believe you have found a vulnerability in Bitcoin Core (note that bitcoin-qt is part of the Bitcoin Core project) which can result in the loss of private keys or the wallet encryption being broken, please responsibly disclose the vulnerability by emailing security@bitcoincore.org (email listed on website: https://bitcoincore.org/en/contact/).

milewilda
Legendary
*
Offline Offline

Activity: 1736
Merit: 1078



View Profile
December 15, 2018, 04:59:17 PM
 #11

If you believe you have found a vulnerability in Bitcoin Core (note that bitcoin-qt is part of the Bitcoin Core project) which can result in the loss of private keys or the wallet encryption being broken, please responsibly disclose the vulnerability by emailing security@bitcoincore.org (email listed on website: https://bitcoincore.org/en/contact/).
If its true then its good if he would responsibly email the team but if not then he would work other way around. lol

Bit Challenger
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 15, 2018, 09:19:22 PM
 #12

If you believe you have found a vulnerability in Bitcoin Core (note that bitcoin-qt is part of the Bitcoin Core project) which can result in the loss of private keys or the wallet encryption being broken, please responsibly disclose the vulnerability by emailing security@bitcoincore.org (email listed on website: https://bitcoincore.org/en/contact/).

Samuel, he's dealing with this
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!